Titulo Estágio
Adversarial Machine Learning in Federated Learning Systems: Threats, Defenses, and Framework Integration
Áreas de especialidade
Sistemas Inteligentes
Engenharia de Software
Local do Estágio
Rua Dom João Castro n.12, 3030-384 Coimbra, Portugal
Enquadramento
Federated Learning (FL) is a decentralized paradigm for training machine learning models, where data remains on local devices or clients, enhancing privacy and compliance with data protection regulations. However, this decentralized nature introduces novel security threats, particularly from the field of Adversarial Machine Learning (AML). AML encompasses techniques aimed at compromising the integrity or performance of learning systems through malicious inputs, including but not limited to model poisoning, evasion attacks, and backdoor insertion.
The intersection of FL and AML is an emerging research area, with ongoing efforts to detect, evaluate, and mitigate these threats in decentralized and heterogeneous environments. The complexity of ensuring robust learning in such settings is compounded by the lack of centralized oversight, making traditional security techniques insufficient.
DeepGuardian, designed by OneSource, is a framework that leverages Machine Learning (ML) models to detect and classify anomalies in network traffic. This framework allows real-time detection and classification of outbound and inbound network traffic from cloud-native applications.
This internship aims to investigate these vulnerabilities into DeepGuardian to enhance the framework’s resilience to malicious activities that may manipulate and corrupt models or data.
Objetivo
The main objective of this master's thesis is to investigate and develop robust defense mechanisms against adversarial attacks in Federated Learning (FL) environments. This involves: (i) analyzing vulnerabilities in FL architectures, particularly those related to model poisoning and backdoor attacks; (ii) proposing novel or adapted defense strategies suited to decentralized learning; (iii) evaluating these techniques in terms of computational efficiency, accuracy, robustness, security, and data privacy; and (iv) applying the developed methods to enhance the resilience of the DeepGuardian framework through integration with adversarial defense mechanisms.
Plano de Trabalhos - Semestre 1
1. Literature Review: Comprehensive analysis of state-of-the-art research in Federated Learning, with emphasis on security vulnerabilities and privacy-preserving machine learning.
2. Study of Adversarial ML: Critical review of existing segmentation and classification approaches in Adversarial Machine Learning, including taxonomies of attacks and current mitigation strategies.
3. Preliminary Experiments: Design and execution of initial experiments to understand the baseline performance of existing defense mechanisms in simulated FL environments.
4. Intermediate Thesis Draft: Documentation of findings and methodology in an initial version of the thesis.
Plano de Trabalhos - Semestre 2
1. Implementation of Defense Mechanisms: Design and implementation of techniques to detect and mitigate adversarial threats in FL.
2. Simulation of Attacks: Emulation of various adversarial scenarios (e.g., backdoor attacks, model poisoning) to evaluate system resilience.
3. Development of MVP: Creation of a minimum viable product — an FL-based prototype integrating developed defense mechanisms.
4. Performance Evaluation: Benchmarking and analysis of computational and security metrics to validate the efficacy of the proposed solutions.
5. Integration with DeepGuardian: Incorporation of the developed FL defense techniques into the DeepGuardian framework for broader applicability and testing.
6. Final Thesis Writing: Compilation and refinement of the final version of thesis.
Condições
The trainee will have all the necessary conditions to carry out the planned tasks, being integrated into the research and development teams within European research projects in which OneSource is involved.
Orientador
Jorge Diogo Gomes Proença
jorge.proenca@onesource.pt 📩