연합학습에서 약한 차분 프라이버시와 다양한 방어 기법 결합을 통한 백도어 공격 방어 연구

Vol. 35, No. 1, pp. 99-108, 2월. 2025
10.13089/JKIISC.2025.35.1.99, Full Text:
Keywords: Backdoor attack, Federated learning, Weak differential privacy
Abstract

As privacy regulations become stricter, federated learning, which enables learning in a distributed environment without storing user data on a central server, has emerged as a critical technology. However, its distributed nature makes it vulnerable to various attacks, with backdoor attacks being particularly significant. In this paper, we aim to defend against such backdoor attacks by applying a weak differential privacy mechanism and combining it with various defense techniques such as Multi-Krum and Norm Clipping to analyze their effectiveness. Experiments conducted using the Reddit dataset and LSTM and GPT-2 models with varying levels of noise demonstrate that effective defense can be achieved with less noise than typically required for privacy protection. Moreover, combining differential privacy with other defense techniques enhances defense performance. This study highlights the importance of optimizing noise settings to defend against backdoor attacks while maintaining model performance in federated learning environments and suggests that the combination of differential privacy with other defense mechanisms is a practical solution for backdoor defense.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
최민영 and 김현일, "A Study on the Effectiveness of Backdoor Attack Defense through the Combination of Weak Differential Privacy and Various Defense Mechanisms in Federated Learning," Journal of The Korea Institute of Information Security and Cryptology, vol. 35, no. 1, pp. 99-108, 2025. DOI: 10.13089/JKIISC.2025.35.1.99.

[ACM Style]
최민영 and 김현일. 2025. A Study on the Effectiveness of Backdoor Attack Defense through the Combination of Weak Differential Privacy and Various Defense Mechanisms in Federated Learning. Journal of The Korea Institute of Information Security and Cryptology, 35, 1, (2025), 99-108. DOI: 10.13089/JKIISC.2025.35.1.99.