A Meta-Reinforcement Learning-Based Poisoning Attack Framework Against Federated Learning

A Meta-Reinforcement Learning-Based Poisoning Attack Framework Against Federated Learning

As a distributed machine learning paradigm, federated learning enables clients to collaboratively train a global model without sharing their raw data, thus preserving data privacy while still utilizing the data. However, the distributed nature of federated learning makes it vulnerable to poisoning a...

Full description

Saved in:
Bibliographic Details
Main Authors: Wei Zhou, Donglai Zhang, Hongjie Wang, Jinliang Li, Mingjian Jiang
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Federated learning
poisoning attack
meta-reinforcement learning
generative adversarial network
robust aggregation strategy
Online Access:https://ieeexplore.ieee.org/document/10872904/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:As a distributed machine learning paradigm, federated learning enables clients to collaboratively train a global model without sharing their raw data, thus preserving data privacy while still utilizing the data. However, the distributed nature of federated learning makes it vulnerable to poisoning attacks, which undermine the integrity and availability of the model by injecting carefully crafted perturbations into the data or model. Most existing poisoning attacks rely on heuristic approaches, which are significantly mitigated by robust aggregation strategies during long-term federated learning training. To overcome this limitation, this work proposes a novel poisoning attack framework based on meta-reinforcement learning. The global data distribution of the clients is first inferred from the global gradient using a conditional generative adversarial network. The inferred distribution is then used to simulate the federated learning environment locally for reinforcement learning training. A novel scaling and noise injection attack is introduced by designing unique scaling coefficients and noise values for the gradient of each layer’s parameters using reinforcement learning. Furthermore, meta-reinforcement learning is leveraged to enhance the generalization capability of the attack, ensuring effectiveness across various robust aggregation strategies. Experimental results demonstrate that our approach significantly reduces model accuracy to around 10% across three datasets under various aggregation strategies, outperforming existing methods and exhibiting superior generalization ability and attack performance.
ISSN:2169-3536

Similar Items