Data-Agnostic Model Poisoning to Manipulating Federated Learning

Add to your list(s) Download to your calendar using vCal

• Kai (Lukas) Li, CISTER research centre, Portugal
• Tuesday 16 July 2024, 14:00-15:00
• Webinar & LT2, Computer Laboratory, William Gates Building..

If you have a question about this talk, please contact Hridoy Sankar Dutta.

In this presentation, a data-agnostic model poisoning attack targeting federated learning systems will be explored. The proposed attack leverages a new adversarial graph autoencoder (GAE)-based framework that operates independently of training data access, thereby ensuring both its efficacy and stealth. The proposed attack allows the adversary to reconstruct the graph’s structural correlations adversarially, optimizing the disruption of federated learning performance. This is achieved by generating malicious local models that incorporate the adversarial graph structure alongside the benign features of training data. Furthermore, an algorithm has been developed to iteratively refine the malicious models using GAE with sub-gradient descent. Numerical results demonstrate a progressive decline in the accuracy of federated learning systems subjected to this attack, which notably eludes detection by existing defensive measures. Consequently, this attack presents a formidable risk, potentially compromising all benign devices within the network.

Short bio: Dr. Kai Li received the B.E. degree from Shandong University, China, in 2009, the M.S. degree from The Hong Kong University of Science and Technology, Hong Kong, in 2010, and the Ph.D. degree in computer science from The University of New South Wales, Sydney, NSW , Australia, in 2014. Currently, he is a Visiting Research Scientist with the Division of Electrical Engineering, Department of Engineering, University of Cambridge, U.K., and a Senior Research Scientist with the CISTER Research Centre, Porto, Portugal. He is also a CMU -Portugal Research Fellow, jointly supported by Carnegie Mellon University (CMU), Pittsburgh, PA, USA , and the Foundation for Science and Technology (FCT), Lisbon, Portugal. In 2022, he was a Visiting Research Scholar with the CyLab Security and Privacy Institute, CMU . Prior to this, he was a Post-Doctoral Research Fellow with the SUTD -MIT International Design Centre, Singapore University of Technology and Design, Singapore, from 2014 to 2016. He has also held positions as a Visiting Research Assistant with the ICT Centre, CSIRO , Brisbane, QLD , Australia, from 2012 to 2013, and a full-time Research Assistant with the Mobile Technologies Centre, The Chinese University of Hong Kong, Hong Kong, from 2010 to 2011. He has been an Associate Editor of journals, such as Internet of Things (Elsevier) since 2024, Nature Computer Science (Springer) since 2023, Computer Communications (Elsevier) and Ad Hoc Networks (Elsevier) since 2021, and IEEE ACCESS from 2018 to 2024.

This talk is part of the Computer Laboratory Security Seminar series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Security Seminar
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• Webinar & LT2, Computer Laboratory, William Gates Building.
• bld31

Note that ex-directory lists are not shown.