Fine-grained Attacks Towards Federated Learning

Backdoor Federated Learning by Poisoning Backdoor-Critical Layers
Haomin Zhuang, Mingxian Yu, Hao Wang, Yang Hua, Jian Li, Xu Yuan

——available at arXiv:2308.04466


The decentralized learning paradigm and heterogeneity of federated learning (FL) further extend the attack surface for backdoor attacks. A few backdoor attack and defense methodologies have been proposed for FL. However, none of them recognizes that poisoning backdoor-critical (BC) layers—a small set of model layers—rather than the whole model can successfully backdoor FL at a minimum chance of being detected by state-of-the-art (SOTA) defenses.

Fine-grained Attacking.