FedSKU: Defending Backdoors in Federated Learning Through Selective Knowledge Unlearning
Primary Area: societal considerations including fairness, safety, privacy
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Keywords: Federated Learning, Backdoor Defense, Machine Unlearning
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.
Abstract: Federated Learning (FL) has been found to be vulnerable to backdoor attacks, which involve an adversary uploading manipulated model parameters to deceive the aggregation process. Although several defenses have been proposed for backdoor attacks in FL, they are typically coarse-grained, as all of the methods process the uploaded model as a whole by either removing them or adding noises. In this paper, we propose a more fine-grained approach by further decomposing the uploaded model into malicious triggers and useful knowledge, which can be separately processed for improved performance. Specifically, our approach, called FedSKU, enables backdoor defense through \textbf{S}elective \textbf{K}nowledge \textbf{U}nlearning. We draw inspiration from machine unlearning to unlearn the malicious triggers while preserving the useful knowledge to be aggregated. Consequently, we accurately remove the backdoor trigger without sacrificing any other benign knowledge embedded in the model parameters. This knowledge can be further utilized to boost the performance of the subsequent aggregation. Extensive experiments demonstrate its superiority over existing defense methods.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 4512
Loading