Publications-Theses
Article View/Open
Publication Export
Google ScholarTM
NCCU Library
Citation Infomation
Related Publications in TAIR
| Title | 基於非線性降維之聯邦學習後門攻擊防禦方法 Defense Against Federated Learning Backdoor Attacks Based on Nonlinear Dimensionality Reduction |
| Creator | 吉瀚宇 Chi, Han-Yu |
| Contributor | 蔡子傑 Tsai, Tzu-Chieh 吉瀚宇 Chi, Han-Yu |
| Key Words | 後門攻擊 聯邦學習 異常檢測 非線性降維 Backdoor attack Federated learning Anomaly detection Non-linear dimensionality reduction |
| Date | 2025 |
| Date Issued | 4-Feb-2025 15:44:17 (UTC+8) |
| Summary | 聯邦學習能實現協作式模型訓練的同時保護數據隱私,但容易受到
後門攻擊和數據投毒的影響,這些都會損害模型的完整性。本論文提
出了一個防禦框架,該框架將非線性降維技術 (UMAP) 與多種異常檢
測方法 (隔離森林、局部離群因子和高斯混合模型) 相結合,用於識別
和過濾惡意更新。投票機制確保了對異常狀態的穩健檢測,增強了系
統抵抗攻擊的能力。
該框架在不同的數據分佈和惡意客戶端場景下進行了評估。結果表
明,該方法在減輕後門攻擊的同時,能保持一定的功能性。本研究為
改善隱私敏感應用中聯邦學習系統的安全性和穩健性提供了一個實用
的解決方案。 Federated Learningenables collaborative model training while preserving data privacy but is vulnerable to backdoor attacks and data poisoning, which compromise model integrity. This thesis proposes a defense framework that integrates nonlinear dimensionality reduction (UMAP) with anomaly detection methods (Isolation Forest, Local Outlier Factor, and Gaussian Mixture Model) to identify and filter malicious updates. A voting mechanism ensures robust detection of anomalies, enhancing the system's resilience against attacks. The proposed framework is evaluated under diverse data distributions and malicious client scenarios. Results indicate its effectiveness in mitigating backdoor attacks while maintaining strong accuracy on clean data. This study provides a practical solution for improving the security and robustness of FL systems in privacy-sensitive applications. |
| 參考文獻 | [1] H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, Blaise Agüera y Arcas.(2016) ” Communication-Efficient Learning of Deep Networks from Decentralized Data” [2] Hangyu Zhu, Jinjin Xu, Shiqing Liu, Yaochu Jin. (2021) ”Federated Learning on NonIID Data: A Survey” [3] Qinbin Li, Yiqun Diao, Quan Chen, Bingsheng He. (2021) ”Federated Learning on Non-IID Data Silos: An Experimental Study” [4] Geming Xia, Jian Chen, Chaodong Yu, Jun Ma. (2018) ”Poisoning Attacks in Federated Learning: A Survey”, IEEE [5] Clement Fung, Carnegie Mellon University; Chris J. M. Yoon and Ivan Beschastnikh,University of British Columbia. (2020) ”The Limitations of Federated Learning in Sybil Settings” [6] Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, Julien Stainer. (2017) ”Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent” [7] Yongkang Wang, Dihua Zhai, Yufeng Zhan, Yuanqing Xia. (2022) ”RFLBAT: A Robust Federated Learning Algorithm against Backdoor Attack” [8] Laurens van der Maaten, Geoffrey Hinton. (2008) ”Visualizing Data using t-SNE” [9] Joshua B. Tenenbaum, Vin de Silva, and John C. Langford. (2000) ”A Global Geometric Framework for Nonlinear Dimensionality Reduction” [10] Leland McInnes, John Healy, James Melvil. (2018) ”UMAP: Uniform Manifold Approximation and Projection for Dimension Reduction” [11] Fei Tony Liu, Kai Ming Ting, Zhi-Hua Zhou. (2008) ”Isolation Forest” [12] Markus M. Breunig, Hans-Peter Kriegel, Raymond T. Ng, Jörg Sander. (2000) ”LOF:Identifying Density-Based Local Outliers” [13] Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Daeki Cho, Haifeng Chen. (2018) ”Deep Autoencoding Gaussian Mixture Model for Unsupervised Anomaly Detection” |
| Description | 碩士 國立政治大學 資訊科學系 111753157 |
| 資料來源 | http://thesis.lib.nccu.edu.tw/record/#G0111753157 |
| Type | thesis |
| dc.contributor.advisor | 蔡子傑 | zh_TW |
| dc.contributor.advisor | Tsai, Tzu-Chieh | en_US |
| dc.contributor.author (Authors) | 吉瀚宇 | zh_TW |
| dc.contributor.author (Authors) | Chi, Han-Yu | en_US |
| dc.creator (作者) | 吉瀚宇 | zh_TW |
| dc.creator (作者) | Chi, Han-Yu | en_US |
| dc.date (日期) | 2025 | en_US |
| dc.date.accessioned | 4-Feb-2025 15:44:17 (UTC+8) | - |
| dc.date.available | 4-Feb-2025 15:44:17 (UTC+8) | - |
| dc.date.issued (上傳時間) | 4-Feb-2025 15:44:17 (UTC+8) | - |
| dc.identifier (Other Identifiers) | G0111753157 | en_US |
| dc.identifier.uri (URI) | https://nccur.lib.nccu.edu.tw/handle/140.119/155454 | - |
| dc.description (描述) | 碩士 | zh_TW |
| dc.description (描述) | 國立政治大學 | zh_TW |
| dc.description (描述) | 資訊科學系 | zh_TW |
| dc.description (描述) | 111753157 | zh_TW |
| dc.description.abstract (摘要) | 聯邦學習能實現協作式模型訓練的同時保護數據隱私,但容易受到 後門攻擊和數據投毒的影響,這些都會損害模型的完整性。本論文提 出了一個防禦框架,該框架將非線性降維技術 (UMAP) 與多種異常檢 測方法 (隔離森林、局部離群因子和高斯混合模型) 相結合,用於識別 和過濾惡意更新。投票機制確保了對異常狀態的穩健檢測,增強了系 統抵抗攻擊的能力。 該框架在不同的數據分佈和惡意客戶端場景下進行了評估。結果表 明,該方法在減輕後門攻擊的同時,能保持一定的功能性。本研究為 改善隱私敏感應用中聯邦學習系統的安全性和穩健性提供了一個實用 的解決方案。 | zh_TW |
| dc.description.abstract (摘要) | Federated Learningenables collaborative model training while preserving data privacy but is vulnerable to backdoor attacks and data poisoning, which compromise model integrity. This thesis proposes a defense framework that integrates nonlinear dimensionality reduction (UMAP) with anomaly detection methods (Isolation Forest, Local Outlier Factor, and Gaussian Mixture Model) to identify and filter malicious updates. A voting mechanism ensures robust detection of anomalies, enhancing the system's resilience against attacks. The proposed framework is evaluated under diverse data distributions and malicious client scenarios. Results indicate its effectiveness in mitigating backdoor attacks while maintaining strong accuracy on clean data. This study provides a practical solution for improving the security and robustness of FL systems in privacy-sensitive applications. | en_US |
| dc.description.tableofcontents | 第 一章 緒論 1 1.1 研究背景與動機 1 1.1.1 研究背景 1 1.1.2 研究動機 2 1.2 研究目的 5 第 二章 文獻探討 6 2.1 聯邦式學習 6 2.2 聯邦平均算法 8 2.3 資料異質性 10 2.4 投毒攻擊 13 2.5 基於相似性的防禦方法 15 2.6 降維技術 20 第 三章 研究方法 24 3.1 系統概述 24 3.2 方法設計與實作細節 25 3.2.1 多模型異常檢測系統 25 3.2.2 Isolation Forest 26 3.2.3 Local Outlier Factor 27 3.2.4 Gaussian Mixture Model 28 3.2.5 訓練流程 28 第 四章 實驗設計與結果分析 31 4.1 實驗環境與評估指標 31 4.1.1 實驗環境 31 4.1.2 評估指標 33 4.2 實驗一:客戶端數量對聯邦學習穩定性與防禦效果的影響 34 4.3 實驗二:不同惡意客戶比例與資料分佈 (α) 對演算法防禦成效之影響 35 4.3.1 α=1 情境 38 4.3.2 α=0.3 情境 39 4.3.3 α=0.4 情境 40 4.3.4 α=0.5 情境 41 4.4 實驗三:在不同型態的資料集中對演算法防禦成效之影響 42 4.4.1 攻擊比例 20% 42 4.4.2 攻擊比例 40% 44 第 五章 結論與未來展望 46 5.1 研究結論 46 5.2 未來研究展望 47 第 六章 參考文獻 48 | zh_TW |
| dc.format.extent | 2706474 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.source.uri (資料來源) | http://thesis.lib.nccu.edu.tw/record/#G0111753157 | en_US |
| dc.subject (關鍵詞) | 後門攻擊 | zh_TW |
| dc.subject (關鍵詞) | 聯邦學習 | zh_TW |
| dc.subject (關鍵詞) | 異常檢測 | zh_TW |
| dc.subject (關鍵詞) | 非線性降維 | zh_TW |
| dc.subject (關鍵詞) | Backdoor attack | en_US |
| dc.subject (關鍵詞) | Federated learning | en_US |
| dc.subject (關鍵詞) | Anomaly detection | en_US |
| dc.subject (關鍵詞) | Non-linear dimensionality reduction | en_US |
| dc.title (題名) | 基於非線性降維之聯邦學習後門攻擊防禦方法 | zh_TW |
| dc.title (題名) | Defense Against Federated Learning Backdoor Attacks Based on Nonlinear Dimensionality Reduction | en_US |
| dc.type (資料類型) | thesis | en_US |
| dc.relation.reference (參考文獻) | [1] H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, Blaise Agüera y Arcas.(2016) ” Communication-Efficient Learning of Deep Networks from Decentralized Data” [2] Hangyu Zhu, Jinjin Xu, Shiqing Liu, Yaochu Jin. (2021) ”Federated Learning on NonIID Data: A Survey” [3] Qinbin Li, Yiqun Diao, Quan Chen, Bingsheng He. (2021) ”Federated Learning on Non-IID Data Silos: An Experimental Study” [4] Geming Xia, Jian Chen, Chaodong Yu, Jun Ma. (2018) ”Poisoning Attacks in Federated Learning: A Survey”, IEEE [5] Clement Fung, Carnegie Mellon University; Chris J. M. Yoon and Ivan Beschastnikh,University of British Columbia. (2020) ”The Limitations of Federated Learning in Sybil Settings” [6] Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, Julien Stainer. (2017) ”Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent” [7] Yongkang Wang, Dihua Zhai, Yufeng Zhan, Yuanqing Xia. (2022) ”RFLBAT: A Robust Federated Learning Algorithm against Backdoor Attack” [8] Laurens van der Maaten, Geoffrey Hinton. (2008) ”Visualizing Data using t-SNE” [9] Joshua B. Tenenbaum, Vin de Silva, and John C. Langford. (2000) ”A Global Geometric Framework for Nonlinear Dimensionality Reduction” [10] Leland McInnes, John Healy, James Melvil. (2018) ”UMAP: Uniform Manifold Approximation and Projection for Dimension Reduction” [11] Fei Tony Liu, Kai Ming Ting, Zhi-Hua Zhou. (2008) ”Isolation Forest” [12] Markus M. Breunig, Hans-Peter Kriegel, Raymond T. Ng, Jörg Sander. (2000) ”LOF:Identifying Density-Based Local Outliers” [13] Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Daeki Cho, Haifeng Chen. (2018) ”Deep Autoencoding Gaussian Mixture Model for Unsupervised Anomaly Detection” | zh_TW |