poisoning attacks on federated
play

Poisoning Attacks on Federated Le Learning-based In Intrusion - PowerPoint PPT Presentation

Jan 07, 2023 •163 likes •508 views

Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc Nguyen, Phillip Rieger, Markus Miettinen, Ahmad-Reza Sadeghi Typical IoT Devices 2 IoT The S stands for Security 3 Mirai: Largest Disruptive

  1. Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc Nguyen, Phillip Rieger, Markus Miettinen, Ahmad-Reza Sadeghi

  2. Typical IoT Devices 2

  3. IoT The S stands for Security 3

  4. Mirai: Largest Disruptive Cyberattack in History Peak bandwidth of 1156 Gbps More than 145,000 infected devices Source: https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html 4

  5. Mirai: Largest Disruptive Cyberattack in History Peak bandwidth of 1156 Gbps More than 145,000 infected devices Source: https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html 4

  6. Federated Learning Aggregator Client Client Client 5

  7. Federated Learning Aggregator Client Client Client 5

  8. Federated Learning Aggregator Client Client Client 5

  9. Federated Learning Aggregator Client Client Client 5

  10. Advantages of Federated Learning • Allows all participants to profit from all data • Privacy Preserving ▪ E.g.: Don’t reveal network traffic • Distributing computation load to clients 6

  11. IoT NIDS Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW Nguyen et.al. , ICDCS 2019 7

  12. IoT NIDS Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW Nguyen et.al. , ICDCS 2019 7

  13. IoT NIDS Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW Nguyen et.al. , ICDCS 2019 7

  14. IoT NIDS Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW Nguyen et.al. , ICDCS 2019 7

  15. Examples of Backdoor Attacks: Adversary Chosen Label Image classification Word prediction IoT malware detection Change labels, e.g., Select end words, e.g., Inject malicious traffic, • Speed limit signs from ”buy phone from Google” e.g., use compromised 30kph to 80kph IoT devices Our new Attack 8

  16. Backdoor Attacks on FL 1. Manipulate training data 2. Manipulate local models Aggregator Client Client Client Nguyen et.al. , ICDCS 2019 9

  17. Backdoor Attacks on FL Attack Strategies: 1. Manipulate training data 2. Manipulate local models Aggregator Client Client Client Nguyen et.al. , ICDCS 2019 9

  18. Our Threat Model Attack Goal: • Inject Backdoor Attacker’s Capabilities : • Full knowledge about the targeted system • Fully control some IoT devices Attacker cannot: • Control Security Gateways • Control devices in < 50% of all networks 10

  19. Our Approach – High Level Idea • Challenge: Prevent detection of data poisoning • Only few attack data → Gateway will not detect it → Still include malware traffic in training data → Neural Network learns to predict malware behavior • Use compromised IoT devices 11

  20. Our Approach 1. Compromise IoT Devices 2. Inject Malicious Data Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW 2. 1. 12

  21. Our Approach 1. Compromise IoT Devices 2. Inject Malicious Data Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW 2. 1. 12

  22. Our Approach 1. Compromise IoT Devices 2. Inject Malicious Data Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW 2. 1. 12

  23. Our Approach 1. Compromise IoT Devices 2. Inject Malicious Data Aggregator SGW: Security Gateway (e.g., Local WiFi router) SGW SGW SGW 2. 1. 12

  24. Experimental Setup • 3 Real – World Datasets [1, 2] • Consisting of traffic from 46 IoT devices • Different stages of Mirai: infection, scanning, different DDoS attacks • Distributed data to 100 clients ▪ Approx. 2h of traffic [1] Nguyen et.al. , ICDCS 2019 [2] Sivanathan et.al. , IEEE Transactions on Mobile Computing 2018 13

  25. Attack Parameters • Poisoned Model Rate (PMR) ▪ Indicates percentage of poisoned local models o E.g., ratio of networks, containing compromised IoT devices • Poisoned Data Rate (PDR) ▪ Indicates ratio between poisoned and benign data o E.g., ratio between malware and benign network traffic 14

  26. Evaluation Metrics • Backdoor Accuracy (BA) ▪ E.g., alerts, raised on malware traffic ▪ 100 % BA → No Alert for malware traffic • Main task Accuracy (MA) ▪ E.g., accuracy on benign network traffic ▪ 100 % MA → No alert for benign traffic 15

  27. Experimental Results • Malware traffic not detected for PDR of 36.7% ( ± 6.5%) PDR: Poisoned Data Rate 16

  28. Experimental Results • Malware traffic not detected for PDR of 36.7% ( ± 6.5%) • Attack successful for low number of compromised networks ▪ BA 100% for PMR 25% and PDR 20% ▪ Higher PMRs are successful for lower PDRS ▪ Lower PMRs require higher PDRs PDR: Poisoned Data Rate ▪ PMR 5% is too low PMR: Poisoned Model Rate 16

  29. Experimental Results – Clustering Defense Mechanism: Experimental Results • Calculates pairwise Euclidean Distances • Apply Clustering on them • BA 100% • Attack effective for PDR ≤ 20% Illustration for PDR = 30% 17

  30. Experimental Results – Clustering Defense Mechanism: Experimental Results • Calculates pairwise Euclidean Distances • Apply Clustering on them • BA 100% • Attack effective for PDR ≤ 20% Illustration for PDR = 20% 17

  31. Experimental Results – Differential Privacy Defense Experimental Results Mechanism: • Restricts Euclidean distance of local models • Adds gaussian noise • Not effective for PDR >= 15% • BA 100% • MA reduced significantly 18

  32. Conclusion ➢ Introduced novel backdoor attack vector ➢ Requires only control of few IoT devices ➢ Inject Malware Traffic Stealthily ➢ Evaluated on 3 real – world datasets ➢ Bypasses current defenses 19

  33. Future Research Direction • Improve IDS • Filter poisoned data on clients • Defense against these poisoning attacks 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Poisoning Attack Analysis Jeffrey Zhang Universal Multi-Party Poisoning Attacks Saeed

Poisoning Attack Analysis Jeffrey Zhang Universal Multi-Party Poisoning Attacks Saeed

Poisoning Attack Analysis Jeffrey Zhang Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed, ICML 2019 Multi-party Learning Application: Federated Learning Federated Learning : Train a centralized

589 views • 34 slides
Poisoning Attacks: p-Tampering and Poison Frogs Simons Robustness Reading Group Bolton Bailey

Poisoning Attacks: p-Tampering and Poison Frogs Simons Robustness Reading Group Bolton Bailey

Poisoning Attacks: p-Tampering and Poison Frogs Simons Robustness Reading Group Bolton Bailey July 1, 2019 What is a Poisoning Attack? Data poisoning is an attack on machine learning models wherein the attacker adds (or modifies) examples

1.28k views • 12 slides
DNS Poisoning: Developments, Attacks and Research Directions Suggestions for the Idle and Curious

DNS Poisoning: Developments, Attacks and Research Directions Suggestions for the Idle and Curious

DNS Poisoning Attack Scenarios Vulnerability Analysis Remedies DNS Poisoning: Developments, Attacks and Research Directions Suggestions for the Idle and Curious Researcher David Dagon 1 1 Georgia Institute of Technology Atlanta, Georgia

327 views • 28 slides
TRANSFERABLE CLEAN-LABEL POISONING ATTACKS ON DEEP NEURAL NETS Chen Zhu*, W. Ronny Huang*^, Ali

TRANSFERABLE CLEAN-LABEL POISONING ATTACKS ON DEEP NEURAL NETS Chen Zhu*, W. Ronny Huang*^, Ali

TRANSFERABLE CLEAN-LABEL POISONING ATTACKS ON DEEP NEURAL NETS Chen Zhu*, W. Ronny Huang*^, Ali Shafahi, Hengduo Li, Gavin Taylor, Christoph Studer, Tom Goldstein * equal contribution ^ presenter WHAT IS POISONING? Training data Testing

218 views • 19 slides
2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image

2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image

2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image Classification Models Harsh Kachhadia Co-Advisors: Dr. Amin Alipour and Dr. Ioannis Kakadiaris Motivation Deep Learning models, due to their

204 views • 19 slides
Adversarial Attacks on Node Embeddings via Graph Poisoning Aleksandar Bojchevski, Stephan

Adversarial Attacks on Node Embeddings via Graph Poisoning Aleksandar Bojchevski, Stephan

Adversarial Attacks on Node Embeddings via Graph Poisoning Aleksandar Bojchevski, Stephan Gnnemann Technical University of Munich ICML 2019 Node embeddings are used to Classify scientific papers Recommend items Classify proteins

336 views • 21 slides
Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks on DNS Denial-of-Service Cache Poisoning Securing DNS Split-Split-DNS DNSSEC 2 DNS The Domain Name System Naming Service

1.15k views • 46 slides
CARBON MONOXIDE POISONING The Silent Killer PATHOPHYSIOLOGY OF CARBON MONOXIDE 1. CO poisoning

CARBON MONOXIDE POISONING The Silent Killer PATHOPHYSIOLOGY OF CARBON MONOXIDE 1. CO poisoning

CARBON MONOXIDE POISONING The Silent Killer PATHOPHYSIOLOGY OF CARBON MONOXIDE 1. CO poisoning is the most common exposure poisoning in the United States and the rest of the world. 2. It is an odorless, colorless gas that can cause sudden

198 views • 15 slides
Data Poisoning Attack cks on Stoch chastic c Bandits Fang Liu and Ness Shroff Outline

Data Poisoning Attack cks on Stoch chastic c Bandits Fang Liu and Ness Shroff Outline

Data Poisoning Attack cks on Stoch chastic c Bandits Fang Liu and Ness Shroff Outline Background q What are bandits? q Motivations Data poisoning attacks on stochastic bandits q Offline model q Online model q Simulation results

218 views • 17 slides
Poison and Poisoning Azwin bin Md Tumin National Poison Centre Outline a. Definition b.

Poison and Poisoning Azwin bin Md Tumin National Poison Centre Outline a. Definition b.

Poison and Poisoning Azwin bin Md Tumin National Poison Centre Outline a. Definition b. Forefathers of toxicology c. Famous poisoning cases d. Misconception about poisoning e. Basic principles of poisoning f. Factors influencing toxic

843 views • 16 slides
Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed Multi-Party Learning Distributions Data Providers 1 1 Model Multi-Party Learning (Round j) Distributions

540 views • 20 slides
Pharmacists Role in Prevention &amp; Management of Poisoning Prof. Rahmat Awang National Poison

Pharmacists Role in Prevention &amp; Management of Poisoning Prof. Rahmat Awang National Poison

Overview of Poisoning Incidence and the Pharmacists Role in Prevention &amp; Management of Poisoning Prof. Rahmat Awang National Poison Centre Universiti Sains Malaysia 1st. National Poisoning Symposium 2016: Pharmacists Role in Poisoning

570 views • 33 slides
DNS Cache Poisoning Attack Introduction The purpose of this presentation is to dissect the

DNS Cache Poisoning Attack Introduction The purpose of this presentation is to dissect the

Anatomy of a DNS Cache Poisoning Attack Introduction The purpose of this presentation is to dissect the Domain Name System (DNS) Cache Poisoning Cyber attack. We will cover: - Real-world examples of DNS cache poisoning - A defjnition of

607 views • 58 slides
Structured Overlays: Eclipse Attacks on Overlay Networks April 28th, 2006 Wyman Park 4 th Floor

Structured Overlays: Eclipse Attacks on Overlay Networks April 28th, 2006 Wyman Park 4 th Floor

Structured Overlays: Eclipse Attacks on Overlay Networks April 28th, 2006 Wyman Park 4 th Floor Conference Room Presentation by: Dan Liu &amp; Jay Zarfoss 1 The idea of churn as shelter from route poisoning attacks is an interesting, if

874 views • 44 slides
Childhood Lead Poisoning in Ohio 2 Objectives Overview of childhood lead poisoning in Ohio

Childhood Lead Poisoning in Ohio 2 Objectives Overview of childhood lead poisoning in Ohio

1 Childhood Lead Poisoning in Ohio 2 Objectives Overview of childhood lead poisoning in Ohio Provide an overview of the Public Health Lead Investigation Process Bring awareness to funding resources for lead hazard control 3

1.35k views • 71 slides
Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela Measuring from censorship to state-sponsored attacks Andrs E. Azprua #imv2020 @VEsinFiltro VEsinFiltro.com VENEZUELAN CONTEXT Critical failure

833 views • 56 slides
using the -set etup up Johann ann Is Isaak ak ExtreMe Matter Institute EMMI and

using the -set etup up Johann ann Is Isaak ak ExtreMe Matter Institute EMMI and

of the PDR in 128 128 Te The e de decay pattern tern of Te using the -set etup up Johann ann Is Isaak ak ExtreMe Matter Institute EMMI and Research Division, GSI The 5th international conference on Collective Motion in

419 views • 38 slides
Efficient Modular SAT Solving for IC3 Sam Bayless , Celina G. Val , Thomas Ball ,

Efficient Modular SAT Solving for IC3 Sam Bayless , Celina G. Val , Thomas Ball ,

Efficient Modular SAT Solving for IC3 Sam Bayless , Celina G. Val , Thomas Ball , Holger H. Hoos , Alan J. Hu University of British Columbia Microsoft Research Sam Bayless (UBC) Efficient Modular SAT Solving for IC3

505 views • 31 slides
Pedestrian Positioning from Wrist-worn Wearable Devices Luis Enrique Dez and Alfonso Bahillo

Pedestrian Positioning from Wrist-worn Wearable Devices Luis Enrique Dez and Alfonso Bahillo

Pedestrian Positioning from Wrist-worn Wearable Devices Luis Enrique Dez and Alfonso Bahillo Faculty of Engineering, University of Deusto, Bilbao, Spain 2016 7th Indoor Positioning and Indoor Navigation Conference Introduction System

100 views • 8 slides
Implementing PDR in CPAchecker Gernot Zorneck Faculty of Computer Science and Mathematics

Implementing PDR in CPAchecker Gernot Zorneck Faculty of Computer Science and Mathematics

Implementing PDR in CPAchecker Gernot Zorneck Faculty of Computer Science and Mathematics University of Passau September 23, 2016 Gernot Zorneck Implementing PDR in CPAchecker September 23, 2016 1 / 24 Outline Introduction 1

1.19k views • 39 slides
ASICs and Front-End Motherboards Introduction Marco Verzocchi Fermilab 5 February 2020 Outline

ASICs and Front-End Motherboards Introduction Marco Verzocchi Fermilab 5 February 2020 Outline

DUNE Preliminary Design Review of ASICs and Front-End Motherboards Introduction Marco Verzocchi Fermilab 5 February 2020 Outline Introduction to DUNE Electronics for the readout of the TPC Requirements for the front-end electronics

579 views • 27 slides
Towards a Visible Light Network Architecture for Continuous Communication and Localization

Towards a Visible Light Network Architecture for Continuous Communication and Localization

Towards a Visible Light Network Architecture for Continuous Communication and Localization Jialiang Zhang, Chi Zhang, Xinyu Zhang, Suman Banerjee University of Wisconsin - Madison VLCS'16 Landmarks of VL Communication Technology 2000

671 views • 19 slides
On the ideal case of a conjecture of Huneke and Wiegand Naoki Taniguchi Waseda University Joint

On the ideal case of a conjecture of Huneke and Wiegand Naoki Taniguchi Waseda University Joint

1 Introduction 2 Weakly m -full ideals 3 Proof of Theorem 1.8 4 Integrally closed ideals References On the ideal case of a conjecture of Huneke and Wiegand Naoki Taniguchi Waseda University Joint work with O. Celikbas, S. Goto and

822 views • 34 slides
STRUCTURAL TRANSFORMATION AND ITS ROLE IN REDUCING POVERTY Findings and perspectives of the

STRUCTURAL TRANSFORMATION AND ITS ROLE IN REDUCING POVERTY Findings and perspectives of the

STRUCTURAL TRANSFORMATION AND ITS ROLE IN REDUCING POVERTY Findings and perspectives of the Countries with Special Needs Development Report 2019 Oliver Paddison, PhD Chief, Countries with Special Needs Section Macroeconomic Policy and

764 views • 20 slides

More recommend