Byzantine-Robust Federated Machine Learning through Adaptive Model Averaging
This addresses security and reliability issues in federated learning for applications with many participants, though it is an incremental improvement over existing robust methods.
The paper tackles the problem of Byzantine failures and poisoning attacks in federated learning by introducing Adaptive Federated Averaging, which uses a Hidden Markov Model to detect and discard malicious updates, resulting in significantly improved robustness and computational efficiency compared to state-of-the-art methods like Multi-KRUM and coordinate-wise median.
Federated learning enables training collaborative machine learning models at scale with many participants whilst preserving the privacy of their datasets. Standard federated learning techniques are vulnerable to Byzantine failures, biased local datasets, and poisoning attacks. In this paper we introduce Adaptive Federated Averaging, a novel algorithm for robust federated learning that is designed to detect failures, attacks, and bad updates provided by participants in a collaborative model. We propose a Hidden Markov Model to model and learn the quality of model updates provided by each participant during training. In contrast to existing robust federated learning schemes, we propose a robust aggregation rule that detects and discards bad or malicious local model updates at each training iteration. This includes a mechanism that blocks unwanted participants, which also increases the computational and communication efficiency. Our experimental evaluation on 4 real datasets show that our algorithm is significantly more robust to faulty, noisy and malicious participants, whilst being computationally more efficient than other state-of-the-art robust federated learning methods such as Multi-KRUM and coordinate-wise median.