AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (2.3 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Backdoor Attack to Giant Model in Fragment-Sharing Federated Learning

School of Computer Science and Technology, Shandong University, Qingdao 266237, China
Shandong University-Nanyang Technological University International Joint Research Institute on Artificial Intelligence, Shandong University, Jinan 250101, China
School of Computer Science and Engineering, The University of Aizu, Aizuwakamatsu 9658580, Japan
Show Author Information

Abstract

To efficiently train the billions of parameters in a giant model, sharing the parameter-fragments within the Federated Learning (FL) framework has become a popular pattern, where each client only trains and shares a fraction of parameters, extending the training of giant models to the broader resources-constrained scenarios. Compared with the previous works where the models are fully exchanged, the fragment-sharing pattern poses some new challenges for the backdoor attacks. In this paper, we investigate the backdoor attack on giant models when they are trained in an FL system. With the help of fine-tuning technique, a backdoor attack method is presented, by which the malicious clients can hide the backdoor in a designated fragment that is going to be shared with the benign clients. Apart from the individual backdoor attack method mentioned above, we additionally show a cooperative backdoor attack method, in which the fragment of a malicious client to be shared only contains a part of the backdoor while the backdoor is injected when the benign client receives all the fragments from the malicious clients. Obviously, the later one is more stealthy and harder to be detected. Extensive experiments have been conducted on the datasets of CIFAR-10 and CIFAR-100 with the ResNet-34 as the testing model. The numerical results show that our backdoor attack methods can achieve an attack success rate close to 100% in about 20 rounds of iterations.

References

【1】
【1】
 
 
Big Data Mining and Analytics
Pages 1084-1097

{{item.num}}

Comments on this article

Go to comment

< Back to all reports

Review Status: {{reviewData.commendedNum}} Commended , {{reviewData.revisionRequiredNum}} Revision Required , {{reviewData.notCommendedNum}} Not Commended Under Peer Review

Review Comment

Close
Close
Cite this article:
Qi S, Ma H, Zou Y, et al. Backdoor Attack to Giant Model in Fragment-Sharing Federated Learning. Big Data Mining and Analytics, 2024, 7(4): 1084-1097. https://doi.org/10.26599/BDMA.2024.9020035

1775

Views

80

Downloads

2

Crossref

1

Web of Science

2

Scopus

0

CSCD

Received: 31 December 2023
Revised: 16 April 2024
Accepted: 20 May 2024
Published: 04 December 2024
© The author(s) 2024.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).