IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v12y2024i23p3751-d1532012.html
   My bibliography  Save this article

FLARE: A Backdoor Attack to Federated Learning with Refined Evasion

Author

Listed:
  • Qingya Wang

    (Faculty of Law, University of Montreal, 2900 Edouard Montpetit Blvd, Montreal, QC H3T 1J4, Canada)

  • Yi Wu

    (China Academy of Information and Communications Technology, Beijing 100191, China
    Key Laboratory of Mobile Application Innovation and Governance Technology, Beijing 100191, China)

  • Haojun Xuan

    (School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing 100081, China)

  • Huishu Wu

    (Faculty of Law, University of Montreal, 2900 Edouard Montpetit Blvd, Montreal, QC H3T 1J4, Canada)

Abstract

Federated Learning (FL) is vulnerable to backdoor attacks in which attackers inject malicious behaviors into the global model. To counter these attacks, existing works mainly introduce sophisticated defenses by analyzing model parameters and utilizing robust aggregation strategies. However, we find that FL systems can still be attacked by exploiting their inherent complexity. In this paper, we propose a novel three-stage backdoor attack strategy named FLARE: A Backdoor Attack to Federated Learning with Refined Evasion, which is designed to operate under the radar of conventional defense strategies. Our proposal begins with a trigger inspection stage to leverage the initial susceptibilities of FL systems, followed by a trigger insertion stage where the synthesized trigger is stealthily embedded at a low poisoning rate. Finally, the trigger is amplified to increase the attack’s success rate during the backdoor activation stage. Experiments on the effectiveness of FLARE show significant enhancements in both the stealthiness and success rate of backdoor attacks across multiple federated learning environments. In particular, the success rate of our backdoor attack can be improved by up to 45× compared to existing methods.

Suggested Citation

  • Qingya Wang & Yi Wu & Haojun Xuan & Huishu Wu, 2024. "FLARE: A Backdoor Attack to Federated Learning with Refined Evasion," Mathematics, MDPI, vol. 12(23), pages 1-14, November.
    • Handle: RePEc:gam:jmathe:v:12:y:2024:i:23:p:3751-:d:1532012
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/12/23/3751/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-7390/12/23/3751/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:12:y:2024:i:23:p:3751-:d:1532012. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.