FedDefender: Backdoor Attack Defense in Federated Learning

TL;DR

FedDefender is a novel defense mechanism in federated learning that uses differential testing of neuron activations to detect and mitigate backdoor poisoning attacks, maintaining model accuracy.

Contribution

This work introduces FedDefender, a new differential testing-based method for detecting backdoor attacks in federated learning, enhancing security without harming model performance.

Findings

Effectively reduces attack success rate to 10%

Maintains global model accuracy

Works on MNIST and FashionMNIST datasets

Abstract

Federated Learning (FL) is a privacy-preserving distributed machine learning technique that enables individual clients (e.g., user participants, edge devices, or organizations) to train a model on their local data in a secure environment and then share the trained model with an aggregator to build a global model collaboratively. In this work, we propose FedDefender, a defense mechanism against targeted poisoning attacks in FL by leveraging differential testing. Our proposed method fingerprints the neuron activations of clients' models on the same input and uses differential testing to identify a potentially malicious client containing a backdoor. We evaluate FedDefender using MNIST and FashionMNIST datasets with 20 and 30 clients, and our results demonstrate that FedDefender effectively mitigates such attacks, reducing the attack success rate (ASR) to 10\% without deteriorating the global model performance.