Options
Data poisoning detection in federated learning
Publikationstyp
Conference Paper
Date Issued
2024-04-08
Sprache
English
Start Page
1549
End Page
1558
Citation
Proceedings of the ACM Symposium on Applied Computing (SAC 2024)
Contribution to Conference
SAC 2024
Publisher DOI
Scopus ID
Publisher
ACM
ISBN
9798400702433
Federated Learning (FL) is an emerging machine learning paradigm in which multiple clients collaboratively train a model without exposing their local datasets. Under this paradigm, numerous clients share the responsibility of model training instead of having a centralized server. However, this enables clients of an FL system to send malicious model updates. An adversary could, e.g., train the local model with incorrect data to insert an adversary-defined objective into the model or cause a severe drop in accuracy.We show that it is possible for a small number of adversaries to considerably reduce the model performance after only one round of FL. Using Shapley Additive Explanation (SHAP) values as indicators, we propose a detection algorithm that pairs SHAP values and Support Vector Machines (SVMs) to derive classifiers that can effectively differentiate malicious from honest clients.
Subjects
data poisoning
detection
federated learning
label-flipping attacks
shapley additive explanation
MLE@TUHH
DDC Class
005: Computer Programming, Programs, Data and Security