分散式訓練梯度傳輸污染
Design & Development
Risk Description
In distributed training environments, attackers compromise a training node to inject malicious gradient updates during transmission. Since distributed systems rely on gradient aggregation across multiple nodes, poisoned gradients affect global model parameters during aggregation. This attack is difficult to detect as anomalous gradients from a single node may appear as normal statistical variance.
Framework Mappings
iso 23894R2
cosaiData Poisoning
mitre atlasAML.T0020
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)
Controls English translation pending
- 拜占庭容錯聚合
- 梯度異常偵測
Implementation Steps English translation pending
- 採用拜占庭容錯聚合演算法(如 Krum、Trimmed Mean)替代簡單平均
- 對每個節點的梯度更新設定幅度上限(gradient clipping)
- 部署梯度統計監控系統,偵測偏離正常分佈的異常更新
- 實施節點身份驗證和安全通訊通道