Simeon -- Secure Federated Machine Learning Through Iterative Filtering

TL;DR

Simeon introduces a reputation-based iterative filtering method for federated learning, enhancing robustness against malicious attacks, including sybil attacks, outperforming existing aggregation techniques.

Contribution

The paper proposes Simeon, a novel aggregation algorithm that improves Byzantine tolerance in federated learning through iterative filtering and reputation scoring.

Findings

Simeon achieves comparable or better robustness against various attacks.

Simeon is tolerant to sybil attacks, unlike other algorithms.

Experimental results demonstrate Simeon's effectiveness in maintaining model integrity.

Abstract

Federated learning enables a global machine learning model to be trained collaboratively by distributed, mutually non-trusting learning agents who desire to maintain the privacy of their training data and their hardware. A global model is distributed to clients, who perform training, and submit their newly-trained model to be aggregated into a superior model. However, federated learning systems are vulnerable to interference from malicious learning agents who may desire to prevent training or induce targeted misclassification in the resulting global model. A class of Byzantine-tolerant aggregation algorithms has emerged, offering varying degrees of robustness against these attacks, often with the caveat that the number of attackers is bounded by some quantity known prior to training. This paper presents Simeon: a novel approach to aggregation that applies a reputation-based iterative filtering technique to achieve robustness even in the presence of attackers who can exhibit arbitrary behaviour. We compare Simeon to state-of-the-art aggregation techniques and find that Simeon achieves comparable or superior robustness to a variety of attacks. Notably, we show that Simeon is tolerant to sybil attacks, where other algorithms are not, presenting a key advantage of our approach.