Byzantine-Robust Aggregation in Federated Learning Empowered Industrial IoT

Li, Shenghui; Ngai, Edith C.-H.; Voigt, Thiemo

doi:10.1109/tii.2021.3128164

Cited by 33 publications

(18 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In terms of Byzantine attacks, most existing literature for distributed learning and federated learning focuses on convergence prevention [7], [19], [21], [24]. As illustrated in Fig.…”

Section: Threat Modelsmentioning

confidence: 99%

“…In recent years, a number of Byzantine-robust techniques have been proposed [9]. They can be classified into three categories: redundancy-based schemes that assign each client redundant updates and use this redundancy to eliminate the effect of Byzantine failures [10], [11], [12], [13]; trust-based schemes that assume some of the clients or datasets are trusted for filtering and re-weighting the local model updates [14], [15], [16]; robust aggregation schemes that estimate the updates according to some robust aggregation algorithms [8], [17], [18], [19], [20], [21]. For the first category, redundancy-based schemes, in the worst case, require each node to compute Ω(M ) times more updates, where M is the number of Byzantine clients [10].…”

Section: Introductionmentioning

confidence: 99%

“…The Inner Product Manipulation (IPM) attack poses a significant threat to Median and Krum by manipulating the inner product between the true gradient and the robust aggregated gradients to be negative [24]. Other schemes, such as AutoGM [19] and Clustering [21], were proposed with only empirical evaluations.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning

Ngai

Voigt

2024

IEEE Trans. Big Data

View full text Add to dashboard Cite

Byzantine-robust federated learning aims at mitigating Byzantine failures during the federated training process, where malicious participants (known as Byzantine clients) may upload arbitrary local updates to the central server in order to degrade the performance of the global model. In recent years, several robust aggregation schemes have been proposed to defend against malicious updates from Byzantine clients and improve the robustness of federated learning. These solutions were claimed to be Byzantine-robust, under certain assumptions. Other than that, new attack strategies are emerging, striving to circumvent the defense schemes. However, there is a lack of systematical comparison and empirical study thereof. In this paper, we conduct an experimental study of Byzantine-robust aggregation schemes under different attacks using two popular algorithms in federated learning, FedSGD and FedAvg. We first survey existing Byzantine attack strategies, as well as Byzantine-robust aggregation schemes that aim to defend against the Byzantine attacks. We also propose a new scheme, ClippedClustering, to enhance the robustness of a clustering-based scheme by automatically clipping the updates. Then we provide an experimental evaluation of eight aggregation schemes in the scenario of five different Byzantine attacks. Our experimental results show that these aggregation schemes sustain relatively high accuracy in some cases, but they are not effective in all cases. In particular, our proposed ClippedClustering successfully defends against most attacks under independent and identically distributed (IID) local datasets. However, when the local datasets are Non-IID, the performance of all the aggregation schemes significantly decreases. With Non-IID data, some of these aggregation schemes fail even in the complete absence of Byzantine clients. Based on our experimental study, we conclude that the robustness of all the aggregation schemes is limited, highlighting the need for new defense strategies, in particular for Non-IID datasets.

show abstract

“…In terms of Byzantine attacks, most existing literature for distributed learning and federated learning focuses on convergence prevention [7], [19], [21], [24]. As illustrated in Fig.…”

Section: Threat Modelsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning

Ngai

Voigt

2024

IEEE Trans. Big Data

View full text Add to dashboard Cite

show abstract

“…A straightforward attack is to sample some random noise from a distribution (e.g., Gaussian distribution) and add it to the updates before uploading [19], [28]. For simplicity sake, the mean and variance of the noise are both 0.1 in our experiment.…”

Section: Noisementioning

confidence: 99%

“…Furthermore, Noise and IPM (ϵ = 100) eventually damage the models under the four settings by decreasing the test accuracy to around 10% (no better than random guess). This is because they both make large changes to the updates, and Mean could be easily biased by large changes [19].…”

Section: Impact On the Mean Schemementioning

confidence: 99%

An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning

Li¹,

Ngai²,

Voigt³

2022

Preprint

View full text Add to dashboard Cite

<div> <div> <div> <p>Byzantine-robust federated learning aims at mitigating Byzantine failures during the federated training process, where malicious participants (known as Byzantine clients) may upload arbitrary local updates to the central server in order to degrade the performance of the global model. In recent years, several robust aggregation schemes have been proposed to defend against malicious updates from Byzantine clients and improve the robustness of federated learning. These solutions were claimed to be Byzantine-robust, under certain assumptions. Other than that, new attack strategies are emerging, striving to circumvent the defense schemes. However, there is a lack of systematical comparison and empirical study thereof. In this paper, we conduct an experimental study of Byzantine-robust aggregation schemes under different attacks using two popular algorithms in federated learning, FedSGD and FedAvg. We first survey existing Byzantine attack strategies, as well as Byzantine-robust aggregation schemes that aim to defend against the Byzantine attacks. We also propose a new scheme, ClippedClustering, to enhance the robustness of a clustering-based scheme by automatically clipping the updates. Then we provide an experimental evaluation of eight aggregation schemes in the scenario of five different Byzantine attacks. Our experimental results show that these aggregation schemes sustain relatively high accuracy in some cases, but they are not effective in all cases. In particular, our proposed ClippedClustering successfully defends against most attacks under independent and identically distributed (IID) local datasets. However, when the local datasets are Non-IID, the performance of all the aggregation schemes significantly decreases. With Non-IID data, some of these aggregation schemes fail even in the complete absence of Byzantine clients. Based on our experimental study, we conclude that the robustness of all the aggregation schemes is limited, highlighting the need for new defense strategies, in particular for Non-IID datasets. </p> </div> </div> </div>

show abstract

Privacy‐preserving federated learning based on multi‐key homomorphic encryption

Naas

Sigg

et al. 2022

Int J of Intelligent Sys

197

View full text Add to dashboard Cite

With the advance of machine learning and the Internet of Things (IoT), security and privacy have become critical concerns in mobile services and networks. Transferring data to a central unit violates the privacy of sensitive data. Federated learning mitigates this need to transfer local data by sharing model updates only. However, privacy leakage remains an issue. This paper proposes xMK‐CKKS, an improved version of the MK‐CKKS multi‐key homomorphic encryption protocol, to design a novel privacy‐preserving federated learning scheme. In this scheme, model updates are encrypted via an aggregated public key before sharing with a server for aggregation. For decryption, a collaboration among all participating devices is required. Our scheme prevents privacy leakage from publicly shared model updates in federated learning and is resistant to collusion between k < N − 1 participating devices and the server. The evaluation demonstrates that the scheme outperforms other innovations in communication and computational cost while preserving model accuracy.

show abstract

Byzantine-Robust Aggregation in Federated Learning Empowered Industrial IoT

Cited by 33 publications

References 34 publications

An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning

An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning

An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning

Privacy‐preserving federated learning based on multi‐key homomorphic encryption

Contact Info

Product

Resources

About