Defending against poisoning backdoor attacks on federated meta-learning

Chen, Chien-Lun; Babakniya, Sara; Paolieri, Marco; Golubchik, Leana

doi:10.1145/3523062

Defending against poisoning backdoor attacks on federated meta-learning

C. Chen, S. Babakniya, M. Paolieri, L. Golubchik

Abstract: Federated learning allows multiple users to collaboratively train a shared classification model while preserving data privacy. This approach, where model updates are aggregated by a central server, was shown to be vulnerable to poisoning backdoor attacks: a malicious user can alter the shared model to arbitrarily classify specific inputs from a given class. In this paper, we analyze the effects of backdoor attacks on federated meta-learning, where users train a model that can be adapted to different sets of output classes using only a few examples. While the ability to adapt could, in principle, make federated learning frameworks more robust to backdoor attacks (when new training examples are benign), we find that even one-shot attacks can be very successful and persist after additional training. To address these vulnerabilities, we propose a defense mechanism inspired by matching networks, where the class of an input is predicted from the similarity of its features with a support set of labeled examples. By removing the decision logic from the model shared with the federation, success and persistence of backdoor attacks are greatly reduced.

ACM Trans. Intell. Syst. Technol., 13(5):76:1-76:25, 2022
AI SafetyApplications

copy bib | save bib | save pdf | go to publisher

🏠 Home