Poisoning Attacks on Federated Learning for Autonomous Driving

TL;DR

This paper introduces two novel poisoning attacks on federated learning tailored for autonomous driving, demonstrating their effectiveness in degrading or altering vehicle trajectory prediction models and exposing vulnerabilities in current defenses.

Contribution

The paper presents FLStealth and OTA, two new poisoning attacks specifically designed for federated learning in autonomous driving, highlighting their impact and the inadequacy of existing defenses.

Findings

FLStealth effectively bypasses defenses in untargeted attacks.

OTA successfully manipulates model behavior despite defenses.

Current defenses are insufficient against targeted poisoning attacks.

Abstract

Federated Learning (FL) is a decentralized learning paradigm, enabling parties to collaboratively train models while keeping their data confidential. Within autonomous driving, it brings the potential of reducing data storage costs, reducing bandwidth requirements, and to accelerate the learning. FL is, however, susceptible to poisoning attacks. In this paper, we introduce two novel poisoning attacks on FL tailored to regression tasks within autonomous driving: FLStealth and Off-Track Attack (OTA). FLStealth, an untargeted attack, aims at providing model updates that deteriorate the global model performance while appearing benign. OTA, on the other hand, is a targeted attack with the objective to change the global model's behavior when exposed to a certain trigger. We demonstrate the effectiveness of our attacks by conducting comprehensive experiments pertaining to the task of vehicle trajectory prediction. In particular, we show that, among five different untargeted attacks, FLStealth is the most successful at bypassing the considered defenses employed by the server. For OTA, we demonstrate the inability of common defense strategies to mitigate the attack, highlighting the critical need for new defensive mechanisms against targeted attacks within FL for autonomous driving.