ROFL: RObust privacy preserving Federated Learning

In the modern world of connectivity, most data is generated in a de centralised way, across a multitude of platforms like mobile devices and other loT applications. This crowd sourced data, if well analyzed, can prove to be rich in insights, for different tasks. However, the issue in utilizing it lies with the consolidation of the data, which is unacceptable to most involved parties. While every participant stands to benefit from the collective use of the massive data repositories, the lack of trust between them prevents that endeavour. In this paper, we propose ROFL, which is an end-to-end robust mechanism of learning, that has been developed keeping all the trust issues in mind and addressing the necessity of privacy. We make note of the threat models that might make the participants apprehensive and design a bi-directional two-dimensional privacy preserving framework, that builds upon the state-of-the-art in differentially private federated learning. Specifically, we propose a weighted federated averaging technique for aggregation of the differentially private models generated by the participants. We are able to provide privacy guarantees without compromising on the accuracy of the machine learning task. ROFL has been tested for multiple neural architectures (VGG-16 [1] and ResNet [2]) on multiple datasets (MNIST [3], CIFAR-I0 and CIFAR-I00 [4]). On the machine learning tasks, it is able to achieve accuracies within the range of 1 % -2 % of what a model trained on the collected data would have generated, in the average case scenario. We have verified the robustness of ROFL against attacks involving sabotaging or malicious client providing erroneous models. The study on model convergence reveals how to improve the efficiency of ROFL. We also provide evidence on how ROFL is easily scalable in nature.