부산대학교 도서관

Federated learning (FL) is widely used in the Internet of Things (IoT) systems. However, FL is susceptible to backdoor attacks due to its inherently distributed and privacy-preserving nature. Existing studies assume that backdoor triggers on different malicious clients are universal, and most defense algorithms are designed to counter backdoor attacks based on this assumption. Recently, dynamic backdoor attacks have been proposed to undermine robust algorithms in centralized machine learning. We introduce dynamic backdoor attacks into the FL system and develop three types of dynamic backdoors named Aggregation, Single, and Continuous to target the FL system. To defend against such attacks, we propose a novel robust algorithm called MITDBA, which utilizes gramian information to capture high-order representations, then employs spectral signatures to detect and remove malicious clients, and finally utilizes clipping operations to filter the selected local models during the aggregation process. We conduct attack and defense experiments on MNIST, CIFAR-10, and GTSRB data sets. The experimental results demonstrate that our designed attack strategies can successfully insert dynamic backdoors into the global model, bypassing the existing state-of-the-art defenses, but these attacks can be effectively mitigated by MITDBA.