Model Poisoning Against Federated Model Adaptation with Chain of Bit-Flips
Researchers have developed a new type of backdoor attack against federated learning systems by inducing hardware faults, specifically bit-flips, in model parameters during training. This novel approach, termed "Chain of Bit-Flips," is task-agnostic and can be implanted by a single malicious client. The attack demonstrated a high success rate, reaching 94% with a limited number of faults on a ResNet-18 model, and discussed the practical implications and potential defenses. AI
IMPACT Highlights a new vulnerability in federated learning, potentially requiring new hardware and software defenses to secure distributed AI training.