Securing Federated Sensitive Topic Classification against Poisoning Attacks
May 20, 2024
IMDEA Networks Institute’s Data Transparency Group has already started producing relevant papers about Federated Learning (FL) in top CS venues. Last March 2023, our colleague Tianyue Chu presented the paper “Securing Federated Sensitive Topic Classification against Poisoning Attacks“ at the Network and Distributed System Security Symposium (NDSS) conference (ranked A* according to CORE2023) in San Diego, California. This paper relates to the FedSecure research component of MLEDGE Project, which will test the solution on Acuratio’s FL platform.
The paper presents an FL-based solution for building a distributed classifier capable of detecting URLs containing sensitive content (i.e., content related to categories such as health, political beliefs, sexual orientation, etc), and develops a robust aggregation scheme based on subjective logic and residual-based attack detection of malicious users disseminating faulty model updates. Employing a combination of theoretical analysis, trace-driven simulation, as well as experimental validation with a prototype and real users, the work shows that the classifier can detect sensitive content with high accuracy, learn new labels fast, and remain robust in view of poisoning attacks from malicious users, as well as imperfect input from non-malicious ones.