Anti FLippeR: Detection and Prevention of Label Flipping Attack by Local Evaluation in Federated Learning Environment

Rahman, Aashnan; Hasan, Abid; Arifin, Sherajul

dc.contributor.author	Rahman, Aashnan
dc.contributor.author	Hasan, Abid
dc.contributor.author	Arifin, Sherajul
dc.date.accessioned	2025-03-10T06:28:48Z
dc.date.available	2025-03-10T06:28:48Z
dc.date.issued	2024-07-24
dc.identifier.citation	[1] “A survey on vulnerability of federated learning: A learning algorithm perspec tive,” Neurocomputing, vol. 573, p. 127 225, 2024, issn: 0925-2312. doi: https: //doi.org/10.1016/j.neucom.2023.127225. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S0925231223013486. [2] I. M. Ahmed and M. Y. Kashmoola, “Investigated insider and outsider attacks on the federated learning systems,” in 2022 IEEE International Conference on Communication, Networks and Satellite (COMNETSAT), IEEE, 2022, pp. 438– 443. [3] K. Arulkumaran, M. P. Deisenroth, M. Brundage, and A. A. Bharath, “Deep re inforcement learning: A brief survey,” IEEE Signal Processing Magazine, vol. 34, no. 6, pp. 26–38, 2017. [4] S. Banabilah, M. Aloqaily, E. Alsayed, N. Malik, and Y. Jararweh, “Federated learning review: Fundamentals, enabling technologies, and future applications,” Information Processing & Management, vol. 59, no. 6, p. 103 061, 2022, issn: 0306-4573. doi: https : / / doi . org / 10 . 1016 / j . ipm . 2022 . 103061. [On line]. Available: https://www.sciencedirect.com/science/article/pii/ S0306457322001649. [5] S. Banabilah, M. Aloqaily, E. Alsayed, N. Malik, and Y. Jararweh, “Federated learning review: Fundamentals, enabling technologies, and future applications,” Information processing & management, vol. 59, no. 6, p. 103 061, 2022. [6] A. G. Barto, “Reinforcement learning,” in Neural systems for control, Elsevier, 1997, pp. 7–30. [7] M. J. Baucas, P. Spachos, and K. N. Plataniotis, “Federated learning and blockchain enabled fog-iot platform for wearables in predictive healthcare,” IEEE Transac tions on Computational Social Systems, 2023. [8] T. Bdair, N. Navab, and S. Albarqouni, “Semi-supervised federated peer learning for skin lesion classi cation,” arXiv preprint arXiv:2103.03703, 2021. 58 [9] P. Blanchard, E. M. El Mhamdi, R. Guerraoui, and J. Stainer, “Machine learn ing with adversaries: Byzantine tolerant gradient descent,” Advances in neural information processing systems, vol. 30, 2017. [10] K. Bonawitz, H. Eichner, W. Grieskamp, et al., “Towards federated learning at scale: System design,” Proceedings of machine learning and systems, vol. 1, pp. 374–388, 2019. [11] T. S. Brisimi, R. Chen, T. Mela, A. Olshevsky, I. C. Paschalidis, and W. Shi, “Fed erated learning of predictive models from federated electronic health records,” International journal of medical informatics, vol. 112, pp. 59–67, 2018. [12] “Call for papers ieee transactions on medical imaging special issue on annotation e cient deep learning for medical imaging,” IEEE Transactions on Medical Imaging, vol. 39, no. 5, pp. 1785–1785, 2020. doi: 10.1109/TMI.2020.2985940. [13] Y. S. Can and C. Ersoy, “Privacy-preserving federated deep learning for wear able iot-based biomedical monitoring,” ACM Transactions on Internet Technol ogy (TOIT), vol. 21, no. 1, pp. 1–17, 2021. [14] D. Cao, S. Chang, Z. Lin, G. Liu, and D. Sun, “Understanding distributed poison ing attack in federated learning,” in 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS), 2019, pp. 233–239. doi: 10.1109/ ICPADS47876.2019.00042. [15] Y. Chen, X. Qin, J. Wang, C. Yu, and W. Gao, “Fedhealth: A federated transfer learning framework for wearable healthcare,” IEEE Intelligent Systems, vol. 35, no. 4, pp. 83–93, 2020. [16] G. Dulac-Arnold, N. Levine, D. J. Mankowitz, et al., “Challenges of real-world reinforcement learning: De nitions, benchmarks and analysis,” Machine Learn ing, vol. 110, no. 9, pp. 2419–2468, 2021. [17] M. Fang, X. Cao, J. Jia, and N. Gong, “Local model poisoning attacks to {byzantine robust} federated learning,” in 29th USENIX security symposium (USENIX Se curity 20), 2020, pp. 1605–1622. [18] I. Feki, S. Ammar, Y. Kessentini, and K. Muhammad, “Federated learning for covid-19 screening from chest x-ray images,” Applied Soft Computing, vol. 106, p. 107 330, 2021. [19] S. Fort, J. Ren, and B. Lakshminarayanan, “Exploring the limits of out-of-distribution detection,”Advances in Neural Information Processing Systems, vol. 34, pp. 7068– 7081, 2021. 59 [20] Y. Fraboni, R. Vidal, and M. Lorenzi, “Free-rider attacks on model aggregation in federated learning,” in International Conference on Arti cial Intelligence and Statistics, PMLR, 2021, pp. 1846–1854. [21] I. Goodfellow, J. Pouget-Abadie, M. Mirza, et al., “Generative adversarial nets,” Advances in neural information processing systems, vol. 27, 2014. [22] A. Hard, C. M. Kiddon, D. Ramage, et al., Federated learning for mobile keyboard prediction, 2018. [Online]. Available: https://arxiv.org/abs/1811.03604. [23] H. Hu, X. Zhang, Z. Salcic, L. Sun, K.-K. R. Choo, and G. Dobbie, “Source in ference attacks: Beyond membership inference attacks in federated learning,” IEEE Transactions on Dependable and Secure Computing, 2023. [24] N. M. Jebreel, J. Domingo-Ferrer, D. Sánchez, and A. Blanco-Justicia, “L ghter: Defending against the label- ipping attack in federated learning,” Neural Net works, vol. 170, pp. 111–126, 2024. [25] Y. Jiang, W. Zhang, and Y. Chen, “Data quality detection mechanism against label ipping attacks in federated learning,” IEEE Transactions on Information Forensics and Security, vol. 18, pp. 1625–1637, 2023. doi: 10.1109/TIFS.2023. 3249568. [26] Y. Jiang, Y. Li, Y. Zhou, and X. Zheng, “Sybil attacks and defense on di erential privacy based federated learning,” in 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, 2021, pp. 355–362. [27] L. P. Kaelbling, M. L. Littman, and A. W. Moore, “Reinforcement learning: A survey,” Journal of arti cial intelligence research, vol. 4, pp. 237–285, 1996. [28] P. Kairouz, H. B. McMahan, B. Avent, et al., “Advances and open problems in federated learning,” Foundations and trendső in machine learning, vol. 14, no. 1–2, pp. 1–210, 2021. [29] P. W. Koh, J. Steinhardt, and P. Liang, “Stronger data poisoning attacks break data sanitization defenses,” Machine Learning, pp. 1–47, 2022. [30] J. Konen, H. B. McMahan, D. Ramage, and P. Richtárik, “Federated optimiza tion: Distributed machine learning for on-device intelligence,” arXiv preprint arXiv:1610.02527, 2016. [31] J. Konený, H. B. McMahan, F. X. Yu, P. Richtárik, A. T. Suresh, and D. Ba con, “Federated learning: Strategies for improving communication e ciency,” CoRR, vol. abs/1610.05492, 2016. arXiv: 1610.05492. [Online]. Available: http: //arxiv.org/abs/1610.05492. 60 [32] A. Krizhevsky, G. Hinton, et al., “Learning multiple layers of features from tiny images,” 2009. [33] R. Kumar, A. A. Khan, J. Kumar, et al., “Blockchain-federated-learning and deep learning models for covid-19 detection using ct imaging,” IEEE Sensors Journal, vol. 21, no. 14, pp. 16 301–16 314, 2021. doi: 10 . 1109 / JSEN . 2021 . 3076767. [34] A. Lakhan, M. A. Mohammed, J. Nedoma, et al., “Federated-learning based pri vacy preservation and fraud-enabled blockchain iomt system for healthcare,” IEEE journal of biomedical and health informatics, vol. 27, no. 2, pp. 664–672, 2022. [35] Y. LeCun, L. Bottou, Y. Bengio, and P. Ha ner, “Gradient-based learning ap plied to document recognition,” Proceedings of the IEEE, vol. 86, no. 11, pp. 2278– 2324, 1998. [36] S. Lee and D.-H. Choi, “Federated reinforcement learning for energy manage ment of multiple smart homes with distributed energy resources,” IEEE Trans actions on Industrial Informatics, vol. 18, no. 1, pp. 488–497, 2020. [37] Q. Li, Z. Wen, Z. Wu, et al., “A survey on federated learning systems: Vision, hype and reality for data privacy and protection,” IEEE Transactions on Knowl edge and Data Engineering, vol. 35, no. 4, pp. 3347–3366, 2021. [38] T. Li, A. K. Sahu, A. Talwalkar, and V. Smith, “Federated learning: Challenges, methods, and future directions,” IEEE Signal Processing Magazine, vol. 37, no. 3, pp. 50–60, 2020. doi: 10.1109/MSP.2020.2975749. [39] T. Li, A. K. Sahu, A. Talwalkar, and V. Smith, “Federated learning: Challenges, methods, and future directions,” IEEE signal processing magazine, vol. 37, no. 3, pp. 50–60, 2020. [40] X. Li, Z. Qu, S. Zhao, B. Tang, Z. Lu, and Y. Liu, “Lomar: A local defense against poisoning attack on federated learning,” IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 1, pp. 437–450, 2023. doi: 10.1109/TDSC.2021. 3135422. [41] X. Luo, Y. Wu, X. Xiao, and B. C. Ooi, “Feature inference attack on model predic tions in vertical federated learning,” in 2021 IEEE 37th International Conference on Data Engineering (ICDE), IEEE, 2021, pp. 181–192. [42] A. Maas, R. E. Daly, P. T. Pham, D. Huang, A. Y. Ng, and C. Potts, “Learning word vectors for sentiment analysis,” in Proceedings of the 49th annual meeting of the association for computational linguistics: Human language technologies, 2011, pp. 142–150. 61 [43] P. M. Mammen, “Federated learning: Opportunities and challenges,” CoRR, vol. abs/2101.05428, 2021. arXiv: 2101.05428. [Online]. Available: https:// arxiv.org/abs/2101.05428. [44] B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication e cient learning of deep networks from decentralized data,” in Arti cial intel ligence and statistics, PMLR, 2017, pp. 1273–1282. [45] A. Nguyen, T. Do, M. Tran, et al., “Deep federated learning for autonomous driv ing,” in 2022 IEEE Intelligent Vehicles Symposium (IV), IEEE, 2022, pp. 1824– 1830. [46] D. C. Nguyen, Q.-V. Pham, P. N. Pathirana, et al., “Federated learning for smart healthcare: A survey,” ACM Computing Surveys (Csur), vol. 55, no. 3, pp. 1–37, 2022. [47] T. D. Nguyen, P. Rieger, R. De Viti, et al., “{Flame}: Taming backdoors in feder ated learning,” in 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 1415–1432. [48] M. P. Parisot, B. Pejo, and D. Spagnuelo, “Property inference attacks on con volutional neural networks: In uence and implications of target model’s com plexity,” arXiv preprint arXiv:2104.13061, 2021. [49] A. Paudice, L. Muñoz-González, and E. C. Lupu, “Label sanitization against la bel ipping poisoning attacks,” in ECML PKDD 2018 Workshops: Nemesis 2018, UrbReas 2018, SoGood 2018, IWAISe 2018, and Green Data Mining 2018, Dublin, Ireland, September 10-14, 2018, Proceedings 18, Springer, 2019, pp. 5–15. [50] A. Perera and P. Kamalaruban, “Applications of reinforcement learning in en ergy systems,” Renewable and Sustainable Energy Reviews, vol. 137, p. 110 618, 2021. [51] S. R. Pokhrel and J. Choi, “Federated learning with blockchain for autonomous vehicles: Analysis and design challenges,” IEEE Transactions on Communica tions, vol. 68, no. 8, pp. 4734–4746, 2020. [52] S. Rani, A. Kataria, S. Kumar, and P. Tiwari, “Federated learning for secure iomt-applications in smart healthcare systems: A comprehensive review,”Knowledge Based Systems, p. 110 658, 2023. [53] N. Rieke, What Is Federated Learning? — blogs.nvidia.com, https://blogs. nvidia.com/blog/what-is-federated-learning/, [Accessed 11-07-2024]. [54] N. Rieke, J. Hancox, W. Li, et al., “The future of digital health with federated learning,” NPJ digital medicine, vol. 3, no. 1, pp. 1–7, 2020. 62 [55] N. Rodríguez-Barroso, D. Jiménez-López, M. V. Luzón, F. Herrera, and E. Martínez Cámara, “Survey on federated learning threats: Concepts, taxonomy on attacks and defences, experimental study and challenges,” Information Fusion, vol. 90, pp. 148–173, 2023, issn: 1566-2535. doi: https : / / doi . org / 10 . 1016 / j . inffus.2022.09.011. [Online]. Available: https://www.sciencedirect. com/science/article/pii/S1566253522001439. [56] N. Rodríguez-Barroso, D. Jiménez-López, M. V. Luzón, F. Herrera, and E. Martínez Cámara, “Survey on federated learning threats: Concepts, taxonomy on attacks and defences, experimental study and challenges,” Information Fusion, vol. 90, pp. 148–173, 2023. [57] H. R. Roth, K. Chang, P. Singh, et al., “Federated learning for breast density classi cation: A real-world implementation,” in Domain Adaptation and Rep resentation Transfer, and Distributed and Collaborative Learning: Second MIC CAI Workshop, DART 2020, and First MICCAI Workshop, DCL 2020, Held in Conjunction with MICCAI 2020, Lima, Peru, October 4–8, 2020, Proceedings 2, Springer, 2020, pp. 181–191. [58] D. Sachin, B. Annappa, and S. Ambesenge, “Federated learning for wearable sensor-based human activity recognition,” in International Conference on Intel ligent Technologies, Springer, 2022, pp. 131–139. [59] J. Shi, W. Wan, S. Hu, J. Lu, and L. Y. Zhang, Challenges and approaches for mitigating byzantine attacks in federated learning, 2022. arXiv: 2112 . 14468 [cs.CR]. [60] A. F. Siegel, “Robust regression using repeated medians,” Biometrika, vol. 69, no. 1, pp. 242–244, 1982. [61] J. So, B. Güler, and A. S. Avestimehr, “Byzantine-resilient secure federated learn ing,” IEEE Journal on Selected Areas in Communications, vol. 39, no. 7, pp. 2168– 2181, 2020. [62] V. Tolpegin, S. Truex, M. E. Gursoy, and L. Liu, “Data poisoning attacks against federated learning systems,” in Computer Security – ESORICS 2020, L. Chen, N. Li, K. Liang, and S. Schneider, Eds., Cham: Springer International Publishing, 2020, pp. 480–501, isbn: 978-3-030-58951-6. [63] V. Tolpegin, S. Truex, M. E. Gursoy, and L. Liu, Data poisoning attacks against federated learning systems, 2020. arXiv: 2007.08432 [cs.LG]. [64] A. Vaid, S. K. Jaladanki, J. Xu, et al., “Federated learning of electronic health records improves mortality prediction in patients hospitalized with covid-19,” MedRxiv, 2020. 63 [65] N. Verleysen, Federated learning: Embedding privacy in the learning algorithm, https://verhaert.com/insights/perspectives/di/artificial-intelligence/ federated-learning-embedding-privacy-in-learning-algorithm/, June 9, 2020. [66] wiki, Federated learning, 2024. [Online]. Available: https://en.wikipedia. org/wiki/Federated_learning. [67] G. Xia, J. Chen, C. Yu, and J. Ma, “Poisoning attacks in federated learning: A survey,” IEEE Access, vol. 11, pp. 10 708–10 722, 2023. doi: 10.1109/ACCESS. 2023.3238823. [68] J. Xu, B. S. Glicksberg, C. Su, P. Walker, J. Bian, and F. Wang, “Federated learn ing for healthcare informatics,” Journal of healthcare informatics research, vol. 5, pp. 1–19, 2021. [69] X. Xu, J. Wu, M. Yang, et al., “Information leakage by model weights on fed erated learning,” in Proceedings of the 2020 workshop on privacy-preserving ma chine learning in practice, 2020, pp. 31–36. [70] C. Yang, Q. Wang, M. Xu, et al., “Characterizing impacts of heterogeneity in federated learning upon large-scale smartphone data,” in Proceedings of the Web Conference 2021, 2021, pp. 935–946. [71] D. Yin, Y. Chen, R. Kannan, and P. Bartlett, “Byzantine-robust distributed learn ing: Towards optimal statistical rates,” in International conference on machine learning, Pmlr, 2018, pp. 5650–5659. [72] T. Yu, T. Li, Y. Sun, et al., “Learning context-aware policies from multiple smart homes via federated multi-task learning,” in 2020 IEEE/ACM Fifth international conference on internet-of-things design and implementation (IoTDI), IEEE, 2020, pp. 104–115. [73] O. Zari, C. Xu, and G. Neglia, “E cient passive membership inference attack in federated learning,” arXiv preprint arXiv:2111.00430, 2021. [74] T. Zeng, O. Semiari, M. Chen, W. Saad, and M. Bennis, “Federated learning on the road autonomous controller design for connected and autonomous vehi cles,” IEEE Transactions onWireless Communications, vol. 21, no. 12, pp. 10 407– 10 423, 2022. [75] J. Zhang, J. Zhang, J. Chen, and S. Yu, “Gan enhanced membership inference: A passive local attack in federated learning,” in ICC 2020-2020 IEEE International Conference on Communications (ICC), IEEE, 2020, pp. 1–6. 64 [76] T. Zhang, L. Gao, C. He, M. Zhang, B. Krishnamachari, and A. S. Avestimehr, “Federated learning for the internet of things: Applications, challenges, and opportunities,” IEEE Internet of Things Magazine, vol. 5, no. 1, pp. 24–29, 2022	en_US
dc.identifier.uri	http://hdl.handle.net/123456789/2372
dc.description	Supervised by Dr. Md. Azam Hossain, Associate Professor, Department of Computer Science and Engineering (CSE) Islamic University of Technology (IUT) Board Bazar, Gazipur, Bangladesh This thesis is submitted in partial fulfillment of the requirement for the degree of Bachelor of Science in Computer Science and Engineering, 2024	en_US
dc.description.abstract	Federated learning (FL) o ers a collaborative machine learning (ML) paradigm where participants train models on their local data and contribute updates to a central server, preserving data privacy. However, this distributed nature introduces a vulnerability, malicious nodes can inject manipulated updates to disrupt the training process and compromise the model’s performance. These attacks might be targetted or untarget ted. A particularly deceptive tactic employed by malicious actors is the label- ipping attack. In this targeted assault, attackers subtly sabotage the training data by reversing the labels of speci c examples. This seemingly minor manipulation can wreak havoc on the global model’s performance, making it di cult to detect yet highly impact ful. Existing defenses against Label-Flipping attacks often su er from several critical shortcomings. They tend to be overly reliant on central servers, computationally bur densome, and susceptible to slow poisoning attacks. Moreover, many of these meth ods struggle to e ectively detect and mitigate malicious behavior accurately. Our proposed defense methodology explores a novel distributed model training ap proach that utilizes trust-based updates with incentivized learning mechanisms. Nodes are rewarded for accurate contributions and penalized for inaccurate ones, drawing inspiration from reinforcement learning principles to achieve consensus on reliable and consistent model updates. Then, the updates are subjected to a weighted aggre gation based on the trust level of the clients, ensuring a robust and resilient global model. We evaluate the e ectiveness of our proposed approach through extensive simulations, demonstrating its ability to accurately identify malicious nodes while maintaining high detection accuracy and low computational overhead. Our method ology outperforms several state-of-the-art defenses in detecting malicious nodes.Our ndings pave the way for the development of more robust and trustworthy Decentral ized Federated Learning systems, enabling secure and e cient collaborative learning.	en_US
dc.language.iso	en	en_US
dc.publisher	Department of Computer Science and Engineering(CSE), Islamic University of Technology(IUT), Board Bazar, Gazipur-1704, Bangladesh	en_US
dc.title	Anti FLippeR: Detection and Prevention of Label Flipping Attack by Local Evaluation in Federated Learning Environment	en_US
dc.type	Thesis	en_US