In this work, besides improving prediction accuracy, we study whether personalization could bring robustness benefits to backdoor attacks. We conduct the first study of backdoor attacks in the pFL framework, testing 4 widely used backdoor attacks against 6 pFL methods on benchmark datasets FEMNIST and CIFAR-10, a total of 600 experiments. The study shows that pFL methods with partial model-sharing can significantly boost robustness against backdoor attacks. In contrast, pFL methods with full model-sharing do not show robustness. To analyze the reasons for varying robustness performances, we provide comprehensive ablation studies on different pFL methods. Based on our findings, we further propose a lightweight defense method, Simple-Tuning, which empirically improves defense performance against backdoor attacks. We believe that our work could provide both guidance for pFL application in terms of its robustness and offer valuable insights to design more robust FL methods in the future. We open-source our code to establish the first benchmark for black-box backdoor attacks in pFL: https://github.com/alibaba/FederatedScope/tree/backdoor-bench.

翻译：在本工作中，除了提升预测精度外，我们研究了个性化是否能为后门攻击带来鲁棒性优势。我们首次在pFL框架下对后门攻击展开研究，在基准数据集FEMNIST和CIFAR-10上测试了4种常用后门攻击对6种pFL方法的有效性，共计进行了600次实验。研究表明，采用部分模型共享的pFL方法能显著增强对后门攻击的鲁棒性。相比之下，完全模型共享的pFL方法并未展现出鲁棒性。为分析不同鲁棒性表现的原因，我们对不同pFL方法进行了全面的消融实验。基于研究发现，我们进一步提出了一种轻量级防御方法Simple-Tuning，该方法在经验上提升了对后门攻击的防御性能。我们相信，这项工作既能为pFL在鲁棒性方面的应用提供指导，也为未来设计更鲁棒的联邦学习方案提供宝贵见解。我们已开源代码，以建立pFL中黑盒后门攻击的首个基准：https://github.com/alibaba/FederatedScope/tree/backdoor-bench