no code implementations • 7 Dec 2023 • Hossein Fereidooni, Alessandro Pegoraro, Phillip Rieger, Alexandra Dmitrienko, Ahmad-Reza Sadeghi
Existing defenses against poisoning attacks in FL have several limitations, such as relying on specific assumptions about attack types and strategies or data distributions or not sufficiently robust against advanced injection techniques and strategies and simultaneously maintaining the utility of the aggregated model.
no code implementations • 25 Oct 2023 • Torsten Krauß, Jasper Stang, Alexandra Dmitrienko
ClearMark defines a transposed model architecture allowing to use of the model in a backward fashion to interwove the watermark with the main task within all model parameters.
no code implementations • 6 Jun 2023 • Torsten Krauß, Alexandra Dmitrienko
We introduce Metric-Cascades (MESAS), a novel defense method for more realistic scenarios and adversary models.
1 code implementation • 14 Oct 2022 • Phillip Rieger, Torsten Krauß, Markus Miettinen, Alexandra Dmitrienko, Ahmad-Reza Sadeghi
However, FL is susceptible to backdoor (or targeted poisoning) attacks.
no code implementations • 23 Mar 2021 • Oliver Lutz, Huili Chen, Hossein Fereidooni, Christoph Sendner, Alexandra Dmitrienko, Ahmad Reza Sadeghi, Farinaz Koushanfar
When extended to new vulnerability types, ESCORT yields an average F1-score of 93%.