高级检索
    洪榛, 冯王磊, 温震宇, 吴迪, 李涛涛, 伍一鸣, 王聪, 纪守领. 基于梯度回溯的联邦学习搭便车攻击检测[J]. 计算机研究与发展. DOI: 10.7544/issn1000-1239.202330886
    引用本文: 洪榛, 冯王磊, 温震宇, 吴迪, 李涛涛, 伍一鸣, 王聪, 纪守领. 基于梯度回溯的联邦学习搭便车攻击检测[J]. 计算机研究与发展. DOI: 10.7544/issn1000-1239.202330886
    Hong Zhen, Feng Wanglei, Wen Zhenyu, Wu Di, Li Taotao, Wu Yiming, Wang Cong, Ji Shouling. Detecting Free-Riders in Federated Learning Based on Gradient Backtracking[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202330886
    Citation: Hong Zhen, Feng Wanglei, Wen Zhenyu, Wu Di, Li Taotao, Wu Yiming, Wang Cong, Ji Shouling. Detecting Free-Riders in Federated Learning Based on Gradient Backtracking[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202330886

    基于梯度回溯的联邦学习搭便车攻击检测

    Detecting Free-Riders in Federated Learning Based on Gradient Backtracking

    • 摘要: 随着车联网的发展,快速增长的智能汽车产生了海量的用户数据. 这些海量的数据对训练智能化的车联网应用模型有极高的价值. 传统的智能模型训练需要在云端集中式地收集原始数据. 这将消耗大量通信资源并存在隐私泄露和监管限制等问题. 联邦学习提供了一种模型传输代替数据传输的分布式训练范式用于解决此类问题. 然而,在实际的联邦学习系统中,存在恶意用户通过伪造本地模型骗取服务器奖励的情况,即搭便车攻击. 搭便车攻击严重破坏了联邦学习的公平性,影响联邦学习的训练效果. 目前的研究假设搭便车攻击行为只存在于少量的理性用户中. 然而,当存在多个恶意搭便车攻击者时,当前的研究无法有效地检测和防御这些攻击者. 为此,提出了一种基于梯度回溯的搭便车攻击检测算法. 该算法在正常的联邦学习中随机引入测试轮,通过对比单个用户在测试轮和基准轮模型梯度的相似度,解决了多个恶意搭便车用户场景中防御失效的问题. 在MNIST和CIFAR-10数据集上的实验结果表明,提出的算法在多种搭便车攻击情境下都能实现出色的检测性能.

       

      Abstract: With the development of the Internet of Vehicles (IoV), the rapid growth of intelligent vehicles generate a massive amount of data. These data are invaluable for training intelligent IoV application models. Traditional model training requires the centralized collection of raw data through the cloud, consuming substantial communication resources and facing issues like privacy breaches and regulatory constraints. Federated learning (FL) offers a solution by using model transfer instead of data transfer to tackle these challenges. However, practical FL systems are confronted with the issue of malicious users attempting to deceive the server by uploading false local models, known as free-riding attacks. These attacks significantly undermine the fairness and effectiveness of FL. Current research assumes that free-riding attacks are limited to a small number of rational users. However, when there are multiple malicious free riders, current research falls short in effectively detecting and defending against these attackers. To address this issue, we introduce a novel gradient backtracking based algorithm to identify free-riders. We introduce random testing rounds into standard FL and compare the similarity of user’s gradient between the testing round and the comparison round. It overcomes the challenge of ineffective defense in scenarios involving multiple malicious free-riders. Experimental results on the MNIST and CIFAR-10 datasets demonstrate that the proposed detection algorithm achieves outstanding performance in various free-riding attack scenarios.

       

    /

    返回文章
    返回