Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

FedSecurity: Benchmarking Attacks and Defenses in Federated Learning and Federated LLMs

Shanshan Han, Baturalp Buyukates, Zijian Hu, Han Jin, Weizhao Jin, Lichao Sun, Xiaoyang Wang, Wenxuan Wu, Chulin Xie, Yuhang Yao, Kai Zhang, Qifan Zhang, Yuhui Zhang, Carlee Joe-Wong, Salman Avestimehr, Chaoyang He

TL;DR

FedSecurity provides an end-to-end benchmark for adversarial attacks and defenses in FL and federated LLMs, addressing the lack of unified evaluation frameworks. It introduces FedAttacker and FedDefender to simulate a broad spectrum of attacks (model poisoning, data poisoning, data reconstruction) and defenses (before/on/after-aggregation), with flexible YAML configurations and API-based extensions. The benchmark demonstrates the trade-offs between defense effectiveness and potential accuracy loss, and highlights the robustness of approaches like m-Krum across FL and LLM contexts, including real-world edge deployments. By supporting diverse models, optimizers, and real-world scenarios, FedSecurity offers a practical platform to benchmark, compare, and advance secure federated learning systems.

Abstract

This paper introduces FedSecurity, an end-to-end benchmark that serves as a supplementary component of the FedML library for simulating adversarial attacks and corresponding defense mechanisms in Federated Learning (FL). FedSecurity eliminates the need for implementing the fundamental FL procedures, e.g., FL training and data loading, from scratch, thus enables users to focus on developing their own attack and defense strategies. It contains two key components, including FedAttacker that conducts a variety of attacks during FL training, and FedDefender that implements defensive mechanisms to counteract these attacks. FedSecurity has the following features: i) It offers extensive customization options to accommodate a broad range of machine learning models (e.g., Logistic Regression, ResNet, and GAN) and FL optimizers (e.g., FedAVG, FedOPT, and FedNOVA); ii) it enables exploring the effectiveness of attacks and defenses across different datasets and models; and iii) it supports flexible configuration and customization through a configuration file and some APIs. We further demonstrate FedSecurity's utility and adaptability through federated training of Large Language Models (LLMs) to showcase its potential on a wide range of complex applications.

FedSecurity: Benchmarking Attacks and Defenses in Federated Learning and Federated LLMs

TL;DR

FedSecurity provides an end-to-end benchmark for adversarial attacks and defenses in FL and federated LLMs, addressing the lack of unified evaluation frameworks. It introduces FedAttacker and FedDefender to simulate a broad spectrum of attacks (model poisoning, data poisoning, data reconstruction) and defenses (before/on/after-aggregation), with flexible YAML configurations and API-based extensions. The benchmark demonstrates the trade-offs between defense effectiveness and potential accuracy loss, and highlights the robustness of approaches like m-Krum across FL and LLM contexts, including real-world edge deployments. By supporting diverse models, optimizers, and real-world scenarios, FedSecurity offers a practical platform to benchmark, compare, and advance secure federated learning systems.

Abstract

This paper introduces FedSecurity, an end-to-end benchmark that serves as a supplementary component of the FedML library for simulating adversarial attacks and corresponding defense mechanisms in Federated Learning (FL). FedSecurity eliminates the need for implementing the fundamental FL procedures, e.g., FL training and data loading, from scratch, thus enables users to focus on developing their own attack and defense strategies. It contains two key components, including FedAttacker that conducts a variety of attacks during FL training, and FedDefender that implements defensive mechanisms to counteract these attacks. FedSecurity has the following features: i) It offers extensive customization options to accommodate a broad range of machine learning models (e.g., Logistic Regression, ResNet, and GAN) and FL optimizers (e.g., FedAVG, FedOPT, and FedNOVA); ii) it enables exploring the effectiveness of attacks and defenses across different datasets and models; and iii) it supports flexible configuration and customization through a configuration file and some APIs. We further demonstrate FedSecurity's utility and adaptability through federated training of Large Language Models (LLMs) to showcase its potential on a wide range of complex applications.
Paper Structure (22 sections, 17 figures, 5 tables, 2 algorithms)

This paper contains 22 sections, 17 figures, 5 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries and Overview
  3. Existing Benchmark Frameworks
  4. Adversarial Model
  5. Overview of FedSecurity
  6. Injection of attacks.
  7. Injection of defenses.
  8. Implementation of Attacks
  9. Model Poisoning Attacks
  10. Data Poisoning Attacks
  11. Data Reconstruction Attacks
  12. Integration of a New Attack
  13. Implementation of Defenses
  14. Before-Aggregation Defenses
  15. On-Aggregation Defenses
  16. ...and 7 more sections

Figures (17)

  • Figure 1: Examples of attack and defense configurations.
  • Figure 2: FedSecurity overview. FedSecurity enables injecting attacks/defenses (shown in red/green) at various stages of FL at the clients and at the server.
  • Figure 3: Attack comparison.
  • Figure 4: Defense comparison.
  • Figure 5: Label flipping exps.
  • ...and 12 more figures