Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Security Assessment of Hierarchical Federated Deep Learning

D Alqattan, R Sun, H Liang, G Nicosia, V Snasel, R Ranjan, V Ojha

TL;DR

This paper investigates the security of Hierarchical Federated Learning (HFL) under both inference-time and training-time adversarial threats. It presents a formal HFL model, a comprehensive attack taxonomy, and model-driven defenses, evaluated via extensive experiments on MNIST, Fashion-MNIST, and CIFAR-10 with 3-level and 4-level hierarchies. Key findings show that HFL is robust to untargeted training-time attacks due to hierarchical aggregation, but vulnerable to targeted backdoor attacks when malicious participants inhabit overlapping edge-server regions; Neural Cleanse and adversarial training improve robustness, with deeper hierarchies offering stronger defense in many scenarios. The results inform security strategies for HFL deployments in smart-city-like ecosystems, highlighting the trade-offs between performance, resilience, and defense complexity, and suggesting directions for tailored defenses against targeted attacks in multi-level federated settings.

Abstract

Hierarchical federated learning (HFL) is a promising distributed deep learning model training paradigm, but it has crucial security concerns arising from adversarial attacks. This research investigates and assesses the security of HFL using a novel methodology by focusing on its resilience against adversarial attacks inference-time and training-time. Through a series of extensive experiments across diverse datasets and attack scenarios, we uncover that HFL demonstrates robustness against untargeted training-time attacks due to its hierarchical structure. However, targeted attacks, particularly backdoor attacks, exploit this architecture, especially when malicious clients are positioned in the overlapping coverage areas of edge servers. Consequently, HFL shows a dual nature in its resilience, showcasing its capability to recover from attacks thanks to its hierarchical aggregation that strengthens its suitability for adversarial training, thereby reinforcing its resistance against inference-time attacks. These insights underscore the necessity for balanced security strategies in HFL systems, leveraging their inherent strengths while effectively mitigating vulnerabilities.

Security Assessment of Hierarchical Federated Deep Learning

TL;DR

This paper investigates the security of Hierarchical Federated Learning (HFL) under both inference-time and training-time adversarial threats. It presents a formal HFL model, a comprehensive attack taxonomy, and model-driven defenses, evaluated via extensive experiments on MNIST, Fashion-MNIST, and CIFAR-10 with 3-level and 4-level hierarchies. Key findings show that HFL is robust to untargeted training-time attacks due to hierarchical aggregation, but vulnerable to targeted backdoor attacks when malicious participants inhabit overlapping edge-server regions; Neural Cleanse and adversarial training improve robustness, with deeper hierarchies offering stronger defense in many scenarios. The results inform security strategies for HFL deployments in smart-city-like ecosystems, highlighting the trade-offs between performance, resilience, and defense complexity, and suggesting directions for tailored defenses against targeted attacks in multi-level federated settings.

Abstract

Hierarchical federated learning (HFL) is a promising distributed deep learning model training paradigm, but it has crucial security concerns arising from adversarial attacks. This research investigates and assesses the security of HFL using a novel methodology by focusing on its resilience against adversarial attacks inference-time and training-time. Through a series of extensive experiments across diverse datasets and attack scenarios, we uncover that HFL demonstrates robustness against untargeted training-time attacks due to its hierarchical structure. However, targeted attacks, particularly backdoor attacks, exploit this architecture, especially when malicious clients are positioned in the overlapping coverage areas of edge servers. Consequently, HFL shows a dual nature in its resilience, showcasing its capability to recover from attacks thanks to its hierarchical aggregation that strengthens its suitability for adversarial training, thereby reinforcing its resistance against inference-time attacks. These insights underscore the necessity for balanced security strategies in HFL systems, leveraging their inherent strengths while effectively mitigating vulnerabilities.
Paper Structure (21 sections, 2 equations, 7 figures, 1 table)

This paper contains 21 sections, 2 equations, 7 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. Security Assessment of Hierarchical Federated Learning
  4. Hierarchical Federated Learning (HFL) Model
  5. Adversarial Attacks on HFL Model
  6. Inference-time Attacks (ITAs).
  7. Training-time Attacks (TTAs).
  8. Adversarial Defense on HFL Model
  9. Experiment Design
  10. Results and Discussion
  11. Baseline performance: HFL model under no attacks
  12. Models performance under Inference-time attacks and defense
  13. Impact of the attacks.
  14. Adversarial training (AT) defense against inference-time attack.
  15. Models performance under Training-time attacks and defense
  16. ...and 6 more sections

Figures (7)

  • Figure 1: FL network architectures: (a) 2-level FL; (b) 3-level HFL; (c) 4-level HFL
  • Figure 2: HFL and Attack Model
  • Figure 3: Baseline performance: HFL models performance without adversarial attacks.
  • Figure 4: Models performance under inference-time adversarial attacks.
  • Figure 5: Model's performance under Inference-time attacks and adversarial Training defense
  • ...and 2 more figures