Research On Federated Learning Defense Methods Based On Attention And Isolated Forest

Federated learning is an emerging distributed machine learning methodology that has gained widespread attention for its ability to solve the Isolated Data Island problem in the form of participants being able to train data locally and only pass updated parameters.However,since the original data is never sent to the server,the quality and integrity of the update parameters cannot be guaranteed.Malicious attackers can inject poisoning attacks at the controlled node and it is difficult to detect.Thus,federated learning is vulnerable to distributed poisoning attacks.Designing a federated learning framework with robustness is meaningful research.The main defenses against poisoning attacks in traditional machine learning framework include pruning defense and detection defense,but they are not applicable due to the distributed scenario of federated learning and the non-independently identically distribution problem caused by the central server not having access to the node data.For distance or density-based defense strategies,the computational cost is high and detection is time-consuming.To address the shortcomings of existing methods,this thesis designs defense models by analyzing the problem of poisoning attacks on federated learning,aiming to enable benign users to participate effectively in the training of the global model of federated learning,while excluding the influence of malicious users.The main work of this thesis is as follows:（1）Firstly,this thesis proposes IFFed,an isolated forest-based federated learning defense model.IFFed uses isolated forests to partition the data space of the model parameters during the training of the global model and calculates the anomaly probability of each participant at each iteration,reducing the time complexity.At the same time,to address the problem that the anomaly detection technique is prone to excessive false alarm rate,this thesis designs an auxiliary model to participate in the detection and calculates the detection threshold based on the distribution of the anomaly probability scores of the auxiliary model,which on the one hand solves the contamination rate problem of the isolated forest,and on the other hand,can effectively reduce the false alarm rate and reduce the impact of the defense model on the performance of the federated learning model.（2）Secondly,for the unknown attack of malicious attackers tampering with the update parameters,this thesis further considers the analysis of the potential representation of the update parameters of each node and proposes the federated learning defense model AM＆IF＿FL based on the dual detection of attention mechanism and isolated forest.Based on the training task of federated learning,the features of the update vector are extracted in layers using the REFS technique to calculate the anomaly probability of users;the historical detection information of users is recorded for analysis,and added an attention mechanism to measure the weight of users so that the aggregation policy is biased towards the update vector that behaves like a benign user.（3）Finally,this thesis simulates different attack scenarios based on the public dataset MNIST and Shakespeare for experimental validation,and evaluates the effectiveness of the isolated forest-based defense approach in comparison with existing methods.The effectiveness of the defense strategy based on dual detection of attention mechanism and isolated forest is then validated in terms of both model accuracy and backdoor success rate attacks using MNIST and CIFAR-10 datasets.