Go to DBLP homepageA Wolf in Sheep's Clothing: Unveiling a Stealthy Backdoor Attack in Subgraph Federated Learning
Abstract: Subgraph Federated Learning (FL) has emerged as a promising paradigm for node classification tasks wherein subgraphs derived from a global graph are distributed across multiple devices to mitigate data leakage risks. Similar to other FL systems, subgraph FL faces significant security challenges, particularly from backdoor attacks, an area that remains extensively underexplored. Existing attacks typically follow a two-phase strategy to implant backdoors. However, in subgraph FL, such attacks often lead to Divergence Amplification, a phenomenon characterized by significant parameter discrepancies between normal and backdoored models, thereby compromising attack stealthiness. To tackle this challenge, we propose BEEF, a Backdoor attack with an End-to-End Framework designed for effectiveness, stealth, and durability. Unlike conventional methods, BEEF incorporates a dedicated trigger generator, which is jointly trained with a backdoored model. To increase its stealthiness, BEEF crafts adversarial perturbations as triggers that provoke misclassification while leaving the model’s parameters entirely untouched. Furthermore, by calibrating a subset of low-salience parameters associated with backdoor activation, BEEF ensures stable performance and sustained effectiveness across FL rounds. Comprehensive evaluations across eight datasets, four models, five state-of-the-art attacks, and six aggregation methods demonstrate BEEF’s effectiveness in deceiving GNNs while maintaining minimal impact on normal data performance. Additionally, we adapt BEEF to federated graph classification tasks, broadening its applicability and practicality.
External IDs:dblp:journals/tifs/YuYMMDXLH26
Loading