Poisoning Attack on Federated Learning with Non-IID Data: A Historical-Global-Model-Based Approach
摘要
The advent of federated learning (FL), a burgeoning distributed machine learning paradigm, holds promise in alleviating the privacy risks associated with centralized learning by facilitating local model training on devices. Nevertheless, FL’s landscape is not devoid of security challenges, with the threat of model poisoning attacks remaining a persistent concern. Concurrently, due to the “client drift”effect caused by the non-independent and identically distributed (non-IID) data characteristics, additional challenges are introduced to the implementation of FL systems. In this paper, we conduct an in-depth investigation into these threats in FL and propose a novel model poisoning attack tailored to non-IID data environments. Unlike existing methods, we propose a novel model poisoning attack that unconventionally leverages the power of non-IID data environments to conceal the attack and generate seemingly legitimate model parameters to ensure its effectiveness. Experimental results demonstrate that our approach exhibits superior success rates compared to other attack methods and remains effective in degrading the performance of the global model even when confronted with different defense mechanisms.