Bad-MFL: A Cross-Modality Bi-Trigger Backdoor Attack against Multi-Modal Federated Learning

Against the backdrop of the rapid proliferation of Industrial Internet of Things, due to the rapid increase in edge devices and multi-modal data, Multi-modal Federated Learning (MFL)—an extension of Federated Learning(FL)—has become the mainstream solution for fusing heterogeneous sensor data in edge computing. Although MFL is inherently vulnerable to backdoor attacks similar to FL, its cross-modal fusion techniques for verifying semantic consistency gradually may cause single modal triggers to be faded during training. To address the aforementioned issue, we propose a cross-modality bi-trigger backdoor attack against MFL, named Bad-MFL, which are the first backdoor attack specifically targeting MFL. Bad-MFL employs two trigger generation modes to randomly implant logically correlated, invisible bi-trigger in two modalities. By maintaining semantic consistency between the triggers, BadMFL bypasses cross-modal fusion validation and successfully implants a backdoor into the global model. Moreover, it ensures the backdoor will not disappear as training progresses. Our experiments indicate that, compared to traditional backdoor attack methods, Bad-MFL achieving an Attack Success Rate up to 89.04%, which is 56% higher than the baseline attack, and its backdoor remains effective in high heterogeneous environments throughout training.

IEEE Internet of Things Journal