Let's Focus: Focused Backdoor Attack against Federated Transfer Learning
CoRR(2024)
摘要
Federated Transfer Learning (FTL) is the most general variation of Federated
Learning. According to this distributed paradigm, a feature learning pre-step
is commonly carried out by only one party, typically the server, on publicly
shared data. After that, the Federated Learning phase takes place to train a
classifier collaboratively using the learned feature extractor. Each involved
client contributes by locally training only the classification layers on a
private training set. The peculiarity of an FTL scenario makes it hard to
understand whether poisoning attacks can be developed to craft an effective
backdoor. State-of-the-art attack strategies assume the possibility of shifting
the model attention toward relevant features introduced by a forged trigger
injected in the input data by some untrusted clients. Of course, this is not
feasible in FTL, as the learned features are fixed once the server performs the
pre-training step. Consequently, in this paper, we investigate this intriguing
Federated Learning scenario to identify and exploit a vulnerability obtained by
combining eXplainable AI (XAI) and dataset distillation. In particular, the
proposed attack can be carried out by one of the clients during the Federated
Learning phase of FTL by identifying the optimal local for the trigger through
XAI and encapsulating compressed information of the backdoor class. Due to its
behavior, we refer to our approach as a focused backdoor approach (FB-FTL for
short) and test its performance by explicitly referencing an image
classification scenario. With an average 80
results show the effectiveness of our attack also against existing defenses for
Federated Learning.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要