计算机应用研究2024,Vol.41Issue(4):1171-1176,6.DOI:10.19734/j.issn.1001-3695.2023.07.0340
一种基于联邦学习参与方的投毒攻击防御方法
Defense method on poisoning attack based on clients in federated learning
摘要
Abstract
The distributed training structure of federated learning is vulnerable to poisoning attacks.Existing methods mainly design secure aggregation algorithms for central servers to defend against poisoning attacks,but require the central server to be trusted and the number of poisoned participants to be lower than normal participants.To address the above issues,this paper proposed a poison attack defense method based on federated learning participants,which transfered the execution of defense strategies to the participants of federated learning.Firstly,each participant independently constructed a differential loss func-tion,calculated the output of the global and local models,and conducted error analysis to obtain the weight and amount of dif-ferential loss.Secondly,it performed adaptive training based on the local trained loss function and differential loss function.Finally,this approach selected models based on the performance analysis of local and global models to prevent severely poisoned global models from interfering with normal clients.Experiments on datasets such as MNIST and FashionMNIST show that the federated learning training accuracy based on this algorithm is superior to poison attack defense methods such as DnC.Even when the proportion of poisoned participants exceeds half,normal participants can still achieve defense against poison attacks.关键词
联邦学习/投毒攻击防御/训练权重/鲁棒性Key words
federated learning/poisoning attack defense/training weight/robustness分类
信息技术与安全科学引用本文复制引用
刘金全,张铮,陈自东,曹晟..一种基于联邦学习参与方的投毒攻击防御方法[J].计算机应用研究,2024,41(4):1171-1176,6.基金项目
四川省重点研发计划资助项目(2021YFG0113,2023YFG0118) (2021YFG0113,2023YFG0118)
