Attack-Resistant Federated Learning with Residual-based Reweighting

TL;DR

This paper introduces a residual-based reweighting aggregation method for federated learning that enhances robustness against adversarial attacks like label-flipping and backdoor attacks, supported by theoretical analysis.

Contribution

The paper proposes a novel aggregation algorithm combining median regression and reweighting schemes to improve attack resistance in federated learning.

Findings

Outperforms other algorithms under attack scenarios

Effective against label-flipping and backdoor attacks

Supported by theoretical analysis

Abstract

Federated learning has a variety of applications in multiple domains by utilizing private training data stored on different devices. However, the aggregation process in federated learning is highly vulnerable to adversarial attacks so that the global model may behave abnormally under attacks. To tackle this challenge, we present a novel aggregation algorithm with residual-based reweighting to defend federated learning. Our aggregation algorithm combines repeated median regression with the reweighting scheme in iteratively reweighted least squares. Our experiments show that our aggregation algorithm outperforms other alternative algorithms in the presence of label-flipping and backdoor attacks. We also provide theoretical analysis for our aggregation algorithm.