A First Order Meta Stackelberg Method for Robust Federated Learning
This work addresses security vulnerabilities in federated learning systems, offering an adaptive defense against unpredictable attacks, though it is incremental as it builds on existing game-theoretic and meta-learning approaches.
The paper tackles the problem of security risks in federated learning by modeling adversarial scenarios as a Bayesian Stackelberg Markov game and proposing a meta-learning algorithm for adaptable defense, achieving convergence in O(ε⁻²) gradient iterations and demonstrating strong performance against uncertain attacks like model poisoning and backdoors.
Previous research has shown that federated learning (FL) systems are exposed to an array of security risks. Despite the proposal of several defensive strategies, they tend to be non-adaptive and specific to certain types of attacks, rendering them ineffective against unpredictable or adaptive threats. This work models adversarial federated learning as a Bayesian Stackelberg Markov game (BSMG) to capture the defender's incomplete information of various attack types. We propose meta-Stackelberg learning (meta-SL), a provably efficient meta-learning algorithm, to solve the equilibrium strategy in BSMG, leading to an adaptable FL defense. We demonstrate that meta-SL converges to the first-order $\varepsilon$-equilibrium point in $O(\varepsilon^{-2})$ gradient iterations, with $O(\varepsilon^{-4})$ samples needed per iteration, matching the state of the art. Empirical evidence indicates that our meta-Stackelberg framework performs exceptionally well against potent model poisoning and backdoor attacks of an uncertain nature.