AI Article Synopsis
- Federated learning (FL) allows peers to collaboratively develop machine learning models while keeping their data private, but this autonomy can lead to malicious activities like label-flipping (LF) attacks, which are targeted attempts to disrupt model training by altering data labels.
- The LF attack is difficult to detect and has detrimental effects on the model's performance, and existing defensive methods have limitations based on data distribution or struggle with complex models.
- The paper introduces LFighter, a new defense mechanism that identifies and mitigates LF attacks by analyzing parameter gradients from local updates, demonstrating superior effectiveness in accuracy and stability compared to current defenses, supported by empirical results across various datasets.
Article Abstract
Federated learning (FL) provides autonomy and privacy by design to participating peers, who cooperatively build a machine learning (ML) model while keeping their private data in their devices. However, that same autonomy opens the door for malicious peers to poison the model by conducting either untargeted or targeted poisoning attacks. The label-flipping (LF) attack is a targeted poisoning attack where the attackers poison their training data by flipping the labels of some examples from one class (i.e., the source class) to another (i.e., the target class). Unfortunately, this attack is easy to perform and hard to detect, and it negatively impacts the performance of the global model. Existing defenses against LF are limited by assumptions on the distribution of the peers' data and/or do not perform well with high-dimensional models. In this paper, we deeply investigate the LF attack behavior. We find that the contradicting objectives of attackers and honest peers on the source class examples are reflected on the parameter gradients corresponding to the neurons of the source and target classes in the output layer. This makes those gradients good discriminative features for the attack detection. Accordingly, we propose LFighter, a novel defense against the LF attack that first dynamically extracts those gradients from the peers' local updates and then clusters the extracted gradients, analyzes the resulting clusters, and filters out potential bad updates before model aggregation. Extensive empirical analysis on three data sets shows the effectiveness of the proposed defense regardless of the data distribution or model dimensionality. Also, LFighter outperforms several state-of-the-art defenses by offering lower test error, higher overall accuracy, higher source class accuracy, lower attack success rate, and higher stability of the source class accuracy. Our code and data are available for reproducibility purposes at https://github.com/NajeebJebreel/LFighter.
Download full-text PDF |
Source |
|---|---|
| http://dx.doi.org/10.1016/j.neunet.2023.11.019 | DOI Listing |
Publication Analysis
Top Keywords
Similar Publications
PHIStruct: Improving phage-host interaction prediction at low sequence similarity settings using structure-aware protein embeddings.
Bioinformatics
January 2025
Bioinformatics Lab, Advanced Research Institute for Informatics, Computing and Networking, De La Salle University, Manila, 1004, Philippines.
Motivation: Recent computational approaches for predicting phage-host interaction have explored the use of sequence-only protein language models to produce embeddings of phage proteins without manual feature engineering. However, these embeddings do not directly capture protein structure information and structure-informed signals related to host specificity.
Results: We present PHIStruct, a multilayer perceptron that takes in structure-aware embeddings of receptor-binding proteins, generated via the structure-aware protein language model SaProt, and then predicts the host from among the ESKAPEE genera.
Filling the Gap in and Evaluation for Saturated Fluorine-Containing Derivatives With Machine Learning.
J Comput Chem
January 2025
Department of Organic Chemistry, Taras Shevchenko National University of Kyiv, Kyiv, Ukraine.
Lipophilicity and acidity/basicity are fundamental physical properties that profoundly affect the compound's pharmacological activity, bioavailability, metabolism, and toxicity. Predicting lipophilicity, measured by (1-octanol-water distribution coefficient logarithm), and acidity/basicity, measured by (negative of acid ionization constant logarithm), is essential for early drug discovery success. However, the limited availability of experimental data and poor accuracy of standard and assessment methods for saturated fluorine-containing derivatives pose a significant challenge to achieving satisfactory results for this compound class.
View Article and Find Full Text PDFAllergic Reactivity and Memory Occur Independently of Sequential Switching Through IgG1.
Allergy
January 2025
Schroeder Allergy and Immunology Research Institute, Department of Medicine, Faculty of Health Sciences, McMaster University, Hamilton, Canada.
Allergic reactions to foods are primarily driven by allergen-binding immunoglobulin (Ig)E antibodies. IgE-expressing cells can be generated through direct switching from IgM to IgE or a sequential class switching pathway where activated B cells first switch to an intermediary isotype, most frequently IgG1, and then to IgE. It has been proposed that sequential class switch recombination is involved in augmenting the severity of allergic reactions, generating high affinity IgE, differentiation of IgE plasma cells, and in holding the memory of IgE responses.
View Article and Find Full Text PDFTuberculosis (TB) is historically the world's deadliest infectious disease. New TB drugs that can avoid pre-existing resistance are desperately needed. The β-lactams are the oldest and most widely used class of antibiotics to treat bacterial infections but, for a variety of reasons, they were largely ignored until recently as a potential treatment option for TB.
View Article and Find Full Text PDFWillows (genus ) are increasingly used in operational-scale ecosystem reclamation; however, different opinions exist regarding the optimal cutting size for planting under field conditions. We compared the survival of field-planted willow cuttings sourced from upland and lowland areas with varying diameters and lengths across two growing seasons. Cuttings were grouped into 15 size classes with different diameters (0.
View Article and Find Full Text PDFWant AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!