期刊
IEEE TRANSACTIONS ON NETWORK SCIENCE AND ENGINEERING
卷 8, 期 2, 页码 1070-1083出版社
IEEE COMPUTER SOC
DOI: 10.1109/TNSE.2020.3002796
关键词
Training; Servers; Peer-to-peer computing; Machine learning; Data models; Security; Distributed databases; Non-i; i; d; data; adversarial mitigation; federated learning
资金
- U.S. National Science Foundation [NSF-1350145]
The proposed ZeKoC approach in this paper effectively mitigates adversarial attacks in a resource-constrained setting, by automatically splitting and merging weight clusters for weight selection and aggregation. Theoretical analysis shows guaranteed convergence, and experimental results demonstrate its success in countering general attacks in a non-i.i.d. data environment, outperforming existing schemes.
The simultaneous development of deep learning techniques and Internet of Things (IoT)/Cyber-physical Systems (CPS) technologies has afforded untold possibilities for improving distributed computing, sensing, and data analysis. Among these technologies, federated learning has received increased attention as a privacy-preserving collaborative learning paradigm, and has shown significant potential in IoT/CPS-driven large-scale smart-world systems. At the same time, the vulnerabilities of deep neural networks, especially to adversarial attacks, cannot be overstated and should not be minimized. Moreover, the distributed nature of federated learning makes defense against such adversarial attacks a more challenging problem due to the unavailability of local data and resource heterogeneity. To tackle these challenges, in this paper, we propose ZeKoC, a Zero Knowledge Clustering approach to mitigating adversarial attacks. Particularly, we first formulate the problem of resource-constrained adversarial mitigation. Specifically, noting that a global server has no access to training samples, we reformulate the unsupervised weight clustering problem. Our proposed ZeKoC approach allows the server to automatically split and merge weight clusters for weight selection and aggregation. Theoretical analysis demonstrates that convergence is guaranteed. Further, our experimental results illustrate that, in a non-i.i.d. (i.e., independent and identically distributed) data setting, the proposed ZeKoC approach successfully mitigates general attacks while outperforming state-of-art schemes.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据