Byzantine-Robust Dynamic Weighted Aggregation Framework for Optimal Attack Mitigation in Federated Learning

Download PDF

K Naveen Kumar, Vishnu Chalavadi, Srinivasa Rao Chalamala, Ajeet Kumar Singh, C Krishna Mohan

21 Sept 2023 (modified: 25 Mar 2024)ICLR 2024 Conference Withdrawn SubmissionEveryoneRevisionsBibTeX
Keywords: Federated learning, adversarial attacks, defense, optimal transport, Byzantine-robust
TL;DR: This paper presents a defense framework named "federated learning optimal transport" (FLOT) fot dynamic weighted aggregation, that takes malicious attack clients into account.
Abstract: Federated learning (FL) has emerged as a promising solution to enable distributed learning on sensitive data without centralized storage and sharing. However, FL is vulnerable to data poisoning attacks, where malicious clients aim to manipulate the training process by injecting poisonous data. Existing defense mechanisms for FL suffer from limitations, including a trade-off between precision and robustness, assumptions on asymptotic optimal bounds on error rates of parameters, i.i.d. data distributions, and strong-convexity assumptions on the optimization problem. To address these limitations, we propose a novel framework called Federated Learning Optimal Transport (FLOT). Our method leverages the Wasserstein barycentric technique to obtain a global model from a set of locally trained models on client devices. Additionally, FLOT introduces a loss function-based rejection (LFR) mechanism to suppress malicious updates and a dynamic weighting scheme to optimize the Wasserstein barycentric aggregation function. We evaluate FLOT on four benchmark datasets: GTSRB, KBTS, CIFAR10, and EMNIST. Our experimental results demonstrate that FLOT outperforms existing baseline methods under single and multi-client attack settings. Also, it serves as a robust client selection technique under no attack. We also prove the Byzantine resilience of FLOT to demonstrate its effectiveness. These results underscore the practical significance of FLOT as an effective defense mechanism against data poisoning attacks in FL while maintaining high accuracy and scalability. The robustness and effectiveness of FLOT make it a promising solution for real-world applications where data privacy and security are critical.
Primary Area: societal considerations including fairness, safety, privacy
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 3215