Defense Strategies Toward Model Poisoning Attacks in Federated Learning: A Survey

TL;DR

This survey reviews defense strategies against model poisoning attacks in federated learning, categorizing existing methods and highlighting challenges and future directions in securing distributed machine learning systems.

Contribution

First comprehensive survey of defense mechanisms against model poisoning attacks in federated learning, providing classification, analysis, and insights for future research.

Findings

Evaluation methods for local model updates

Aggregation methods for global model

Identification of key challenges and future directions

Abstract

Advances in distributed machine learning can empower future communications and networking. The emergence of federated learning (FL) has provided an efficient framework for distributed machine learning, which, however, still faces many security challenges. Among them, model poisoning attacks have a significant impact on the security and performance of FL. Given that there have been many studies focusing on defending against model poisoning attacks, it is necessary to survey the existing work and provide insights to inspire future research. In this paper, we first classify defense mechanisms for model poisoning attacks into two categories: evaluation methods for local model updates and aggregation methods for the global model. Then, we analyze some of the existing defense strategies in detail. We also discuss some potential challenges and future research directions. To the best of our knowledge, we are the first to survey defense methods for model poisoning attacks in FL.