Saved in:
| Main Authors: | , , , , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2411.16167 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866911043518726144 |
|---|---|
| author | Han, Xingshuo Zhang, Xuanye Lan, Xiang Wang, Haozhao Xu, Shengmin Ren, Shen Zeng, Jason Wu, Ming Heinrich, Michael Zhang, Tianwei |
| author_facet | Han, Xingshuo Zhang, Xuanye Lan, Xiang Wang, Haozhao Xu, Shengmin Ren, Shen Zeng, Jason Wu, Ming Heinrich, Michael Zhang, Tianwei |
| contents | By using a control variate to calibrate the local gradient of each client, Scaffold has been widely known as a powerful solution to mitigate the impact of data heterogeneity in Federated Learning. Although Scaffold achieves significant performance improvements, we show that this superiority is at the cost of increased security vulnerabilities. Specifically, this paper presents BadSFL, the first backdoor attack targeting Scaffold, which turns benign clients into accomplices to amplify the attack effect. The core idea of BadSFL is to uniquely tamper with the control variate to subtly steer benign clients' local gradient updates towards the attacker's poisoned direction, effectively turning them into unwitting accomplices and significantly enhancing the backdoor persistence. Additionally, BadSFL leverages a GAN-enhanced poisoning strategy to enrich the attacker's dataset, maintaining high accuracy on both benign and backdoored samples while remaining stealthy. Extensive experiments demonstrate that BadSFL achieves superior attack durability, maintaining effectiveness for over 60 global rounds, lasting up to three times longer than existing baselines even after ceasing malicious model injections. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2411_16167 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | Mind the Cost of Scaffold! Benign Clients May Even Become Accomplices of Backdoor Attack Han, Xingshuo Zhang, Xuanye Lan, Xiang Wang, Haozhao Xu, Shengmin Ren, Shen Zeng, Jason Wu, Ming Heinrich, Michael Zhang, Tianwei Machine Learning By using a control variate to calibrate the local gradient of each client, Scaffold has been widely known as a powerful solution to mitigate the impact of data heterogeneity in Federated Learning. Although Scaffold achieves significant performance improvements, we show that this superiority is at the cost of increased security vulnerabilities. Specifically, this paper presents BadSFL, the first backdoor attack targeting Scaffold, which turns benign clients into accomplices to amplify the attack effect. The core idea of BadSFL is to uniquely tamper with the control variate to subtly steer benign clients' local gradient updates towards the attacker's poisoned direction, effectively turning them into unwitting accomplices and significantly enhancing the backdoor persistence. Additionally, BadSFL leverages a GAN-enhanced poisoning strategy to enrich the attacker's dataset, maintaining high accuracy on both benign and backdoored samples while remaining stealthy. Extensive experiments demonstrate that BadSFL achieves superior attack durability, maintaining effectiveness for over 60 global rounds, lasting up to three times longer than existing baselines even after ceasing malicious model injections. |
| title | Mind the Cost of Scaffold! Benign Clients May Even Become Accomplices of Backdoor Attack |
| topic | Machine Learning |
| url | https://arxiv.org/abs/2411.16167 |