Backdoor Threats from Compromised Foundation Models to Federated Learning

TL;DR

This paper explores the vulnerability of federated learning systems that incorporate foundation models to backdoor attacks, revealing new risks and challenges for securing such integrated AI frameworks.

Contribution

It introduces a novel backdoor attack method against federated learning with foundation models that does not require full attacker involvement and can bypass existing defenses.

Findings

The attack is effective across multiple models and datasets.

It can evade current robust FL frameworks.

The study highlights new security risks in FL with foundation models.

Abstract

Federated learning (FL) represents a novel paradigm to machine learning, addressing critical issues related to data privacy and security, yet suffering from data insufficiency and imbalance. The emergence of foundation models (FMs) provides a promising solution to the problems with FL. For instance, FMs could serve as teacher models or good starting points for FL. However, the integration of FM in FL presents a new challenge, exposing the FL systems to potential threats. This paper investigates the robustness of FL incorporating FMs by assessing their susceptibility to backdoor attacks. Contrary to classic backdoor attacks against FL, the proposed attack (1) does not require the attacker fully involved in the FL process; (2) poses a significant risk in practical FL scenarios; (3) is able to evade existing robust FL frameworks/ FL backdoor defenses; (4) underscores the researches on the robustness of FL systems integrated with FMs. The effectiveness of the proposed attack is demonstrated by extensive experiments with various well-known models and benchmark datasets encompassing both text and image classification domains.