MANDERA: Malicious Node Detection in Federated Learning via Ranking
Keywords: Federated Learning, Data poisoning attack, Byzantine attack, Malicious node detection, Ranking
Abstract: Federated learning is a distributed learning paradigm which seeks to preserve the privacy of each participating node's data. However, federated learning is vulnerable to attacks, specifically to our interest, model integrity attacks. In this paper, we propose a novel method for malicious node detection called MANDERA. By transferring the original message matrix assembling the update gradients from local nodes into a ranking matrix that encodes the relative rankings of the outputs of all local nodes in different parameter dimensions, MANDERA seeks to distinguish the malicious nodes from the benign ones with high efficiency based on key characteristics of the rank domain. We have proved, under mild conditions, that MANDERA is guaranteed to detect all malicious nodes under typical Byzantine attacks with no prior knowledge or history about the participating nodes. The effectiveness of MANDERA is further confirmed by experiments on two classic datasets, CIFAR-10 and MNIST. Compared to the state-of-art methods in the literature for defending Byzantine attacks, MANDERA is unique in its way to identify the malicious nodes by ranking and its robustness to effectively defense a wide range of attacks.
One-sentence Summary: The paper derives theoretical guarentees on and experimentally demonstrates effective detection of malicious poisoning nodes in federated learning with unsupervised clustering on the rank domain of gradient updates.
Supplementary Material: zip
Community Implementations: [ 1 code implementation](https://www.catalyzex.com/paper/arxiv:2110.11736/code)
15 Replies
Loading