Data-Agnostic Model Poisoning Against Federated Learning: A Graph Autoencoder Approach

Kai Li, Jingjing Zheng, Xin Yuan, Wei Ni, Ozgur B. Akan, H. Vincent Poor

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

This paper proposes a novel, data-agnostic, model poisoning attack on Federated Learning (FL), by designing a new adversarial graph autoencoder (GAE)-based framework. The attack requires no knowledge of FL training data and achieves both effectiveness and undetectability. By listening to the benign local models and the global model, the attacker extracts the graph structural correlations among the benign local models and the training data features substantiating the models. The attacker then adversarially regenerates the graph structural correlations while maximizing the FL training loss, and subsequently generates malicious local models using the adversarial graph structure and the training data features of the benign ones. A new algorithm is designed to iteratively train the malicious local models using GAE and sub-gradient descent. The convergence of FL under attack is rigorously proved, with a considerably large optimality gap. Experiments show that the FL accuracy drops gradually under the proposed attack and existing defense mechanisms fail to detect it. The attack can give rise to an infection across all benign devices, making it a serious threat to FL.

Original languageEnglish (US)
Pages (from-to)3465-3480
Number of pages16
JournalIEEE Transactions on Information Forensics and Security
Volume19
DOIs
StatePublished - 2024
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Keywords

  • Federated learning
  • feature correlation
  • graph autoencoder
  • model poisoning attack

Fingerprint

Dive into the research topics of 'Data-Agnostic Model Poisoning Against Federated Learning: A Graph Autoencoder Approach'. Together they form a unique fingerprint.

Cite this