Title:RECESS Vaccine for Federated Learning: Proactive Defense Against Model Poisoning Attacks
Presenter:Dr. Xiaodong Lin, PhD, FIEEE
Affiliation:University of Guelph, Canada
Date:January 12, 2024 (Friday)
Time:09:00-10:00 AM
Location:Tencent Meeting (ID: 445-975-806)
Abstract:
Model poisoning attacks pose significant threats to the implementation of federated learning (FL). The efficacy of existing defenses is vulnerable to the latest model poisoning attacks, resulting in a decline in prediction accuracy. Moreover, these defenses struggle to differentiate between benign outliers and malicious gradients, further undermining model generalization. In this presentation, we introduce a novel proactive defense strategy named RECESS against model poisoning attacks. Unlike the passive analysis employed in prior defenses, RECESS proactively engages each participating client by soliciting a carefully crafted aggregation gradient, while concurrently detecting malicious clients based on their responses with greater accuracy. Additionally, RECESS employs a novel trust scoring mechanism to robustly aggregate gradients. Unlike previous methods that score each iteration independently, RECESS evaluates clients' performance correlation across multiple iterations to estimate the trust score, significantly enhancing fault tolerance. We extensively evaluate RECESS across various model architectures and datasets under different conditions. We also assess its defensive efficacy against other forms of poisoning attacks, hyperparameter sensitivity, and adaptive adversarial attacks. Experimental results demonstrate the superior performance of RECESS in mitigating accuracy loss caused by the latest model poisoning attacks compared to five classic and two state-of-the-art defenses.
Presenter's Bio:
Dr. Xiaodong Lin earned his PhD in Information Engineering from Beijing University of Posts and Telecommunications, China, and his PhD in Electrical and Computer Engineering from the University of Waterloo, Canada (with Outstanding Achievement in Graduate Studies Award). He currently serves as a Professor in the School of Computer Science at the University of Guelph, Canada. His research interests encompass wireless communications and network security, privacy-enhancing technologies, computer forensics, Decentralized Finance (DeFi) security, and applied cryptography. Dr. Lin is an Associate Editor for numerous international journals and has acted as a guest editor for several special issues of IEEE, Elsevier, and Springer journals. He has also chaired symposiums and tracks at IEEE/ACM conferences and served on program committees for various international conferences. He was previously Chair of the Communications and Information Security Technical Committee (CISTC) at the IEEE Communications Society (2016-2017). Dr. Lin is a Fellow of the IEEE.