Network-level Adversaries in Federated Learning
Expeditions in Experiential AI Seminar with Cristina Nita-Rotaru
Abstract
Federated learning is a popular strategy for training models on distributed, sensitive data, while preserving data privacy. In both centralized and peer-to-peer architectures communication between participants (clients and server or peers) plays a critical role for the learning task performance. We highlight how communication introduces another vulnerability surface in federated learning and study the impact of network-level adversaries on training federated learning models. We first focus on centralized architectures and show that attackers dropping the network traffic from carefully selected clients can significantly decrease model accuracy on a target population. We then show attacks in the context of peer-to-peer architectures. We conclude by showing the effectiveness of our server-side defense which mitigates the impact of our attacks by identifying and up-sampling clients likely to positively contribute towards target accuracy.
Biography
Cristina Nita-Rotaru is a Professor of Computer Science in the Khoury College of Computer Sciences at Northeastern University (since 2015). Prior to joining Northeastern she was a faculty in the Department of Computer Science at Purdue University (2003 – 2015). She served as Associate Dean of Faculty at Northeastern University (2017 – 2020) and as an Assistant Director for CERIAS at Purdue University (2011 – 2013). Her research lies at the intersection of security, distributed systems, and computer networks. The overarching goal of her work is designing and building secure and resilient distributed systems and network protocols, with assurance that their deployed implementations provide their security, resilience, and performance goals. Her work received several best paper awards in ACM SACMAT 2022, IEEE SafeThings 2019, NDSS 2018, ISSRE 2017, DSN 2015, two IETF/IRTF Applied Networking Research Prize in 2018 and 2016, and Test-of-Time award in ACM SACMAT 2022.
Cristina Nita-Rotaru is a recipient of the NSF Career Award in 2006. She is also a recipient of Purdue College of Science Research Award in 2013, Purdue Excellence in Research Award, Seeds for Success in 2012, Purdue College of Science Leadership Award, 2012, Purdue College of Science Undergraduate Advising Award in 2008, and Purdue Teaching for Tomorrow Award in 2007. She has served on the Technical Program Committee of numerous conferences in security, networking and distributed systems (IEEE S&P, USENIX Security, ACM CCS, NDSS, ACM Wisec, IEEE ICDCS, IEEE/IFIP DSN, ACM SIGCOMM, ACM CoNEXT, IEEE INFOCOM, IEEE ICNP, WWW, Eurosys). She is a member of the steering committee of ACM Wisec and IEEE/IFIP DSN, and a member of the IFIP Working Group on Dependable Computing and Fault-tolerance. She was an Associate Editor for Elsevier Computer Communications (2008 – 2011), IEEE Transactions on Computers (2011 – 2014), ACM Transactions on Information Systems Security (2009 – 2013), Computer Networks (2012 – 2014), and IEEE Transactions on Mobile Computing (2011 – 2016), and IEEE Transactions on Dependable and Secure Systems (2013 – 2017).
Cristina Nita-Rotaru holds a Ph.D in Computer Science from Johns Hopkins University and a MS from Politehnica University of Bucharest, Romania. She was born and grew up in Bucharest, Romania. She is an alumnus of “Colegiul National Sfantul Sava”.