Shielding Federated Learning: Robust Aggregation with Adaptive Client Selection

TL;DR

This paper introduces MAB-RFL, a robust federated learning method that uses adaptive client selection modeled as a multi-armed bandit problem to effectively defend against Byzantine and sybil attacks, improving model robustness.

Contribution

The paper proposes a novel adaptive client selection strategy in federated learning using multi-armed bandits to enhance robustness against malicious attacks.

Findings

MAB-RFL outperforms existing defenses in various attack scenarios.

The method effectively identifies malicious updates from sybil and non-sybil attacks.

Adaptive client selection improves model accuracy under adversarial conditions.

Abstract

Federated learning (FL) enables multiple clients to collaboratively train an accurate global model while protecting clients' data privacy. However, FL is susceptible to Byzantine attacks from malicious participants. Although the problem has gained significant attention, existing defenses have several flaws: the server irrationally chooses malicious clients for aggregation even after they have been detected in previous rounds; the defenses perform ineffectively against sybil attacks or in the heterogeneous data setting. To overcome these issues, we propose MAB-RFL, a new method for robust aggregation in FL. By modelling the client selection as an extended multi-armed bandit (MAB) problem, we propose an adaptive client selection strategy to choose honest clients that are more likely to contribute high-quality updates. We then propose two approaches to identify malicious updates from sybil and non-sybil attacks, based on which rewards for each client selection decision can be accurately evaluated to discourage malicious behaviors. MAB-RFL achieves a satisfying balance between exploration and exploitation on the potential benign clients. Extensive experimental results show that MAB-RFL outperforms existing defenses in three attack scenarios under different percentages of attackers.