Sort:
Open Access Issue
Backdoor Attack to Giant Model in Fragment-Sharing Federated Learning
Big Data Mining and Analytics 2024, 7(4): 1084-1097
Published: 04 December 2024
Abstract PDF (2.3 MB) Collect
Downloads:5

To efficiently train the billions of parameters in a giant model, sharing the parameter-fragments within the Federated Learning (FL) framework has become a popular pattern, where each client only trains and shares a fraction of parameters, extending the training of giant models to the broader resources-constrained scenarios. Compared with the previous works where the models are fully exchanged, the fragment-sharing pattern poses some new challenges for the backdoor attacks. In this paper, we investigate the backdoor attack on giant models when they are trained in an FL system. With the help of fine-tuning technique, a backdoor attack method is presented, by which the malicious clients can hide the backdoor in a designated fragment that is going to be shared with the benign clients. Apart from the individual backdoor attack method mentioned above, we additionally show a cooperative backdoor attack method, in which the fragment of a malicious client to be shared only contains a part of the backdoor while the backdoor is injected when the benign client receives all the fragments from the malicious clients. Obviously, the later one is more stealthy and harder to be detected. Extensive experiments have been conducted on the datasets of CIFAR-10 and CIFAR-100 with the ResNet-34 as the testing model. The numerical results show that our backdoor attack methods can achieve an attack success rate close to 100% in about 20 rounds of iterations.

Open Access Issue
A Local Differential Privacy Trajectory Protection Method Based on Temporal and Spatial Restrictions for Staying Detection
Tsinghua Science and Technology 2024, 29(2): 617-633
Published: 22 September 2023
Abstract PDF (9.9 MB) Collect
Downloads:64

The widespread availability of GPS has opened up a whole new market that provides a plethora of location-based services. Location-based social networks have become very popular as they provide end users like us with several such services utilizing GPS through our devices. However, when users utilize these services, they inevitably expose personal information such as their ID and sensitive location to the servers. Due to untrustworthy servers and malicious attackers with colossal background knowledge, users’ personal information is at risk on these servers. Unfortunately, many privacy-preserving solutions for protecting trajectories have significantly decreased utility after deployment. We have come up with a new trajectory privacy protection solution that contraposes the area of interest for users. Firstly, Staying Points Detection Method based on Temporal-Spatial Restrictions (SPDM-TSR) is an interest area mining method based on temporal-spatial restrictions, which can clearly distinguish between staying and moving points. Additionally, our privacy protection mechanism focuses on the user’s areas of interest rather than the entire trajectory. Furthermore, our proposed mechanism does not rely on third-party service providers and the attackers’ background knowledge settings. We test our models on real datasets, and the results indicate that our proposed algorithm can provide a high standard privacy guarantee as well as data availability.

Open Access Issue
Public-private-core maintenance in public-private-graphs
Intelligent and Converged Networks 2021, 2(4): 306-319
Published: 30 December 2021
Abstract PDF (8.9 MB) Collect
Downloads:59

A public-private-graph (pp-graph) is developed to model social networks with hidden relationships, and it consists of one public graph in which edges are visible to all users, and multiple private graphs in which edges are only visible to its endpoint users. In contrast with conventional graphs where the edges can be visible to all users, it lacks accurate indexes to evaluate the importance of a vertex in a pp-graph. In this paper, we first propose a novel concept, public-private-core (pp-core) number based on the k-core number, which integrally considers both the public graph and private graphs of vertices, to measure how critical a user is. We then give an efficient algorithm for the pp-core number computation, which takes only linear time and space. Considering that the graphs can be always evolving over time, we also present effective algorithms for pp-core maintenance after the graph changes, avoiding redundant re-computation of pp-core number. Extension experiments conducted on real-world social networks show that our algorithms achieve good efficiency and stability. Compared to recalculating the pp-core numbers of all vertices, our maintenance algorithms can reduce the computation time by about 6–8 orders of magnitude.

Total 3