Analyzing Federated Learning through an Adversarial Lens
Authors: Arjun Nitin Bhagoji, Supriyo Chakraborty, Prateek Mittal, Seraphin Calo
ICML 2019 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | All of our experiments are on DNNs trained on the Fashion-MNIST (Xiao et al., 2017) and Adult Census1 datasets. Our evaluation demonstrates that this attack enables an adversary controlling a single malicious agent to achieve targeted misclassification at the global model with 100% confidence while ensuring convergence of the global model for deep neural networks trained on both datasets. |
| Researcher Affiliation | Collaboration | Arjun Nitin Bhagoji * 1 Supriyo Chakraborty 2 Prateek Mittal 1 Seraphin Calo 2 1Princeton University 2I.B.M. T.J. Watson Research Center. |
| Pseudocode | No | The paper describes methods narratively and does not include any clearly labeled pseudocode or algorithm blocks. |
| Open Source Code | Yes | Our code (https://github.com/ inspire-group/Model Poisoning) and a technical report (Bhagoji et al., 2018) are available. |
| Open Datasets | Yes | All of our experiments are on DNNs trained on the Fashion-MNIST (Xiao et al., 2017) and Adult Census1 datasets. 3https://archive.ics.uci.edu/ml/datasets/ adult |
| Dataset Splits | No | The paper mentions checking 'validation accuracy' (e.g., 'The server checks the validation accuracy of wt i...') and refers to 'validation data' in figures, but it does not specify concrete dataset splits (e.g., 80/10/10 split or specific sample counts) for training, validation, and testing. |
| Hardware Specification | No | The paper does not provide specific details about the hardware used for experiments, such as GPU models, CPU types, or memory specifications. |
| Software Dependencies | No | The paper does not specify the version numbers for any software dependencies (e.g., Python, PyTorch, TensorFlow) used in the experiments. |
| Experiment Setup | Yes | In the attack with explicit boosting, the malicious agent uses Em = 5 to obtain δt m, and then boosts it by λ = 1/αm = K. We set the accuracy threshold γt to be 10%... We use λ = 10 and ρ = 1e-4. For both datasets, we study the case with the number of agents K set to 10 and 100. We run federated learning till a pre-specified test accuracy (91% for Fashion MNIST and 84% for the Adult Census data) is reached or the maximum number of time steps have elapsed (40 for K = 10 and 50 for K = 100). |