Fall of empires: Breaking byzantine-tolerant SGD by inner product manipulation

Research output: Contribution to conferencePaper

Abstract

Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.

Original languageEnglish (US)
StatePublished - Jan 1 2019
Event35th Conference on Uncertainty in Artificial Intelligence, UAI 2019 - Tel Aviv, Israel
Duration: Jul 22 2019Jul 25 2019

Conference

Conference35th Conference on Uncertainty in Artificial Intelligence, UAI 2019
CountryIsrael
CityTel Aviv
Period7/22/197/25/19

Fingerprint

Byproducts
Learning systems
Agglomeration

ASJC Scopus subject areas

  • Artificial Intelligence

Cite this

Xie, C., Koyejo, O., & Gupta, I. (2019). Fall of empires: Breaking byzantine-tolerant SGD by inner product manipulation. Paper presented at 35th Conference on Uncertainty in Artificial Intelligence, UAI 2019, Tel Aviv, Israel.

Fall of empires : Breaking byzantine-tolerant SGD by inner product manipulation. / Xie, Cong; Koyejo, Oluwasanmi; Gupta, Indranil.

2019. Paper presented at 35th Conference on Uncertainty in Artificial Intelligence, UAI 2019, Tel Aviv, Israel.

Research output: Contribution to conferencePaper

Xie, C, Koyejo, O & Gupta, I 2019, 'Fall of empires: Breaking byzantine-tolerant SGD by inner product manipulation', Paper presented at 35th Conference on Uncertainty in Artificial Intelligence, UAI 2019, Tel Aviv, Israel, 7/22/19 - 7/25/19.
Xie C, Koyejo O, Gupta I. Fall of empires: Breaking byzantine-tolerant SGD by inner product manipulation. 2019. Paper presented at 35th Conference on Uncertainty in Artificial Intelligence, UAI 2019, Tel Aviv, Israel.
Xie, Cong ; Koyejo, Oluwasanmi ; Gupta, Indranil. / Fall of empires : Breaking byzantine-tolerant SGD by inner product manipulation. Paper presented at 35th Conference on Uncertainty in Artificial Intelligence, UAI 2019, Tel Aviv, Israel.
@conference{ab5c24b2e4bf43ccb781e25317c116e2,
title = "Fall of empires: Breaking byzantine-tolerant SGD by inner product manipulation",
abstract = "Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.",
author = "Cong Xie and Oluwasanmi Koyejo and Indranil Gupta",
year = "2019",
month = "1",
day = "1",
language = "English (US)",
note = "35th Conference on Uncertainty in Artificial Intelligence, UAI 2019 ; Conference date: 22-07-2019 Through 25-07-2019",

}

TY - CONF

T1 - Fall of empires

T2 - Breaking byzantine-tolerant SGD by inner product manipulation

AU - Xie, Cong

AU - Koyejo, Oluwasanmi

AU - Gupta, Indranil

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.

AB - Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.

UR - http://www.scopus.com/inward/record.url?scp=85073205488&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85073205488&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:85073205488

ER -