摘要
针对联邦学习(FL)系统中普遍存在的恶意后门攻击行为,以及现有防御方案难以在隐私保护与模型训练的高准确率之间取得平衡的难题,探索FL中的后门攻击及其防御方法,提出一种名为GKFL(Generative Knowledge-based Federated Learning)的安全高效集成方案用于检测后门攻击并修复受损模型。该方案无需访问参与方的原始隐私数据,通过中央服务器生成检测数据检测联邦学习中的聚合模型是否遭受后门入侵,并采用知识蒸馏技术恢复受损模型,从而确保模型的完整性和准确性。在数据集MNIST和Fashion-MNIST上的实验结果表明,GKFL的总体性能均优于经典方案FoolsGold、GeoMed和RFA(Robust Federated Aggregation);GKFL比FoolsGold更能保护数据的隐私。可见,GKFL方案拥有检测后门攻击及修复受损模型的能力,并在模型中毒准确率和模型主任务准确率上明显优于对比方案。
Aiming at the commonly existing malicious backdoor attacks in Federated Learning(FL)systems,and the difficulty of achieving a balance between high accuracy of privacy protection and model training in the existing defense schemes,the backdoor attacks and their defense methods in FL were explored,a safe and efficient integrated scheme called GKFL(Generative Knowledge-based Federated Learning)was proposed to detect backdoor attacks and repair damaged models.In this scheme,there was no need to access original privacy data of the participants,detection data were generated through the central server to detect whether the aggregation model in federal learning was backdoor attacked,and knowledge distillation technology was used to repair the damaged models,thereby ensuring integrity and accuracy of the models.Experimental results on datasets MNIST and Fashion-MNIST show that the overall performance of GKFL is better than that of classic schemes such as FoolsGold,GeoMed,and RFA(Robust Aggregation Algorithm);GKFL can better protect data privacy than FoolsGold.It can be seen that GKFL scheme has the ability to detect backdoor attacks and repair the damaged models,and is better than the comparison schemes significantly in terms of model poisoning accuracy and the accuracy of model main task.
作者
苏锦涛
葛丽娜
肖礼广
邹经
王哲
SU Jintao;GE Lina;XIAO Liguang;ZOU Jing;WANG Zhe(School of Artificial Intelligence,Guangxi Minzu University,Nanning Guangxi 530006,China;Key Laboratory of Network Communication Engineering,Guangxi Minzu University,Nanning Guangxi 530006,China;Guangxi Key Laboratory of Hybrid Computation and IC Design Analysis(Guangxi Minzu University),Nanning Guangxi 530006,China)
出处
《计算机应用》
北大核心
2025年第8期2399-2408,共10页
journal of Computer Applications
基金
国家自然科学基金资助项目(61862007)
广西自然科学基金面上项目(2024GXNSFAA010111)。
关键词
联邦学习
后门攻击
数据安全
隐私保护
人工智能安全
Federated Learning(FL)
backdoor attack
data security
privacy protection
artificial intelligence security
