Federated learning is a versatile framework for training models in decentralized environments. However, the trust placed in clients makes federated learning vulnerable to backdoor attacks launched by malicious participants. While many defenses have been proposed, they often fail short when facing heterogeneous data distributions among participating clients. In this paper, we propose a novel defense mechanism for federated learning systems designed to mitigate backdoor attacks on the clients-side. Our approach leverages adversarial learning techniques and model patching to neutralize the impact of backdoor attacks. Through extensive experiments on the MNIST and Fashion-MNIST datasets, we demonstrate that our defense effectively reduces backdoor accuracy, outperforming existing state-of-the-art defenses, such as LFighter, FLAME, and RoseAgg, in i.i.d. and non-i.i.d. scenarios, while maintaining competitive or superior accuracy on clean data.
翻译:联邦学习是一种在去中心化环境中训练模型的通用框架。然而,对客户端的信任使得联邦学习容易受到恶意参与者发起的后门攻击。尽管已有许多防御方法被提出,但在面对参与客户端间异构数据分布时,这些方法往往存在不足。本文提出一种新颖的联邦学习系统防御机制,旨在在客户端侧缓解后门攻击。我们的方法利用对抗学习技术和模型补丁来抵消后门攻击的影响。通过在MNIST和Fashion-MNIST数据集上进行大量实验,我们证明该防御方法能有效降低后门准确率,在独立同分布和非独立同分布场景下,其性能均优于现有先进防御方法(如LFighter、FLAME和RoseAgg),同时在干净数据上保持具有竞争力或更优的准确率。