FLARE: A Backdoor Attack to Federated Learning with Refined Evasion
Federated Learning (FL) is vulnerable to backdoor attacks in which attackers inject malicious behaviors into the global model. To counter these attacks, existing works mainly introduce sophisticated defenses by analyzing model parameters and utilizing robust aggregation strategies. However, we find...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-11-01
|
| Series: | Mathematics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2227-7390/12/23/3751 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850060413898588160 |
|---|---|
| author | Qingya Wang Yi Wu Haojun Xuan Huishu Wu |
| author_facet | Qingya Wang Yi Wu Haojun Xuan Huishu Wu |
| author_sort | Qingya Wang |
| collection | DOAJ |
| description | Federated Learning (FL) is vulnerable to backdoor attacks in which attackers inject malicious behaviors into the global model. To counter these attacks, existing works mainly introduce sophisticated defenses by analyzing model parameters and utilizing robust aggregation strategies. However, we find that FL systems can still be attacked by exploiting their inherent complexity. In this paper, we propose a novel three-stage backdoor attack strategy named FLARE: A Backdoor Attack to Federated Learning with Refined Evasion, which is designed to operate under the radar of conventional defense strategies. Our proposal begins with a trigger inspection stage to leverage the initial susceptibilities of FL systems, followed by a trigger insertion stage where the synthesized trigger is stealthily embedded at a low poisoning rate. Finally, the trigger is amplified to increase the attack’s success rate during the backdoor activation stage. Experiments on the effectiveness of FLARE show significant enhancements in both the stealthiness and success rate of backdoor attacks across multiple federated learning environments. In particular, the success rate of our backdoor attack can be improved by up to 45× compared to existing methods. |
| format | Article |
| id | doaj-art-618d248ad7a549a9b6d707cb37ba061f |
| institution | DOAJ |
| issn | 2227-7390 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Mathematics |
| spelling | doaj-art-618d248ad7a549a9b6d707cb37ba061f2025-08-20T02:50:33ZengMDPI AGMathematics2227-73902024-11-011223375110.3390/math12233751FLARE: A Backdoor Attack to Federated Learning with Refined EvasionQingya Wang0Yi Wu1Haojun Xuan2Huishu Wu3Faculty of Law, University of Montreal, 2900 Edouard Montpetit Blvd, Montreal, QC H3T 1J4, CanadaChina Academy of Information and Communications Technology, Beijing 100191, ChinaSchool of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing 100081, ChinaFaculty of Law, University of Montreal, 2900 Edouard Montpetit Blvd, Montreal, QC H3T 1J4, CanadaFederated Learning (FL) is vulnerable to backdoor attacks in which attackers inject malicious behaviors into the global model. To counter these attacks, existing works mainly introduce sophisticated defenses by analyzing model parameters and utilizing robust aggregation strategies. However, we find that FL systems can still be attacked by exploiting their inherent complexity. In this paper, we propose a novel three-stage backdoor attack strategy named FLARE: A Backdoor Attack to Federated Learning with Refined Evasion, which is designed to operate under the radar of conventional defense strategies. Our proposal begins with a trigger inspection stage to leverage the initial susceptibilities of FL systems, followed by a trigger insertion stage where the synthesized trigger is stealthily embedded at a low poisoning rate. Finally, the trigger is amplified to increase the attack’s success rate during the backdoor activation stage. Experiments on the effectiveness of FLARE show significant enhancements in both the stealthiness and success rate of backdoor attacks across multiple federated learning environments. In particular, the success rate of our backdoor attack can be improved by up to 45× compared to existing methods.https://www.mdpi.com/2227-7390/12/23/3751federated learningbackdoor attackstrigger inspectionpoisoning rate |
| spellingShingle | Qingya Wang Yi Wu Haojun Xuan Huishu Wu FLARE: A Backdoor Attack to Federated Learning with Refined Evasion Mathematics federated learning backdoor attacks trigger inspection poisoning rate |
| title | FLARE: A Backdoor Attack to Federated Learning with Refined Evasion |
| title_full | FLARE: A Backdoor Attack to Federated Learning with Refined Evasion |
| title_fullStr | FLARE: A Backdoor Attack to Federated Learning with Refined Evasion |
| title_full_unstemmed | FLARE: A Backdoor Attack to Federated Learning with Refined Evasion |
| title_short | FLARE: A Backdoor Attack to Federated Learning with Refined Evasion |
| title_sort | flare a backdoor attack to federated learning with refined evasion |
| topic | federated learning backdoor attacks trigger inspection poisoning rate |
| url | https://www.mdpi.com/2227-7390/12/23/3751 |
| work_keys_str_mv | AT qingyawang flareabackdoorattacktofederatedlearningwithrefinedevasion AT yiwu flareabackdoorattacktofederatedlearningwithrefinedevasion AT haojunxuan flareabackdoorattacktofederatedlearningwithrefinedevasion AT huishuwu flareabackdoorattacktofederatedlearningwithrefinedevasion |