poisoning attacks on federated
play

Poisoning Attacks on Federated Le Learning-based In Intrusion - PowerPoint PPT Presentation

Jan 07, 2023 •163 likes •508 views

Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc Nguyen, Phillip Rieger, Markus Miettinen, Ahmad-Reza Sadeghi Typical IoT Devices 2 IoT The S stands for Security 3 Mirai: Largest Disruptive

  1. Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc Nguyen, Phillip Rieger, Markus Miettinen, Ahmad-Reza Sadeghi

  2. Typical IoT Devices 2

  3. IoT The S stands for Security 3

  4. Mirai: Largest Disruptive Cyberattack in History Peak bandwidth of 1156 Gbps More than 145,000 infected devices Source: https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html 4

  5. Mirai: Largest Disruptive Cyberattack in History Peak bandwidth of 1156 Gbps More than 145,000 infected devices Source: https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html 4

  6. Federated Learning Aggregator Client Client Client 5

  7. Federated Learning Aggregator Client Client Client 5

  8. Federated Learning Aggregator Client Client Client 5

  9. Federated Learning Aggregator Client Client Client 5

  10. Advantages of Federated Learning • Allows all participants to profit from all data • Privacy Preserving ▪ E.g.: Don’t reveal network traffic • Distributing computation load to clients 6

  11. IoT NIDS Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW Nguyen et.al. , ICDCS 2019 7

  12. IoT NIDS Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW Nguyen et.al. , ICDCS 2019 7

  13. IoT NIDS Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW Nguyen et.al. , ICDCS 2019 7

  14. IoT NIDS Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW Nguyen et.al. , ICDCS 2019 7

  15. Examples of Backdoor Attacks: Adversary Chosen Label Image classification Word prediction IoT malware detection Change labels, e.g., Select end words, e.g., Inject malicious traffic, • Speed limit signs from ”buy phone from Google” e.g., use compromised 30kph to 80kph IoT devices Our new Attack 8

  16. Backdoor Attacks on FL 1. Manipulate training data 2. Manipulate local models Aggregator Client Client Client Nguyen et.al. , ICDCS 2019 9

  17. Backdoor Attacks on FL Attack Strategies: 1. Manipulate training data 2. Manipulate local models Aggregator Client Client Client Nguyen et.al. , ICDCS 2019 9

  18. Our Threat Model Attack Goal: • Inject Backdoor Attacker’s Capabilities : • Full knowledge about the targeted system • Fully control some IoT devices Attacker cannot: • Control Security Gateways • Control devices in < 50% of all networks 10

  19. Our Approach – High Level Idea • Challenge: Prevent detection of data poisoning • Only few attack data → Gateway will not detect it → Still include malware traffic in training data → Neural Network learns to predict malware behavior • Use compromised IoT devices 11

  20. Our Approach 1. Compromise IoT Devices 2. Inject Malicious Data Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW 2. 1. 12

  21. Our Approach 1. Compromise IoT Devices 2. Inject Malicious Data Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW 2. 1. 12

  22. Our Approach 1. Compromise IoT Devices 2. Inject Malicious Data Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW 2. 1. 12

  23. Our Approach 1. Compromise IoT Devices 2. Inject Malicious Data Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW 2. 1. 12

  24. Experimental Setup • 3 Real – World Datasets [1, 2] • Consisting of traffic from 46 IoT devices • Different stages of Mirai: infection, scanning, different DDoS attacks • Distributed data to 100 clients ▪ Approx. 2h of traffic [1] Nguyen et.al. , ICDCS 2019 [2] Sivanathan et.al. , IEEE Transactions on Mobile Computing 2018 13

  25. Attack Parameters • Poisoned Model Rate (PMR) ▪ Indicates percentage of poisoned local models o E.g., ratio of networks, containing compromised IoT devices • Poisoned Data Rate (PDR) ▪ Indicates ratio between poisoned and benign data o E.g., ratio between malware and benign network traffic 14

  26. Evaluation Metrics • Backdoor Accuracy (BA) ▪ E.g., alerts, raised on malware traffic ▪ 100 % BA → No Alert for malware traffic • Main task Accuracy (MA) ▪ E.g., accuracy on benign network traffic ▪ 100 % MA → No alert for benign traffic 15

  27. Experimental Results • Malware traffic not detected for PDR of 36.7% ( ± 6.5%) PDR: Poisoned Data Rate 16

  28. Experimental Results • Malware traffic not detected for PDR of 36.7% ( ± 6.5%) • Attack successful for low number of compromised networks ▪ BA 100% for PMR 25% and PDR 20% ▪ Higher PMRs are successful for lower PDRS ▪ Lower PMRs require higher PDRs PDR: Poisoned Data Rate ▪ PMR 5% is too low PMR: Poisoned Model Rate 16

  29. Experimental Results – Clustering Defense Mechanism: Experimental Results • Calculates pairwise Euclidean Distances • Apply Clustering on them • BA 100% • Attack effective for PDR ≤ 20% Illustration for PDR = 30% 17

  30. Experimental Results – Clustering Defense Mechanism: Experimental Results • Calculates pairwise Euclidean Distances • Apply Clustering on them • BA 100% • Attack effective for PDR ≤ 20% Illustration for PDR = 20% 17

  31. Experimental Results – Differential Privacy Defense Experimental Results Mechanism: • Restricts Euclidean distance of local models • Adds gaussian noise • Not effective for PDR >= 15% • BA 100% • MA reduced significantly 18

  32. Conclusion ➢ Introduced novel backdoor attack vector ➢ Requires only control of few IoT devices ➢ Inject Malware Traffic Stealthily ➢ Evaluated on 3 real – world datasets ➢ Bypasses current defenses 19

  33. Future Research Direction • Improve IDS • Filter poisoned data on clients • Defense against these poisoning attacks 20

Recommend

Poisoning Attack Analysis Jeffrey Zhang Universal Multi-Party Poisoning Attacks Saeed

Poisoning Attack Analysis Jeffrey Zhang Universal Multi-Party Poisoning Attacks Saeed

Poisoning Attack Analysis Jeffrey Zhang Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed, ICML 2019 Multi-party Learning Application: Federated Learning Federated Learning : Train a centralized

589 views • 34 slides
Poisoning Attacks: p-Tampering and Poison Frogs Simons Robustness Reading Group Bolton Bailey

Poisoning Attacks: p-Tampering and Poison Frogs Simons Robustness Reading Group Bolton Bailey

Poisoning Attacks: p-Tampering and Poison Frogs Simons Robustness Reading Group Bolton Bailey July 1, 2019 What is a Poisoning Attack? Data poisoning is an attack on machine learning models wherein the attacker adds (or modifies) examples

1.28k views • 12 slides
DNS Poisoning: Developments, Attacks and Research Directions Suggestions for the Idle and Curious

DNS Poisoning: Developments, Attacks and Research Directions Suggestions for the Idle and Curious

DNS Poisoning Attack Scenarios Vulnerability Analysis Remedies DNS Poisoning: Developments, Attacks and Research Directions Suggestions for the Idle and Curious Researcher David Dagon 1 1 Georgia Institute of Technology Atlanta, Georgia

327 views • 28 slides
TRANSFERABLE CLEAN-LABEL POISONING ATTACKS ON DEEP NEURAL NETS Chen Zhu*, W. Ronny Huang*^, Ali

TRANSFERABLE CLEAN-LABEL POISONING ATTACKS ON DEEP NEURAL NETS Chen Zhu*, W. Ronny Huang*^, Ali

TRANSFERABLE CLEAN-LABEL POISONING ATTACKS ON DEEP NEURAL NETS Chen Zhu*, W. Ronny Huang*^, Ali Shafahi, Hengduo Li, Gavin Taylor, Christoph Studer, Tom Goldstein * equal contribution ^ presenter WHAT IS POISONING? Training data Testing

218 views • 19 slides
2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image

2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image

2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image Classification Models Harsh Kachhadia Co-Advisors: Dr. Amin Alipour and Dr. Ioannis Kakadiaris Motivation Deep Learning models, due to their

204 views • 19 slides
Adversarial Attacks on Node Embeddings via Graph Poisoning Aleksandar Bojchevski, Stephan

Adversarial Attacks on Node Embeddings via Graph Poisoning Aleksandar Bojchevski, Stephan

Adversarial Attacks on Node Embeddings via Graph Poisoning Aleksandar Bojchevski, Stephan Gnnemann Technical University of Munich ICML 2019 Node embeddings are used to Classify scientific papers Recommend items Classify proteins

336 views • 21 slides
Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks on DNS Denial-of-Service Cache Poisoning Securing DNS Split-Split-DNS DNSSEC 2 DNS The Domain Name System Naming Service

1.15k views • 46 slides
CARBON MONOXIDE POISONING The Silent Killer PATHOPHYSIOLOGY OF CARBON MONOXIDE 1. CO poisoning

CARBON MONOXIDE POISONING The Silent Killer PATHOPHYSIOLOGY OF CARBON MONOXIDE 1. CO poisoning

CARBON MONOXIDE POISONING The Silent Killer PATHOPHYSIOLOGY OF CARBON MONOXIDE 1. CO poisoning is the most common exposure poisoning in the United States and the rest of the world. 2. It is an odorless, colorless gas that can cause sudden

198 views • 15 slides
Data Poisoning Attack cks on Stoch chastic c Bandits Fang Liu and Ness Shroff Outline

Data Poisoning Attack cks on Stoch chastic c Bandits Fang Liu and Ness Shroff Outline

Data Poisoning Attack cks on Stoch chastic c Bandits Fang Liu and Ness Shroff Outline Background q What are bandits? q Motivations Data poisoning attacks on stochastic bandits q Offline model q Online model q Simulation results

218 views • 17 slides
Poison and Poisoning Azwin bin Md Tumin National Poison Centre Outline a. Definition b.

Poison and Poisoning Azwin bin Md Tumin National Poison Centre Outline a. Definition b.

Poison and Poisoning Azwin bin Md Tumin National Poison Centre Outline a. Definition b. Forefathers of toxicology c. Famous poisoning cases d. Misconception about poisoning e. Basic principles of poisoning f. Factors influencing toxic

843 views • 16 slides
Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed Multi-Party Learning Distributions Data Providers 1 1 Model Multi-Party Learning (Round j) Distributions

540 views • 20 slides
Pharmacists Role in Prevention &amp; Management of Poisoning Prof. Rahmat Awang National Poison

Pharmacists Role in Prevention &amp; Management of Poisoning Prof. Rahmat Awang National Poison

Overview of Poisoning Incidence and the Pharmacists Role in Prevention &amp; Management of Poisoning Prof. Rahmat Awang National Poison Centre Universiti Sains Malaysia 1st. National Poisoning Symposium 2016: Pharmacists Role in Poisoning

570 views • 33 slides
DNS Cache Poisoning Attack Introduction The purpose of this presentation is to dissect the

DNS Cache Poisoning Attack Introduction The purpose of this presentation is to dissect the

Anatomy of a DNS Cache Poisoning Attack Introduction The purpose of this presentation is to dissect the Domain Name System (DNS) Cache Poisoning Cyber attack. We will cover: - Real-world examples of DNS cache poisoning - A defjnition of

607 views • 58 slides
Structured Overlays: Eclipse Attacks on Overlay Networks April 28th, 2006 Wyman Park 4 th Floor

Structured Overlays: Eclipse Attacks on Overlay Networks April 28th, 2006 Wyman Park 4 th Floor

Structured Overlays: Eclipse Attacks on Overlay Networks April 28th, 2006 Wyman Park 4 th Floor Conference Room Presentation by: Dan Liu &amp; Jay Zarfoss 1 The idea of churn as shelter from route poisoning attacks is an interesting, if

874 views • 44 slides
Childhood Lead Poisoning in Ohio 2 Objectives Overview of childhood lead poisoning in Ohio

Childhood Lead Poisoning in Ohio 2 Objectives Overview of childhood lead poisoning in Ohio

1 Childhood Lead Poisoning in Ohio 2 Objectives Overview of childhood lead poisoning in Ohio Provide an overview of the Public Health Lead Investigation Process Bring awareness to funding resources for lead hazard control 3

1.35k views • 71 slides
Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela Measuring from censorship to state-sponsored attacks Andrs E. Azprua #imv2020 @VEsinFiltro VEsinFiltro.com VENEZUELAN CONTEXT Critical failure

833 views • 56 slides
Analyzing Federated Learning through an Adversarial Lens Arjun Nitin Bhagoji 1 , Supriyo

Analyzing Federated Learning through an Adversarial Lens Arjun Nitin Bhagoji 1 , Supriyo

Analyzing Federated Learning through an Adversarial Lens Arjun Nitin Bhagoji 1 , Supriyo Chakraborty 2 , Prateek Mittal 1 and Seraphin Calo 2 1 Princeton University 2 IBM Research ICML 2019 Federated learning (with a malicious agent) Federated

1.46k views • 59 slides
Docker in the EGI Docker in the EGI Federated Cloud Federated Cloud Carlos Gimeno

Docker in the EGI Docker in the EGI Federated Cloud Federated Cloud Carlos Gimeno

Docker in the EGI Docker in the EGI Federated Cloud Federated Cloud Carlos Gimeno cgimeno@bifi.es Instituto de Biocomputacin y Fsica de Sistemas Complejos info@bifi.es http://bifi.es 0. Index Introduction What is Docker? A

401 views • 14 slides
Poisoning Exposure Prof. Rahmat Awang National Poison Centre Universiti Sains Malaysia 1st.

Poisoning Exposure Prof. Rahmat Awang National Poison Centre Universiti Sains Malaysia 1st.

Role of Pharmacist in Assessing the Risk of a Poisoning Exposure Prof. Rahmat Awang National Poison Centre Universiti Sains Malaysia 1st. National Poisoning Symposium 2016: Pharmacists Role in Poisoning Prevention and Management 5th-6th

486 views • 14 slides
O VERDOSE P REVENTION Age adjusted rate per 100,000 Poisoning IN M ARYLAND MV Traffic Drug

O VERDOSE P REVENTION Age adjusted rate per 100,000 Poisoning IN M ARYLAND MV Traffic Drug

1/9/2015 United States: Injury Deaths by Cause, 1999-2010 O VERDOSE P REVENTION Age adjusted rate per 100,000 Poisoning IN M ARYLAND MV Traffic Drug Poisoning Firearm Michael Baier Overdose Prevention Director Department of Health and

246 views • 7 slides
Federated Machine Learning via Over-the-Air Computation Yuanming Shi ShanghaiTech University 1

Federated Machine Learning via Over-the-Air Computation Yuanming Shi ShanghaiTech University 1

Federated Machine Learning via Over-the-Air Computation Yuanming Shi ShanghaiTech University 1 Outline Motivations Big data, IoT,AI Three vignettes: Federated machine learning Federated model aggregation Over-the-air

1.02k views • 56 slides
Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q

Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q

Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q Federated learning: FedSGD and FedAvg q Related research in federated learning q Open problems Outline q Preliminary: deep learning and SGD q Federated

616 views • 50 slides
Impact: Reduce the likelihood of lead poisoning among families living in three hot spot

Impact: Reduce the likelihood of lead poisoning among families living in three hot spot

Impact: Reduce the likelihood of lead poisoning among families living in three hot spot zip codes in Grand Rapids, Michigan. Educate about the threat of lead exposure/poisoning and how good nutrition is a preventative measure. Grow

412 views • 10 slides
Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual

Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual

Differentially- Private Federated Linear Bandits Dubey and Pentland June 2020 Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual Bandits Summary Background Abhimanyu Dubey and Alex Pentland

437 views • 20 slides

More recommend