Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Krum Federated Chain (KFC): Using blockchain to defend against adversarial attacks in Federated Learning

Mario García-Márquez, Nuria Rodríguez-Barroso, M. Victoria Luzón, Francisco Herrera

TL;DR

The paper tackles the vulnerability of Federated Learning to adversarial attacks by integrating blockchain with FL. It first evaluates Proof of Federated Learning (PoFL) as a defense, finding it effective when at least one miner remains honest, but vulnerable if all miners are compromised. To strengthen security, it introduces Krum Federated Chain (KFC), which combines PoFL with the Krum aggregation to defend against arbitrary attack configurations, including all-miner attacks. Across EMNIST, Fashion-MNIST, and CIFAR-10, PoFL and KFC prove energy-efficient and scalable, with KFC delivering robust performance under both Byzantine and backdoor threats, outperforming several baselines. The work highlights the potential of blockchain-based defenses for resilient FL and outlines future work toward broader attack classes and privacy-aware designs.

Abstract

Federated Learning presents a nascent approach to machine learning, enabling collaborative model training across decentralized devices while safeguarding data privacy. However, its distributed nature renders it susceptible to adversarial attacks. Integrating blockchain technology with Federated Learning offers a promising avenue to enhance security and integrity. In this paper, we tackle the potential of blockchain in defending Federated Learning against adversarial attacks. First, we test Proof of Federated Learning, a well known consensus mechanism designed ad-hoc to federated contexts, as a defense mechanism demonstrating its efficacy against Byzantine and backdoor attacks when at least one miner remains uncompromised. Second, we propose Krum Federated Chain, a novel defense strategy combining Krum and Proof of Federated Learning, valid to defend against any configuration of Byzantine or backdoor attacks, even when all miners are compromised. Our experiments conducted on image classification datasets validate the effectiveness of our proposed approaches.

Krum Federated Chain (KFC): Using blockchain to defend against adversarial attacks in Federated Learning

TL;DR

The paper tackles the vulnerability of Federated Learning to adversarial attacks by integrating blockchain with FL. It first evaluates Proof of Federated Learning (PoFL) as a defense, finding it effective when at least one miner remains honest, but vulnerable if all miners are compromised. To strengthen security, it introduces Krum Federated Chain (KFC), which combines PoFL with the Krum aggregation to defend against arbitrary attack configurations, including all-miner attacks. Across EMNIST, Fashion-MNIST, and CIFAR-10, PoFL and KFC prove energy-efficient and scalable, with KFC delivering robust performance under both Byzantine and backdoor threats, outperforming several baselines. The work highlights the potential of blockchain-based defenses for resilient FL and outlines future work toward broader attack classes and privacy-aware designs.

Abstract

Federated Learning presents a nascent approach to machine learning, enabling collaborative model training across decentralized devices while safeguarding data privacy. However, its distributed nature renders it susceptible to adversarial attacks. Integrating blockchain technology with Federated Learning offers a promising avenue to enhance security and integrity. In this paper, we tackle the potential of blockchain in defending Federated Learning against adversarial attacks. First, we test Proof of Federated Learning, a well known consensus mechanism designed ad-hoc to federated contexts, as a defense mechanism demonstrating its efficacy against Byzantine and backdoor attacks when at least one miner remains uncompromised. Second, we propose Krum Federated Chain, a novel defense strategy combining Krum and Proof of Federated Learning, valid to defend against any configuration of Byzantine or backdoor attacks, even when all miners are compromised. Our experiments conducted on image classification datasets validate the effectiveness of our proposed approaches.

Paper Structure

This paper contains 29 sections, 7 equations, 16 figures, 9 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Federated Learning
  4. Blockchain technology
  5. Adversarial attacks in Federated Learning
  6. Untargeted attacks in Federated Learning
  7. Backdoor attacks in Federated Learning
  8. Model replacement technique for attacks in Federated Learning
  9. Related works on blockchain applied to federated learning
  10. PoFL as a defense against adversarial attacks: A testing hypotesis
  11. Krum Federated Chain Defense Strategy
  12. Experimental set up
  13. Evaluation datasets
  14. Label-Flipping Byzantine Attacks
  15. Pattern-key Backdoor Attacks
  16. ...and 14 more sections

Figures (16)

  • Figure 1: Illustration of a typical FL workflow. Figure inspired by tutorialnuria.
  • Figure 2: Diagram illustrating the pooled-mining mechanism.
  • Figure 3: Procedure of a label-flipping attack on a machine learning model.
  • Figure 4: Examples of original and backdoored samples with cross patterns and square patterns of EMNIST, Fashion-MNIST and CIFAR datasets.
  • Figure 5: $accuracy$ (line) and $accuracy_{10}$ (dashed line) under the Backdoor attack on Fashion MNIST (a and b) and under the Byzantine attack on CIFAR (c) datasets, respectively, in scenario A.
  • ...and 11 more figures