Towards Federated Learning With Byzantine-Robust Client Weighting

Portnoy, Amit; Tirosh, Yoav; Hendler, Danny

doi:10.48550/arxiv.2004.04986

Cited by 1 publication

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They take quantities into consideration when aggregating updates but by default treat all received quantities as benign. Portnoy et al [18] point out that received quantities may be malicious and can be exploited to increase the impact of malicious updates. They further propose to truncate received quantities to a dynamic threshold in each round, which guarantees any 10% clients do not have more than 50% samples.…”

Section: Related Workmentioning

confidence: 99%

“…We compare our FedRA with several baseline methods, including 1) Median [31], applying coordinate-wise median on each dimension of updates; 2) Trmean [31], applying coordinatewise trimmed-mean on each dimension of updates; 3) Krum [4], selecting the update that is closest to a subset of neighboring updates based on the square distance; 4) mKrum [4], a variance of Krum that selects multiple updates and averages the selected updates; 5) Bulyan [6], selecting multiple clients with mKrum and aggregating the selected updates with Trmean; 6) Norm-bounding [25], clipping the L 2 norm of each update with a certain threshold; 7) RFA [17], applying an approximation algorithm to minimize the geometric median of updates; 8) Truncate [18], limiting the quantity of each client under a dynamic threshold in each round and applying quantity-aware Trmean.…”

Section: Baselinesmentioning

confidence: 99%

“…Several methods have been proposed to defend against poisoning attacks for federated learning [4,31,6,25,17,18]. However, most existing defenses are flawed in handling quantities.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Robust Quantity-Aware Aggregation for Federated Learning

Yi¹,

Wu²,

Zhang³

et al. 2022

Preprint

View full text Add to dashboard Cite

Federated learning (FL) enables multiple clients to collaboratively train models without sharing their local data, and becomes an important privacy-preserving machine learning framework. However, classical FL faces serious security and robustness problem, e.g., malicious clients can poison model updates and at the same time claim large quantities to amplify the impact of their model updates in the model aggregation. Existing defense methods for FL, while all handling malicious model updates, either treat all quantities benign or simply ignore/truncate the quantities of all clients. The former is vulnerable to quantity-enhanced attack, while the latter leads to sub-optimal performance since the local data on different clients is usually in significantly different sizes. In this paper, we propose a robust quantity-aware aggregation algorithm for federated learning, called FedRA, to perform the aggregation with awareness of local data quantities while being able to defend against quantity-enhanced attacks. More specifically, we propose a method to filter malicious clients by jointly considering the uploaded model updates and data quantities from different clients, and performing quantity-aware weighted averaging on model updates from remaining clients. Moreover, as the number of malicious clients participating in the federated learning may dynamically change in different rounds, we also propose a malicious client number estimator to predict how many suspicious clients should be filtered in each round. Experiments on four public datasets demonstrate the effectiveness of our FedRA method in defending FL against quantity-enhanced attacks. Our code is available at https: //anonymous.4open.science/r/FedRA-4C1E.The linear aggregation applied in FedAvg has been proved to be vulnerable to poisoning attacks [2,7,26,28,3]. The malicious clients not only can conduct various attacks on local training and submit Preprint. Under review.

show abstract

Section: Related Workmentioning

confidence: 99%