HYDRA-FL: Hybrid Knowledge Distillation for Robust and Accurate Federated Learning
This addresses a critical security problem in Federated Learning for distributed systems, though it is incremental as it builds on existing KD methods.
The paper tackles the vulnerability of Knowledge Distillation-based Federated Learning to model poisoning attacks, which amplify accuracy degradation, and introduces HYDRA-FL, a hybrid distillation technique that reduces attack impact by offloading loss to a shallow layer, outperforming baselines in attack settings while maintaining comparable benign performance.
Data heterogeneity among Federated Learning (FL) users poses a significant challenge, resulting in reduced global model performance. The community has designed various techniques to tackle this issue, among which Knowledge Distillation (KD)-based techniques are common. While these techniques effectively improve performance under high heterogeneity, they inadvertently cause higher accuracy degradation under model poisoning attacks (known as attack amplification). This paper presents a case study to reveal this critical vulnerability in KD-based FL systems. We show why KD causes this issue through empirical evidence and use it as motivation to design a hybrid distillation technique. We introduce a novel algorithm, Hybrid Knowledge Distillation for Robust and Accurate FL (HYDRA-FL), which reduces the impact of attacks in attack scenarios by offloading some of the KD loss to a shallow layer via an auxiliary classifier. We model HYDRA-FL as a generic framework and adapt it to two KD-based FL algorithms, FedNTD and MOON. Using these two as case studies, we demonstrate that our technique outperforms baselines in attack settings while maintaining comparable performance in benign settings.