Vulnerabilities of Foundation Model Integrated Federated Learning Systems Under Adversarial Attacks

Integrating foundation models into federated learning systems introduces new vulnerabilities that can be exploited by adversaries through a novel attack strategy, highlighting the critical need for enhanced security measures.

The content discusses the vulnerabilities of integrating foundation models (FMs) into federated learning (FL) systems, and proposes a novel attack strategy that exploits these vulnerabilities. Key highlights: Federated learning (FL) addresses privacy and security issues in machine learning, but suffers from data insufficiency and imbalance. Integrating foundation models (FMs) can help address these limitations. However, the inherent safety concerns of FMs can introduce new risks when integrated into FL systems, which remains largely unexplored. The authors propose a novel attack strategy that exploits the safety issues of FMs to compromise FL client models, specializing it to backdoor attacks. Extensive experiments on image and text classification tasks show that the FM-integrated FL (FM-FL) system is highly vulnerable to the proposed attack, compared to the classic attack mechanism. Existing robust aggregation and post-training defense strategies in FL offer limited protection against this new threat, underscoring the urgent need for advanced security measures in this domain.

The content does not provide specific numerical data or metrics to support the key arguments. It focuses on qualitative analysis of the vulnerabilities and the proposed attack strategy.

"The large-scale data scraped from the Internet used for FM training may be of low quality, containing bias, misinformation, toxicity, or even poisoned." "We find that the FM-FL system demonstrates significant vulnerability under this novel attack strategy, and the existing secure aggregation strategies and post-training mitigation methods in FL show insufficient robustness."