FederatedReverse: A Detection and Defense Method Against Backdoor Attacks in Federated Learning

Abstract

Federated learning is a secure machine learning technology proposed to protect data privacy and security in machine learning model training. However, recent studies show that federated learning is vulnerable to backdoor attacks, such as model replacement attacks and distributed backdoor attacks. Most backdoor defense techniques are not appropriate for federated learning since they are based on entire data samples that cannot be hold in federated learning scenarios. The newly proposed methods for federated learning sacrifice the accuracy of models and still fail once attacks persist in many training rounds. In this paper, we propose a novel and effective detection and defense technique called FederatedReverse for federated learning. We conduct extensive experimental evaluation of our solution. The experimental results show that, compared with the existing techniques, our solution can effectively detect and defend against various backdoor attacks in federated learning, where the success rate and duration of backdoor attacks can be greatly reduced and the accuracies of trained models are almost not reduced.