Meta Stackelberg Game: Robust Federated Learning against Adaptive and Mixed Poisoning Attacks
This addresses security threats in federated learning for distributed systems, offering an adaptive defense against mixed attacks, though it builds incrementally on existing game-theoretic and meta-learning approaches.
The paper tackles the problem of federated learning being vulnerable to multiple uncertain and adaptive poisoning attacks by proposing a meta-Stackelberg defense framework, achieving robust performance against strong model poisoning and backdoor attacks with theoretical convergence guarantees.
Federated learning (FL) is susceptible to a range of security threats. Although various defense mechanisms have been proposed, they are typically non-adaptive and tailored to specific types of attacks, leaving them insufficient in the face of multiple uncertain, unknown, and adaptive attacks employing diverse strategies. This work formulates adversarial federated learning under a mixture of various attacks as a Bayesian Stackelberg Markov game, based on which we propose the meta-Stackelberg defense composed of pre-training and online adaptation. {The gist is to simulate strong attack behavior using reinforcement learning (RL-based attacks) in pre-training and then design meta-RL-based defense to combat diverse and adaptive attacks.} We develop an efficient meta-learning approach to solve the game, leading to a robust and adaptive FL defense. Theoretically, our meta-learning algorithm, meta-Stackelberg learning, provably converges to the first-order $\varepsilon$-meta-equilibrium point in $O(\varepsilon^{-2})$ gradient iterations with $O(\varepsilon^{-4})$ samples per iteration. Experiments show that our meta-Stackelberg framework performs superbly against strong model poisoning and backdoor attacks of uncertain and unknown types.