{"title":"Byzantine-robust Federated Learning via Cosine Similarity Aggregation","authors":"","doi":"10.1016/j.comnet.2024.110730","DOIUrl":null,"url":null,"abstract":"<div><p>Federated Learning (FL) is proposed to train a machine learning model for clients with different training data. During the training of FL, a centralized server is usually employed to aggregate local models from clients iteratively. The aggregation process suffers from Byzantine attacks, where clients’ models could be maliciously modified by attackers to degrade the training performance. Existing defense aggregation solutions use distances or angles between different gradients to identify and eliminate malicious models from clients. However, they do not work well due to the high dimensional property of the machine learning model. Distance-based solutions cannot effectively identify attackers when the gradient direction of the model is maliciously tampered with. Angle-based solutions face the issue of low model accuracy for large models. In this paper, we propose Convolutional Kernel Angle-based Defense Aggregation (CKADA) to improve defense performance under various Byzantine attacks. The key of CKADA is to use the angle between convolutional kernels as the attack detection metric because the obtuse angle indicates the wrong training direction. CKADA calculates the angle between a client’s convolutional kernel gradients and the server’s convolutional kernel gradients as the attacker detection metric and eliminates convolutional kernel gradients of clients that create an obtuse angle to mitigate the impact of attackers on the model. We evaluate the performance of CKADA using AlexNet, ResNet-50, and GoogLeNet under two typical attacks. Simulation results show that CKADA mitigates the impact of Byzantine attacks and outperforms existing angle-based solutions and distance-based solutions by improving inference accuracy up to 67% and 89% respectively.</p></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624005620","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
Federated Learning (FL) is proposed to train a machine learning model for clients with different training data. During the training of FL, a centralized server is usually employed to aggregate local models from clients iteratively. The aggregation process suffers from Byzantine attacks, where clients’ models could be maliciously modified by attackers to degrade the training performance. Existing defense aggregation solutions use distances or angles between different gradients to identify and eliminate malicious models from clients. However, they do not work well due to the high dimensional property of the machine learning model. Distance-based solutions cannot effectively identify attackers when the gradient direction of the model is maliciously tampered with. Angle-based solutions face the issue of low model accuracy for large models. In this paper, we propose Convolutional Kernel Angle-based Defense Aggregation (CKADA) to improve defense performance under various Byzantine attacks. The key of CKADA is to use the angle between convolutional kernels as the attack detection metric because the obtuse angle indicates the wrong training direction. CKADA calculates the angle between a client’s convolutional kernel gradients and the server’s convolutional kernel gradients as the attacker detection metric and eliminates convolutional kernel gradients of clients that create an obtuse angle to mitigate the impact of attackers on the model. We evaluate the performance of CKADA using AlexNet, ResNet-50, and GoogLeNet under two typical attacks. Simulation results show that CKADA mitigates the impact of Byzantine attacks and outperforms existing angle-based solutions and distance-based solutions by improving inference accuracy up to 67% and 89% respectively.
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.