Byzantine-Robust Federated Learning Using Generative Adversarial Networks
This addresses robustness issues in federated learning for distributed systems, offering a novel defense against data and model poisoning attacks.
The paper tackles the problem of Byzantine behaviors in federated learning by proposing a defense framework that uses a conditional generative adversarial network (cGAN) to synthesize data for validating client updates, eliminating reliance on external datasets and adapting to diverse attacks while maintaining model accuracy in experiments.
Federated learning (FL) enables collaborative model training across distributed clients without sharing raw data, but its robustness is threatened by Byzantine behaviors such as data and model poisoning. Existing defenses face fundamental limitations: robust aggregation rules incur error lower bounds that grow with client heterogeneity, while detection-based methods often rely on heuristics (e.g., a fixed number of malicious clients) or require trusted external datasets for validation. We present a defense framework that addresses these challenges by leveraging a conditional generative adversarial network (cGAN) at the server to synthesize representative data for validating client updates. This approach eliminates reliance on external datasets, adapts to diverse attack strategies, and integrates seamlessly into standard FL workflows. Extensive experiments on benchmark datasets demonstrate that our framework accurately distinguishes malicious from benign clients while maintaining overall model accuracy. Beyond Byzantine robustness, we also examine the representativeness of synthesized data, computational costs of cGAN training, and the transparency and scalability of our approach.