Saved in:
Bibliographic Details
Main Authors: Tang, Yuhan, Zhang, Aoxu, Wu, Zhiyuan, Gao, Bo, Wen, Tian, Wang, Yuwei, Sun, Sheng
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2407.18039
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909267634683904
author Tang, Yuhan
Zhang, Aoxu
Wu, Zhiyuan
Gao, Bo
Wen, Tian
Wang, Yuwei
Sun, Sheng
author_facet Tang, Yuhan
Zhang, Aoxu
Wu, Zhiyuan
Gao, Bo
Wen, Tian
Wang, Yuwei
Sun, Sheng
contents Federated Distillation (FD) offers an innovative approach to distributed machine learning, leveraging knowledge distillation for efficient and flexible cross-device knowledge transfer without necessitating the upload of extensive model parameters to a central server. While FD has gained popularity, its vulnerability to poisoning attacks remains underexplored. To address this gap, we previously introduced FDLA (Federated Distillation Logits Attack), a method that manipulates logits communication to mislead and degrade the performance of client models. However, the impact of FDLA on participants with different identities and the effects of malicious modifications at various stages of knowledge transfer remain unexplored. To this end, we present PCFDLA (Peak-Controlled Federated Distillation Logits Attack), an advanced and more stealthy logits poisoning attack method for FD. PCFDLA enhances the effectiveness of FDLA by carefully controlling the peak values of logits to create highly misleading yet inconspicuous modifications. Furthermore, we introduce a novel metric for better evaluating attack efficacy, demonstrating that PCFDLA maintains stealth while being significantly more disruptive to victim models compared to its predecessors. Experimental results across various datasets confirm the superior impact of PCFDLA on model accuracy, solidifying its potential threat in federated distillation systems.
format Preprint
id arxiv_https___arxiv_org_abs_2407_18039
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Peak-Controlled Logits Poisoning Attack in Federated Distillation
Tang, Yuhan
Zhang, Aoxu
Wu, Zhiyuan
Gao, Bo
Wen, Tian
Wang, Yuwei
Sun, Sheng
Machine Learning
Artificial Intelligence
Federated Distillation (FD) offers an innovative approach to distributed machine learning, leveraging knowledge distillation for efficient and flexible cross-device knowledge transfer without necessitating the upload of extensive model parameters to a central server. While FD has gained popularity, its vulnerability to poisoning attacks remains underexplored. To address this gap, we previously introduced FDLA (Federated Distillation Logits Attack), a method that manipulates logits communication to mislead and degrade the performance of client models. However, the impact of FDLA on participants with different identities and the effects of malicious modifications at various stages of knowledge transfer remain unexplored. To this end, we present PCFDLA (Peak-Controlled Federated Distillation Logits Attack), an advanced and more stealthy logits poisoning attack method for FD. PCFDLA enhances the effectiveness of FDLA by carefully controlling the peak values of logits to create highly misleading yet inconspicuous modifications. Furthermore, we introduce a novel metric for better evaluating attack efficacy, demonstrating that PCFDLA maintains stealth while being significantly more disruptive to victim models compared to its predecessors. Experimental results across various datasets confirm the superior impact of PCFDLA on model accuracy, solidifying its potential threat in federated distillation systems.
title Peak-Controlled Logits Poisoning Attack in Federated Distillation
topic Machine Learning
Artificial Intelligence
url https://arxiv.org/abs/2407.18039