PoiCGAN: A Targeted Poisoning Based on Feature-Label Joint Perturbation in Federated Learning
Summary: arXiv:2603.23574v1 Announce Type: cross
Abstract
Federated Learning (FL) has emerged as a leading distributed learning paradigm, celebrated for its ability to enhance computational efficiency and safeguard data privacy. This approach has found extensive applications in various domains, particularly in industrial image classification. However, the distributed nature of FL introduces vulnerabilities, particularly from malicious clients. Among the plethora of threats, poisoning attacks stand out as a significant concern.
The Challenge of Poisoning Attacks
Despite the advancements in FL, existing poisoning attack methods face a critical limitation: the challenge of circumventing model performance tests and defense mechanisms reliant on model anomaly detection. This shortcoming often leads to the detection and subsequent removal of poisoned models, thereby undermining their practical utility and effectiveness.
PoiCGAN: An Innovative Solution
To address the dual challenge of maintaining the performance of industrial image classification while executing successful attacks, we introduce PoiCGAN—a targeted poisoning attack strategy grounded in feature-label collaborative perturbation.
Mechanism of PoiCGAN
Our approach leverages the capabilities of the Conditional Generative Adversarial Network (CGAN) by altering the inputs of both the discriminator and generator. This modification aims to influence the training process effectively, leading to the creation of an optimal poison generator. The generator is designed not only to produce specific poisoned samples but also to facilitate automatic label flipping, enhancing the stealth of the attack.
Experimental Results
We conducted extensive experiments across various datasets to evaluate the efficacy of PoiCGAN. The results revealed a remarkable attack success rate of 83.97%, significantly surpassing baseline methods. Furthermore, the impact on the main task’s accuracy was minimal, with less than an 8.87% reduction observed. This indicates that our method strikes a delicate balance between successful attacks and maintaining model performance.
Conclusion
The findings underscore the potential of PoiCGAN in executing stealthy poisoning attacks while preserving the integrity of the model’s accuracy. As the landscape of Federated Learning continues to evolve, our research highlights the necessity for robust defenses against such targeted threats, ensuring the secure application of FL in sensitive domains.
Key Takeaways
- Federated Learning enhances efficiency and privacy but is vulnerable to poisoning attacks.
- PoiCGAN introduces a novel method for targeted poisoning based on feature-label perturbation.
- Experimental results demonstrate high attack success rates with minimal impact on accuracy.
- The research emphasizes the need for improved defenses against emerging threats in Federated Learning.