Resilience in Online Federated Learning: Mitigating Model-Poisoning Attacks via Partial Sharing

IF 3 3区计算机科学 Q2 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Transactions on Signal and Information Processing over Networks Pub Date : 2025-04-17 DOI:10.1109/TSIPN.2025.3559444

Ehsan Lari;Reza Arablouei;Vinay Chakravarthi Gogineni;Stefan Werner

{"title":"Resilience in Online Federated Learning: Mitigating Model-Poisoning Attacks via Partial Sharing","authors":"Ehsan Lari;Reza Arablouei;Vinay Chakravarthi Gogineni;Stefan Werner","doi":"10.1109/TSIPN.2025.3559444","DOIUrl":null,"url":null,"abstract":"Federated learning (FL) allows training machine learning models on distributed data without compromising privacy. However, FL is vulnerable to model-poisoning attacks where malicious clients tamper with their local models to manipulate the global model. In this work, we investigate the resilience of the partial-sharing online FL (PSO-Fed) algorithm against such attacks. PSO-Fed reduces communication overhead by allowing clients to share only a fraction of their model updates with the server. We demonstrate that this partial sharing mechanism has the added advantage of enhancing PSO-Fed's robustness to model-poisoning attacks. Through theoretical analysis, we show that PSO-Fed maintains convergence even under Byzantine attacks, where malicious clients inject noise into their updates. Furthermore, we derive a formula for PSO-Fed's mean square error, considering factors like stepsize, attack probability, and the number of malicious clients. Interestingly, we find a non-trivial optimal stepsize that maximizes PSO-Fed's resistance to these attacks. Extensive numerical experiments confirm our theoretical findings and showcase PSO-Fed's superior performance against model-poisoning attacks compared to other leading FL algorithms.","PeriodicalId":56268,"journal":{"name":"IEEE Transactions on Signal and Information Processing over Networks","volume":"11 ","pages":"388-400"},"PeriodicalIF":3.0000,"publicationDate":"2025-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Signal and Information Processing over Networks","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10969081/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Federated learning (FL) allows training machine learning models on distributed data without compromising privacy. However, FL is vulnerable to model-poisoning attacks where malicious clients tamper with their local models to manipulate the global model. In this work, we investigate the resilience of the partial-sharing online FL (PSO-Fed) algorithm against such attacks. PSO-Fed reduces communication overhead by allowing clients to share only a fraction of their model updates with the server. We demonstrate that this partial sharing mechanism has the added advantage of enhancing PSO-Fed's robustness to model-poisoning attacks. Through theoretical analysis, we show that PSO-Fed maintains convergence even under Byzantine attacks, where malicious clients inject noise into their updates. Furthermore, we derive a formula for PSO-Fed's mean square error, considering factors like stepsize, attack probability, and the number of malicious clients. Interestingly, we find a non-trivial optimal stepsize that maximizes PSO-Fed's resistance to these attacks. Extensive numerical experiments confirm our theoretical findings and showcase PSO-Fed's superior performance against model-poisoning attacks compared to other leading FL algorithms.

查看原文本刊更多论文

在线联邦学习中的弹性：通过部分共享减轻模型中毒攻击

联邦学习（FL）允许在不损害隐私的情况下在分布式数据上训练机器学习模型。然而，FL很容易受到模型中毒攻击，在这种攻击中，恶意客户端篡改其局部模型以操纵全局模型。在这项工作中，我们研究了部分共享在线FL （PSO-Fed）算法对此类攻击的弹性。PSO-Fed允许客户端仅与服务器共享其模型更新的一小部分，从而减少了通信开销。我们证明了这种部分共享机制具有增强PSO-Fed对模型中毒攻击的鲁棒性的附加优势。通过理论分析，我们表明PSO-Fed即使在拜占庭攻击下也保持收敛性，恶意客户端在其更新中注入噪声。此外，我们推导了PSO-Fed的均方误差公式，考虑了步长、攻击概率和恶意客户端数量等因素。有趣的是，我们发现了一个非平凡的最优步长，使PSO-Fed对这些攻击的抵抗力最大化。大量的数值实验证实了我们的理论发现，并展示了与其他领先的FL算法相比，PSO-Fed在抗模型中毒攻击方面的优越性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Signal and Information Processing over Networks Computer Science-Computer Networks and Communications

CiteScore

5.80

自引率

12.50%

发文量

期刊介绍： The IEEE Transactions on Signal and Information Processing over Networks publishes high-quality papers that extend the classical notions of processing of signals defined over vector spaces (e.g. time and space) to processing of signals and information (data) defined over networks, potentially dynamically varying. In signal processing over networks, the topology of the network may define structural relationships in the data, or may constrain processing of the data. Topics include distributed algorithms for filtering, detection, estimation, adaptation and learning, model selection, data fusion, and diffusion or evolution of information over such networks, and applications of distributed signal processing.