PASS: A Parameter Audit-based Secure and Fair Federated Learning Scheme against Free-Rider Attack

TL;DR

PASS introduces a parameter audit-based scheme that enhances federated learning's security and fairness by effectively defending against free-rider attacks, including both anonymous and selfish types, without compromising accuracy.

Contribution

The paper proposes PASS, a novel parameter audit-based method that robustly counters free-rider attacks in federated learning, regardless of adversary majority presence and with minimal privacy impact.

Findings

PASS achieves comparable privacy protection to state-of-the-art methods.

It effectively defends against both AFR and SFR attacks with high success rates.

PASS maintains FL accuracy when no free-rider adversaries are present.

Abstract

Federated Learning (FL) as a secure distributed learning framework gains interests in Internet of Things (IoT) due to its capability of protecting the privacy of participant data. However, traditional FL systems are vulnerable to Free-Rider (FR) attacks, which causes unfairness, privacy leakage and inferior performance to FL systems. The prior defense mechanisms against FR attacks assumed that malicious clients (namely, adversaries) declare less than 50% of the total amount of clients. Moreover, they aimed for Anonymous FR (AFR) attacks and lost effectiveness in resisting Selfish FR (SFR) attacks. In this paper, we propose a Parameter Audit-based Secure and fair federated learning Scheme (PASS) against FR attack. PASS has the following key features: (a) prevent from privacy leakage with less accuracy loss; (b) be effective in countering both AFR and SFR attacks; (c) work well no matter whether AFR and SFR adversaries occupy the majority of clients or not. Extensive experimental results validate that PASS: (a) has the same level as the State-Of-The-Art method in mean square error against privacy leakage; (b) defends against AFR and SFR attacks in terms of a higher defense success rate, lower false positive rate, and higher F1-score; (c) is still effective where adversaries exceed 50%, with F1-score 89% against AFR attack and F1-score 87% against SFR attack. Note that PASS produces no negative effect on FL accuracy when there is no FR adversary.