Non-Cooperative Backdoor Attacks in Federated Learning: A New Threat Landscape

TL;DR

This paper reveals a new, more realistic threat to federated learning where independent adversaries introduce distinct backdoors without cooperation, demonstrating significant vulnerabilities and emphasizing the need for robust defenses.

Contribution

It introduces the concept of non-cooperative multiple-trigger backdoor attacks in federated learning, highlighting their effectiveness and the challenges they pose for detection.

Findings

Non-cooperative attacks can successfully embed multiple backdoors independently.

Such attacks do not impair the main task performance.

Detection of these attacks remains challenging in federated settings.

Abstract

Despite the promise of Federated Learning (FL) for privacy-preserving model training on distributed data, it remains susceptible to backdoor attacks. These attacks manipulate models by embedding triggers (specific input patterns) in the training data, forcing misclassification as predefined classes during deployment. Traditional single-trigger attacks and recent work on cooperative multiple-trigger attacks, where clients collaborate, highlight limitations in attack realism due to coordination requirements. We investigate a more alarming scenario: non-cooperative multiple-trigger attacks. Here, independent adversaries introduce distinct triggers targeting unique classes. These parallel attacks exploit FL's decentralized nature, making detection difficult. Our experiments demonstrate the alarming vulnerability of FL to such attacks, where individual backdoors can be successfully learned without impacting the main task. This research emphasizes the critical need for robust defenses against diverse backdoor attacks in the evolving FL landscape. While our focus is on empirical analysis, we believe it can guide backdoor research toward more realistic settings, highlighting the crucial role of FL in building robust defenses against diverse backdoor threats. The code is available at \url{https://anonymous.4open.science/r/nba-980F/}.