Go to DBLP homepagePR-PFL: A Privacy-Preserving and Robust Personalized Federated Learning Framework
Abstract: Personalized Federated Learning (PFL) tackles the challenges of FL on heterogeneous data and provides customized solutions to each client. However, like commonly employed FL settings, PFL is still vulnerable to attacks on privacy and model availability. Existing PFL frameworks focus on either privacy protection or attack defense instead of simultaneously implementing both functionalities. To address this challenge, we design and implement a novel Privacy-preserving and Robust Personalized Federated Learning framework, PR-PFL, which can simultaneously protect data privacy and defend against model availability attacks. Specifically, PR-PFL adopts Mean Regularized Multi-Task Learning (MR-MTL) as the base training paradigm. Clients perform per-sample DP to protect data privacy, and the central server executes a robust aggregation algorithm to filter out potential attackers. After collective training, clients tune their models locally to eliminate malicious injections further. To the best of our knowledge, this is the first PFL framework that protects both clients’ privacy and model availability. The method combining robust aggregation and local tuning we have designed can effectively defend against 5 kinds of attacks. We conduct an extensive empirical evaluation demonstrating that our framework is practical and achieves reasonable robustness under an honest majority setting (attackers <50%).
Loading