Critical Learning Periods Augmented Model Poisoning Attacks to Byzantine-Robust Federated LearningDownload PDF

Gang Yan, Hao Wang, Xu Yuan, Jian Li

22 Sept 2022 (modified: 13 Feb 2023)ICLR 2023 Conference Withdrawn SubmissionReaders: Everyone
Keywords: Critical Learning Periods, Byzantine-Robust Federated Learning, Model Poisoning Attacks
Abstract: Existing attacks in federated learning (FL) control a set of malicious clients and share a fixed number of malicious gradients with the central server in each training round, to achieve a desired tradeoff between attack impact and resilience against defenses. In this paper, we show that such a tradeoff is not fundamental and an adaptive attack budget not only improves the impact of attack $\mathcal{A}$ but makes it more resilient to defenses. Inspired by recent findings on critical learning periods (CLP), where small gradient errors have irrecoverable impact on model accuracy, we advocate CLP augmented model poisoning attacks $\mathcal{A}$-CLP, which merely augment attack $\mathcal{A}$ with an adaptive attack budget scheme. $\mathcal{A}$-CLP inspects the changes in federated gradient norms to identify CLP and adaptively adjusts the number of malicious clients that share their malicious gradients with the central server in each round, leading to dramatically improved attack impact compared to $\mathcal{A}$ itself by up to 6.85$\times$, with a smaller attack budget and hence improved resilience of $\mathcal{A}$ by up to 2$\times$. Based on understandings on $\mathcal{A}$-CLP, we further relax the inner attack subroutine $\mathcal{A}$ in $\mathcal{A}$-CLP, and propose SimAttack-CLP, a lightweight CLP augmented similarity-based attack, which is more flexible and impactful.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors’ identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics
Submission Guidelines: Yes
Please Choose The Closest Area That Your Submission Falls Into: General Machine Learning (ie none of the above)
Supplementary Material: zip
10 Replies