Attack-Resistant Federated Learning with Residual-based Reweighting
This addresses security issues in federated learning for applications relying on private data, though it appears incremental as it builds on existing defense mechanisms.
The paper tackles the vulnerability of federated learning to adversarial attacks during aggregation by proposing a novel aggregation algorithm with residual-based reweighting, which outperforms other methods in experiments under label-flipping and backdoor attacks.
Federated learning has a variety of applications in multiple domains by utilizing private training data stored on different devices. However, the aggregation process in federated learning is highly vulnerable to adversarial attacks so that the global model may behave abnormally under attacks. To tackle this challenge, we present a novel aggregation algorithm with residual-based reweighting to defend federated learning. Our aggregation algorithm combines repeated median regression with the reweighting scheme in iteratively reweighted least squares. Our experiments show that our aggregation algorithm outperforms other alternative algorithms in the presence of label-flipping and backdoor attacks. We also provide theoretical analysis for our aggregation algorithm.