Fine-grained Attacks Towards Federated Learning
Backdoor Federated Learning by Poisoning Backdoor-Critical Layers
Abstract
The decentralized learning paradigm and heterogeneity of federated learning (FL) further extend the attack surface for backdoor attacks. A few backdoor attack and defense methodologies have been proposed for FL. However, none of them recognizes that poisoning backdoor-critical (BC) layers—a small set of model layers—rather than the whole model can successfully backdoor FL at a minimum chance of being detected by state-of-the-art (SOTA) defenses.
Fine-grained Attacking.
