EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection
CoRR(2024)
Abstract
Federated self-supervised learning (FSSL) has recently emerged as a promising
paradigm that enables the exploitation of clients' vast amounts of unlabeled
data while preserving data privacy. While FSSL offers advantages, its
susceptibility to backdoor attacks, a concern identified in traditional
federated supervised learning (FSL), has not been investigated. To fill the
research gap, we undertake a comprehensive investigation into a backdoor attack
paradigm, where unscrupulous clients conspire to manipulate the global model,
revealing the vulnerability of FSSL to such attacks. In FSL, backdoor attacks
typically build a direct association between the backdoor trigger and the
target label. In contrast, in FSSL, backdoor attacks aim to alter the global
model's representation for images containing the attacker's specified trigger
pattern in favor of the attacker's intended target class, which is less
straightforward. In this sense, we demonstrate that existing defenses are
insufficient to mitigate the investigated backdoor attacks in FSSL, thus
finding an effective defense mechanism is urgent. To tackle this issue, we dive
into the fundamental mechanism of backdoor attacks on FSSL, proposing the
Embedding Inspector (EmInspector) that detects malicious clients by inspecting
the embedding space of local models. In particular, EmInspector assesses the
similarity of embeddings from different local models using a small set of
inspection images (e.g., ten images of CIFAR100) without specific requirements
on sample distribution or labels. We discover that embeddings from backdoored
models tend to cluster together in the embedding space for a given inspection
image. Evaluation results show that EmInspector can effectively mitigate
backdoor attacks on FSSL across various adversary settings. Our code is
avaliable at https://github.com/ShuchiWu/EmInspector.
MoreTranslated text
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined