CRFL: Certifiably Robust Federated Learning against Backdoor Attacks

TL;DR

This paper introduces CRFL, a framework that certifies the robustness of federated learning models against backdoor attacks by controlling model smoothness through clipping and smoothing techniques, providing theoretical guarantees and empirical benchmarks.

Contribution

The first framework to provide certifiable robustness against backdoors in federated learning, linking robustness certification to federated learning parameters and attack scenarios.

Findings

CRFL achieves sample-wise robustness certification against backdoors.

The certification relates to poisoning ratio, attacker count, and training iterations.

Experimental results establish a benchmark for certified robustness in federated learning.

Abstract

Federated Learning (FL) as a distributed learning paradigm that aggregates information from diverse clients to train a shared global model, has demonstrated great success. However, malicious clients can perform poisoning attacks and model replacement to introduce backdoors into the trained global model. Although there have been intensive studies designing robust aggregation methods and empirical robust federated training protocols against backdoors, existing approaches lack robustness certification. This paper provides the first general framework, Certifiably Robust Federated Learning (CRFL), to train certifiably robust FL models against backdoors. Our method exploits clipping and smoothing on model parameters to control the global model smoothness, which yields a sample-wise robustness certification on backdoors with limited magnitude. Our certification also specifies the relation to federated learning parameters, such as poisoning ratio on instance level, number of attackers, and training iterations. Practically, we conduct comprehensive experiments across a range of federated datasets, and provide the first benchmark for certified robustness against backdoor attacks in federated learning. Our code is available at https://github.com/AI-secure/CRFL.