Robust Federated Recommendation System
This addresses security concerns in privacy-preserving recommendation systems for users and platforms, representing an incremental improvement in Byzantine robustness.
The paper tackles the vulnerability of federated recommendation systems to low-cost poisoning attacks from Byzantine clients, and develops a novel robust learning strategy that monitors client gradients to filter out malicious participants, achieving improved resilience across four datasets.
Federated recommendation systems can provide good performance without collecting users' private data, making them attractive. However, they are susceptible to low-cost poisoning attacks that can degrade their performance. In this paper, we develop a novel federated recommendation technique that is robust against the poisoning attack where Byzantine clients prevail. We argue that the key to Byzantine detection is monitoring of gradients of the model parameters of clients. We then propose a robust learning strategy where instead of using model parameters, the central server computes and utilizes the gradients to filter out Byzantine clients. Theoretically, we justify our robust learning strategy by our proposed definition of Byzantine resilience. Empirically, we confirm the efficacy of our robust learning strategy employing four datasets in a federated recommendation system.