GANcrop: A Contrastive Defense Against Backdoor Attacks in Federated Learning

TL;DR

GANcrop is a novel defense method for federated learning that uses contrastive learning and GANs to detect and mitigate backdoor attacks, especially in non-IID data scenarios, while preserving model accuracy.

Contribution

This paper introduces GANcrop, a new contrastive learning and GAN-based approach for defending against backdoor attacks in federated learning, addressing a critical security challenge.

Findings

Effectively detects backdoor attacks in federated learning.

Maintains high model accuracy under attack scenarios.

Performs well in non-IID data distributions.

Abstract

With heightened awareness of data privacy protection, Federated Learning (FL) has attracted widespread attention as a privacy-preserving distributed machine learning method. However, the distributed nature of federated learning also provides opportunities for backdoor attacks, where attackers can guide the model to produce incorrect predictions without affecting the global model training process. This paper introduces a novel defense mechanism against backdoor attacks in federated learning, named GANcrop. This approach leverages contrastive learning to deeply explore the disparities between malicious and benign models for attack identification, followed by the utilization of Generative Adversarial Networks (GAN) to recover backdoor triggers and implement targeted mitigation strategies. Experimental findings demonstrate that GANcrop effectively safeguards against backdoor attacks, particularly in non-IID scenarios, while maintaining satisfactory model accuracy, showcasing its remarkable defensive efficacy and practical utility.