부산대학교 도서관

As a privacy-preserving machine learning paradigm, federated learning (FL) has attracted widespread attention from both academia and industry. Decentralized FL (DFL) overcomes the problems of untrusted aggregation server, single point of failure and poor scalability in traditional FL, making it suitable for industrial Internet of Things (IIoT). However, DFL provides more convenient conditions for malicious participants to launch attacks. This article focuses on the model poisoning attack in DFL for the first time, and proposes a novel attack method called collusive model poisoning attack (CMPA). To implement CMPA, we propose the dynamic adaptive construction mechanism, in which malicious participants can dynamically and adaptively construct malicious local models that meet distance constraints, reducing the convergence speed and accuracy of consensus models. Furthermore, we design the collusion-based attack enhancement strategies, where multiple participants can collude in the process of constructing malicious local models to improve the strength of attack. Empirical experiments conducted on MNIST and CIFAR-10 datasets reveal that CMPA significantly impacts the training process and results of DFL. Attack tests against representative defense methods show that CMPA not only invalidates statistical-based defenses but also skillfully overcomes performance-based methods, further proving its effectiveness and stealthiness. In addition, experiments based on practical IIoT scenario have also shown that CMPA can effectively disrupt system functionality.