Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
Steven Furnell and Nathan Clarke (Ed.)An electronic voting (e-voting) based interactive cybersecurity education curriculum has been proposed recently. It is well-known that assignments and projects are coherent parts of and important for any curriculum. This paper proposes a set of course projects, assignment design, and a coherent online plug-and-play (PnP) platform implementation. The PnP platform and the proposed exemplary assignments and projects, are systematic (derived from the same system), adaptive (smoothly increasing difficulty), flexible (bound to protocols instead of implementations), and interactive (teacher-student and student-student interactions). They allow students to implement parts of the components of this e-voting system, which they can then plug into the PnP system, to run, test and modify their implementations, and to enhance their knowledge and skills on cryptography, cybersecurity, and software engineering.more » « less
-
Federated Learning (FL) allows individual clients to train a global model by aggregating local model updates each round. This results in collaborative model training while main-taining the privacy of clients' sensitive data. However, malicious clients can join the training process and train with poisoned data or send artificial model updates in targeted poisoning attacks. Many defenses to targeted poisoning attacks rely on anomaly-detection based metrics which remove participants that deviate from the majority. Similarly, aggregation-based defenses aim to reduce the impact of outliers, while L2-norm clipping tries to scale down the impact of malicious models. However, oftentimes these defenses misidentify benign clients as malicious or only work under specific attack conditions. In our paper, we examine the effectiveness of two anomaly -detection metrics on three different aggregation methods, in addition to the presence of L2-norm clipping and weight selection, across two different types of attacks. We also combine different defenses in order to examine their interaction and examine each defense when no attack is present. We found minimum aggregation to be the most effective defense against label-flipping attacks, whereas both minimum aggregation and geometric median worked well against distributed backdoor attacks. Using random weight selection significantly deteriorated defenses against both attacks, whereas the use of clipping made little difference. Finally, the main task accuracy was directly correlated with the BA in the label-flipping attack and generally was close to the MA in benign scenarios. However, in the DBA the MA and BA are inversely correlated and the MA fluctuates greatly.more » « less