Go to OpenReview Public Article DBLP homepageCurse to Blessing: Leveraging Model Inversion Attacks to Detect Backdoor Attacks in Federated Learning
Abstract: Federated Learning (FL) offers significant advancements in user/data privacy, learning quality, model efficiency, scalability, and network communication latency. However, it faces notable security challenges, particularly with the emergence of backdoor attacks. The distributed nature of FL complicates the development of backdoor-resistant systems compared to traditional machine learning environments. In this paper, we propose a novel approach to turn the perceived curse of model inversion (MI) attacks into a blessing, using them as a tool for detecting backdoor attacks in FL environments. Leveraging MI outputs, we propose a K-means-based feature extraction and Isolation-Forest-based anomaly detection algorithm to analyze behavior and detect abnormal learning performance, thereby identifying backdoor attacks. Experimental results demonstrate the effectiveness and superior performance of our method in detecting backdoor attacks within FL systems.
External IDs:dblp:conf/ipccc/ChenZMJF24
Loading