AWFC: Preventing Label Flipping Attacks Towards Federated Learning for Intelligent IoT. (1st October 2022)
- Record Type:
- Journal Article
- Title:
- AWFC: Preventing Label Flipping Attacks Towards Federated Learning for Intelligent IoT. (1st October 2022)
- Main Title:
- AWFC: Preventing Label Flipping Attacks Towards Federated Learning for Intelligent IoT
- Authors:
- Lv, Zhuo
Cao, Hongbo
Zhang, Feng
Ren, Yuange
Wang, Bin
Chen, Cen
Li, Nuannuan
Chang, Hao
Wang, Wei - Abstract:
- Abstract: Centralized machine learning methods require the aggregation of data collected from clients. Due to the awareness of data privacy, however, the aggregation of raw data collected by Internet of Things (IoT) devices is not feasible in many scenarios. Federated learning (FL), a kind of distributed learning framework, can be running on multiple IoT devices. It aims to resolve the issues of privacy leakage by training a model locally on the client-side, other than on the server-side that aggregates all the raw data. However, there are still threats of poisoning attacks in FL. Label flipping attacks, typical data poisoning attacks in FL, aim to poison the global model by sending model updates trained by the data with mismatched labels. The central parameter aggregation server is hard to detect the label flipping attacks due to its inaccessibility to the client in a typical FL system. In this work, we are motivated to prevent label flipping poisoning attacks by observing the changes in model parameters that were trained by different single labels. We propose a novel detection method called average weight of each class in its associated fully connected layer. In this method, we detect label flipping attacks by identifying the differences of classes in the data based on the weight assignments in a fully connected layer of the neural network model and use the statistical algorithm to recognize the malicious clients. We conduct extensive experiments on benchmark data likeAbstract: Centralized machine learning methods require the aggregation of data collected from clients. Due to the awareness of data privacy, however, the aggregation of raw data collected by Internet of Things (IoT) devices is not feasible in many scenarios. Federated learning (FL), a kind of distributed learning framework, can be running on multiple IoT devices. It aims to resolve the issues of privacy leakage by training a model locally on the client-side, other than on the server-side that aggregates all the raw data. However, there are still threats of poisoning attacks in FL. Label flipping attacks, typical data poisoning attacks in FL, aim to poison the global model by sending model updates trained by the data with mismatched labels. The central parameter aggregation server is hard to detect the label flipping attacks due to its inaccessibility to the client in a typical FL system. In this work, we are motivated to prevent label flipping poisoning attacks by observing the changes in model parameters that were trained by different single labels. We propose a novel detection method called average weight of each class in its associated fully connected layer. In this method, we detect label flipping attacks by identifying the differences of classes in the data based on the weight assignments in a fully connected layer of the neural network model and use the statistical algorithm to recognize the malicious clients. We conduct extensive experiments on benchmark data like Fashion-MNIST and Intrusion Detection Evaluation Dataset (CIC-IDS2017). Comprehensive experimental results demonstrated that our method has the detection accuracy over 90% for the identification of the attackers flipping labels. … (more)
- Is Part Of:
- Computer journal. Volume 65:Number 11(2022)
- Journal:
- Computer journal
- Issue:
- Volume 65:Number 11(2022)
- Issue Display:
- Volume 65, Issue 11 (2022)
- Year:
- 2022
- Volume:
- 65
- Issue:
- 11
- Issue Sort Value:
- 2022-0065-0011-0000
- Page Start:
- 2849
- Page End:
- 2859
- Publication Date:
- 2022-10-01
- Subjects:
- federated learning -- label flipping attacks -- poisoning attacks -- distributed machine learning -- intrusion detection
Computers -- Periodicals
005.1 - Journal URLs:
- http://comjnl.oxfordjournals.org/ ↗
http://ukcatalogue.oup.com/ ↗ - DOI:
- 10.1093/comjnl/bxac124 ↗
- Languages:
- English
- ISSNs:
- 0010-4620
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.060000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24771.xml