FedSV: Byzantine-Robust Federated Learning via Shapley Value
This addresses security vulnerabilities in federated learning for applications like healthcare or finance, but it is incremental as it builds on existing Shapley Value methods.
The paper tackles the problem of malicious clients compromising federated learning models by introducing FedSV, a defense method using Shapley Value to robustly identify malicious clients, achieving improved robustness in experiments on MNIST datasets under various attacks.
In Federated Learning (FL), several clients jointly learn a machine learning model: each client maintains a local model for its local learning dataset, while a master server maintains a global model by aggregating the local models of the client devices. However, the repetitive communication between server and clients leaves room for attacks aimed at compromising the integrity of the global model, causing errors in its targeted predictions. In response to such threats on FL, various defense measures have been proposed in the literature. In this paper, we present a powerful defense against malicious clients in FL, called FedSV, using the Shapley Value (SV), which has been proposed recently to measure user contribution in FL by computing the marginal increase of average accuracy of the model due to the addition of local data of a user. Our approach makes the identification of malicious clients more robust, since during the learning phase, it estimates the contribution of each client according to the different groups to which the target client belongs. FedSV's effectiveness is demonstrated by extensive experiments on MNIST datasets in a cross-silo context under various attacks.