Learning to Attack Distributionally Robust Federated Learning

We propose a two-stage attack framework that leverages the power of distribution matching and deep reinforcement learning to learn attack policies against federated learning. Our two-stage attack effectively learns an attack policy that minimizes the robustness levels of distributionally robust federated models, and substantially jeopardizes the performance of the federated learning systems even when the server imposes defense mechanisms. Our work brings new insights into how to attack federated learning systems with model-based reinforcement learning.