ABSTRACT
This chapter mainly focuses on the cyber defenses and attacks to collaborative deep learning (CDL), which is also called federated deep learning and is a decentralized deep learning model from the center server to mobile devices that do not have large computation resources but that are widespread around the world. The decentralized model training process can be running on mobile devices, like smartphones, and can reach a comparable accuracy as the traditional centralized deep learning training architecture. CDL does not violate the user’s privacy or cause data leakage because all the user’s data is trained locally. Although CDL improves the security level compared with the traditional learning process, it is still vulnerable to cyber attacks. Thus it is necessary to prevent the training model from attacks while maintaining the characteristics of the CDL.
The poisoning attack that injects the poisoned uploaded parameter can be eliminated by using a data preprocessing scheme, AUROR. It monitors the distribution of uploaded parameters, finds the indicative feature to distinguish the poisoned data from benign data, and finally removes the malicious data and trains the global model. AUROR can decrease the influence caused by the malicious users. But the result also varies with the number of outputs.
Besides the poisoning attack, there is a new type of cyber attack targeting CDL, called generative adversarial network (GAN) attack. The GAN attack utilizes the communications between participants and the server during the training process. It can steal other users’ local data without corrupting the global model training. However, by deploying a third trusted party, the GAN attack becomes useless. It cannot learn the data distribution from uploaded parameters.
