Research On Attack And Defense Methods Based On Federated Learning Network In IoT Scenarios

With the rapid development of deep learning(DL)technology and artificial intelligence(AI)applications,the real-time data generated by users is increasing exponentially.The traditional centralized processing method will generate massive communication and computing overhead,and also expose users’ private data and sensitive information to huge risks.For institutions with highly sensitive data,such as hospitals and banks,centralized data storage and processing will undoubtedly bring substantial leakage risks of private and sensitive information of patients and depositors.This also makes an increasing number of researchers focus on how to deal with big data while maintaining user data privacy and security.Federated learning(FL)enables a large number of distributed independent participants to collaborate and build machine learning models jointly without sharing data.It shows a significant performance advantage over centralized machine learning in processing both”isolated data islands” and privacy protection.Many data-sensitive Internet of Things(IoT)and AI applications are increasingly incorporating FL techniques due to the independence of participants’ local data and isolation from other participants.However,malicious participants in the FL system will still launch malicious attacks on potential security vulnerabilities in the model aggregation process,such as performing data poisoning attacks or model poisoning attacks.This also gives malicious adversaries more space to perform attacks such as data poisoning or model tampering,since the server cannot access any of the participants’ local private data.Such an attack method will undoubtedly cause substantial security accidents in AI application scenarios,especially for Industrial Internet of Things(IIoT)applications such as autonomous driving and smart healthcare.Such security issues are catastrophic.Therefore,this dissertation further studies the state-of-the-art attack and defense technologies of FL around the above vulnerabilities,explores different attack methods for executing the FL aggregation stage in the IoT scenario,and analyzes the negative impact of these methods on model performance.At the same time,a defense technology for targeted poisoning attacks is proposed.This dissertation is devoted to analyzing the attack methods and their implementation processes that threaten the network security of FL in the IoT scenario,and to providing new solutions for defending against these attack technologies.The main work and innovations of this dissertation are listed as follows:(1)Research potential security vulnerabilities and the state-of-the-art attack and defense technologies of FL.This dissertation proposes a survey that summarizes the current attack and defense strategies involved in FL networks and their security issues in application scenarios.This dissertation briefly introduces the background knowledge of FL technology and its potential security threats.Meanwhile,it clearly lists seven state-of-the-art potential attack technologies and corresponding defense schemes and then describes the practical application scenarios of integrated FL technology.(2)Research the backdoor poisoning attacks and their implementation in federated learning network based on artificial intelligence Internet of Things(AIoT-FL)scenarios.This dissertation proposes the sybil-based backdoor poisoning attacks(SBPA).Malicious attackers in the system select a small number of samples in the local data and inject carefully designed backdoor triggers into these samples to achieve data poisoning covertly.These malicious participants train the backdoor model and make the servers aggregate to activate the backdoor function during the test phase to accomplish the misclassification of backdoor images.In addition,malicious adversaries take advantage of the characteristics of participants in a distributed network are easily disconnected and rejoined,and virtualize multiple sybil nodes to participate in aggregation.These malicious adversaries aim to make local poisoning models aggregated with greater probability and exhibit more substantial attack effects in the early stages.(3)Research the label flipping attacks in two data distribution scenarios including ⅡD(Independently and Identically Distributed)and non-ⅡD(non-Independently and Identically Distributed)and their implementation in federated learning networks integrated with the Industrial Internet of Things(IIoT-FL).This dissertation proposes the sybil-based label flipping poisoning collusion attack(SCA)launched by multiple participants.Malicious adversaries exploit label flipping attacks to achieve local poisoning training.The selected sample labels of the entire attack source class are flipped to the target class to achieve data poisoning,and the characteristics of the sybil technique are exploited to increase the aggregation possibility of the local poisoning model.In addition,the data of all participants are distributed unevenly through Dirichlet distribution,which makes the number of samples among the participants vary greatly,which is a data distribution scenario that is closer to real-world applications.Malicious adversaries focus on making the joint model misclassify the attack class samples more in the prediction stage,while the other non-attack classes maintain similar main task accuracy to the non-poisoned state.Such an attack method presents obvious advantages over independent attacks in stealth and shows a reliable attack success rate in scenarios involving the lowest attackers in the system.(4)Research on various targeted poisoning attacks occurring in IIoT-FL networks and the potential update angle differences between paired participants’ local update vectors.This dissertation proposes the filtering defense mechanism(FDSFL)against multiple targeted poisoning attacks launched by multiple malicious adversaries in multiple data distribution scenarios.This dissertation explores the characteristics of the same attack goals and the updated direction for targeted poisoning attacks with high attack concealment(e.g.,label flipping attacks,backdoor poisoning attacks,and sybil-based attacks).Then utilizes the pairwise cosine similarity to calculate the angular distance between the local update gradient vectors,assigns values to malicious updates in clustering through the trust value-based mechanism,and performs filtering in the subsequent aggregation process.This strategy can better detect malicious gradient updates in both ⅡD and non-ⅡD data distribution scenarios while reliably maintaining the overall performance of the global model.The main research work of this dissertation has essential application value based on various AIoT scenarios with high-security sensitivity,especially for autonomous vehicles,intelligent logistics robots,etc.Discovering more potential security issues can design defense strategies in a more timely and targeted manner to ensure the overall smooth operation of the global system.