CrowdGuard: Federated Backdoor Detection in Federated Learning

Phillip Rieger

Network and Distributed System Security (NDSS) Symposium 2024 · Day 1 · Poisoning Attacks

CrowdGuard introduces a pioneering defense mechanism designed to robustly detect and mitigate backdoor attacks within Federated Learning (FL) environments. Presented by Phillip Rieger, this talk highlights the critical vulnerabilities inherent in distributed machine learning paradigms, particularly the threat of targeted poisoning attacks. Federated Learning, while offering significant privacy benefits by keeping sensitive training data on client devices, simultaneously opens avenues for malicious actors to inject hidden behaviors into global models without directly accessing client data. CrowdGuard addresses this challenge by employing a novel, privacy-preserving architecture that leverages **Trusted Execution Environments (TEEs)** on both client and server sides, enabling secure client-side model validation and robust server-side aggregation of feedback.