… In this paper, the parameters submitted by poisoning adversary could cause the model to
misclassify, degrading the accuracy of the trained model. Hence, a secure and robust FL needs …

… vulnerability of federated learning to sybil-based poisoning attacks… to this problem that identifies
poisoning sybils based on the … , targeted poisoning attacks are performed by adversaries …

… We design attacks on federated learning that ensure targeted poisoning of the global model
while ensuring convergence. Our threat model considers adversaries controlling a small …

… , variations of poisoning, and adversary capabilities. We … threat models of poisoning attacks
on federated learning (FL), … of untargeted model and data poisoning attacks on FL (including …

… Federated learning (FL) is an emerging paradigm for distributed … In this paper, we study
targeted data poisoning attacks … We consider two scenarios in which the adversary is restricted …

… Adversaries in collaborative learning and federated learning can be strong. They can …
limits the number of adversaries in the system is 1. Because the adversary only gets the global …

… Unlike previous works [17], [4], [31], [37], we consider a comprehensive set of possible threat
models for model poisoning attacks along two dimensions of the adversary’s knowledge: …

… on FL systems: 1) poisoning attacks that attempt to prevent a model from being learned at
all, or to bias the model to produce inferences that are preferable to the adversary; and 2) …

… trained local gradients into a federated model through a … poisoning attacks launched by a
Byzantine adversary, who crafts malicious local gradients to harm the accuracy of the federated …

… We simulate two types of poisoning attacks: (1) Label-flipping attacks: the adversaries
attempt to flip a randomly selected source label (S) of the training samples to a target (adversarial) …