Rethinking the Defense Against Free-rider Attack From the Perspective of Model Weight Evolving Frequency

TL;DR

This paper introduces WEF-Defense, a novel federated learning defense mechanism that leverages differences in model weight evolving frequency to effectively identify and mitigate free-rider attacks, outperforming existing methods.

Contribution

The paper proposes a new defense approach based on model weight evolving frequency, providing a novel perspective and improved effectiveness against free-rider attacks in federated learning.

Findings

WEF-Defense outperforms state-of-the-art baselines in experiments.

Model weight evolving frequency significantly differs between free-riders and benign clients.

The method is effective across multiple datasets and models.

Abstract

Federated learning (FL) is a distributed machine learning approach where multiple clients collaboratively train a joint model without exchanging their data. Despite FL's unprecedented success in data privacy-preserving, its vulnerability to free-rider attacks has attracted increasing attention. Existing defenses may be ineffective against highly camouflaged or high percentages of free riders. To address these challenges, we reconsider the defense from a novel perspective, i.e., model weight evolving frequency.Empirically, we gain a novel insight that during the FL's training, the model weight evolving frequency of free-riders and that of benign clients are significantly different. Inspired by this insight, we propose a novel defense method based on the model Weight Evolving Frequency, referred to as WEF-Defense.Specifically, we first collect the weight evolving frequency (defined as WEF-Matrix) during local training. For each client, it uploads the local model's WEF-Matrix to the server together with its model weight for each iteration. The server then separates free-riders from benign clients based on the difference in the WEF-Matrix. Finally, the server uses a personalized approach to provide different global models for corresponding clients. Comprehensive experiments conducted on five datasets and five models demonstrate that WEF-Defense achieves better defense effectiveness than the state-of-the-art baselines.