https://scholars.lib.ntu.edu.tw/handle/123456789/640002
標題: | Dual-Masking Framework against Two-Sided Model Attacks in Federated Learning | 作者: | Chiu, Te Chuan Lin, Wei Che AI-CHUN PANG LI-CHEN CHENG |
關鍵字: | Dual-Masking Framework | Federated Learning | Model Inversion Attacks | Model Poisoning Attacks | Model Security | Weights Privacy | 公開日期: | 1-一月-2021 | 來源出版物: | Proceedings - IEEE Global Communications Conference, GLOBECOM | 摘要: | With the popularity of AIoT (Artificial Intelligence of Things) services, we can foresee that smart end devices will generate tremendous user data at the edge. In particular, it is critical to address how to properly distill knowledge from the edge network in a communication-efficient and privacy-preserving manner. Federated learning (FL), one of the promising machine learning frameworks, ensures data privacy by allowing end devices to collaboratively train a shared model without exposing raw data to an aggregation server. However, due to its distributed nature, the framework is vulnerable to two major threats: the Model Inversion Attacks and the Model Poisoning Attacks. An abnormal aggregator or malicious end devices may probably launch these attacks in the training phase. The former leaks sensitive information by reversing the model weights to users' raw data. Still, the latter can break the model security and mislead the global model to wrong inference results. Unfortunately, the existing research has not tackled such two-sided model attacks that occurred concurrently in FL. Therefore, in this paper, we propose a dual-masking federated learning (DMFL) framework that advocates partial weights uploading in the aggregation process and applies two kinds of masks on both the end device and the aggregator sides. Based on the benchmark data for image classification, our experimental results show that the proposed DMFL framework outperforms other baselines, confirming that it can successfully preserve weights privacy and protect model security for AIoT. |
URI: | https://scholars.lib.ntu.edu.tw/handle/123456789/640002 | ISBN: | 978-1-7281-8104-2 | ISSN: | 23340983 | DOI: | 10.1109/GLOBECOM46510.2021.9685701 |
顯示於: | 資訊工程學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。