Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/155454
|
| Title: | 基於非線性降維之聯邦學習後門攻擊防禦方法
Defense Against Federated Learning Backdoor Attacks Based on Nonlinear Dimensionality Reduction |
| Authors: | 吉瀚宇
Chi, Han-Yu |
| Contributors: | 蔡子傑
Tsai, Tzu-Chieh
吉瀚宇
Chi, Han-Yu |
| Keywords: | 後門攻擊
聯邦學習
異常檢測
非線性降維
Backdoor attack
Federated learning
Anomaly detection
Non-linear dimensionality reduction |
| Date: | 2025 |
| Issue Date: | 2025-02-04 15:44:17 (UTC+8) |
| Abstract: | 聯邦學習能實現協作式模型訓練的同時保護數據隱私,但容易受到
後門攻擊和數據投毒的影響,這些都會損害模型的完整性。本論文提
出了一個防禦框架,該框架將非線性降維技術 (UMAP) 與多種異常檢
測方法 (隔離森林、局部離群因子和高斯混合模型) 相結合,用於識別
和過濾惡意更新。投票機制確保了對異常狀態的穩健檢測,增強了系
統抵抗攻擊的能力。
該框架在不同的數據分佈和惡意客戶端場景下進行了評估。結果表
明,該方法在減輕後門攻擊的同時,能保持一定的功能性。本研究為
改善隱私敏感應用中聯邦學習系統的安全性和穩健性提供了一個實用
的解決方案。
Federated Learningenables collaborative model training while preserving data privacy but is vulnerable to backdoor attacks and data poisoning, which compromise model integrity. This thesis proposes a defense framework that integrates nonlinear dimensionality reduction (UMAP) with anomaly detection methods (Isolation Forest, Local Outlier Factor, and Gaussian Mixture Model) to identify and filter malicious updates. A voting mechanism ensures robust detection of anomalies, enhancing the system's resilience against attacks.
The proposed framework is evaluated under diverse data distributions and malicious client scenarios. Results indicate its effectiveness in mitigating backdoor attacks while maintaining strong accuracy on clean data. This study provides a practical solution for improving the security and robustness of FL systems in privacy-sensitive applications. |
| Reference: | [1] H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, Blaise Agüera y
Arcas.(2016) ” Communication-Efficient Learning of Deep Networks from Decentralized Data”
[2] Hangyu Zhu, Jinjin Xu, Shiqing Liu, Yaochu Jin. (2021) ”Federated Learning on NonIID Data: A Survey”
[3] Qinbin Li, Yiqun Diao, Quan Chen, Bingsheng He. (2021) ”Federated Learning on Non-IID Data Silos: An Experimental Study”
[4] Geming Xia, Jian Chen, Chaodong Yu, Jun Ma. (2018) ”Poisoning Attacks in Federated Learning: A Survey”, IEEE
[5] Clement Fung, Carnegie Mellon University; Chris J. M. Yoon and Ivan Beschastnikh,University of British Columbia. (2020) ”The Limitations of Federated Learning in Sybil
Settings”
[6] Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, Julien Stainer. (2017) ”Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent”
[7] Yongkang Wang, Dihua Zhai, Yufeng Zhan, Yuanqing Xia. (2022) ”RFLBAT: A Robust Federated Learning Algorithm against Backdoor Attack”
[8] Laurens van der Maaten, Geoffrey Hinton. (2008) ”Visualizing Data using t-SNE”
[9] Joshua B. Tenenbaum, Vin de Silva, and John C. Langford. (2000) ”A Global Geometric Framework for Nonlinear Dimensionality Reduction”
[10] Leland McInnes, John Healy, James Melvil. (2018) ”UMAP: Uniform Manifold Approximation and Projection for Dimension Reduction”
[11] Fei Tony Liu, Kai Ming Ting, Zhi-Hua Zhou. (2008) ”Isolation Forest”
[12] Markus M. Breunig, Hans-Peter Kriegel, Raymond T. Ng, Jörg Sander. (2000) ”LOF:Identifying Density-Based Local Outliers”
[13] Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Daeki
Cho, Haifeng Chen. (2018) ”Deep Autoencoding Gaussian Mixture Model for Unsupervised Anomaly Detection” |
| Description: | 碩士
國立政治大學
資訊科學系
111753157 |
| Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0111753157 |
| Data Type: | thesis |
| Appears in Collections: | [資訊科學系] 學位論文
|
Files in This Item:
| File |
Description |
Size | Format | |
|---|
| 315701.pdf | | 2643Kb | Adobe PDF | 0 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
