网络与信息安全学报 (Aug 2023)
Malicious code within model detection method based on model similarity
Abstract
The privacy of user data in federated learning is mainly protected by exchanging model parameters instead of source data.However, federated learning still encounters many security challenges.Extensive research has been conducted to enhance model privacy and detect malicious model attacks.Nevertheless, the issue of risk-spreading through malicious code propagation during the frequent exchange of model data in the federated learning process has received limited attention.To address this issue, a method for detecting malicious code within models, based on model similarity, was proposed.By analyzing the iterative process of local and global models in federated learning, a model distance calculation method was introduced to quantify the similarity between models.Subsequently, the presence of a model carrying malicious code is detected based on the similarity between client models.Experimental results demonstrate the effectiveness of the proposed detection method.For a 178MB model containing 0.375MB embedded malicious code in a training set that is independent and identically distributed, the detection method achieves a true rate of 82.9% and a false positive rate of 1.8%.With 0.75MB of malicious code embedded in the model, the detection method achieves a true rate of 96.6% and a false positive rate of 0.38%.In the case of a non-independent and non-identically distributed training set, the accuracy of the detection method improves as the rate of malicious code embedding and the number of federated learning training rounds increase.Even when the malicious code is encrypted, the accuracy of the proposed detection method still achieves over 90%.In a multi-attacker scenario, the detection method maintains an accuracy of approximately 90% regardless of whether the number of attackers is known or unknown.
Keywords
