Toward Cleansing Backdoored Neural Networks in Federated Learning

Chen Wu, Xian Yang, Sencun Zhu, Prasenjit Mitra

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Malicious clients can attack federated learning systems using compromised data during the training phase, including backdoor samples. The compromised global model will perform well on the validation dataset designed for the task, but a small subset of data with backdoor patterns may trigger the model to make a wrong prediction. In this work, we propose a new and effective method to mitigate backdoor attacks in federated learning after the training phase. Through federated pruning method, we remove redundant neurons and "backdoor neurons", which trigger misbehavior upon recognizing backdoor patterns while keeping silent when the input data is clean. The second optional fine-tuning process is designed to recover the pruning damage to the test accuracy on benign datasets. In the last step, we eliminate backdoor attacks by limiting the extreme values of inputs and neural network neurons' weights. Experiments using our defenses mechanism against the state-of-the-art Distributed Backdoor Attacks on CIFAR-10 show promising results; the averaged attack success rate drops more than 70% with less than 2% loss of test accuracy on the validation dataset. Our defense method has also outperformed the state-of-the-art pruning defense against backdoor attacks in the federated learning scenario.

Original languageEnglish (US)
Title of host publicationProceedings - 2022 IEEE 42nd International Conference on Distributed Computing Systems, ICDCS 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages820-830
Number of pages11
ISBN (Electronic)9781665471770
DOIs
StatePublished - 2022
Event42nd IEEE International Conference on Distributed Computing Systems, ICDCS 2022 - Bologna, Italy
Duration: Jul 10 2022Jul 13 2022

Publication series

NameProceedings - International Conference on Distributed Computing Systems
Volume2022-July

Conference

Conference42nd IEEE International Conference on Distributed Computing Systems, ICDCS 2022
Country/TerritoryItaly
CityBologna
Period7/10/227/13/22

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Toward Cleansing Backdoored Neural Networks in Federated Learning'. Together they form a unique fingerprint.

Cite this