Abstract:
The recent deep learning systems rely on data for accuracy. There are cases
where the data is private and agents do not want to share it. How to train
a system without the data? federated learning is the method of sharing the
local trained model instead of the data. This addresses the privacy concern.
There are two major shortcomings of current federated learning schemes.
Firstly it is prone to backdoors due to adversarial participants. Secondly,
averaging the models averages the accuracy of the resultant model.
This work aims to discover a novel federated learning scheme that uses
the data efficiently as well as addresses the security concern in multi-party
machine learning domain. A malicious participant can add backdoor func tionality into the global model in such a way that an image classifier assigns
an attacker chosen label to images with certain features.
We have designed an anomaly detector which detects backdoor success fully in six different datasets. Moreover, the major contribution is its gener alizing ability/robustness such that anomaly detector trained on one dataset
can detect backdoor in different datasets as well.
To demonstrate that backdoor cannot be added in any class; we have
shown that classes having significantly similar features can be evaded from
backdoor attacks.
