Peak-Controlled Logits Poisoning Attack in Federated Distillation

TL;DR

This paper introduces PCFDLA, a stealthy and more effective logits poisoning attack on federated distillation, demonstrating significant disruption to model accuracy while maintaining inconspicuous modifications.

Contribution

It develops PCFDLA, an advanced attack method that controls logits peaks for increased effectiveness and stealthiness, and proposes a new metric for evaluating attack success.

Findings

PCFDLA significantly reduces model accuracy across datasets.

The attack remains inconspicuous while being highly disruptive.

A new evaluation metric effectively measures attack stealth and impact.

Abstract

Federated Distillation (FD) offers an innovative approach to distributed machine learning, leveraging knowledge distillation for efficient and flexible cross-device knowledge transfer without necessitating the upload of extensive model parameters to a central server. While FD has gained popularity, its vulnerability to poisoning attacks remains underexplored. To address this gap, we previously introduced FDLA (Federated Distillation Logits Attack), a method that manipulates logits communication to mislead and degrade the performance of client models. However, the impact of FDLA on participants with different identities and the effects of malicious modifications at various stages of knowledge transfer remain unexplored. To this end, we present PCFDLA (Peak-Controlled Federated Distillation Logits Attack), an advanced and more stealthy logits poisoning attack method for FD. PCFDLA enhances the effectiveness of FDLA by carefully controlling the peak values of logits to create highly misleading yet inconspicuous modifications. Furthermore, we introduce a novel metric for better evaluating attack efficacy, demonstrating that PCFDLA maintains stealth while being significantly more disruptive to victim models compared to its predecessors. Experimental results across various datasets confirm the superior impact of PCFDLA on model accuracy, solidifying its potential threat in federated distillation systems.