Logo do repositório
 
Miniatura
Publicação

Attack-Resilient Federated Machine Learning at Nodes

2024Dissertação de mestrado Acesso aberto
http://hdl.handle.net/10400.5/95531
Utilize este identificador para referenciar este registo.
Nome:Descrição:Tamanho:Formato: 
TM_Filipe_Rodrigues.pdf12.06 MBAdobe PDF Ver/Abrir

Autores

Rodrigues, Filipe Dinis Ferreira

Orientador(es)

Neves, Nuno Fuentecilla Maia Ferreira

Resumo(s)

Federated learning (FL) emerged as a solution for distributed machine learning, enabling the training of models from decentralized data (e.g., stored in clients’ devices) without compromising their privacy. Its distributed nature makes it vulnerable to attacks from adversaries, resulting in possible degraded inference behavior for targeted examples or general misclassification of dataset instances. Hence, the implementation of security mechanisms to prevent nefarious actions from impacting the global model is critical to ensure that FL is a safe environment to train a model collaboratively while assuring clients’ data privacy. Evaluations of node attacks in current FL literature require complex modifications to create or integrate new attacks, which entail considerable effort. Therefore, in this work, we propose a tool called FADO that provides researchers and industry professionals with a platform to quickly evaluate FL scenarios under various types of attacks. FADO is scalable, capable of executing FL scenarios with thousands of clients while ensuring realism and a high degree of customizability. Users can integrate their implementations of different FL components into FADO with minimal complexity, thanks to its interfaces that facilitate the loading of external modules. Additionally, we introduce a novel backdoor attack called BLARE, which manipulates the attacker’s model parameters during training to make the backdoor more persistent in the global model, even after the attacker stops injecting malicious updates. We evaluated this backdoor attack using FADO with two datasets: CIFAR10 and CIFAR100. Several experiments were conducted in which we varied specific hyperparameters to understand their impact on BLARE’s effectiveness. We conclude that FADO and BLARE significantly contribute to the understanding of node attacks in FL, offering valuable insights to improve the robustness and security of FL systems.

Descrição

Tese de Mestrado, Segurança Informática, 2024, Universidade de Lisboa, Faculdade de Ciências

Palavras-chave

Aprendizagem federada Privacidade Ataque backdoor Segurança Inteligência artificial Teses de mestrado - 2024

URI

http://hdl.handle.net/10400.5/95531

Contexto Educativo

Citação

Projetos de investigação

Unidades organizacionais

Fascículo

Editora

Coleções

FC-DI - Master Thesis (dissertation)

Licença CC