@inproceedings{3ce1ec40fc75484eb4e8f8bb39f0b34a,
title = "PerDoor: Persistent Backdoors in Federated Learning using Adversarial Perturbations",
abstract = "Federated Learning (FL) enables numerous participants to train deep learning models collaboratively without exposing sensitive personal data. However, distributed nature of FL and unvetted data makes it vulnerable to backdoor attacks by injecting malicious functionality into the centralized model during training, causing desired misclassifications for specific adversary-chosen inputs. Prior works established successful back-door injection in FL systems; however, these are not demonstrated to be long-lasting. Backdoor functionality does not survive if the adversary is prevented from training since the centralized model continuously mutates during successive FL rounds. This work proposes PerDoor, a persistent-by-construction backdoor injection technique for FL, driven by adversarial perturbation and targeting parameters of the centralized model deviating less in successive FL rounds and contributing the least to main task accuracy. Exhaustive evaluation considering image classification scenarios portrays up to 8.2x persistence by PerDoor compared to state-of-the-art backdoor attacks in FL and exhibits its potency against state-of-the-art backdoor prevention methods.",
keywords = "Adversarial Perturbation, Backdoor Attacks, Federated Learning",
author = "Manaar Alam and Esha Sarkar and Michail Maniatakos",
note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 2023 IEEE International Conference on Omni-Layer Intelligent Systems, COINS 2023 ; Conference date: 23-07-2023 Through 25-07-2023",
year = "2023",
doi = "10.1109/COINS57856.2023.10189281",
language = "English (US)",
series = "2023 IEEE International Conference on Omni-Layer Intelligent Systems, COINS 2023",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "2023 IEEE International Conference on Omni-Layer Intelligent Systems, COINS 2023",
}