한국정보처리학회:학술대회논문집 (Annual Conference of KIPS)

한국정보처리학회 (Korea Information Processing Society)
권호 표지

RIP: Robust Collaborative Inference via Participant-wise Anomaly Detection

  • 조윤기 (서울대학교 전기정보공학부, 반도체공동연구소) ;
  • 한우림 (서울대학교 전기정보공학부, 반도체공동연구소) ;
  • 유미선 (서울대학교 전기정보공학부, 반도체공동연구소) ;
  • 백윤흥 (서울대학교 전기정보공학부, 반도체공동연구소)
  • Yun-Gi Cho (Department of ECE and ISRC, SNU) ;
  • Woo-Rim Han (Department of ECE and ISRC, SNU) ;
  • Mi-Seon Yu (Department of ECE and ISRC, SNU) ;
  • Yun-Heung Paek (Department of ECE and ISRC, SNU)
  • 발행 : 2024.10.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Collaborative inference combines diverse features contributed by various agents to improve prediction accuracy. However, it is vulnerable to adversarial attacks, where attackers manipulate the model's predictions through non-consensual inputs. Since each participant operates within their unique feature space, defending against these attacks becomes particularly challenging. A recent study demonstrated that using an auto-encoder based on the underlying manifold can reduce the impact of malicious participants. However, our experiments observed that the recently proposed attack, in which malicious influences close to the manifold, may still pose a threat. To address this issue, we introduce a novel approach that leverages implicit redundancy across participants' feature spaces during the inference stage via participant-wise anomaly detection. We evaluate this approach on CIFAR10, CINIC10, Imagenette, Give-Me-Some-Credit, and Bank Marketing datasets. Extensive experiments and ablation studies show that RIP effectively mitigates adversarial attacks in the collaborative inference stage.

키워드

과제정보

This work was supported by the BK21 FOUR program of the Education and Research Program for Future ICT Pioneers, Seoul National University in 2024. This work was supported bythe National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(RS-2023-00277326). This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) under the artificial intelligence semiconductor support program to nurture the best talents(IITP-2023-RS-2023-00256081) grant funded by the Korea government(MSIT). This work was supported by Institute of Information &communications Technology Planning &Evaluation (IITP) grant funded by the Korea government(MSIT) (No. 2022-0-00516, Derivation of a Differential Privacy Concept Applicable to National Statistics Data While Guaranteeing the Utility of Statistical Analysis). This work was supported by Inter-University Semiconductor Research Center (ISRC).

참고문헌

  1. Liu, Jing, et al. "CoPur: certifiably robust collaborative inference via feature purification." Advances in Neural Information Processing Systems 35 (2022): 26645-26657.
  2. Cho, Yungi, et al. "VFLIP: A Backdoor Defense for Vertical Federated Learning via Identification and Purification." European Symposium on Research in Computer Security. Cham: Springer Nature Switzerland, 2024.
  3. Gu, Yuhao, and Yuebin Bai. "LR-BA: Backdoor attack against vertical federated learning using local latent representations." Computers & Security 129 (2023): 103193.