the limitations of federated learning in sybil settings
play

The Limitations of Federated Learning in Sybil Settings Clement - PowerPoint PPT Presentation

Jul 31, 2023 •163 likes •723 views

The Limitations of Federated Learning in Sybil Settings Clement Fung*, Chris J.M. Yoon + , Ivan Beschastnikh + * Carnegie Mellon University + University of British Columbia The evolution of machine learning at scale Machine learning (ML) is a

  1. The Limitations of Federated Learning in Sybil Settings Clement Fung*, Chris J.M. Yoon + , Ivan Beschastnikh + * Carnegie Mellon University + University of British Columbia

  2. The evolution of machine learning at scale Machine learning (ML) is a data hungry application ● Large volumes of data ○ Diverse data ○ Time-sensitive data ○ 2

  3. The evolution of machine learning at scale 1. Centralized training of ML model Centralized Training Server Domain 3

  4. The evolution of machine learning at scale 1. Centralized training of ML model Centralized Training Server Domain 4

  5. The evolution of machine learning at scale 1. Centralized training of ML model Centralized Training Server Domain 5

  6. The evolution of machine learning at scale 1. Centralized training of ML model Centralized Training Server Domain 6

  7. The evolution of machine learning at scale 1. Centralized training of ML model 2. Distributed training over sharded dataset and workers Centralized Training Distributed Training Server Domain Server Domain 7

  8. The evolution of machine learning at scale 1. Centralized training of ML model 2. Distributed training over sharded dataset and workers Centralized Training Distributed Training Server Domain Server Domain 8

  9. The evolution of machine learning at scale 1. Centralized training of ML model 2. Distributed training over sharded dataset and workers Centralized Training Distributed Training Server Domain Server Domain 9

  10. Federated learning (FL) Train ML models over network ● Less network cost, no data transfer [1] ○ Server aggregates updates across clients ○ Enables privacy-preserving alternatives ● Differentially private federated learning [2] ○ Secure aggregation [3] ○ Server Domain Agg. [1] McMahan et al. Communication-Efficient Learning of Deep Networks from Decentralized Data. AISTATS 2017 10 [2] Geyer et al. Differentially Private Federated Learning: A Client Level Perspective. NIPS 2017 [3] Bonawitz et al. Practical Secure Aggregation for Privacy-Preserving Machine Learning. CCS 2017.

  11. Federated learning (FL) Train ML models over network ● Less network cost, no data transfer [1] ○ Server aggregates updates across clients ○ Enables privacy-preserving alternatives ● Differentially private federated learning [2] ○ Secure aggregation [3] ○ Server Domain Enables training over non i.i.d. data settings ● Users with disjoint data types ○ Agg. Mobile, internet of things, etc. ○ [1] McMahan et al. Communication-Efficient Learning of Deep Networks from Decentralized Data. AISTATS 2017 11 [2] Geyer et al. Differentially Private Federated Learning: A Client Level Perspective. NIPS 2017 [3] Bonawitz et al. Practical Secure Aggregation for Privacy-Preserving Machine Learning. CCS 2017.

  12. Federated learning: new threat model The role of the client has changed significantly! ● Previously: passive data providers ○ Now: perform arbitrary compute ○ Server Domain Agg. 12

  13. Federated learning: new threat model The role of the client has changed significantly! ● Previously: passive data providers ○ Now: perform arbitrary compute ○ Aggregator never sees client datasets, compute outside domain ● Difficult to validate clients in “diverse data” setting ○ Are these updates Server Domain genuine? Agg. 13

  14. Poisoning attacks Traditional poisoning attack: malicious training data ● Manipulate behavior of final trained model ○ 14

  15. Poisoning attacks Traditional poisoning attack: malicious training data ● Manipulate behavior of final trained model ○ Malicious poisoning data 15

  16. Poisoning attacks Traditional poisoning attack: malicious training data ● Manipulate behavior of final trained model ○ Old decision boundary New decision boundary Malicious poisoning data 16

  17. Poisoning attacks Traditional poisoning attack: malicious training data ● Manipulate behavior of final trained model ○ Old decision boundary New decision boundary Misclassified example Malicious poisoning data 17

  18. Sybil-based poisoning attacks In federated learning: provide malicious model updates ● Aggregator 18

  19. Sybil-based poisoning attacks In federated learning: provide malicious model updates ● With sybils : each account increases influence in system ● Made worse in non-i.i.d setting ○ Aggregator 19

  20. E.g. Sybil-based poisoning attacks A 10 client, non-i.i.d MNIST setting ● 20

  21. E.g. Sybil-based poisoning attacks A 10 client, non-i.i.d MNIST setting ● Sybil attackers with mislabeled “1-7” data ● Need at least 10 sybils? ○ 21

  22. E.g. Sybil-based poisoning attacks A 10 client, non-i.i.d MNIST setting ● Sybil attackers with mislabeled “1-7” data ● At only 2 sybils: ● 96.2% of 1s are misclassified as 7s ○ Minimal impact on accuracy of other digits ○ 22

  23. E.g. Sybil-based poisoning attacks A 10 client, non-i.i.d MNIST setting ● Sybil attackers with mislabeled “1-7” data ● At only 2 sybils: ● 96.2% of 1s are misclassified as 7s ○ Minimal impact on accuracy of other digits ○ 23

  24. E.g. Sybil-based poisoning attacks A 10 client, non-i.i.d MNIST setting ● Sybil attackers with mislabeled “1-7” data ● At only 2 sybils: ● 96.2% of 1s are misclassified as 7s ○ Minimal impact on accuracy of other digits ○ 24

  25. Our contributions Identify gap in existing FL defenses ● No prior work has studied sybils in FL ○ Categorize sybil attacks on FL along two dimensions: ● Sybil objectives/targets ○ Sybil capabilities ○ FoolsGold: a defense against sybil-based poisoning attacks on FL ● Addresses targeted poisoning attacks ○ Preserves benign FL performance ○ Prevents poisoning from 99% sybil adversary ○ 25

  26. Federated learning: sybil attacks, defenses and new opportunities 26

  27. Types of attacks on FL Model quality : modify the performance of the trained model ● Poisoning attacks [1], backdoor attacks [2] ○ Privacy : attack the datasets of honest clients ● Inference attacks [3] ○ Utility : receive an unfair payout from the system ● Free-riding attacks [4] ○ Training inflation : inflate the resources required (new!) ● Time taken, network bandwidth, GPU usage ○ [1] Fang et al. Local Model Poisoning Attacks to Byzantine-Robust Federated Learning. Usenix Security 2020. [2] Bagdasaryan et al. How To Backdoor Federated Learning. AISTATS 2020. 27 [3] Melis et al. Exploiting Unintended Feature Leakage in Collaborative Learning. S&P 2019. [4] Lin et al. Free-riders in Federated Learning: Attacks and Defenses. arXiv 2019.

  28. Existing defenses for FL are limited Existing defenses are aggregation statistics: ● Multi-Krum [1] ○ Bulyan [2] ○ Trimmed Mean/Median [3] ○ Require a bounded number of attackers ● Do not handle sybil attacks ○ Focus on poisoning attacks (model quality) ● Do not handle other attacks (e.g., training inflation) ○ [1] Blanchard et al. Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent. NIPS 2017 28 [2] El Mhamdi et al. The Hidden Vulnerability of Distributed Learning in Byzantium. ICML 2018. [3] Yin et al. Byzantine-robust distributed learning: Towards optimal statistical rates. ICML 2018.

  29. Existing defenses for FL Cannot defend against an increasing number of poisoners ● [1] Blanchard et al. Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent. NIPS 2017 29 [2] El Mhamdi et al. The Hidden Vulnerability of Distributed Learning in Byzantium. ICML 2018. [3] Yin et al. Byzantine-robust distributed learning: Towards optimal statistical rates. ICML 2018.

  30. Existing defenses for FL FoolsGold is robust to an increasing number of poisoners ● [1] Blanchard et al. Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent. NIPS 2017 30 [2] El Mhamdi et al. The Hidden Vulnerability of Distributed Learning in Byzantium. ICML 2018. [3] Yin et al. Byzantine-robust distributed learning: Towards optimal statistical rates. ICML 2018.

  31. Existing defenses for FL FoolsGold is robust to an increasing number of poisoners ● Once the number of sybils exceeds defense threshold, defenses are ineffective! [1] Blanchard et al. Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent. NIPS 2017 31 [2] El Mhamdi et al. The Hidden Vulnerability of Distributed Learning in Byzantium. ICML 2018. [3] Yin et al. Byzantine-robust distributed learning: Towards optimal statistical rates. ICML 2018.

  32. Training inflation on FL Manipulate ML stopping criteria to ensure maximum time/usage : ● Validation error, size of gradient norm ○ Coordinated attacks can be direct, ○ 32

  33. Training inflation on FL Manipulate ML stopping criteria to ensure maximum time/usage : ● Validation error, size of gradient norm ○ Coordinated attacks can be direct, timed, ○ 33

  34. Training inflation on FL Manipulate ML stopping criteria to ensure maximum time/usage : ● Validation error, size of gradient norm ○ Coordinated attacks can be direct, timed, or stealthy ○ 34

  35. Training inflation on FL Manipulate ML stopping criteria to ensure maximum time/usage : ● Validation error, size of gradient norm ○ Coordinated attacks can be direct, timed, or stealthy ○ Coordinated adversary can arbitrarily manipulate the length of federated learning process! 35

Recommend

Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q

Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q

Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q Federated learning: FedSGD and FedAvg q Related research in federated learning q Open problems Outline q Preliminary: deep learning and SGD q Federated

616 views • 50 slides
Analyzing Federated Learning through an Adversarial Lens Arjun Nitin Bhagoji 1 , Supriyo

Analyzing Federated Learning through an Adversarial Lens Arjun Nitin Bhagoji 1 , Supriyo

Analyzing Federated Learning through an Adversarial Lens Arjun Nitin Bhagoji 1 , Supriyo Chakraborty 2 , Prateek Mittal 1 and Seraphin Calo 2 1 Princeton University 2 IBM Research ICML 2019 Federated learning (with a malicious agent) Federated

1.46k views • 59 slides
Federated Machine Learning via Over-the-Air Computation Yuanming Shi ShanghaiTech University 1

Federated Machine Learning via Over-the-Air Computation Yuanming Shi ShanghaiTech University 1

Federated Machine Learning via Over-the-Air Computation Yuanming Shi ShanghaiTech University 1 Outline Motivations Big data, IoT,AI Three vignettes: Federated machine learning Federated model aggregation Over-the-air

1.02k views • 56 slides
Fair Resource Allocation in Federated Learning Tian Li (CMU) , Maziar Sanjabi (Facebook AI), Ahmad

Fair Resource Allocation in Federated Learning Tian Li (CMU) , Maziar Sanjabi (Facebook AI), Ahmad

Fair Resource Allocation in Federated Learning Tian Li (CMU) , Maziar Sanjabi (Facebook AI), Ahmad Beirami (Facebook AI), Virginia Smith (CMU) tianli@cmu.edu 1 Federated Learning 2 2 Federated Learning Privacy-preserving training in

1.19k views • 55 slides
Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual

Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual

Differentially- Private Federated Linear Bandits Dubey and Pentland June 2020 Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual Bandits Summary Background Abhimanyu Dubey and Alex Pentland

437 views • 20 slides
BIT Maintaining Training Efficiency and Accuracy for Edge-assisted Online Federated

BIT Maintaining Training Efficiency and Accuracy for Edge-assisted Online Federated

BIT Maintaining Training Efficiency and Accuracy for Edge-assisted Online Federated Learning with ABS Jiayu Wang, Zehua Guo, Sen Liu, Yuanqing Xia Beijing Institute Of Technology, Fudan University 1 Federated Learning User devices

612 views • 12 slides
IRODS AND FEDERATED IDENTITY AUTHENTICATION CURRENT LIMITATIONS AND PERSPECTIVE Claudio

IRODS AND FEDERATED IDENTITY AUTHENTICATION CURRENT LIMITATIONS AND PERSPECTIVE Claudio

IRODS AND FEDERATED IDENTITY AUTHENTICATION CURRENT LIMITATIONS AND PERSPECTIVE Claudio Cacciari, claudio.cacciari@surfsara.nl SURF UGM 2020, June 10 th 2020 IRODS and SURF SURF is the collaborative organisation for ICT in Dutch education

669 views • 34 slides
Agnostic federated learning Mehryar Mohri 1 , 2 , Gary Sivek 1 , Ananda Theertha Suresh 1 1 Google

Agnostic federated learning Mehryar Mohri 1 , 2 , Gary Sivek 1 , Ananda Theertha Suresh 1 1 Google

Agnostic federated learning Mehryar Mohri 1 , 2 , Gary Sivek 1 , Ananda Theertha Suresh 1 1 Google Research, 2 Courant Institute June 11, 2019 1/8 Federated learning scenario [McMahan et al., 17] centralized model client A client

418 views • 8 slides
Optimizing Federated Learning on Non-IID Data with Reinforcement Learning Hao Wang *, Zakhary

Optimizing Federated Learning on Non-IID Data with Reinforcement Learning Hao Wang *, Zakhary

INFOCOM20 Optimizing Federated Learning on Non-IID Data with Reinforcement Learning Hao Wang *, Zakhary Kaplan*, Di Niu^, Baochun Li* *University of Toronto, ^University of Alberta < < > > Alexa Siri 2 Machine

541 views • 53 slides
SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via Social Networks via Social Networks Intel Research Pittsburgh / CMU Haifeng Yu National University of Singapore Michael Kaminsky Intel Research

501 views • 22 slides
Federated Zero-Shot Learning: A Proposal Francesco Odierna CS PhD student @ University of Pisa

Federated Zero-Shot Learning: A Proposal Francesco Odierna CS PhD student @ University of Pisa

Federated Zero-Shot Learning: A Proposal Francesco Odierna CS PhD student @ University of Pisa francesco.odierna@phd.unipi.it 1 Outline Introduction Federated Learning Zero-Shot Learning The Proposal Motivation Road

349 views • 19 slides
MOCHA: Federated Multi-Task Learning NIPS 17 Virginia Smith Stanford / CMU Chao-Kai

MOCHA: Federated Multi-Task Learning NIPS 17 Virginia Smith Stanford / CMU Chao-Kai

MOCHA: Federated Multi-Task Learning NIPS 17 Virginia Smith Stanford / CMU Chao-Kai Chiang USC Maziar Sanjabi USC Ameet Talwalkar CMU MACHINE LEARNING WORKFLOW data & problem machine learning model n optimization

1.71k views • 35 slides
MAB Learning in IoT Networks Learning helps even in non-stationary settings! Rmi Bonnefoi

MAB Learning in IoT Networks Learning helps even in non-stationary settings! Rmi Bonnefoi

MAB Learning in IoT Networks Learning helps even in non-stationary settings! Rmi Bonnefoi Lilian Besson milie Kaufmann Christophe Moy Jacques Palicot PhD Student in France Team SCEE, IETR, CentraleSuplec, Rennes & Team SequeL,

507 views • 25 slides
FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan

FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan

FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan Liu 1 , Yang Cao 2 , Masatoshi Yoshikawa 2 , Hong Chen 1 1 Renmin University of China, 2 Kyoto University DASFAA, 2020 Federated Learning Overview

370 views • 35 slides
An analysis of Social Network-based Sybil defenses Bimal Viswanath Ansley Post Krishna

An analysis of Social Network-based Sybil defenses Bimal Viswanath Ansley Post Krishna

An analysis of Social Network-based Sybil defenses Bimal Viswanath Ansley Post Krishna Gummadi Alan Mislove MPI-SWS Northeastern University SIGCOMM 2010 1 Sybil attack Fundamental problem in distributed systems Attacker

519 views • 40 slides
Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc

Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc

Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc Nguyen, Phillip Rieger, Markus Miettinen, Ahmad-Reza Sadeghi Typical IoT Devices 2 IoT The S stands for Security 3 Mirai: Largest Disruptive

508 views • 33 slides
Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Master Defense Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS) Presented by: Niclas Bewermeier Electrical and Computer December 14, 2018 Engineering Detecting Sybil Attacks using Proofs of

510 views • 49 slides
Anomaly Detection in Smart Buildings using Federated Learning Tuhin Sharma | Binaize Labs

Anomaly Detection in Smart Buildings using Federated Learning Tuhin Sharma | Binaize Labs

Anomaly Detection in Smart Buildings using Federated Learning Tuhin Sharma | Binaize Labs Bargava Subramanian | Binaize Labs Outline What is Smart Building? Anomalies in Smart Building. Challenges in IoT. Federated

709 views • 59 slides
Network Structure Grant Schoenebeck, Aaron Snook, Fang-Yi Yu Sybil Attack An attack to

Network Structure Grant Schoenebeck, Aaron Snook, Fang-Yi Yu Sybil Attack An attack to

Sybil Detection Using Latent Network Structure Grant Schoenebeck, Aaron Snook, Fang-Yi Yu Sybil Attack An attack to compromise a recommendation systems by forging identities. Recommendation System How is that restaurant? Bad Good Good

880 views • 29 slides
Technology Enhanced Learning (TEL): Exploring possibilities and tools for low-resource settings

Technology Enhanced Learning (TEL): Exploring possibilities and tools for low-resource settings

Technology Enhanced Learning (TEL): Exploring possibilities and tools for low-resource settings Challenges in implementing e-Learning programmes Linda Venter Department of Veterinary Tropical Diseases (DVTD) 1 Agenda Introduction

506 views • 31 slides
Use and Limitations of Machine Learning in Portfolio Management Overview 1. Brief Introduction

Use and Limitations of Machine Learning in Portfolio Management Overview 1. Brief Introduction

Use and Limitations of Machine Learning in Portfolio Management Overview 1. Brief Introduction to Learning 2. Prediction - Futurecasting - Nowcasting - factor analysis 3. Similarity Measures - recommendation system 4. Generating

307 views • 16 slides
Poster #20 Bayesian Nonparametric Federated Learning of Neural Networks Mikhail Yurochkin Mayank

Poster #20 Bayesian Nonparametric Federated Learning of Neural Networks Mikhail Yurochkin Mayank

IBM Research, MIT-IBM Watson AI Lab PFNM , Poster #20 ICML 2019 Poster #20 Bayesian Nonparametric Federated Learning of Neural Networks Mikhail Yurochkin Mayank Agarwal, Soumya Ghosh, Kristjan Greenewald, Nghia Hoang, Yasaman Khazaeni IBM

120 views • 9 slides
Technology Enhanced Learning (TEL): Exploring possibilities and tools for low-resource settings

Technology Enhanced Learning (TEL): Exploring possibilities and tools for low-resource settings

Technology Enhanced Learning (TEL): Exploring possibilities and tools for low-resource settings Tools and Delivery Options Linda Venter Department of Veterinary Tropical Diseases (DVTD) 1 Agenda Augmented, blended and online learning

744 views • 59 slides
BatchCrypt: Efficient Homomorphic Encryption for Cross-Silo Federated Learning Chengliang Zhang

BatchCrypt: Efficient Homomorphic Encryption for Cross-Silo Federated Learning Chengliang Zhang

BatchCrypt: Efficient Homomorphic Encryption for Cross-Silo Federated Learning Chengliang Zhang , Suyi Li, Junzhe Xia, Wei Wang, Feng Yan, Yang Liu* Hong Kong University of Science and Technology University of Nevada, Reno

744 views • 26 slides

More recommend