ACM Digital Library home
ACM home
Advanced Search
10.1145/3422337.3447837acmconferencesArticle/Chapter ViewAbstractPublication PagescodaspyConference Proceedingsconference-collections
research-article

BlockFLA: Accountable Federated Learning via Hybrid Blockchain Architecture

CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and PrivacyApril 2021Pages 101–112https://doi.org/10.1145/3422337.3447837
Published:26 April 2021Publication History
  • 23citation
  • 599
  • Downloads
Metrics
Total Citations23
Total Downloads599
Last 12 Months191
Last 6 weeks16

CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy

BlockFLA: Accountable Federated Learning via Hybrid Blockchain Architecture
Pages 101–112
PreviousChapterNextChapter

ABSTRACT

Federated Learning (FL) is a distributed, and decentralized machine learning protocol. By executing FL, a set of agents can jointly train a model without sharing their datasets with each other, or a third-party. This makes FL particularly suitable for settings where data privacy is desired.

At the same time, concealing training data gives attackers an opportunity to inject backdoors into the trained model. It has been shown that an attacker can inject backdoors to the trained model during FL, and then can leverage the backdoor to make the model misclassify later. Several works tried to alleviate this threat by designing robust aggregation functions. However, given more sophisticated attacks are developed over time, which by-pass the existing defenses, we approach this problem from a complementary angle in this work. Particularly, we aim to discourage backdoor attacks by detecting, and punishing the attackers, possibly after the end of training phase.

To this end, we develop a hybrid blockchain-based FL framework that uses smart contracts to automatically detect, and punish the attackers via monetary penalties. Our framework is general in the sense that, any aggregation function, and any attacker detection algorithm can be plugged into it. We conduct experiments to demonstrate that our framework preserves the communication-efficient nature of FL, and provide empirical results to illustrate that it can successfully penalize attackers by leveraging our novel attacker detection algorithm.

Skip Supplemental Material Section

Supplemental Material

CODASPY21-codas597.mp4

Presentation Video - BlockFLA Accountable Federated Learning via Hybrid Blockchain Architecture

mp4

473.9 MB

Play streamDownload

References

  1. [n.d.]. Common architectures in convolutional neural networks. https://www. jeremyjordan.me/convnet-architectures/Google ScholarGoogle Scholar
  2. Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady Laventman, Yacov Manevich, Srinivasan Muralidharan, Chet Murthy, Binh Nguyen, Manish Sethi, Gari Singh, Keith Smith, Alessandro Sorniotti, Chrysoula Stathakopoulou, Marko Vukolic, Sharon Weed Cocco, and Jason Yellick. 2018. Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains. In Proceedings of the Thirteenth EuroSys Conference (Porto, Portugal) (EuroSys '18). Association for Computing Machinery, New York, NY, USA, Article 30, 15 pages. https://doi.org/10.1145/3190508.3190538Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How to backdoor federated learning. In International Conference on Artificial Intelligence and Statistics. 2938--2948.Google ScholarGoogle Scholar
  4. Jeremy Bernstein, Yu-Xiang Wang, Kamyar Azizzadenesheli, and Anima Anandkumar. 2018. signSGD: Compressed Optimisation for Non-Convex Problems. arxiv: 1802.04434 [cs.LG]Google ScholarGoogle Scholar
  5. Arjun Nitin Bhagoji, Supriyo Chakraborty, Prateek Mittal, and Seraphin Calo. 2019. Analyzing federated learning through an adversarial lens. In International Conference on Machine Learning. 634--643.Google ScholarGoogle Scholar
  6. Peva Blanchard, Rachid Guerraoui, Julien Stainer, et almbox. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. In Advances in Neural Information Processing Systems. 119--129.Google ScholarGoogle Scholar
  7. Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth. 2017. Practical secure aggregation for privacy-preserving machine learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1175--1191.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Miguel Castro and Barbara Liskov. 2002. Practical Byzantine Fault Tolerance and Proactive Recovery. ACM Trans. Comput. Syst., Vol. 20, 4 (Nov. 2002), 398--461. https://doi.org/10.1145/571637.571640Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017).Google ScholarGoogle Scholar
  10. H. Desai, K. Liu, M. Kantarcioglu, and L. Kagal. 2018. Adjudicating Violations in Data Sharing Agreements Using Smart Contracts. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). 1553--1560.Google ScholarGoogle Scholar
  11. Clement Fung, Chris J. M. Yoon, and Ivan Beschastnikh. 2020. Mitigating Sybils in Federated Learning Poisoning. arXiv preprint arXiv:1808.04866 (2020).Google ScholarGoogle Scholar
  12. Robin C Geyer, Tassilo Klein, and Moin Nabi. 2017. Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557 (2017).Google ScholarGoogle Scholar
  13. Christian Gorenflo, Stephen Lee, Lukasz Golab, and Srinivasan Keshav. 2019. Fastfabric: Scaling hyperledger fabric to 20,000 transactions per second. In 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE, 455--463.Google ScholarGoogle ScholarCross RefCross Ref
  14. Y. Hao, Y. Li, X. Dong, L. Fang, and P. Chen. 2018. Performance Analysis of Consensus Algorithm in Private Blockchain. In 2018 IEEE Intelligent Vehicles Symposium (IV). 280--285.Google ScholarGoogle Scholar
  15. Markus Jakobsson and Ari Juels. 1999. Proofs of Work and Bread Pudding Protocols(Extended Abstract). Springer US, Boston, MA, 258--272.Google ScholarGoogle Scholar
  16. Seoung Kyun Kim, Zane Ma, Siddharth Murali, Joshua Mason, Andrew Miller, and Michael Bailey. 2018. Measuring ethereum network peers. In Proceedings of the Internet Measurement Conference 2018. 91--104.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Jakub Konený, H. Brendan McMahan, Felix X. Yu, Peter Richtárik, Ananda Theertha Suresh, and Dave Bacon. 2017. Federated Learning: Strategies for Improving Communication Efficiency. arxiv: 1610.05492 [cs.LG]Google ScholarGoogle Scholar
  18. Alex Krizhevsky, Vinod Nair, and Geoffrey Hinton. 2009. CIFAR-10 (Canadian Institute for Advanced Research). (2009). http://www.cs.toronto.edu/ kriz/cifar.htmlGoogle ScholarGoogle Scholar
  19. Yingqi Liu, Shiqing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang, and Xiangyu Zhang. 2018. Trojaning Attack on Neural Networks. In 25nd Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-221, 2018. The Internet Society.Google ScholarGoogle Scholar
  20. Chuan Ma, Jun Li, Ming Ding, Long Shi, Taotao Wang, Zhu Han, and H. Vincent Poor. 2020. When Federated Learning Meets Blockchain: A New Distributed Learning Paradigm. arxiv: 2009.09338 [cs.NI]Google ScholarGoogle Scholar
  21. H Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, et almbox. 2016b. Communication-efficient learning of deep networks from decentralized data. arXiv preprint arXiv:1602.05629 (2016).Google ScholarGoogle Scholar
  22. H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Agüera y Arcas. 2016a. Communication-Efficient Learning of Deep Networks from Decentralized Data. arxiv: 1602.05629 [cs.LG]Google ScholarGoogle Scholar
  23. El Mahdi El Mhamdi, Rachid Guerraoui, and Sébastien Rouault. 2018. The hidden vulnerability of distributed learning in byzantium. arXiv preprint arXiv:1802.07927(2018).Google ScholarGoogle Scholar
  24. Vaikkunth Mugunthan, Ravi Rahman, and Lalana Kagal. 2020. BlockFLow: An Accountable and Privacy-Preserving Solution for Federated Learning. arxiv: 2007.03856 [cs.LG]Google ScholarGoogle Scholar
  25. Satoshi Nakamoto. 2009. Bitcoin: A Peer-to-Peer Electronic Cash System. Cryptography Mailing list at https://metzdowd.com (03 2009).Google ScholarGoogle Scholar
  26. Mustafa Safa Ozdayi, Murat Kantarcioglu, and Yulia R Gel. 2020. Defending Against Backdoors in Federated Learning with Robust Learning Rate. arXiv preprint arXiv:2007.03767 (2020).Google ScholarGoogle Scholar
  27. Krishna Pillutla, Sham M Kakade, and Zaid Harchaoui. 2019. Robust aggregation for federated learning. arXiv preprint arXiv:1912.13445 (2019).Google ScholarGoogle Scholar
  28. S. Pongnumkul, C. Siripanpornchana, and S. Thajchayapong. 2017. Performance Analysis of Private Blockchain Platforms in Varying Workloads. In 2017 26th International Conference on Computer Communication and Networks (ICCCN). 1--6.Google ScholarGoogle Scholar
  29. Felix Sattler, Simon Wiedemann, Klaus-Robert Müller, and Wojciech Samek. 2019. Robust and communication-efficient federated learning from non-iid data. IEEE transactions on neural networks and learning systems (2019).Google ScholarGoogle Scholar
  30. Ali Shafahi, W Ronny Huang, Mahyar Najibi, Octavian Suciu, Christoph Studer, Tudor Dumitras, and Tom Goldstein. 2018. Poison frogs! targeted clean-label poisoning attacks on neural networks. In Advances in Neural Information Processing Systems. 6103--6113.Google ScholarGoogle Scholar
  31. Neta Shoham, Tomer Avidor, Aviv Keren, Nadav Israel, Daniel Benditkis, Liron Mor-Yosef, and Itai Zeitak. 2019. Overcoming Forgetting in Federated Learning on Non-IID Data. arXiv preprint arXiv:1910.07796 (2019).Google ScholarGoogle Scholar
  32. Ziteng Sun, Peter Kairouz, Ananda Theertha Suresh, and H Brendan McMahan. 2019. Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963 (2019).Google ScholarGoogle Scholar
  33. Gavin Wood. [n.d.]. Ethereum: A secure decentralised generalised transaction ledger. ([n.,d.]).Google ScholarGoogle Scholar
  34. Dong Yin, Yudong Chen, Ramchandran Kannan, and Peter Bartlett. 2018. Byzantine-Robust Distributed Learning: Towards Optimal Statistical Rates. In International Conference on Machine Learning. 5650--5659.Google ScholarGoogle Scholar

Index Terms

  1. BlockFLA: Accountable Federated Learning via Hybrid Blockchain Architecture

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        Get this Publication

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        View Table of Contents
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!