Foundation Models in Federated Learning: Assessing Backdoor Vulnerabilities

TL;DR

This paper investigates how foundation models can introduce backdoor vulnerabilities in federated learning systems, highlighting new attack vectors and the limited effectiveness of existing defenses.

Contribution

It is the first comprehensive assessment of backdoor vulnerabilities in federated learning caused by foundation models, revealing significant security risks.

Findings

High susceptibility of FL to backdoor attacks via FMs

Existing defenses are ineffective against these new threats

Experiments conducted in image and text domains confirm vulnerabilities

Abstract

Federated Learning (FL), a privacy-preserving machine learning framework, faces significant data-related challenges. For example, the lack of suitable public datasets leads to ineffective information exchange, especially in heterogeneous environments with uneven data distribution. Foundation Models (FMs) offer a promising solution by generating synthetic datasets that mimic client data distributions, aiding model initialization and knowledge sharing among clients. However, the interaction between FMs and FL introduces new attack vectors that remain largely unexplored. This work therefore assesses the backdoor vulnerabilities exploiting FMs, where attackers exploit safety issues in FMs and poison synthetic datasets to compromise the entire system. Unlike traditional attacks, these new threats are characterized by their one-time, external nature, requiring minimal involvement in FL training. Given these uniqueness, current FL defense strategies provide limited robustness against this novel attack approach. Extensive experiments across image and text domains reveal the high susceptibility of FL to these novel threats, emphasizing the urgent need for enhanced security measures in FL in the era of FMs.