Fine-grained Attacks Towards Federated Learning

Backdoor Federated Learning by Poisoning Backdoor-Critical Layers
Haomin Zhuang, Mingxian Yu, Hao Wang, Yang Hua, Jian Li, Xu Yuan

——Accepted by ICLR’24


The decentralized learning paradigm and heterogeneity of federated learning (FL) further extend the attack surface for backdoor attacks. A few backdoor attack and defense methodologies have been proposed for FL. However, none of them recognizes that poisoning backdoor-critical (BC) layers—a small set of model layers—rather than the whole model can successfully backdoor FL at a minimum chance of being detected by state-of-the-art (SOTA) defenses.

Fine-grained Attacking.