An approach for defending against severe poisoning attacks during Federated Learning aggregation

Federated learning is a technique that trains machine learning models on data distributed across multiple devices, ensuring that sensitive data does not leave its local environment. However, federated learning has been susceptible to poisoning attacks, where malicious participants tamper with the data or model parameters, potentially causing severe disruptions, such as manipulating traffic systems to cause accidents. Although a lot of defend methods are proposed, existing methods are constrained to different preconditions that can not resist in severe poisoning attacks.

To solve the problems, a research team led by Zhong Chen published their new research on 15 October 2024 in Frontiers of Computer Science published by Higher Education Press.

The team proposed a performance-based defending method, FedTop, which offers a flexible, robust defense mechanism. It can effectively operate even if there is only one normal model available. In addition, this method is verified and tested from both mathematical and experimental aspects. Compared with the existing methods, the results showed superior performance.

This method consists of three core modules: parameter normalization, performance ranking, and weighted aggregation. In the research, they first analyze the convergence of FedTop under different task settings, such as malicious environment, Non-IID, from mathematical aspects. Then implement this method to more accurately judge whether this mechanism is effective when suffering severe poisoning attacks. Both mathematical and experimental aspects demonstrate this method outperform than existing methods.

Future work can focus on finding more suitable and complex public datasets containing poisoning attacks, expanding the experimental scope, and designing a more effective method for effecively defending against poisoning attacks.

DOI: 10.1007/s11704-024-3767-z