AI Coding Challenge on Security and Privacy in Federated Learning


On February 15, 2024, Phillip Rieger and Alessandro Pegoraro from our group organized the AI Coding Challenge focused on the security and privacy aspects of Federated Learning (FL). The event was organized in collaboration with Platform Lernende Systeme and IBM Innovation Studios. Federated Learning represents a decentralized approach to machine learning, allowing multiple clients to collectively train Deep Neural Networks (DNNs) without centralizing data. This method ensures data privacy by having each client train DNNs on their local datasets and share only the DNN parameters. Despite its benefits, this decentralization also opens the door to potential security threats, including the submission of manipulated DNN models by malicious clients.

The challenge commenced with opening remarks from Erduana Wald & Pia Schröder, followed by insights from Andrea Marting (IBM Innovation Studios) and Prof. Ahmad Reza Sadeghi (System Security Lab). Phillip Rieger then introduced the foundational principles of Federated Learning, highlighting the different attack vectors and categorizing the numerous attack and defense strategies along with their respective strengths and weaknesses.

Post-lunch, the workshop transitioned into a hands-on session, where participants applied their newly acquired knowledge. Through 15 sequential tasks, they first constructed a FL system and then continued with implementing different attacks and defenses with increasingly difficultness. The final task was to overcome the advanced defense mechanism, KRUM. Sabrina Gross was the first participant to achieve an attack success rate of 40% and improved until the end of the workshop to more than 80%.

The enthusiastic participation and evident fun among attendees during the workshop underscored the experience it offered. Beyond just enjoyment, the workshop provided participants a platform to comprehend the intricacies of defending against poisoning attacks in FL systems. This domain continues to be an area of active research, with our latest findings set to be unveiled at the forthcoming Network and Distributed System Security (NDSS) Symposium 2024.