Client-Side Patching against Backdoor Attacks in Federated Learning

TL;DR

This paper introduces a novel client-side defense mechanism for federated learning that uses adversarial learning and model patching to effectively mitigate backdoor attacks, outperforming existing methods in diverse data scenarios.

Contribution

The paper presents a new defense approach combining adversarial learning and model patching specifically designed for federated learning backdoor attack mitigation.

Findings

Significantly reduces backdoor attack success rates.

Outperforms state-of-the-art defenses like LFighter, FLAME, and RoseAgg.

Maintains high accuracy on clean data in various data distribution scenarios.

Abstract

Federated learning is a versatile framework for training models in decentralized environments. However, the trust placed in clients makes federated learning vulnerable to backdoor attacks launched by malicious participants. While many defenses have been proposed, they often fail short when facing heterogeneous data distributions among participating clients. In this paper, we propose a novel defense mechanism for federated learning systems designed to mitigate backdoor attacks on the clients-side. Our approach leverages adversarial learning techniques and model patching to neutralize the impact of backdoor attacks. Through extensive experiments on the MNIST and Fashion-MNIST datasets, we demonstrate that our defense effectively reduces backdoor accuracy, outperforming existing state-of-the-art defenses, such as LFighter, FLAME, and RoseAgg, in i.i.d. and non-i.i.d. scenarios, while maintaining competitive or superior accuracy on clean data.