Go to 22 2022 homepageDealing with Byzantine Threats to Neural Networks
Abstract: Messages exchanged between the aggregator and the parties in a federated learning system can be corrupted due to machine glitches or malicious intents. This is known as a Byzantine failure or Byzantine attack. As such, in many federated learning settings, replies sent by participants may not be trusted fully. A set of competitors may work collaboratively to detect fraud via federated learning where each party provides local gradients that an aggregator uses to update a global model. This global model can be corrupted when one or more parties send malicious gradients. This necessitates the use of robust methods for aggregating gradients that mitigate the adverse effects of Byzantine replies. In this chapter, we focus on mitigating the Byzantine effect when training neural networks in a federated learning setting with a focus on the effect of having parties with highly disparate training datasets. Disparate training datasets or non-IID datasets may take the form of parties with imbalanced proportions of the training labels or different ranges of feature values. We introduce several state-of-the-art robust gradient aggregation algorithms and examine their performances as defenses against various attack settings. We empirically show the limitations of some existing robust aggregation algorithms, especially under certain Byzantine attacks and when parties admit non-IID data distributions. Moreover, we show that LayerwisE Gradient AggregaTiOn (LEGATO) is more computationally efficient than many existing robust aggregation algorithms and more generally robust across a variety of attack settings.
0 Replies
Loading