Security-Preserving Federated Learning via Byzantine-Sensitive Triplet Distance
This addresses security vulnerabilities in federated learning for edge devices, though it appears incremental as it builds on existing aggregation methods.
The paper tackles the problem of Byzantine attacks in federated learning by proposing a dummy contrastive aggregation framework with a novel scoring function to sensitively discriminate poisoned models, showing improved performance compared to state-of-the-art methods like Krum, Trimmed-mean, and Fang.
While being an effective framework of learning a shared model across multiple edge devices, federated learning (FL) is generally vulnerable to Byzantine attacks from adversarial edge devices. While existing works on FL mitigate such compromised devices by only aggregating a subset of the local models at the server side, they still cannot successfully ignore the outliers due to imprecise scoring rule. In this paper, we propose an effective Byzantine-robust FL framework, namely dummy contrastive aggregation, by defining a novel scoring function that sensitively discriminates whether the model has been poisoned or not. Key idea is to extract essential information from every local models along with the previous global model to define a distance measure in a manner similar to triplet loss. Numerical results validate the advantage of the proposed approach by showing improved performance as compared to the state-of-the-art Byzantine-resilient aggregation methods, e.g., Krum, Trimmed-mean, and Fang.