Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures
Federated Learning (FL) has become increasingly popular to perform data-driven analysis in cyber-physical critical infrastructures. Since the FL process may involve the client's confidential information, Differential Privacy (DP) has been proposed lately to secure it from adversarial inference....
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2022-12 |
|---|---|
| Hauptverfasser: | , , , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Hossain, Md Tamjid Badsha, Shahriar Hung La Shen, Haoting Islam, Shafkat Khalil, Ibrahim Yi, Xun |
| description | Federated Learning (FL) has become increasingly popular to perform data-driven analysis in cyber-physical critical infrastructures. Since the FL process may involve the client's confidential information, Differential Privacy (DP) has been proposed lately to secure it from adversarial inference. However, we find that while DP greatly alleviates the privacy concerns, the additional DP-noise opens a new threat for model poisoning in FL. Nonetheless, very little effort has been made in the literature to investigate this adversarial exploitation of the DP-noise. To overcome this gap, in this paper, we present a novel adaptive model poisoning technique {\alpha}-MPELM} through which an attacker can exploit the additional DP-noise to evade the state-of-the-art anomaly detection techniques and prevent optimal convergence of the FL model. We evaluate our proposed attack on the state-of-the-art anomaly detection approaches in terms of detection accuracy and validation loss. The main significance of our proposed {\alpha}-MPELM attack is that it reduces the state-of-the-art anomaly detection accuracy by 6.8% for norm detection, 12.6% for accuracy detection, and 13.8% for mix detection. Furthermore, we propose a Reinforcement Learning-based DP level selection process to defend {\alpha}-MPELM attack. The experimental results confirm that our defense mechanism converges to an optimal privacy policy without human maneuver. |
| format | Article |
| fullrecord | <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2647910032</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2647910032</sourcerecordid><originalsourceid>FETCH-proquest_journals_26479100323</originalsourceid><addsrcrecordid>eNqNjkEKwjAURIMgKNo7BFwX0kRbXUq1KLhw4b7E9kcjIdX_U6G3N4gHcDUPZnjMiE2lUlm6Xko5YQnRQwgh80KuVmrKntv2DUgarXZ867UbyBLvDA934DtrDCD4EEs3pGe0bx2AV9ACRmj5CTR662_cel4OV8D0fI-CJrpKtOELR29QU8C-CT0CzdnYaEeQ_HLGFtX-Uh7SJ3avHijUj67HeIRqmS-LTSaEkuq_1QciMEtk</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2647910032</pqid></control><display><type>article</type><title>Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures</title><source>Free E- Journals</source><creator>Hossain, Md Tamjid ; Badsha, Shahriar ; Hung La ; Shen, Haoting ; Islam, Shafkat ; Khalil, Ibrahim ; Yi, Xun</creator><creatorcontrib>Hossain, Md Tamjid ; Badsha, Shahriar ; Hung La ; Shen, Haoting ; Islam, Shafkat ; Khalil, Ibrahim ; Yi, Xun</creatorcontrib><description>Federated Learning (FL) has become increasingly popular to perform data-driven analysis in cyber-physical critical infrastructures. Since the FL process may involve the client's confidential information, Differential Privacy (DP) has been proposed lately to secure it from adversarial inference. However, we find that while DP greatly alleviates the privacy concerns, the additional DP-noise opens a new threat for model poisoning in FL. Nonetheless, very little effort has been made in the literature to investigate this adversarial exploitation of the DP-noise. To overcome this gap, in this paper, we present a novel adaptive model poisoning technique {\alpha}-MPELM} through which an attacker can exploit the additional DP-noise to evade the state-of-the-art anomaly detection techniques and prevent optimal convergence of the FL model. We evaluate our proposed attack on the state-of-the-art anomaly detection approaches in terms of detection accuracy and validation loss. The main significance of our proposed {\alpha}-MPELM attack is that it reduces the state-of-the-art anomaly detection accuracy by 6.8% for norm detection, 12.6% for accuracy detection, and 13.8% for mix detection. Furthermore, we propose a Reinforcement Learning-based DP level selection process to defend {\alpha}-MPELM attack. The experimental results confirm that our defense mechanism converges to an optimal privacy policy without human maneuver.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Critical infrastructure ; Empirical analysis ; Machine learning ; Performance degradation ; Poisoning ; Privacy ; Smart grid</subject><ispartof>arXiv.org, 2022-12</ispartof><rights>2022. This work is published under http://creativecommons.org/licenses/by-nc-nd/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>780,784</link.rule.ids></links><search><creatorcontrib>Hossain, Md Tamjid</creatorcontrib><creatorcontrib>Badsha, Shahriar</creatorcontrib><creatorcontrib>Hung La</creatorcontrib><creatorcontrib>Shen, Haoting</creatorcontrib><creatorcontrib>Islam, Shafkat</creatorcontrib><creatorcontrib>Khalil, Ibrahim</creatorcontrib><creatorcontrib>Yi, Xun</creatorcontrib><title>Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures</title><title>arXiv.org</title><description>Federated Learning (FL) has become increasingly popular to perform data-driven analysis in cyber-physical critical infrastructures. Since the FL process may involve the client's confidential information, Differential Privacy (DP) has been proposed lately to secure it from adversarial inference. However, we find that while DP greatly alleviates the privacy concerns, the additional DP-noise opens a new threat for model poisoning in FL. Nonetheless, very little effort has been made in the literature to investigate this adversarial exploitation of the DP-noise. To overcome this gap, in this paper, we present a novel adaptive model poisoning technique {\alpha}-MPELM} through which an attacker can exploit the additional DP-noise to evade the state-of-the-art anomaly detection techniques and prevent optimal convergence of the FL model. We evaluate our proposed attack on the state-of-the-art anomaly detection approaches in terms of detection accuracy and validation loss. The main significance of our proposed {\alpha}-MPELM attack is that it reduces the state-of-the-art anomaly detection accuracy by 6.8% for norm detection, 12.6% for accuracy detection, and 13.8% for mix detection. Furthermore, we propose a Reinforcement Learning-based DP level selection process to defend {\alpha}-MPELM attack. The experimental results confirm that our defense mechanism converges to an optimal privacy policy without human maneuver.</description><subject>Critical infrastructure</subject><subject>Empirical analysis</subject><subject>Machine learning</subject><subject>Performance degradation</subject><subject>Poisoning</subject><subject>Privacy</subject><subject>Smart grid</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNqNjkEKwjAURIMgKNo7BFwX0kRbXUq1KLhw4b7E9kcjIdX_U6G3N4gHcDUPZnjMiE2lUlm6Xko5YQnRQwgh80KuVmrKntv2DUgarXZ867UbyBLvDA934DtrDCD4EEs3pGe0bx2AV9ACRmj5CTR662_cel4OV8D0fI-CJrpKtOELR29QU8C-CT0CzdnYaEeQ_HLGFtX-Uh7SJ3avHijUj67HeIRqmS-LTSaEkuq_1QciMEtk</recordid><startdate>20221201</startdate><enddate>20221201</enddate><creator>Hossain, Md Tamjid</creator><creator>Badsha, Shahriar</creator><creator>Hung La</creator><creator>Shen, Haoting</creator><creator>Islam, Shafkat</creator><creator>Khalil, Ibrahim</creator><creator>Yi, Xun</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20221201</creationdate><title>Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures</title><author>Hossain, Md Tamjid ; Badsha, Shahriar ; Hung La ; Shen, Haoting ; Islam, Shafkat ; Khalil, Ibrahim ; Yi, Xun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_26479100323</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Critical infrastructure</topic><topic>Empirical analysis</topic><topic>Machine learning</topic><topic>Performance degradation</topic><topic>Poisoning</topic><topic>Privacy</topic><topic>Smart grid</topic><toplevel>online_resources</toplevel><creatorcontrib>Hossain, Md Tamjid</creatorcontrib><creatorcontrib>Badsha, Shahriar</creatorcontrib><creatorcontrib>Hung La</creatorcontrib><creatorcontrib>Shen, Haoting</creatorcontrib><creatorcontrib>Islam, Shafkat</creatorcontrib><creatorcontrib>Khalil, Ibrahim</creatorcontrib><creatorcontrib>Yi, Xun</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Hossain, Md Tamjid</au><au>Badsha, Shahriar</au><au>Hung La</au><au>Shen, Haoting</au><au>Islam, Shafkat</au><au>Khalil, Ibrahim</au><au>Yi, Xun</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures</atitle><jtitle>arXiv.org</jtitle><date>2022-12-01</date><risdate>2022</risdate><eissn>2331-8422</eissn><abstract>Federated Learning (FL) has become increasingly popular to perform data-driven analysis in cyber-physical critical infrastructures. Since the FL process may involve the client's confidential information, Differential Privacy (DP) has been proposed lately to secure it from adversarial inference. However, we find that while DP greatly alleviates the privacy concerns, the additional DP-noise opens a new threat for model poisoning in FL. Nonetheless, very little effort has been made in the literature to investigate this adversarial exploitation of the DP-noise. To overcome this gap, in this paper, we present a novel adaptive model poisoning technique {\alpha}-MPELM} through which an attacker can exploit the additional DP-noise to evade the state-of-the-art anomaly detection techniques and prevent optimal convergence of the FL model. We evaluate our proposed attack on the state-of-the-art anomaly detection approaches in terms of detection accuracy and validation loss. The main significance of our proposed {\alpha}-MPELM attack is that it reduces the state-of-the-art anomaly detection accuracy by 6.8% for norm detection, 12.6% for accuracy detection, and 13.8% for mix detection. Furthermore, we propose a Reinforcement Learning-based DP level selection process to defend {\alpha}-MPELM attack. The experimental results confirm that our defense mechanism converges to an optimal privacy policy without human maneuver.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2022-12 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_proquest_journals_2647910032 |
| source | Free E- Journals |
| subjects | Critical infrastructure Empirical analysis Machine learning Performance degradation Poisoning Privacy Smart grid |
| title | Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T10%3A48%3A44IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Adversarial%20Analysis%20of%20the%20Differentially-Private%20Federated%20Learning%20in%20Cyber-Physical%20Critical%20Infrastructures&rft.jtitle=arXiv.org&rft.au=Hossain,%20Md%20Tamjid&rft.date=2022-12-01&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2647910032%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2647910032&rft_id=info:pmid/&rfr_iscdi=true |