2023年5月JournalonCommunicationsMay2023第44卷第5期通信学报Vol.44No.5DAGUARD:联邦学习下的分布式后门攻击防御方案余晟兴1,陈泽凯2,陈钟1,刘西蒙2(1.北京大学计算机学院,北京100871;2.福州大学计算机与大数据学院/软件学院,福建福州350108)摘要:为了解决联邦学习下的分布式后门攻击等问题,基于服务器挑选最多不超过半数恶意客户端进行全局聚合的假设,提出了一种联邦学习下的分布式后门防御方案(DAGUARD)。设计了三元组梯度优化算法局部更新策略(TernGrad)以解决梯度局部调整的后门攻击和推理攻击、自适应密度聚类防御方案(AdaptDBSCAN)以解决角度偏较大的后门攻击、自适应裁剪方案以限制放大梯度的后门增强攻击和自适应加噪方案以削弱分布式后门攻击。实验结果表明,在联邦学习场景下,所提方案相比现有的防御策略具有更好的防御性能和防御稳定性。关键词:联邦学习;分布式后门攻击;聚类;差分隐私中图分类号:TN92文献标志码:ADOI:10.11959/j.issn.1000−436x.2023086DAGUARD:distributedbackdoorattackdefenseschemeunderfederatedlearningYUShengxing1,CHENZekai2,CHENZhong1,LIUXimeng21.SchoolofComputerScience,PekingUniversity,Beijing100871,China2.CollegeofComputerandDataScience/CollegeofSoftware,FuzhouUniversity,Fuzhou350108,ChinaAbstract:Inordertosolvetheproblemsofdistributedbackdoorattackunderfederatedlearning,adistributedbackdoorattackdefensescheme(DAGUARD)underfederatedlearningwasproposedbasedontheassumptionthattheserverse-lectednomorethanhalfofmaliciousclientsforglobalaggregation.Thepartialupdatestrategyofthetriplegradientop-timizationalgorithm(TernGrad)wasdesignedtosolvethebackdoorattackandinferenceattack,anadaptivedensityclusteringdefenseschemewasdesignedtosolvethebackdoorattackswithrelativelylargeangledeflection,theadaptiveclippingschemewasdesignedtolimittheenhancementbackdoorattackthatamplifythegradientsandtheadaptivenoise-enhancingschemewasdesignedtoweakendistributedbackdoorattacks.Theexperimentalresultsshowthatinthefederatedlearningscenario,theproposedschemehasbetterdefenseperformanceanddefensestabilitythanexistingde-fensestrategies.Keywords:federatedlearning,distributedbackdoorattack,cluster,differentialp...
