The foundation models (FMs) have been used to generate synthetic public datasets for the heterogeneous federated learning (HFL) problem where each client uses a unique model architecture. However, the vulnerabilities of integrating FMs, especially against backdoor attacks, are not well-explored in the HFL contexts. In this paper, we introduce a novel backdoor attack mechanism for HFL that circumvents the need for client compromise or ongoing participation in the FL process. This method plants and transfers the backdoor through a generated synthetic public dataset, which could help evade existing backdoor defenses in FL by presenting normal client behaviors. Empirical experiments across different HFL configurations and benchmark datasets demonstrate the effectiveness of our attack compared to traditional client-based attacks. Our findings reveal significant security risks in developing robust FM-assisted HFL systems. This research contributes to enhancing the safety and integrity of FL systems, highlighting the need for advanced security measures in the era of FMs.

翻译：基础模型已被用于生成合成公共数据集，以解决异构联邦学习中各客户端使用独特模型架构的问题。然而，在异构联邦学习环境中，集成基础模型的安全漏洞（尤其是针对后门攻击）尚未得到充分研究。本文提出了一种针对异构联邦学习的新型后门攻击机制，该机制无需破坏客户端或持续参与联邦学习过程。通过生成的合成公共数据集植入并传递后门，该方法可呈现正常客户端行为，从而规避现有联邦学习后门防御措施。跨不同异构联邦学习配置和基准数据集的实证实验表明，相比传统客户端攻击，本方法具有更优效果。研究揭示了开发鲁棒性基础模型辅助异构联邦学习系统面临的重大安全风险，有助于提升联邦学习系统的安全性与完整性，强调了基础模型时代需要更先进的安全防护措施。