Securing Federated Sensitive Topic Classification against Poisoning Attacks

Conference Paper (2023)
Author(s)

Tianyue Chu (IMDEA Networks Institute)

Alvaro Garcia-Recuero (IMDEA Networks Institute)

Costas Iordanou (Cyprus University of Technology)

G. Smaragdakis (TU Delft - Cyber Security)

Nikolaos Laoutaris (IMDEA Networks Institute)

Research Group
Cyber Security
Copyright
© 2023 Tianyue Chu, Alvaro Garcia-Recuero, Costas Iordanou, G. Smaragdakis, Nikolaos Laoutaris
DOI related publication
https://doi.org/10.14722/ndss.2023.23112
More Info
expand_more
Publication Year
2023
Language
English
Copyright
© 2023 Tianyue Chu, Alvaro Garcia-Recuero, Costas Iordanou, G. Smaragdakis, Nikolaos Laoutaris
Research Group
Cyber Security
ISBN (print)
1-891562-83-5
Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

We present a Federated Learning (FL) based solution for building a distributed classifier capable of detecting URLs containing sensitive content, i.e., content related to categories such as health, political beliefs, sexual orientation, etc. Although such a classifier addresses the limitations of previous offline/centralised classifiers, it is still vulnerable to poisoning attacks from malicious users that may attempt to reduce the accuracy for benign users by disseminating faulty model updates. To guard against this, we develop a robust aggregation scheme based on subjective logic and residual-based attack detection. Employing a combination of theoretical analysis, trace-driven simulation, as well as experimental validation with a prototype and real users, we show that our classifier can detect sensitive content with high accuracy, learn new labels fast, and remain robust in view of poisoning attacks from malicious users, as well as imperfect input from non-malicious ones.

Files

Ndss2023_s112_paper.pdf
(pdf | 1.96 Mb)
- Embargo expired in 20-11-2023
License info not available