Skip to main content
Conference ProceedingsOPEN ACCESS

Backdoor Attacks in Federated Learning by Rare Embeddings and Gradient Ensembling

Proceedings of the 2022 Conference on Empirical Methods in Natural Language Processing, EMNLP 2022 (2022) 72-88
DOI: 10.18653/v1/2022.emnlp-main.6
3Citations
Citations of this article
28Readers
Mendeley users who have this article in their library.

Abstract

Recent advances in federated learning have demonstrated its promising capability to learn on decentralized datasets. However, a considerable amount of work has raised concerns due to the potential risks of adversaries participating in the framework to poison the global model for an adversarial purpose. This paper investigates the feasibility of model poisoning for backdoor attacks through rare word embeddings of NLP models. In text classification, less than 1% of adversary clients suffices to manipulate the model output without any drop in the performance on clean sentences. For a less complex dataset, a mere 0.1% of adversary clients is enough to poison the global model effectively. We also propose a technique specialized in the federated learning scheme called Gradient Ensemble, which enhances the backdoor performance in all our experimental settings.

Cite

CITATION STYLE

APA

Yoo, K. Y., & Kwak, N. (2022). Backdoor Attacks in Federated Learning by Rare Embeddings and Gradient Ensembling. In Proceedings of the 2022 Conference on Empirical Methods in Natural Language Processing, EMNLP 2022 (pp. 72–88). Association for Computational Linguistics (ACL). https://doi.org/10.18653/v1/2022.emnlp-main.6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free