Trial and Trust: Addressing Byzantine Attacks with Comprehensive Defense Strategy
This addresses security vulnerabilities in distributed machine learning systems, particularly for applications like medical data, but is incremental as it builds on existing defense concepts.
The paper tackles Byzantine attacks in federated learning by combining trust scores with trial functions to filter adversarial updates, achieving convergence guarantees comparable to classical algorithms without such attacks.
Recent advancements in machine learning have improved performance while also increasing computational demands. While federated and distributed setups address these issues, their structure is vulnerable to malicious influences. In this paper, we address a specific threat, Byzantine attacks, where compromised clients inject adversarial updates to derail global convergence. We combine the trust scores concept with trial function methodology to dynamically filter outliers. Our methods address the critical limitations of previous approaches, allowing functionality even when Byzantine nodes are in the majority. Moreover, our algorithms adapt to widely used scaled methods like Adam and RMSProp, as well as practical scenarios, including local training and partial participation. We validate the robustness of our methods by conducting extensive experiments on both synthetic and real ECG data collected from medical institutions. Furthermore, we provide a broad theoretical analysis of our algorithms and their extensions to aforementioned practical setups. The convergence guarantees of our methods are comparable to those of classical algorithms developed without Byzantine interference.