Towards Attack-tolerant Federated Learning via Critical Parameter Analysis
This addresses security vulnerabilities in federated learning systems for applications like healthcare or finance, but it is incremental as it builds on prior defense strategies.
The paper tackles the problem of poisoning attacks in federated learning under non-IID data settings by proposing FedCPA, a defense strategy based on critical parameter analysis, which outperforms existing methods in experiments across multiple datasets and attack scenarios.
Federated learning is used to train a shared model in a decentralized way without clients sharing private data with each other. Federated learning systems are susceptible to poisoning attacks when malicious clients send false updates to the central server. Existing defense strategies are ineffective under non-IID data settings. This paper proposes a new defense strategy, FedCPA (Federated learning with Critical Parameter Analysis). Our attack-tolerant aggregation method is based on the observation that benign local models have similar sets of top-k and bottom-k critical parameters, whereas poisoned local models do not. Experiments with different attack scenarios on multiple datasets demonstrate that our model outperforms existing defense strategies in defending against poisoning attacks.