Skip to yearly menu bar Skip to main content

Workshop: Backdoors in Deep Learning: The Good, the Bad, and the Ugly

How to Backdoor HyperNetwork in Personalized Federated Learning?

Phung Lai · Hai Phan · Issa Khalil · Abdallah Khreishah · Xintao Wu

[ ] [ Project Page ]
Fri 15 Dec 1 p.m. PST — 1:45 p.m. PST


This paper explores previously unknown backdoor risks in HyperNet-based personalized federated learning (HyperNetFL) through poisoning attacks. Based upon that, we propose a novel model transferring attack (called HNTroj), i.e., the first of its kind, to transfer a local backdoor infected model to all legitimate and personalized local models, which are generated by the HyperNetFL model, through consistent and effective malicious local gradients computed across all compromised clients in the whole training process. As a result, HNTroj reduces the number of compromised clients needed to successfully launch the attack without any observable signs of sudden shifts or degradation regarding model utility on legitimate data samples, making our attack stealthy. To defend against HNTroj, we adapted several backdoor-resistant FL training algorithms into HyperNetFL. An extensive experiment that is carried out using several benchmark datasets shows that HNTroj significantly outperforms data poisoning and model replacement attacks and bypasses robust training algorithms even with modest numbers of compromised clients.

Chat is not available.