Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Byzantine-Robust Federated Learning: An Overview With Focus on Developing Sybil-based Attacks to Backdoor Augmented Secure Aggregation Protocols

Atharv Deshmukh

TL;DR

This paper provides an in-depth analysis of the strengths and weaknesses of the Robustness of Federated Learning (RoFL) protocol, and proposes two novel Sybil-based attacks that take advantage of vulnerabilities in RoFL.

Abstract

Federated Learning (FL) paradigms enable large numbers of clients to collaboratively train Machine Learning models on private data. However, due to their multi-party nature, traditional FL schemes are left vulnerable to Byzantine attacks that attempt to hurt model performance by injecting malicious backdoors. A wide variety of prevention methods have been proposed to protect frameworks from such attacks. This paper provides a exhaustive and updated taxonomy of existing methods and frameworks, before zooming in and conducting an in-depth analysis of the strengths and weaknesses of the Robustness of Federated Learning (RoFL) protocol. From there, we propose two novel Sybil-based attacks that take advantage of vulnerabilities in RoFL. Finally, we conclude with comprehensive proposals for future testing, describe and detail implementation of the proposed attacks, and offer direction for improvements in the RoFL protocol as well as Byzantine-robust frameworks as a whole.

Byzantine-Robust Federated Learning: An Overview With Focus on Developing Sybil-based Attacks to Backdoor Augmented Secure Aggregation Protocols

TL;DR

This paper provides an in-depth analysis of the strengths and weaknesses of the Robustness of Federated Learning (RoFL) protocol, and proposes two novel Sybil-based attacks that take advantage of vulnerabilities in RoFL.

Abstract

Federated Learning (FL) paradigms enable large numbers of clients to collaboratively train Machine Learning models on private data. However, due to their multi-party nature, traditional FL schemes are left vulnerable to Byzantine attacks that attempt to hurt model performance by injecting malicious backdoors. A wide variety of prevention methods have been proposed to protect frameworks from such attacks. This paper provides a exhaustive and updated taxonomy of existing methods and frameworks, before zooming in and conducting an in-depth analysis of the strengths and weaknesses of the Robustness of Federated Learning (RoFL) protocol. From there, we propose two novel Sybil-based attacks that take advantage of vulnerabilities in RoFL. Finally, we conclude with comprehensive proposals for future testing, describe and detail implementation of the proposed attacks, and offer direction for improvements in the RoFL protocol as well as Byzantine-robust frameworks as a whole.

Paper Structure

This paper contains 8 sections, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Related Work
  4. Analysis
  5. Proposed Attack
  6. Future Work
  7. Conclusion
  8. Appendix

Figures (4)

  • Figure 1: Architecture of a typical FL setup with a Secure Aggregation protocol to protect client updates from inference attacks.
  • Figure 2: Data poisoning attacks versus model poisoning attacks. Figure inspired by lycklama2023rofl.
  • Figure 3: Additive homomorphic scheme proposed by Bonawitz et al. 10.1145/3133956.3133982 (a) Additive masks based on pairwise shared secrets $s_{ij}$. $r_1 + r_2 + r_3 = 0$ where $r_1 = s_{12} + s_{13}$, $r_2 = -s_{12} + s_{23}$, and $r_3 = -s_{13} - s_{23}$. (b) Server adds the updates using the homomorphic properties of the scheme. Figure inspired by lycklama2023rofl.
  • Figure 4: FL system with and without colluding Sybil nodes mounting a poisoning attack. Sybil-based attacks involve adversaries creating multiple fake identities or Sybil nodes 9767718.