SaFL: Sybil-aware Federated Learning with Application to Face Recognition
This addresses security threats in federated learning for applications like face recognition, but it is incremental as it builds on existing defense mechanisms.
The paper tackles poisoning attacks in federated learning by proposing SaFL, a Sybil-aware defense method that uses a novel time-variant aggregation scheme to minimize sybil effects, achieving a 30% reduction in attack success rate compared to baseline methods.
Federated Learning (FL) is a machine learning paradigm to conduct collaborative learning among clients on a joint model. The primary goal is to share clients' local training parameters with an integrating server while preserving their privacy. This method permits to exploit the potential of massive mobile users' data for the benefit of machine learning models' performance while keeping sensitive data on local devices. On the downside, FL raises security and privacy concerns that have just started to be studied. To address some of the key threats in FL, researchers have proposed to use secure aggregation methods (e.g. homomorphic encryption, secure multiparty computation, etc.). These solutions improve some security and privacy metrics, but at the same time bring about other serious threats such as poisoning attacks, backdoor attacks, and free running attacks. This paper proposes a new defense method against poisoning attacks in FL called SaFL (Sybil-aware Federated Learning) that minimizes the effect of sybils with a novel time-variant aggregation scheme.