Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

FedBlock: A Blockchain Approach to Federated Learning against Backdoor Attacks

Duong H. Nguyen, Phi L. Nguyen, Truong T. Nguyen, Hieu H. Pham, Duc A. Tran

TL;DR

FedBlock is a novel blockchain-based FL framework that involves only smart contract programming, thus deployable atop any blockchain network and robustness against backdoor attacks is competitive with the literature of FL backdoor defense.

Abstract

Federated Learning (FL) is a machine learning method for training with private data locally stored in distributed machines without gathering them into one place for central learning. Despite its promises, FL is prone to critical security risks. First, because FL depends on a central server to aggregate local training models, this is a single point of failure. The server might function maliciously. Second, due to its distributed nature, FL might encounter backdoor attacks by participating clients. They can poison the local model before submitting to the server. Either type of attack, on the server or the client side, would severely degrade learning accuracy. We propose FedBlock, a novel blockchain-based FL framework that addresses both of these security risks. FedBlock is uniquely desirable in that it involves only smart contract programming, thus deployable atop any blockchain network. Our framework is substantiated with a comprehensive evaluation study using real-world datasets. Its robustness against backdoor attacks is competitive with the literature of FL backdoor defense. The latter, however, does not address the server risk as we do.

FedBlock: A Blockchain Approach to Federated Learning against Backdoor Attacks

TL;DR

FedBlock is a novel blockchain-based FL framework that involves only smart contract programming, thus deployable atop any blockchain network and robustness against backdoor attacks is competitive with the literature of FL backdoor defense.

Abstract

Federated Learning (FL) is a machine learning method for training with private data locally stored in distributed machines without gathering them into one place for central learning. Despite its promises, FL is prone to critical security risks. First, because FL depends on a central server to aggregate local training models, this is a single point of failure. The server might function maliciously. Second, due to its distributed nature, FL might encounter backdoor attacks by participating clients. They can poison the local model before submitting to the server. Either type of attack, on the server or the client side, would severely degrade learning accuracy. We propose FedBlock, a novel blockchain-based FL framework that addresses both of these security risks. FedBlock is uniquely desirable in that it involves only smart contract programming, thus deployable atop any blockchain network. Our framework is substantiated with a comprehensive evaluation study using real-world datasets. Its robustness against backdoor attacks is competitive with the literature of FL backdoor defense. The latter, however, does not address the server risk as we do.

Paper Structure

This paper contains 26 sections, 2 theorems, 20 equations, 7 figures, 3 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Federated Learning
  5. Backdoor Attacks
  6. Proposed Framework
  7. System Overview
  8. Verification and Aggregation
  9. Local Verification
  10. Trust Score
  11. Global Aggregation
  12. Client Set to Verify
  13. Malicious Verifiers
  14. FedBlock Backdoor Defense
  15. Gradient of Ultimate Layer
  16. ...and 11 more sections

Key Result

Theorem 1

Given $V$ verifiers and $M$ clients, the expected value of $L$ clients that each verifier needs to verify such that all $M$ clients are verified is

Figures (7)

  • Figure 1: Overview architecture of FedBlock.
  • Figure 1: FedBlock vs. FedGrad under different backdoor strategies (CIFAR-10 and EMNIST, 500 rounds).
  • Figure 2: The ultimate layer is the last layer, which connects from the previous layer via the ultimate weight and bias matrix and to the softmax function.
  • Figure 2: FedBlock under the effect of bad verifiers and effectiveness of the client-as-a-verifier (CAAV) approach (500 rounds, CIFAR-10, black-box backdoor).
  • Figure 3: Real-time performance in individual aggregation rounds (CIFAR-10). For better visualization, here we plot the results that are smooth-averaged after every 20 rounds.
  • ...and 2 more figures

Theorems & Definitions (8)

  • Definition 5.1: Ultimate Gradient
  • Definition 5.2: By-Class Ultimate Gradient
  • Remark : 1
  • Remark : 2
  • Theorem 1: Optimal value for $L$
  • proof
  • Theorem 2: Optimal value for $V$
  • proof