Netinfo Security ›› 2024, Vol. 24 ›› Issue (2): 262-271.doi: 10.3969/j.issn.1671-1122.2024.02.009

Previous Articles     Next Articles

Federated Learning Backdoor Defense Method Based on Trigger Inversion

LIN Yihang, ZHOU Pengyuan(), WU Zhiqian, LIAO Yong   

  1. School of Cyber Science and Technology, University of Science and Technology of China, Hefei 230031, China
  • Received:2023-10-23 Online:2024-02-10 Published:2024-03-06
  • Contact: ZHOU Pengyuan E-mail:pyzhou@ustc.edu.cn

Abstract:

As an emerging distributed machine learning paradigm, federated learning realizes distributed collaborative model training among multiple clients without uploading user original data, thereby protecting user privacy. However, since the server cannot inspect the client’s local dataset in federated learning, malicious clients can embed the backdoor into the global model by data poisoning. Traditional federated learning backdoor defense methods are mostly based on the idea of model detection for backdoor defense, but ignore the inherent distributed feature of federated learning. Therefore, this paper proposed a federated learning backdoor defense method based on trigger inversion. The aggregation server and distributed clients collaborated to generate additional data using trigger reverse technology to enhance the robustness of the client’s local model for backdoor defense. Experiments on different datasets, and the results show that the proposed method can mitigate backdoor attacks effectively.

Key words: federated learning, backdoor attack, backdoor defense, robustness training, trigger inversion

CLC Number: