JOURNAL ARTICLE

Defending Against Data Poisoning Attacks: From Distributed Learning to Federated Learning.

  • Published In: Computer Journal, 2023, v. 66, n. 3. P. 711 1 of 3

  • Database: Academic Search Ultimate 2 of 3

  • Authored By: Tian, Yuchen; Zhang, Weizhe; Simpson, Andrew; Liu, Yang; Jiang, Zoe Lin 3 of 3

Abstract

This article focuses on the vulnerabilities of federated learning (FL)—a privacy-preserving variant of distributed learning (DL)—to data poisoning attacks and evaluates the effectiveness of existing defenses originally designed for DL in FL contexts. The study finds that while robust aggregation rules can somewhat defend against targeted label-flipping attacks under independent and identically distributed (IID) data, their effectiveness diminishes with non-IID data distributions typical in FL, and batch size influences defense stability. Addressing these challenges, the authors propose DSPO (Detect and Suppress the Potential Outliers), a defense strategy that assigns adaptive weights to client updates based on pairwise similarity to mitigate malicious influence without discarding updates outright. Experimental results on Fashion-MNIST and CIFAR-10 datasets demonstrate that DSPO outperforms existing defenses in maintaining model accuracy under poisoning attacks, particularly in non-IID settings, though further research is needed to generalize defenses across attack types and high-dimensional models.

Additional Information

  • Source:Computer Journal. 2023/03, Vol. 66, Issue 3, p711
  • Document Type:Article
  • Subject Area:Computer Science
  • Publication Date:2023
  • ISSN:0010-4620
  • DOI:10.1093/comjnl/bxab192
  • Accession Number:162503606
  • Copyright Statement:Copyright of Computer Journal is the property of Oxford University Press / USA and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Looking to go deeper into this topic? Look for more articles on EBSCOhost.