Sentinel: An Aggregation Function to Secure Decentralized Federated Learning
This addresses security vulnerabilities in DFL for collaborative model training, though it is incremental as it builds on existing robust aggregation methods.
The paper tackles the problem of poisoning attacks in Decentralized Federated Learning (DFL) by introducing Sentinel, a defense strategy that improves state-of-the-art performance against both untargeted and targeted attacks, particularly under IID data configurations.
Decentralized Federated Learning (DFL) emerges as an innovative paradigm to train collaborative models, addressing the single point of failure limitation. However, the security and trustworthiness of FL and DFL are compromised by poisoning attacks, negatively impacting its performance. Existing defense mechanisms have been designed for centralized FL and they do not adequately exploit the particularities of DFL. Thus, this work introduces Sentinel, a defense strategy to counteract poisoning attacks in DFL. Sentinel leverages the accessibility of local data and defines a three-step aggregation protocol consisting of similarity filtering, bootstrap validation, and normalization to safeguard against malicious model updates. Sentinel has been evaluated with diverse datasets and data distributions. Besides, various poisoning attack types and threat levels have been verified. The results improve the state-of-the-art performance against both untargeted and targeted poisoning attacks when data follows an IID (Independent and Identically Distributed) configuration. Besides, under non-IID configuration, it is analyzed how performance degrades both for Sentinel and other state-of-the-art robust aggregation methods.