The reviewed record of science sign in
Pith

arxiv: 2411.16167 · v3 · pith:4H3VUBAI · submitted 2024-11-25 · cs.LG

Mind the Cost of Scaffold! Benign Clients May Even Become Accomplices of Backdoor Attack

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:4H3VUBAIrecord.jsonopen to challenge →

classification cs.LG
keywords attackbadsflbenignscaffoldaccomplicesbackdoorclientsachieves
0
0 comments X
read the original abstract

By using a control variate to calibrate the local gradient of each client, Scaffold has been widely known as a powerful solution to mitigate the impact of data heterogeneity in Federated Learning. Although Scaffold achieves significant performance improvements, we show that this superiority is at the cost of increased security vulnerabilities. Specifically, this paper presents BadSFL, the first backdoor attack targeting Scaffold, which turns benign clients into accomplices to amplify the attack effect. The core idea of BadSFL is to uniquely tamper with the control variate to subtly steer benign clients' local gradient updates towards the attacker's poisoned direction, effectively turning them into unwitting accomplices and significantly enhancing the backdoor persistence. Additionally, BadSFL leverages a GAN-enhanced poisoning strategy to enrich the attacker's dataset, maintaining high accuracy on both benign and backdoored samples while remaining stealthy. Extensive experiments demonstrate that BadSFL achieves superior attack durability, maintaining effectiveness for over 60 global rounds, lasting up to three times longer than existing baselines even after ceasing malicious model injections.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.