Intelligent Attacks and Defense Methods in Federated Learning-enabled Energy-Efficient Wireless Networks
Han Zhang, Hao Zhou, Medhat Elsayed, Majid Bavand, Raimundas Gaigalas, Yigit Ozcan, Melike Erol-Kantarci
TL;DR
This work addresses the security of federated learning for energy-efficient wireless network control by analyzing intelligent, adaptive poisoning attacks in a DRL-based cell sleep control setting with non-IID data. It introduces GAN-enhanced and regularization-based model poisoning attacks and two defenses—autoencoder-based and knowledge-distillation-based—evaluated under near-realistic simulations. Results show intelligent attacks can significantly degrade throughput and energy efficiency, while KD-based defense recovers roughly 95% of secure-system performance across attack types, and autoencoder defense excels against simpler attacks. The findings highlight practical security implications for FL-enabled wireless control and demonstrate robust defense strategies with theoretical and empirical support."
Abstract
Federated learning (FL) is a promising technique for learning-based functions in wireless networks, thanks to its distributed implementation capability. On the other hand, distributed learning may increase the risk of exposure to malicious attacks where attacks on a local model may spread to other models by parameter exchange. Meanwhile, such attacks can be hard to detect due to the dynamic wireless environment, especially considering local models can be heterogeneous with non-independent and identically distributed (non-IID) data. Therefore, it is critical to evaluate the effect of malicious attacks and develop advanced defense techniques for FL-enabled wireless networks. In this work, we introduce a federated deep reinforcement learning-based cell sleep control scenario that enhances the energy efficiency of the network. We propose multiple intelligent attacks targeting the learning-based approach and we propose defense methods to mitigate such attacks. In particular, we have designed two attack models, generative adversarial network (GAN)-enhanced model poisoning attack and regularization-based model poisoning attack. As a counteraction, we have proposed two defense schemes, autoencoder-based defense, and knowledge distillation (KD)-enabled defense. The autoencoder-based defense method leverages an autoencoder to identify the malicious participants and only aggregate the parameters of benign local models during the global aggregation, while KD-based defense protects the model from attacks by controlling the knowledge transferred between the global model and local models.