Abstract
Data heterogeneity has been identified as one of the key features in federated learning but often overlooked in the lens of robustness to adversarial attacks. This paper focuses on characterizing and understanding its impact on backdooring attacks in federated learning through comprehensive experiments using synthetic and the LEAF benchmarks. The initial impression driven by our experimental results suggests that data heterogeneity is the dominant factor in the effectiveness of attacks and it may be a redemption for defending against backdooring as it makes the attack less efficient, more challenging to design effective attack strategies, and the attack result also becomes less predictable. However, with further investigations, we found data heterogeneity is more of a curse than a redemption as the attack effectiveness can be significantly boosted by simply adjusting the client-side backdooring timing. More importantly, data heterogeneity may result in overfitting at the local training of benign clients, which can be utilized by attackers to disguise themselves and fool skewed-feature based defenses. In addition, effective attack strategies can be made by adjusting attack data distribution. Finally, we discuss the potential directions of defending the curses brought by data heterogeneity. The results and lessons learned from our extensive experiments and analysis offer new insights for designing robust federated learning methods and systems.
Original language | English (US) |
---|---|
Title of host publication | 35th AAAI Conference on Artificial Intelligence, AAAI 2021 |
Publisher | Association for the Advancement of Artificial Intelligence |
Pages | 10807-10814 |
Number of pages | 8 |
ISBN (Electronic) | 9781713835974 |
State | Published - 2021 |
Externally published | Yes |
Event | 35th AAAI Conference on Artificial Intelligence, AAAI 2021 - Virtual, Online Duration: Feb 2 2021 → Feb 9 2021 |
Publication series
Name | 35th AAAI Conference on Artificial Intelligence, AAAI 2021 |
---|---|
Volume | 12B |
Conference
Conference | 35th AAAI Conference on Artificial Intelligence, AAAI 2021 |
---|---|
City | Virtual, Online |
Period | 2/2/21 → 2/9/21 |
Bibliographical note
Funding Information:This work is supported in part by the following grants: National Science Foundation CCF-1756013 and IIS-1838024 (with resources from AWS as part of the NSF BIGDATA program). We thank the anonymous reviewers for their insightful comments and suggestions.
Publisher Copyright:
Copyright © 2021, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.