An Analysis of Byzantine-Tolerant Aggregation Mechanisms on Model Poisoning in Federated Learning

ROSZEL, Mary; NORVILL, Robert; STATE, Radu

doi:10.1007/978-3-031-13448-7_12

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

An Analysis of Byzantine-Tolerant Aggregation Mechanisms on Model Poisoning in Federated Learning

ROSZEL, Mary; NORVILL, Robert; STATE, Radu

2022 • In Torra, Vicenç (Ed.) Modeling Decisions for Artificial Intelligence - 19th International Conference, MDAI 2022, Proceedings

Peer reviewed

Permalink
https://hdl.handle.net/10993/60475

DOI
10.1007/978-3-031-13448-7_12

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

MDAI_Federated_Defenses-3.pdf

Author postprint (15.12 MB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Aggregation mechanism; Aggregation methods; Attacks scenarios; Backdoors; Fixed frequency; Learning settings; Machine learning models; Malicious participant; Model updates; Poisoning attacks; Theoretical Computer Science; Computer Science (all)

Abstract :

[en] Federated learning is a distributed setting where multiple participants jointly train a machine learning model without exchanging data. Recent work has found that federated learning is vulnerable to backdoor model poisoning attacks, where an attacker leverages the unique environment to submit malicious model updates. To address these malicious participants, several Byzantine-Tolerant aggregation methods have been applied to the federated learning setting, including Krum, Multi-Krum, RFA, and Norm-Difference Clipping. In this work, we analyze the effectiveness and limits of each aggregation method and provide a thorough analysis of their success in various fixed-frequency attack settings. Further, we analyze the fairness of such aggregation methods on the success of the model on its intended tasks. Our results indicate that only one defense can successfully mitigate attacks in all attack scenarios, but a significant fairness issue is observed, highlighting the issues with preventing malicious attacks in a federated setting.

Disciplines :

Computer science

Author, co-author :

ROSZEL, Mary ; University of Luxembourg

NORVILL, Robert ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > SEDAN > Team Radu STATE

STATE, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN

External co-authors :

Language :

English

Title :

An Analysis of Byzantine-Tolerant Aggregation Mechanisms on Model Poisoning in Federated Learning

Publication date :

30 August 2022

Event name :

Modeling Decisions for Artificial Intelligence - 19th International Conference, MDAI 2022

Event place :

Sant Cugat, Esp

Event date :

30-08-2022 => 02-09-2022

Audience :

International

Main work title :

Modeling Decisions for Artificial Intelligence - 19th International Conference, MDAI 2022, Proceedings

Editor :

Torra, Vicenç

Publisher :

Springer Science and Business Media Deutschland GmbH

ISBN/EAN :

978-3-03-113447-0

Peer reviewed :

Peer reviewed

Additional URL :

https://link.springer.com/content/pdf/10.1007/978-3-031-13448-7_12

Available on ORBilu :

since 01 March 2024

Statistics

Number of views

66 (1 by Unilu)

Number of downloads

1 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenAlex citations

WoS citations^™

Bibliography

Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: International Conference on Artificial Intelligence and Statistics, pp. 2938–2948. PMLR (2020)
Bhagoji, A.N., Chakraborty, S., Mittal, P., Calo, S.: Analyzing federated learning through an adversarial lens. In: International Conference on Machine Learning, pp. 634–643. PMLR (2019)
Blanchard, P., El Mhamdi, E.M., Guerraoui, R., Stainer, J.: Machine learning with adversaries: Byzantine tolerant gradient descent. In: Proceedings of the 31st International Conference on Neural Information Processing Systems (2017)
Chen, Y., Su, L., Xu, J.: Distributed statistical machine learning in adversarial settings: Byzantine gradient descent. Proc. ACM Measur. Anal. Comput. Syst. 1(2), 1–25 (2017)
Cohen, G., Afshar, S., Tapson, J., Van Schaik, A.: EMNIST: extending MNIST to handwritten letters. In: 2017 International Joint Conference on Neural Networks (IJCNN), pp. 2921–2926. IEEE (2017)
Fang, M., Cao, X., Jia, J., Gong, N.: Local model poisoning attacks to Byzantine Robust federated learning. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 1605–1622 (2020)
Fung, C., Yoon, C.J., Beschastnikh, I.: Mitigating sybils in federated learning poisoning. arXiv preprint arXiv:1808.04866 (2018)
Kairouz, P., et al.: Advances and open problems in federated learning. arXiv preprint arXiv:1912.04977 (2019)
Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images (2009)
Kusetogullari, H., Yavariabdi, A., Cheddad, A., Grahn, H., Johan, H.: ARDIS: a Swedish historical handwritten digit dataset. Neural Comput. Appl. 32(21), 16505– 16518 (2020). https://doi.org/10.1007/s00521-019-04163-3
Li, L., Fan, Y., Tse, M., Lin, K.Y.: A review of applications in federated learning. Comput. Ind. Eng. 149, 106854 (2020)
Li, X., Huang, K., Yang, W., Wang, S., Zhang, Z.: On the convergence of FedAvg on Non-IID data. arXiv preprint arXiv:1907.02189 (2019)
Lim, W.Y.B., et al.: Federated learning in mobile edge networks: a comprehensive survey. IEEE Commun. Surv. Tutor. 22(3), 2031–2063 (2020)
Long, G., Tan, Y., Jiang, J., Zhang, C.: Federated learning for open banking. In: Yang, Q., Fan, L., Yu, H. (eds.) Federated Learning. LNCS (LNAI), vol. 12500, pp. 240–254. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-63076-8 17
Luo, J., et al.: Real-world image datasets for federated learning. arXiv preprint arXiv:1910.11089 (2019)
McMahan, B., Moore, E., Ramage, D., Hampson, S., Aguera y Arcas, B.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273–1282. PMLR (2017)
Paszke, A., et al.: PyTorch: an imperative style, high-performance deep learning library. In: Advances in Neural Information Processing Systems, vol. 32, pp. 8026– 8037 (2019)
Pillutla, K., Kakade, S.M., Harchaoui, Z.: Robust aggregation for federated learning. arXiv preprint arXiv:1912.13445 (2019)
Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)
Sun, Z., Kairouz, P., Suresh, A.T., McMahan, H.B.: Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963 (2019)
Wang, H., et al.: Attack of the tails: yes, you really can backdoor federated learning. arXiv preprint arXiv:2007.05084 (2020)
Yin, D., Chen, Y., Kannan, R., Bartlett, P.: Byzantine-robust distributed learning: towards optimal statistical rates. In: International Conference on Machine Learning, pp. 5650–5659. PMLR (2018)