DYNAMIC POISONING ATTACKS AGAINST FEDERATED LEARNING

Abstract

Federated Learning(FL) is a decentralized Machine Learning(ML) technique that trains a model without sharing data. End devices have access to a wealth of data. Usually this data is large in volume and also contains private and sensitive information. In traditional Machine Learning(ML) this data is sent to the central server where the ML model is trained on this data. The main disadvantages of traditional machine learning is that it does not maintain data privacy and it is communication inefficient. Federated Learning solves this issue by training the model locally without sending data to server, thus maintaining data privacy and communication efficiency since data is not sent to the server. The clients in Federated Learning are not data providers but take part in the model training process by contributing model updates. This makes Federated Learning vulnerable to a type of attack know as Poisoning attacks. Existing defence mechanisms focus on static nature of attackers and don’t take into consideration the dynamic behaviour of attackers. In this work we see how existing defence mechanism fail to perform when the attackers behave in a dynamic manner. We also propose a novel defence mechanism for poisoning attacks against federated learning system which takes into account the dynamic behaviour of clients and attackers.