The distributed nature of Federated Learning (FL) makes it vulnerable to malicious attacks such as data poisoning attacks and model poisoning attacks. Especially in Decentralized FL (DFL), the security control of the whole system becomes more complicated since there is no central server, and any node can be called an aggregator. Current countermeasures against poisoning attacks focus on data-dependent means such as model similarity or model Loss to identify and filter malicious models. However, as a data-driven process, FL training is greatly affected by data distribution, and different data distributions can lead to huge differences between models. The result is that defenses based on exogeneity, such as model similarity and Loss, have difficulty identifying whether it is a malicious attack or a model anomaly due to differences in the training data distribution. With this, finding an endogenous, data-independent defense is particularly important in securing DFL systems in non-IID environments.
As neural network models are trained, information theory-based models [1] show that there is a transition from a disordered to an ordered process of information among neural networks, and thus, the use of metrics such as information entropy and mutual information can explain and guide the training of models [2, 3, 4]. Thus, the use of appropriate information-theoretic features that endogenously quantify the orderliness of the model itself, as well as the correlations between the layers of the neural network, is a promising defense against poisoning attacks. At the same time, these features are data distribution independent and, therefore, effective in IID and non-IID environments. Thus, the main goal of this student project is to analyze, design, and prototype an information theory-based defense that protects DFLs from poisoning attacks. Students need first to understand the principles of DFL and theoretical and practical knowledge of poisoning attacks. Further, explores how to use knowledge of information theory to compute the information and ordering within the model, which in turn leads to the design and implementation of a reasonable defense mechanism.
[1] Yu, Shujian, and Jose C. Principe. "Understanding autoencoders with information theoretic concepts." Neural Networks 117 (2019): 104-123.
[2] Park, Eunhyeok, Junwhan Ahn, and Sungjoo Yoo. "Weighted-entropy-based quantization for deep neural networks." Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2017.
[3] Barbiero, Pietro, et al. "Entropy-based logic explanations of neural networks." Proceedings of the AAAI Conference on Artificial Intelligence. Vol. 36. No. 6. 2022.
[4] Belghazi, Mohamed Ishmael, et al. "Mine: mutual information neural estimation." arXiv preprint arXiv:1801.04062 (2018).
Supervisors: Chao Feng
back to the main page