In this work, besides improving prediction accuracy, we study whether personalization could bring robustness benefits to backdoor attacks. We conduct the first study of backdoor attacks in the pFL framework, testing 4 widely used backdoor attacks against 6 pFL methods on benchmark datasets FEMNIST and CIFAR-10, a total of 600 experiments. The study shows that pFL methods with partial model-sharing can significantly boost robustness against backdoor attacks. In contrast, pFL methods with full model-sharing do not show robustness. To analyze the reasons for varying robustness performances, we provide comprehensive ablation studies on different pFL methods. Based on our findings, we further propose a lightweight defense method, Simple-Tuning, which empirically improves defense performance against backdoor attacks. We believe that our work could provide both guidance for pFL application in terms of its robustness and offer valuable insights to design more robust FL methods in the future.

翻译：在本工作中，除了提升预测精度外，我们研究了个性化是否能为后门攻击带来鲁棒性优势。我们首次在pFL框架下开展后门攻击研究，在基准数据集FEMNIST和CIFAR-10上，针对6种pFL方法测试了4种广泛使用的后门攻击，共计600次实验。研究表明，具有部分模型共享机制的pFL方法能显著增强对后门攻击的鲁棒性。相比之下，采用全模型共享的pFL方法并未表现出鲁棒性。为分析不同鲁棒性表现的原因，我们对各类pFL方法进行了全面的消融实验。基于研究发现，我们进一步提出了一种轻量级防御方法Simple-Tuning，该方法能在经验上提升抵御后门攻击的性能。我们相信，本工作既能为pFL在鲁棒性方面的应用提供指导，也能为未来设计更鲁棒的联邦学习方法提供宝贵见解。