Mitigating the Backdoor Attack by Federated Filters for Industrial IoT Applications

Boyu Hou; Jiqiang Gao; Xiaojie Guo; Thar Baker; Ying Zhang; Yanlong Wen; Zheli Liu

doi:10.1109/TII.2021.3112100

Mitigating the Backdoor Attack by Federated Filters for Industrial IoT Applications

Boyu Hou, Jiqiang Gao, Xiaojie Guo, Thar Baker, Ying Zhang, Yanlong Wen, Zheli Liu

School of Arch, Tech and Eng

Research output: Contribution to journal › Article › peer-review

Abstract

The federated learning provides an effective solution to train collaborative models over a large scale of participated Industrial Internet of Things (IIoT) applications with the help of a global server, building an intelligent life. However, the federated learning is vulnerable to the backdoor attack from strong malicious participants. The backdoor attack is inconspicuous and may result in devastating consequences. To resist the attack on IIoT applications, we propose the federated backdoor filter defense that can identify backdoor inputs and restore the data to availability by the blur-label-flipping strategy. We build multiple filters with eXplainable AI models on the server and send them to clients randomly, preventing advanced attackers from evading the defense. Our backdoor filters show significant backdoor recognition with the accuracy up to 99%. After the implementation of the blur-label-flipping strategy, victim's local model on suspicious backdoor samples can achieve the accuracy up to 88%.

Original language	English
Pages (from-to)	3562 - 3571
Number of pages	10
Journal	IEEE Transactions on Industrial Informatics
Volume	18
Issue number	5
DOIs	https://doi.org/10.1109/TII.2021.3112100
Publication status	Published - 21 Sept 2021

Access to Document

10.1109/TII.2021.3112100

Cite this

@article{040731254b954a339336168d606fa9d7,

title = "Mitigating the Backdoor Attack by Federated Filters for Industrial IoT Applications",

abstract = "The federated learning provides an effective solution to train collaborative models over a large scale of participated Industrial Internet of Things (IIoT) applications with the help of a global server, building an intelligent life. However, the federated learning is vulnerable to the backdoor attack from strong malicious participants. The backdoor attack is inconspicuous and may result in devastating consequences. To resist the attack on IIoT applications, we propose the federated backdoor filter defense that can identify backdoor inputs and restore the data to availability by the blur-label-flipping strategy. We build multiple filters with eXplainable AI models on the server and send them to clients randomly, preventing advanced attackers from evading the defense. Our backdoor filters show significant backdoor recognition with the accuracy up to 99%. After the implementation of the blur-label-flipping strategy, victim's local model on suspicious backdoor samples can achieve the accuracy up to 88%.",

author = "Boyu Hou and Jiqiang Gao and Xiaojie Guo and Thar Baker and Ying Zhang and Yanlong Wen and Zheli Liu",

year = "2021",

month = sep,

day = "21",

doi = "10.1109/TII.2021.3112100",

language = "English",

volume = "18",

pages = "3562 -- 3571",

journal = "IEEE Transactions on Industrial Informatics",

issn = "1551-3203",

number = "5",

}

TY - JOUR

T1 - Mitigating the Backdoor Attack by Federated Filters for Industrial IoT Applications

AU - Hou, Boyu

AU - Gao, Jiqiang

AU - Guo, Xiaojie

AU - Baker, Thar

AU - Zhang, Ying

AU - Wen, Yanlong

AU - Liu, Zheli

PY - 2021/9/21

Y1 - 2021/9/21

N2 - The federated learning provides an effective solution to train collaborative models over a large scale of participated Industrial Internet of Things (IIoT) applications with the help of a global server, building an intelligent life. However, the federated learning is vulnerable to the backdoor attack from strong malicious participants. The backdoor attack is inconspicuous and may result in devastating consequences. To resist the attack on IIoT applications, we propose the federated backdoor filter defense that can identify backdoor inputs and restore the data to availability by the blur-label-flipping strategy. We build multiple filters with eXplainable AI models on the server and send them to clients randomly, preventing advanced attackers from evading the defense. Our backdoor filters show significant backdoor recognition with the accuracy up to 99%. After the implementation of the blur-label-flipping strategy, victim's local model on suspicious backdoor samples can achieve the accuracy up to 88%.

AB - The federated learning provides an effective solution to train collaborative models over a large scale of participated Industrial Internet of Things (IIoT) applications with the help of a global server, building an intelligent life. However, the federated learning is vulnerable to the backdoor attack from strong malicious participants. The backdoor attack is inconspicuous and may result in devastating consequences. To resist the attack on IIoT applications, we propose the federated backdoor filter defense that can identify backdoor inputs and restore the data to availability by the blur-label-flipping strategy. We build multiple filters with eXplainable AI models on the server and send them to clients randomly, preventing advanced attackers from evading the defense. Our backdoor filters show significant backdoor recognition with the accuracy up to 99%. After the implementation of the blur-label-flipping strategy, victim's local model on suspicious backdoor samples can achieve the accuracy up to 88%.

U2 - 10.1109/TII.2021.3112100

DO - 10.1109/TII.2021.3112100

M3 - Article

SN - 1551-3203

VL - 18

SP - 3562

EP - 3571

JO - IEEE Transactions on Industrial Informatics

JF - IEEE Transactions on Industrial Informatics

IS - 5

ER -

Mitigating the Backdoor Attack by Federated Filters for Industrial IoT Applications

Abstract

Access to Document

Fingerprint

Cite this