{"title":"Byzantine detection for federated learning under highly non-IID data and majority corruptions","authors":"Zhonglin Wang, Ping Zhao","doi":"10.1007/s11276-024-03799-x","DOIUrl":null,"url":null,"abstract":"<p>Federated Learning (FL) is a privacy-preserving paradigm which enables multiple clients to jointly learn a model and keeps their data local. However, the nature of FL leaves the vulnerability to <i>Byzantine attacks</i>, where the malicious clients upload poisoned local models to the FL server, further corrupting the learnt global model. Most existing defenses against Byzantine attack still have the limitations when the ratio of malicious clients is greater than <span>\\(50\\%\\)</span> and the data among clients is not independent and identically distributed (non-IID). To address these issues, we propose a novel FL framework with Byzantine detection, which is robust against Byzantine attacks when the adversary has control of the majority of the clients and the data among clients is highly non-IID. The main idea is that the FL server supervises the clients via injecting a shadow dataset into the processes of the local training. Moreover, we design a Local Model Filter with an adaptive filtering policy that evaluates the local models’ performance on the shadow dataset and further filters out these local models compromised by the adversary. Finally, we evaluate our work on three real-world datasets, and the results show that our work outperforms the four existing Byzantine-robust defenses in defending against two state-of-the-art threatening Byzantine attacks.</p>","PeriodicalId":23750,"journal":{"name":"Wireless Networks","volume":"27 1","pages":""},"PeriodicalIF":2.1000,"publicationDate":"2024-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Wireless Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s11276-024-03799-x","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Federated Learning (FL) is a privacy-preserving paradigm which enables multiple clients to jointly learn a model and keeps their data local. However, the nature of FL leaves the vulnerability to Byzantine attacks, where the malicious clients upload poisoned local models to the FL server, further corrupting the learnt global model. Most existing defenses against Byzantine attack still have the limitations when the ratio of malicious clients is greater than \(50\%\) and the data among clients is not independent and identically distributed (non-IID). To address these issues, we propose a novel FL framework with Byzantine detection, which is robust against Byzantine attacks when the adversary has control of the majority of the clients and the data among clients is highly non-IID. The main idea is that the FL server supervises the clients via injecting a shadow dataset into the processes of the local training. Moreover, we design a Local Model Filter with an adaptive filtering policy that evaluates the local models’ performance on the shadow dataset and further filters out these local models compromised by the adversary. Finally, we evaluate our work on three real-world datasets, and the results show that our work outperforms the four existing Byzantine-robust defenses in defending against two state-of-the-art threatening Byzantine attacks.
期刊介绍:
The wireless communication revolution is bringing fundamental changes to data networking, telecommunication, and is making integrated networks a reality. By freeing the user from the cord, personal communications networks, wireless LAN''s, mobile radio networks and cellular systems, harbor the promise of fully distributed mobile computing and communications, any time, anywhere.
Focusing on the networking and user aspects of the field, Wireless Networks provides a global forum for archival value contributions documenting these fast growing areas of interest. The journal publishes refereed articles dealing with research, experience and management issues of wireless networks. Its aim is to allow the reader to benefit from experience, problems and solutions described.