Can Decentralized Learning be more robust than Federated Learning?
This work highlights critical security vulnerabilities in decentralized machine learning systems, showing they are less robust than federated alternatives, which is significant for researchers and practitioners in distributed and secure AI.
The paper introduced two new attacks on Decentralized Learning (DL) that allow Byzantine users to manipulate model convergence and exclude participants, demonstrating these attacks against the state-of-the-art robust DL protocol, Self-Centered Clipping, and concluded that DL is inherently less robust than Federated Learning.
Decentralized Learning (DL) is a peer--to--peer learning approach that allows a group of users to jointly train a machine learning model. To ensure correctness, DL should be robust, i.e., Byzantine users must not be able to tamper with the result of the collaboration. In this paper, we introduce two \textit{new} attacks against DL where a Byzantine user can: make the network converge to an arbitrary model of their choice, and exclude an arbitrary user from the learning process. We demonstrate our attacks' efficiency against Self--Centered Clipping, the state--of--the--art robust DL protocol. Finally, we show that the capabilities decentralization grants to Byzantine users result in decentralized learning \emph{always} providing less robustness than federated learning.