부산대학교 도서관

With the massive amounts of data generated by industrial Internet of Things (IIoT) devices at all moments, federated learning (FL) enables these distributed distrusted devices to collaborate to build machine learning model while maintaining data privacy. However, malicious participants still launch malicious attacks against the security vulnerabilities during model aggregation. This article is the first to propose Sybil-based collusion attacks (SCA) in the IIoT-FL system for the vulnerabilities mentioned above. The malicious participants use label flipping attacks to complete local poisoning training. Meanwhile, they can virtualize multiple Sybil nodes to make the local poisoning models aggregated with the greatest possibility during aggregation. They focus on making the joint model misclassify the selected attack class samples during the testing phase, while other nonattack classes kept the main task accuracy similar to the nonpoisoned state. Exhaustive experimental analysis demonstrates that our SCA has a superior performance on multiple aspects than the state-of-the-art.