Learning to Detect Malicious Clients for Robust Federated Learning

TL;DR

This paper introduces a framework for federated learning that detects and removes malicious client updates, enhancing robustness against attacks like Byzantine failures and model poisoning.

Contribution

A novel detection-based framework enabling the central server to identify and eliminate malicious updates in federated learning systems.

Findings

Effective detection of malicious updates in federated learning

Resilience against Byzantine and poisoning attacks demonstrated

Improved robustness in image classification and sentiment analysis tasks

Abstract

Federated learning systems are vulnerable to attacks from malicious clients. As the central server in the system cannot govern the behaviors of the clients, a rogue client may initiate an attack by sending malicious model updates to the server, so as to degrade the learning performance or enforce targeted model poisoning attacks (a.k.a. backdoor attacks). Therefore, timely detecting these malicious model updates and the underlying attackers becomes critically important. In this work, we propose a new framework for robust federated learning where the central server learns to detect and remove the malicious model updates using a powerful detection model, leading to targeted defense. We evaluate our solution in both image classification and sentiment analysis tasks with a variety of machine learning models. Experimental results show that our solution ensures robust federated learning that is resilient to both the Byzantine attacks and the targeted model poisoning attacks.