A Clustering-Based Scoring Mechanism for Malicious Model Detection in Federated Learning

Abstract

Federated learning is a distributed machine learning technique that aggregates every client model on a server to obtain a global model. However, some clients may harm the system by poisoning their model or data to make the global model irrelevant to its objective. This paper introduces an approach for the server to detect adversarial models by coordinate-based statistical comparison and eliminate them from the system when their participation rate is at most 40 %. Realistic experiments that use non-independent and identically distributed (non-iid) datasets with different batch sizes have been carried out to show that the proposed method can still identify the malicious nodes successfully even if some of the clients learn slower than others or send quantized model weights due to energy limitations.