高度非 IID 数据和多数损坏情况下联合学习的拜占庭检测

IF 2.1 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Wireless Networks Pub Date : 2024-06-24 DOI:10.1007/s11276-024-03799-x

Zhonglin Wang, Ping Zhao

{"title":"高度非 IID 数据和多数损坏情况下联合学习的拜占庭检测","authors":"Zhonglin Wang, Ping Zhao","doi":"10.1007/s11276-024-03799-x","DOIUrl":null,"url":null,"abstract":"Federated Learning (FL) is a privacy-preserving paradigm which enables multiple clients to jointly learn a model and keeps their data local. However, the nature of FL leaves the vulnerability to Byzantine attacks, where the malicious clients upload poisoned local models to the FL server, further corrupting the learnt global model. Most existing defenses against Byzantine attack still have the limitations when the ratio of malicious clients is greater than \\(50\\%\\) and the data among clients is not independent and identically distributed (non-IID). To address these issues, we propose a novel FL framework with Byzantine detection, which is robust against Byzantine attacks when the adversary has control of the majority of the clients and the data among clients is highly non-IID. The main idea is that the FL server supervises the clients via injecting a shadow dataset into the processes of the local training. Moreover, we design a Local Model Filter with an adaptive filtering policy that evaluates the local models’ performance on the shadow dataset and further filters out these local models compromised by the adversary. Finally, we evaluate our work on three real-world datasets, and the results show that our work outperforms the four existing Byzantine-robust defenses in defending against two state-of-the-art threatening Byzantine attacks.","PeriodicalId":23750,"journal":{"name":"Wireless Networks","volume":"27 1","pages":""},"PeriodicalIF":2.1000,"publicationDate":"2024-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Byzantine detection for federated learning under highly non-IID data and majority corruptions\",\"authors\":\"Zhonglin Wang, Ping Zhao\",\"doi\":\"10.1007/s11276-024-03799-x\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Federated Learning (FL) is a privacy-preserving paradigm which enables multiple clients to jointly learn a model and keeps their data local. However, the nature of FL leaves the vulnerability to Byzantine attacks, where the malicious clients upload poisoned local models to the FL server, further corrupting the learnt global model. Most existing defenses against Byzantine attack still have the limitations when the ratio of malicious clients is greater than \\\\(50\\\\%\\\\) and the data among clients is not independent and identically distributed (non-IID). To address these issues, we propose a novel FL framework with Byzantine detection, which is robust against Byzantine attacks when the adversary has control of the majority of the clients and the data among clients is highly non-IID. The main idea is that the FL server supervises the clients via injecting a shadow dataset into the processes of the local training. Moreover, we design a Local Model Filter with an adaptive filtering policy that evaluates the local models’ performance on the shadow dataset and further filters out these local models compromised by the adversary. Finally, we evaluate our work on three real-world datasets, and the results show that our work outperforms the four existing Byzantine-robust defenses in defending against two state-of-the-art threatening Byzantine attacks.\",\"PeriodicalId\":23750,\"journal\":{\"name\":\"Wireless Networks\",\"volume\":\"27 1\",\"pages\":\"\"},\"PeriodicalIF\":2.1000,\"publicationDate\":\"2024-06-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Wireless Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s11276-024-03799-x\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Wireless Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s11276-024-03799-x","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

联合学习（FL）是一种保护隐私的模式，它能让多个客户端共同学习一个模型，并将其数据保持在本地。然而，FL 的特性使其容易受到拜占庭攻击，即恶意客户端将中毒的本地模型上传到 FL 服务器，进一步破坏学习到的全局模型。当恶意客户端的比例大于（50%）且客户端之间的数据不独立且同分布（non-IID）时，大多数现有的拜占庭攻击防御措施仍有局限性。为了解决这些问题，我们提出了一种新颖的带有拜占庭检测功能的 FL 框架，当敌方控制了大部分客户端且客户端之间的数据高度非 IID 时，该框架对拜占庭攻击具有鲁棒性。其主要思想是，FL 服务器通过向本地训练过程注入影子数据集来监督客户端。此外，我们还设计了一种具有自适应过滤策略的本地模型过滤器，用于评估本地模型在影子数据集上的性能，并进一步过滤掉这些被对手破坏的本地模型。最后，我们在三个真实数据集上对我们的工作进行了评估，结果表明我们的工作在防御两种最先进的拜占庭威胁攻击方面优于现有的四种拜占庭稳健防御方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

Byzantine detection for federated learning under highly non-IID data and majority corruptions

查看原文本刊更多论文

Byzantine detection for federated learning under highly non-IID data and majority corruptions

Federated Learning (FL) is a privacy-preserving paradigm which enables multiple clients to jointly learn a model and keeps their data local. However, the nature of FL leaves the vulnerability to Byzantine attacks, where the malicious clients upload poisoned local models to the FL server, further corrupting the learnt global model. Most existing defenses against Byzantine attack still have the limitations when the ratio of malicious clients is greater than \(50\%\) and the data among clients is not independent and identically distributed (non-IID). To address these issues, we propose a novel FL framework with Byzantine detection, which is robust against Byzantine attacks when the adversary has control of the majority of the clients and the data among clients is highly non-IID. The main idea is that the FL server supervises the clients via injecting a shadow dataset into the processes of the local training. Moreover, we design a Local Model Filter with an adaptive filtering policy that evaluates the local models’ performance on the shadow dataset and further filters out these local models compromised by the adversary. Finally, we evaluate our work on three real-world datasets, and the results show that our work outperforms the four existing Byzantine-robust defenses in defending against two state-of-the-art threatening Byzantine attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Wireless Networks 工程技术-电信学

CiteScore

7.70

自引率

3.30%

发文量

314

审稿时长

5.5 months

期刊介绍： The wireless communication revolution is bringing fundamental changes to data networking, telecommunication, and is making integrated networks a reality. By freeing the user from the cord, personal communications networks, wireless LAN''s, mobile radio networks and cellular systems, harbor the promise of fully distributed mobile computing and communications, any time, anywhere. Focusing on the networking and user aspects of the field, Wireless Networks provides a global forum for archival value contributions documenting these fast growing areas of interest. The journal publishes refereed articles dealing with research, experience and management issues of wireless networks. Its aim is to allow the reader to benefit from experience, problems and solutions described.