عرض بسيط للتسجيلة

المؤلفGouissem, A.
المؤلفKhattab, T.
المؤلفAbdalla,h M.
المؤلفMohamed, A.
تاريخ الإتاحة2024-08-19T05:21:32Z
تاريخ النشر2023
اسم المنشور2023 International Wireless Communications and Mobile Computing, IWCMC 2023
المصدرScopus
معرّف المصادر الموحدhttp://dx.doi.org/10.1109/IWCMC58020.2023.10182790
معرّف المصادر الموحدhttp://hdl.handle.net/10576/57789
الملخصDespite its potential benefits, Federated learning (FL) is vulnerable to various types of attacks that can compromise the accuracy and security of the trained model. While several defense mechanisms have been proposed to protect FL against such attacks, attackers are continuously developing more advanced techniques to bypass these protection mechanisms.In this context, this paper proposes a novel attack mechanism that allows malicious users to optimize their crafted reports, maximizing potential damage while limiting the chances of being detected. Our proposed attack technique is a robust approach designed to bypass existing defense mechanisms in FL. Our contributions are mainly investigating the FL model attack from the attacker's perspective, proposing a model relaxation approach to optimize a single poisoning ratio variable, and formulating a compromise between the chances of being detected and the amount of damage that the attack could cause. Additionally, we introduce three new attack designs, namely DTA, ATA, and NEA, which maximize the effect of the attack. The proposed Distance Target Attack (DTA) minimizes the distance from the target attack model, while the Accuracy Target Attack (ATA) deteriorates the accuracy of the global model. Furthermore, the Number Estimation Attack (NEA) aims to maximize the expected number of attackers that could bypass the aggregation detection mechanisms.The numerical results based on the KDD dataset confirm the ability of the proposed approach to deteriorate the global model accuracy. The experiments showed that the proposed DTA, ATA, and NEA attacks can significantly reduce the accuracy of the global model. These results demonstrate also the effectiveness and robustness of the proposed attack mechanism in compromising the accuracy and security of FL models.
راعي المشروعThis publication was made possible by the NPRP award NPRP13S-0201-200219 from the Qatar National Research Fund. The statements made herein are solely the responsibility of the authors.
اللغةen
الناشرIEEE
الموضوعByzantine attacks
Distributed Learning
Federated Learning
Intrusion Detection
العنوانFederating Learning Attacks: Maximizing Damage while Evading Detection
النوعConference Paper
الصفحات1644-1648
dc.accessType Full Text


الملفات في هذه التسجيلة

Thumbnail

هذه التسجيلة تظهر في المجموعات التالية

عرض بسيط للتسجيلة