Researchers Demonstrate Hardware-Based Backdoor Attack Against Federated Learning Systems
Researchers have developed a novel backdoor attack against federated learning systems that exploits hardware faults (bit-flips) rather than purely algorithmic approaches. The attack works by inducing faults in a single client's model during training, with experiments showing 94% success rates on ResNet-18 with minimal fault injections. This expands the threat surface for distributed machine learning systems by combining federated learning vulnerabilities with hardware-level attacks like Rowhammer.
A new research paper on arXiv describes a backdoor attack method against federated learning (FL) systems that leverages hardware faults, specifically bit-flips induced through attacks like Rowhammer. Unlike traditional FL poisoning attacks that rely on algorithmic manipulation, this approach crafts backdoors during an offline phase using a pretrained model and then implants them during FL training by corrupting parameters in a malicious client's local model. The researchers demonstrated that on a ResNet-18 architecture, as few as 10 faults per malicious client occurrence across 19 total occurrences could achieve 94% attack success rate. The attack is task-agnostic and works across different model types and datasets. The paper also discusses the practical constraints of executing such attacks and potential defensive measures, bridging the gap between hardware security threats and distributed machine learning vulnerabilities.
What's missing
The paper does not provide detailed information about: (1) specific defensive mechanisms that could effectively mitigate this class of attacks; (2) how realistic the Rowhammer attack vector is in typical federated learning deployment scenarios; (3) comparison with other hardware-based attack methods; (4) evaluation on larger-scale FL systems with many more clients.
What different sources said
- arXiv cs.AICenter
Model Poisoning Against Federated Model Adaptation with Chain of Bit-Flips
Related
Gut Bacteria Enzyme Found to Break Down Heat-Processed Food Compounds, Producing Novel Biogenic Amines
Researchers have discovered that an enzyme in common gut bacteria can degrade N-epsilon-carboxymethyllysine (CML), a compound formed during thermal food processing, producing previously unknown biogenic amines. The enzyme, ornithine decarboxylase SpeC from enterobacteria, acts on CML and related modified lysine derivatives through a low-level 'underground' catalytic activity. This finding suggests a previously unrecognized communication axis between thermally processed dietary compounds and gut microbial physiology, with potential implications for host health.
Full-Length Gene Sequencing Reveals Two Distinct Bacterial Communities in Black-Legged Ticks Expanding Into Canada
Researchers used Oxford Nanopore full-length 16S rRNA gene sequencing to characterize the microbiome of Ixodes scapularis black-legged ticks collected in Nova Scotia, Canada, distinguishing between tick-adapted bacteria and environmentally acquired bacteria. The study comes as I. scapularis — the primary vector of Lyme disease — is rapidly expanding northward into Canada due to climate change. The findings suggest that environmentally derived bacteria in tick microbiomes are not mere contamination, which has implications for how tick microbiome data is collected and interpreted across surveillance studies.
Study Identifies Metabolic Link Between Cell Envelope Stress and Biofilm Formation in Bacteria
Researchers have discovered that the metabolite acetyl-CoA directly inhibits enzymes that degrade the bacterial signaling molecule c-di-GMP, connecting cell envelope biosynthesis stress to biofilm formation in Pseudomonas aeruginosa. The study found that sub-inhibitory concentrations of antibiotics targeting early peptidoglycan biosynthesis — but not other antibiotic classes — elevate c-di-GMP levels by reducing phosphodiesterase activity, with acetyl-CoA competing for the enzyme active site. Because the relevant enzyme domain is broadly conserved across bacterial species, this checkpoint mechanism may be widespread and could have implications for understanding antibiotic-induced biofilm responses.