研究人员开发了一种针对联邦学习系统的新型后门攻击,通过在训练过程中诱导模型参数中的硬件故障(特别是比特翻转)来实现。这种被称为“比特翻转链”(Chain of Bit-Flips)的新方法不依赖于特定任务,并且可以由单个恶意客户端植入。该攻击在ResNet-18模型上,使用有限数量的故障,成功率达到了94%,并讨论了实际影响和潜在的防御措施。 AI
影响 突显了联邦学习中的新漏洞,可能需要新的硬件和软件防御措施来保护分布式人工智能训练。
排序理由 该集群包含一篇详细介绍联邦学习系统中模型投毒新方法的学术论文。
AI 生成摘要 · Google Gemini · 来自 2 个来源。 我们如何撰写摘要 →
arXiv:2606.09548v1 Announce Type: cross Abstract: Federated Learning (FL) allows a set of clients to collectively train a global model without sharing local training data. Giving the responsibility of the training to decentralized actors may lead to poisoning attacks: clients con…
Federated Learning (FL) allows a set of clients to collectively train a global model without sharing local training data. Giving the responsibility of the training to decentralized actors may lead to poisoning attacks: clients controlled by malicious third party potentially poiso…