Distributed Backdoor Attacks in Federated Learning Generated by DynamicTriggers

The emergence of federated learning has alleviated the dual challenges of data silos and data privacy and security in machine learning. However, this distributed learning approach makes it more susceptible to backdoor attacks, where malicious participants can conduct adversarial attacks by injecting backdoor triggers into their local training datasets, aiming to manipulate model predictions, for example, make the classifier recognize poisoned samples (injected with specific triggers) as specific images. In order to effectively detect backdoor attacks and protect federated learning systems, we need to know how backdoor attacks are generated and developed. Currently, most backdoor attacks to federated learning use centralized attacks with static triggers, which are easily detectable by current defense methods. In this work, we propose a distributed backdoor attack method that fully leverages the distributed nature of federated learning. It starts by generating unique and independent global dynamic triggers for infected benign samples and then decomposes the global trigger into multiple sub-triggers, embedding them into the training sets of multiple participants. During the training phase, data poisoning is introduced. Through extensive experiments, we demonstrate that this attack method exhibits higher persistence and stealthiness, achieving a significantly higher success rate than standard centralized backdoor attacks. Compared to classical distributed backdoor attack (DBA) methods, it shows noticeable improvements in attack performance.