Federated Backdoor Attacks against Speech Recognition

Abstract

This thesis explores and simulates federated learning, specifically focusing on applying adversarial attacks against input data to assess their impact on training performance. In the context of the rising importance of federated learning for preserving data privacy in machine learning, this research investigates scenarios where data and models remain decentralized, eliminating the need to transfer them to a central location and thereby safe- guarding raw, sensitive data from exposure. The primary dataset under consideration is keyword-specific, involving the analysis and classification of sound waves recorded from real individuals. In addition to real-world data, synthetic data generated through cloud services is incorporated to augment the dataset, providing insights into its influence on the training phase. The study delves into various adversarial attack types, encompassing label manipulation and sound alteration, aiming to assess their impact on the federated learning model’s robustness.