Pith. sign in

REVIEW 1 cited by

A Little Is Enough: Circumventing Defenses For Distributed Learning

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 1902.06156 v1 pith:CX6RYI4E submitted 2019-02-16 cs.LG cs.CRcs.DCstat.ML

A Little Is Enough: Circumventing Defenses For Distributed Learning

classification cs.LG cs.CRcs.DCstat.ML
keywords learningattackdefensesdistributedmodelsparticipantsaccuracycifar10
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

Distributed learning is central for large-scale training of deep-learning models. However, they are exposed to a security threat in which Byzantine participants can interrupt or control the learning process. Previous attack models and their corresponding defenses assume that the rogue participants are (a) omniscient (know the data of all other participants), and (b) introduce large change to the parameters. We show that small but well-crafted changes are sufficient, leading to a novel non-omniscient attack on distributed learning that go undetected by all existing defenses. We demonstrate our attack method works not only for preventing convergence but also for repurposing of the model behavior (backdooring). We show that 20% of corrupt workers are sufficient to degrade a CIFAR10 model accuracy by 50%, as well as to introduce backdoors into MNIST and CIFAR10 models without hurting their accuracy

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. FLARE: Adaptive Multi-Dimensional Reputation for Robust Client Reliability in Federated Learning

    cs.LG 2025-11 conditional novelty 6.0

    FLARE uses adaptive multi-dimensional reputation scores and soft exclusion to improve Byzantine robustness in federated learning by up to 16% over prior methods while handling a new Statistical Mimicry attack.