Federated Learning Backdoor Attack Scheme Based on Generative Adversarial Network

Chen Dawei; Fu Anmin; Zhou Chunyi; Chen Zhenzhu

doi:10.7544/issn1000-1239.2021.20210659

Journal of Computer Research and Development > 2021 > 58(11): 2364-2373. > DOI: 10.7544/issn1000-1239.2021.20210659 CSTR: 32373.14.issn1000-1239.2021.20210659

Chen Dawei, Fu Anmin, Zhou Chunyi, Chen Zhenzhu. Federated Learning Backdoor Attack Scheme Based on Generative Adversarial Network[J]. Journal of Computer Research and Development, 2021, 58(11): 2364-2373. DOI: 10.7544/issn1000-1239.2021.20210659

Citation:

PDF (3163 KB)

Federated Learning Backdoor Attack Scheme Based on Generative Adversarial Network

¹(School of Computer Science and Engineering, Nanjing University of Science & Technology, Nanjing 210094)
²(State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)

Funds: This work was supported by the National Natural Science Foundation of China (62072239), the Open Foundation of the State Key Laboratory of Information Security of China (2021-MS-07), and the Fundamental Research Funds for the Central Universities (30920021129, 30921013111).

More Information

Published Date: October 31, 2021

Graphical Abstract

Abstract

Abstract

Federated learning enables users to participate in collaborative model training while keeping their data in local, which ensures the privacy and security of users’ data. It has been widely used in smart finance, smart medical and other fields. However, federated learning shows inherent vulnerability to backdoor attacks, where the attacker implants the backdoor by uploading the model parameters. Once the global model recognizes the input with the trigger, it will misclassify the input as the label specified by the attacker. This paper proposes a new federated learning backdoor attack scheme, Bac_GAN. By combining generative adversarial network, triggers are implanted in clean samples in the form of watermarks, which reduces the discrepancy between trigger features and clean sample features, and enhance the imperceptibility of triggers. By scaling the backdoor model, the problem of offsetting the contribution of the backdoor during parameter aggregation is avoided, so that the backdoor model can converge in a short time, thus significantly increasing the attack success rate. In addition, we conduct experimental tests on the core elements of backdoor attacks, such as trigger generation, watermark coefficient and scaling coefficient, and give the best parameters that affect the performance of backdoor attack. Also, we validate the attack effectiveness of the Bac_GAN scheme on MNIST and CIFAR-10.
- federated learning,
- generative adversarial network,
- backdoor attack,
- trigger,
- watermark

FullText(HTML)

References (0)

[1]	Zhang Shaobo, Wang Guojun, Liu Qin, Liu Jianxun. Trajectory Privacy Protection Method Based on Multi-Anonymizer[J]. Journal of Computer Research and Development, 2019, 56(3): 576-584. DOI: 10.7544/issn1000-1239.2019.20180033
[2]	Zhu Weijun, You Qingguang, Yang Weidong, Zhou Qinglei. Trajectory Privacy Preserving Based on Statistical Differential Privacy[J]. Journal of Computer Research and Development, 2017, 54(12): 2825-2832. DOI: 10.7544/issn1000-1239.2017.20160647
[3]	Xia Zhuoqun, Hu Zhenzhen, Luo Junpeng, Chen Yueyue. Adaptive Trajectory Prediction for Moving Objects in Uncertain Environment[J]. Journal of Computer Research and Development, 2017, 54(11): 2434-2444. DOI: 10.7544/issn1000-1239.2017.20170309
[4]	Li Yang, Wang Zhe, Zhang Chuwen, Dai Huichen, Xu Wenquan, Ji Xuefeng, Wan Ying, Liu Bin. Trajectory Prediction Algorithm in VANET Routing[J]. Journal of Computer Research and Development, 2017, 54(11): 2421-2433. DOI: 10.7544/issn1000-1239.2017.20170359
[5]	Zhang Fengjun, Zhao Ling, An Guocheng, Wang Hongan, Dai Guozhong. Mean Shift Tracking Algorithm with Scale Adaptation[J]. Journal of Computer Research and Development, 2014, 51(1): 215-224.
[6]	Li Shanqing, Tang Liang, Liu Keyan, Wang Lei. A Fast and Adaptive Object Tracking Method[J]. Journal of Computer Research and Development, 2012, 49(2): 383-391.
[7]	Huang Tianqiang, Yu Yangqiang, Guo Gongde, Qin Xiaolin. Trajectory Outlier Detection Based on Semi-Supervised Technology[J]. Journal of Computer Research and Development, 2011, 48(11): 2074-2082.
[8]	An Guocheng, Zhang Fengjun, Wang Hongan, and Dai Guozhong. Multi-Window Target Tracking[J]. Journal of Computer Research and Development, 2011, 48(11): 2023-2030.
[9]	Guo Kangde, Zhang Mingmin, Sun Chao, Li Yang, Tang Xing. 3D Fingertip Tracking Algorithm Based on Computer Vision[J]. Journal of Computer Research and Development, 2010, 47(6): 1013-1019.
[10]	Li Guohui and Zhong Xiya. Indexing Moving Objects Trajectories on Fixed Networks[J]. Journal of Computer Research and Development, 2006, 43(5): 828-833.