BEAS: Blockchain Enabled Asynchronous & Secure Federated Machine Learning
This addresses trust and security problems in federated learning for parties needing distributed training without data sharing, though it is incremental as it builds on existing blockchain and anomaly detection techniques.
The paper tackles security and privacy issues in federated learning, such as gradient tampering and poisoning attacks, by proposing BEAS, a blockchain-based framework that prevents privacy leakage and minimizes attack efficacy while achieving accuracy similar to centralized methods with linear scaling overhead.
Federated Learning (FL) enables multiple parties to distributively train a ML model without revealing their private datasets. However, it assumes trust in the centralized aggregator which stores and aggregates model updates. This makes it prone to gradient tampering and privacy leakage by a malicious aggregator. Malicious parties can also introduce backdoors into the joint model by poisoning the training data or model gradients. To address these issues, we present BEAS, the first blockchain-based framework for N-party FL that provides strict privacy guarantees of training data using gradient pruning (showing improved differential privacy compared to existing noise and clipping based techniques). Anomaly detection protocols are used to minimize the risk of data-poisoning attacks, along with gradient pruning that is further used to limit the efficacy of model-poisoning attacks. We also define a novel protocol to prevent premature convergence in heterogeneous learning environments. We perform extensive experiments on multiple datasets with promising results: BEAS successfully prevents privacy leakage from dataset reconstruction attacks, and minimizes the efficacy of poisoning attacks. Moreover, it achieves an accuracy similar to centralized frameworks, and its communication and computation overheads scale linearly with the number of participants.