Making federated learning robust to adversarial attacks by learning data and model association

Abstract

One of the key challenges in federated learning (FL) is the detection of malicious parameter updates. In a typical FL setup, the presence of malicious client(s) can potentially demolish the overall training of the shared global model by influencing the aggregation process of the server. In this paper, we present a hybrid learning-based method for the detection of poisoned/malicious parameter updates from malicious clients. Furthermore, to highlight the effectiveness of the proposed method, we provide empirical evidence by evaluating the proposed method against a well-known label flipping attack on three different image classification tasks. The results suggest that our method can effectively detect and discard poisoned parameter updates without causing a significant drop in the performance of the overall learning of the FL paradigm. Our proposed method has achieved an average malicious parameters updates detection accuracy of 97.57%, 92.35%, and 89.42% for image classification task on MNIST, CIFAR, and APTOS diabetic retinopathy (DR) detection. Our method provides a performance gain of approximately 2% as compared to a recent similar state of the art method on MNIST classification and provided a comparable performance on federated extended MNIST (FEMNIST). 2022 The Authors