• Table of contents
• Description
• Overview of project
• How to develop from this project
• Dataset for Backdoor Attack in FL
• Durability
• Working with FedML
• Survey Papers for Machine Learning Security
  • Paper Backdoor Attack in ML/ FL
  • Code for Backdoor Attack in ML/ FL
  • Other Resources for Backdoor Attack in ML/ FL
• Backdoor Attack code resources in FL

This github project provided a fast integration for readers to work in the field of backdoor attacks in machine learning and federated learning.

• Attack methods: DBA, LIRA, IBA, BackdoorBox, 3DFed, Chameleon, etc.
• Defense methods: Krum, RFA, FoolsGold, etc.

• Define dataset in tasks folder.
• Define your own attack method in .attacks folder. Default attack method is adding trigger to the training dataset and training the model with the poisoned dataset.
• Define your own defense method in defenses folder. Default defense method is FedAvg.
• Define your own model in models folder and config for experiment in exps folder.
  • All the experiments are inherited from the 3 base .yaml files in exps folder for 3 datasets: mnist_fed.yaml (MNIST), cifar_fed.yaml (CIFAR-10), imagetnet_fed.yaml (Tiny ImageNet).
  • The base setting for each experiment contains 100 clients, in which 4 clients are attackers, 10 clients participate in each round, and 2 rounds are performed for benign training, and 5 rounds are performed for attack training.
  • The dataset is divided by dirichlet distribution with $\alpha = 0.5$.
  • The pre-trained model is downloaded from Google Drive (DBA).

Here is the example of running the code:

python training.py --name cifar10 --params ./exps/run_cifar10__2023.Nov.24/cifar10_fed_100_10_4_0.5_0.05.yaml

python training.py --name mnist --params ./exps/run_mnist__2023.Nov.24/mnist_fed_100_10_4_0.5_0.05.yaml

python training.py --name tiny-imagenet --params ./exps/run_tiny-imagenet__2023.Nov.24/tiny-imagenet_fed_100_10_4_0.5_0.05.yaml

In these commands, the --name argument is the name of experiment, and the --params argument is the path to the .yaml file of experiment setting.

For more commands, please refer to file ./exps/run-yaml-cmd.md. Please note that the ./exps/run-yaml-cmd.md file is generated by the ./exps/gen-run-yaml-file.py file. Refer to the ./exps/gen-run-yaml-file.py to generate different commands for your own experiments.

Edge-case backdoors

• FedML README.md

Types of Attacks in FL setting:

• Byzantine Attack
• DLG Attack (Deep Leakage from Gradients)
• Backdoor Attack
• Model Replacement Attack

• How to Backdoor Federated Learning
• Attack of the Tails: Yes, You Really Can Backdoor Federated Learning
• DBA: Distributed Backdoor Attacks against Federated Learning

• List of papers on data poisoning and backdoor attacks
• Proceedings of Machine Learning Research
• Backdoor learning resources
• Google Scholar:
  • Avi Schwarzschild, Post Doc at CMU
  • Yiming Li, Research Professor at Zhejiang University
  • Nicolas Papernot, Assistant Professor at University of Toronto

In FL community, there are many code resources for backdoor attack, in which each of them has its own FL scenario (e.g., hyperparameters, dataset, attack methods, defense methods, etc.). Thus, we provide a list of popular code resources for backdoor attack in FL as follows:

• Attack of the Tails: Yes, You Really Can Backdoor Federated Learning - NeurIPS'20
• DBA: Distributed Backdoor Attacks against Federated Learning ICLR'20
• How To Backdoor Federated Learning - AISTATS'20
• Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks - ICML'21
• Learning to Backdoor Federated Learning - ICLR'23 Workshop
• Chameleon: Adapting to Peer Images for Planting Durable Backdoors in Federated Learning - ICML'23
• FedMLSecurity: A Benchmark for Attacks and Defenses in Federated Learning and Federated LLMs - arXiv'23
• IBA: Towards Irreversible Backdoor Attacks in Federated Learning - NeurIPS'23