Secure Federated Learning at the Tactical Edge

Abstract

Federated Learning (FL) is a decentralized privacy-preserving approach that allows edge devices to collaboratively train machine learning (ML) and deep learning (DL) models without sharing the large amounts of data generated at the edge. All the training data remain on the edge devices, while model updates shared by the devices are aggregated on a nearby FL server. This decentralized ML approach is promising for delayed, disconnected, intermittently connected, or low-bandwidth environments such as those at the tactical edge. However, FL can be vulnerable to data poisoning, model poisoning, and targeted model poisoning (backdoor attacks), where a malicious client influences model behavior without being detected. For example, a federated ML/DL model can be poisoned to misclassify airplane images as bird images. Such attacks pose a serious threat to military operations that rely on ML/DL-based analytic services. It is challenging to detect malicious clients, especially in the case of backdoor attacks that are optimized for stealth by ensuring that the distribution of malicious weight updates looks similar to that of benign clients. The existing defenses against such adversarial attacks are ineffective when the proportion of active benign clients (edge devices) to malicious clients drops intermittently. Our research focuses on developing robust techniques based on statistical analysis to detect malicious behavior and defend FL against adversarial attacks in a tactical edge environment. In particular, we will monitor each client s interaction with the central FL server and analyze the delays between model updates, network propagation delays, and the probability distribution of weight updates. Future military operations can utilize FL on distributed sensors and intelligent devices to improve Army perception, situational awareness, and decision making. Our research aims to significantly improve the security of federated learning at the tactical edge. As a result, soldiers will be able to safely and reliably utilize analytic services built on large sets of low-powered devices connected over resource-constrained networks for military operations. The proposed research addresses the Army’s research thrust on “Advanced Learning Intelligent Cyber-Physical Systems.� It contributes to developing intelligent systems that can continuously learn and adapt in a dynamic environment, even in the presence of malicious inputs engineered to disrupt learning.

Document Details

Document Type

DoD Grant Award

Publication Date

Nov 17, 2022

Source ID

W911NF2310007

Entities

Tags