Data Poisoning Attacks in Gossip Learning

Traditional machine learning systems were designed in a centralized man-ner. In such designs, the central entity maintains both the machine learningmodel and the data used to adjust the model’s parameters. As data central-ization yields privacy issues, Federated Learning was introduced to reducedata sharing and have a central server coordinate the learning of multiple devices.

While Federated Learning is more decentralized, it still relies on a centralentity that may fail or be subject to attacks, provoking the failure of thewhole system. Then, Decentralized Federated Learning removes the need fora central server entirely, letting participating processes handle the coordina-tion of the model construction. This distributed control urges studying thepossibility of malicious attacks by the participants themselves.

While poisoning attacks on Federated Learning have been extensively stud-ied, their effects in Decentralized Federated Learning did not get the samelevel of attention. Our work is the first to propose a methodology to assesspoisoning attacks in Decentralized Federated Learning in both churn free andchurn prone scenarios. Furthermore, in order to evaluate our methodologyon a case study representative for gossip learning we extended the gossipysimulator with an attack injector module.

This presentation is about a work in submission by Alexandre Pham, Maria Potop-Butucaru, Sebastien Tixeuil and Serge Fdida.