Study on attacks against federated learning

Abstract

Federated learning is a decentralised form of machine learning, offering the benefits of large amounts of user data across multiple entities, but in a way that user data do not have to change hands. As data privacy concerns become more prevalent, and laws become more widespread, federated learning is expected to be more widely adopted as an effective form of artificial intelligence for technological solutions. The increased incentive for attacking federated networks, combined with the inherent security risks associated with decentralised technologies, mean that attacks on federated networks will become more commonplace in the future. This project studies attacks on federated learning networks by finding the best attack vectors towards such models, to understand where and how they are vulnerable, with the intent of providing insights on how to build defences against those attacks. Open source libraries were used to explore pixel and semantic attacks, centralised and distributed attacks, as well as single and multi shot attacks.