Logotyp: till Uppsala universitets webbplats

uu.sePublikationer från Uppsala universitet
EnglishSvenskaNorsk
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Blades: A Unified Benchmark Suite for Byzantine Attacks and Defenses in Federated Learning
Uppsala universitet, Teknisk-naturvetenskapliga vetenskapsområdet, Matematisk-datavetenskapliga sektionen, Institutionen för informationsteknologi, Avdelningen för datorteknik. Uppsala universitet, Teknisk-naturvetenskapliga vetenskapsområdet, Matematisk-datavetenskapliga sektionen, Institutionen för informationsteknologi, Datorteknik.ORCID-id: 0000-0003-0145-3127
Univ Hong Kong, Hong Kong, Peoples R China.
UCL, London, England.
ORCID-id: 0000-0001-9500-1791
Visa övriga samt affilieringar
2024 (Engelska)Ingår i: 2024 IEEE/ACM Ninth International Conference on Internet-of-Things Design and Implementation (IoTDI), Institute of Electrical and Electronics Engineers (IEEE), 2024, s. 158-169Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Federated learning (FL) facilitates distributed training across different IoT and edge devices, safeguarding the privacy of their data. The inherent distributed structure of FL introduces vulnerabilities, especially from adversarial devices aiming to skew local updates to their advantage. Despite the plethora of research focusing on Byzantine-resilient FL, the academic community has yet to establish a comprehensive benchmark suite, pivotal for impartial assessment and comparison of different techniques. This paper presents Blades, a scalable, extensible, and easily configurable benchmark suite that supports researchers and developers in efficiently implementing and validating novel strategies against baseline algorithms in Byzantine-resilient FL. Blades contains built-in implementations of representative attack and defense strategies and offers a user-friendly interface that seamlessly integrates new ideas. Using Blades, we re-evaluate representative attacks and defenses on wide-ranging experimental configurations (approximately 1,500 trials in total). Through our extensive experiments, we gained new insights into FL robustness and highlighted previously overlooked limitations due to the absence of thorough evaluations and comparisons of baselines under various attack settings. We maintain the source code and documents at https://github.com/lishenghui/blades.
Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2024. s. 158-169
Nyckelord [en]
Byzantine attacks, distributed learning, federated learning, IoT, neural networks, robustness
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:uu:diva-537577DOI: 10.1109/IoTDI61053.2024.00018ISI: 001261370500014Scopus ID: 2-s2.0-85196568437ISBN: 979-8-3503-7025-6 (digital)ISBN: 979-8-3503-7026-3 (tryckt)OAI: oai:DiVA.org:uu-537577DiVA, id: diva2:1895304
Konferens
9th ACM/IEEE Conference on Internet of Things Design and Implementation (IoTDI), May 13-16, 2024, Hong Kong, Hong Kong
Ingår i projekt
Adaptiva och robusta underhåll för nätverkssensorsystem, Vetenskapsrådet
Forskningsfinansiär
Vetenskapsrådet, 2017-04543Tillgänglig från: 2024-09-05 Skapad: 2024-09-05 Senast uppdaterad: 2025-02-11Bibliografiskt granskad
Ingår i avhandling
1. Robust Federated Learning: Defending Against Byzantine and Jailbreak Attacks
Öppna denna publikation i ny flik eller fönster >>Robust Federated Learning: Defending Against Byzantine and Jailbreak Attacks
2024 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

Federated Learning (FL) has emerged as a promising paradigm for training collaborative machine learning models across multiple participants while preserving data privacy. It is particularly valuable in privacy-sensitive domains like healthcare and finance. Recently, FL has been explored to harness the power of pre-trained Foundation Models (FMs) for downstream task adaptation, enabling customization and personalization while maintaining data locality and privacy. However, FL's distributed nature makes it inherently vulnerable to adversarial attacks. Notable threats include Byzantine attacks, which inject malicious updates to degrade model performance, and jailbreak attacks, which exploit the fine-tuning process to undermine safety alignments of FMs, leading to harmful outputs. This dissertation centers on robust FL, aiming to mitigate these threats and ensure global models remain accurate and safe even under adversarial conditions. To mitigate Byzantine attacks, we propose several Robust Aggregation Schemes (RASs) that decrease the influence of malicious updates. Additionally, we introduce Blades, an open-source benchmarking tool to systematically study the interplay between attacks and defenses in FL, offering insights into the effects of data heterogeneity, differential privacy, and momentum on RAS robustness. Exploring the synergy between FL and FMs, we present a taxonomy of research along with adaptivity, efficiency, and trustworthiness. We uncover a novel attack, “PEFT-as-an-Attack” (PaaA), where malicious FL participants jailbreak FMs through Parameter-Efficient-Fine-Tuning (PEFT) with harmful data. We evaluate defenses against PaaA and highlight critical gaps, emphasizing the need for advanced strategies balancing safety and utility in FL-FM systems. In summary, this dissertation advances FL robustness by proposing novel defenses, tools, and insights while exposing emerging attack vectors. These contributions pave the way for attack-resilient distributed machine learning systems capable of withstanding both current and emerging threats.
Ort, förlag, år, upplaga, sidor
Uppsala: Acta Universitatis Upsaliensis, 2024. s. 54
Serie
Digital Comprehensive Summaries of Uppsala Dissertations from the Faculty of Science and Technology, ISSN 1651-6214 ; 2477
Nyckelord
Federated learning, Jailbreak attack, Parameter-Efficient Fine-Tuning, Pre-trained Language Model, Robustness
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:uu:diva-540441 (URN)978-91-513-2312-1 (ISBN)
Disputation
2025-01-16, 101121, Sonja Lyttkens, Ångström, Regementsvägen 1, Uppsala, 09:00 (Engelska)
Opponent
Handledare
Tillgänglig från: 2024-12-17 Skapad: 2024-11-20 Senast uppdaterad: 2024-12-17

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextScopus

Person

Li, ShenghuiJu, LiZhang, TianruVoigt, Thiemo

Sök vidare i DiVA

Av författaren/redaktören
Li, ShenghuiJu, LiZhang, TianruVoigt, Thiemo
Av organisationen
Avdelningen för datorteknikDatorteknikAvdelningen för beräkningsvetenskapTillämpad beräkningsvetenskapNätverksbaserade inbyggda system
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 214 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Uppsala universitetsbibliotek
|
Fråga biblioteket
|
Logga in i DiVA
|
Söka och länka i DiVA