PerDoor: Persistent Backdoors in Federated Learning using Adversarial Perturbations

Manaar Alam, Esha Sarkar, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Federated Learning (FL) enables numerous participants to train deep learning models collaboratively without exposing sensitive personal data. However, distributed nature of FL and unvetted data makes it vulnerable to backdoor attacks by injecting malicious functionality into the centralized model during training, causing desired misclassifications for specific adversary-chosen inputs. Prior works established successful back-door injection in FL systems; however, these are not demonstrated to be long-lasting. Backdoor functionality does not survive if the adversary is prevented from training since the centralized model continuously mutates during successive FL rounds. This work proposes PerDoor, a persistent-by-construction backdoor injection technique for FL, driven by adversarial perturbation and targeting parameters of the centralized model deviating less in successive FL rounds and contributing the least to main task accuracy. Exhaustive evaluation considering image classification scenarios portrays up to 8.2x persistence by PerDoor compared to state-of-the-art backdoor attacks in FL and exhibits its potency against state-of-the-art backdoor prevention methods.

Original languageEnglish (US)
Title of host publication2023 IEEE International Conference on Omni-Layer Intelligent Systems, COINS 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9798350346473
DOIs
StatePublished - 2023
Event2023 IEEE International Conference on Omni-Layer Intelligent Systems, COINS 2023 - Berlin, Germany
Duration: Jul 23 2023Jul 25 2023

Publication series

Name2023 IEEE International Conference on Omni-Layer Intelligent Systems, COINS 2023

Conference

Conference2023 IEEE International Conference on Omni-Layer Intelligent Systems, COINS 2023
Country/TerritoryGermany
CityBerlin
Period7/23/237/25/23

Keywords

  • Adversarial Perturbation
  • Backdoor Attacks
  • Federated Learning

ASJC Scopus subject areas

  • Artificial Intelligence
  • Control and Optimization
  • Information Systems

Fingerprint

Dive into the research topics of 'PerDoor: Persistent Backdoors in Federated Learning using Adversarial Perturbations'. Together they form a unique fingerprint.

Cite this