Beyond Traditional Threats: A Persistent Backdoor Attack on Federated Learning

TL;DR

This paper introduces a novel backdoor attack method for federated learning called FCBA, which maintains higher attack success rates over iterations by aggregating trigger information, outperforming existing methods.

Contribution

The paper proposes FCBA, a new backdoor attack technique that enhances persistence and effectiveness in federated learning by combining trigger information for a more resilient attack.

Findings

FCBA achieves over 50% higher success rate after 120 rounds on GTSRB.

FCBA outperforms state-of-the-art federated backdoor attacks across multiple datasets.

The attack remains effective despite benign updates, demonstrating increased persistence.

Abstract

Backdoors on federated learning will be diluted by subsequent benign updates. This is reflected in the significant reduction of attack success rate as iterations increase, ultimately failing. We use a new metric to quantify the degree of this weakened backdoor effect, called attack persistence. Given that research to improve this performance has not been widely noted,we propose a Full Combination Backdoor Attack (FCBA) method. It aggregates more combined trigger information for a more complete backdoor pattern in the global model. Trained backdoored global model is more resilient to benign updates, leading to a higher attack success rate on the test set. We test on three datasets and evaluate with two models across various settings. FCBA's persistence outperforms SOTA federated learning backdoor attacks. On GTSRB, postattack 120 rounds, our attack success rate rose over 50% from baseline. The core code of our method is available at https://github.com/PhD-TaoLiu/FCBA.