PoisonedFL: Model Poisoning Attacks to Federated Learning via Multi-Round Consistency

arXiv:2404.15611v1 Announce Type: new
Abstract: Model poisoning attacks are critical security threats to Federated Learning (FL). Existing model poisoning attacks suffer from two key limitations: 1) they achieve suboptimal effectiveness when defenses are deployed, and/or 2) they require knowledge of the model updates or local training data on genuine clients. In this work, we make a key observation that their suboptimal effectiveness arises from only leveraging model-update consistency among malicious clients within individual training rounds, making the attack effect self-cancel …

arxiv attacks clients consistency critical cs.cr data defenses federated federated learning key knowledge limitations local poisoning poisoning attacks security security threats threats training training data updates