FDA3 : Federated Defense Against Adversarial Attacks for Cloud-Based IIoT Applications

TL;DR

FDA3 is a federated learning-based defense framework that enhances the robustness of DNNs in cloud-based IIoT applications against a wide range of adversarial attacks by aggregating defense knowledge from multiple sources.

Contribution

The paper introduces FDA3, a novel federated defense approach that improves adversarial robustness of IIoT DNNs across diverse attack types through cloud-based knowledge sharing.

Findings

FDA3 outperforms existing attack-specific defenses in resisting malicious attacks.

The approach prevents IIoT applications from new, unseen adversarial attacks.

Experimental results demonstrate enhanced robustness of DNNs using FDA3.

Abstract

Along with the proliferation of Artificial Intelligence (AI) and Internet of Things (IoT) techniques, various kinds of adversarial attacks are increasingly emerging to fool Deep Neural Networks (DNNs) used by Industrial IoT (IIoT) applications. Due to biased training data or vulnerable underlying models, imperceptible modifications on inputs made by adversarial attacks may result in devastating consequences. Although existing methods are promising in defending such malicious attacks, most of them can only deal with limited existing attack types, which makes the deployment of large-scale IIoT devices a great challenge. To address this problem, we present an effective federated defense approach named FDA3 that can aggregate defense knowledge against adversarial examples from different sources. Inspired by federated learning, our proposed cloud-based architecture enables the sharing of defense capabilities against different attacks among IIoT devices. Comprehensive experimental results show that the generated DNNs by our approach can not only resist more malicious attacks than existing attack-specific adversarial training methods, but also can prevent IIoT applications from new attacks.