Sybil-based Virtual Data Poisoning Attacks in Federated Learning
Changxun Zhu, Qilong Wu, Lingjuan Lyu, and Shibei Xue
TL;DR
This paper introduces a novel sybil-based virtual data poisoning attack in federated learning, using gradient matching to reduce computational costs and multiple schemes for target model acquisition, demonstrating superior effectiveness in simulations.
Contribution
It presents a new attack method leveraging sybil nodes and virtual data generation to enhance poisoning effectiveness while lowering computational complexity.
Findings
Outperforms existing attack algorithms in simulations.
Effective under non-i.i.d. data distributions.
Applicable to various federated learning scenarios.
Abstract
Federated learning is vulnerable to poisoning attacks by malicious adversaries. Existing methods often involve high costs to achieve effective attacks. To address this challenge, we propose a sybil-based virtual data poisoning attack, where a malicious client generates sybil nodes to amplify the poisoning model's impact. To reduce neural network computational complexity, we develop a virtual data generation method based on gradient matching. We also design three schemes for target model acquisition, applicable to online local, online global, and offline scenarios. In simulation, our method outperforms other attack algorithms since our method can obtain a global target model under non-independent uniformly distributed data.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Internet Traffic Analysis and Secure E-voting · Cryptography and Data Security