A First Order Meta Stackelberg Method for Robust Federated Learning

TL;DR

This paper introduces a meta-Stackelberg learning approach for federated learning that adaptively defends against diverse and unpredictable attacks by modeling adversaries as a Bayesian Stackelberg Markov game.

Contribution

It proposes a novel meta-learning algorithm, meta-SL, to efficiently find equilibrium strategies in adversarial federated learning modeled as a Bayesian Stackelberg game.

Findings

Meta-SL converges to an ε-equilibrium in O(ε^{-2}) iterations.

The method matches state-of-the-art sample complexity.

Empirical results show strong defense against model poisoning and backdoor attacks.

Abstract

Previous research has shown that federated learning (FL) systems are exposed to an array of security risks. Despite the proposal of several defensive strategies, they tend to be non-adaptive and specific to certain types of attacks, rendering them ineffective against unpredictable or adaptive threats. This work models adversarial federated learning as a Bayesian Stackelberg Markov game (BSMG) to capture the defender's incomplete information of various attack types. We propose meta-Stackelberg learning (meta-SL), a provably efficient meta-learning algorithm, to solve the equilibrium strategy in BSMG, leading to an adaptable FL defense. We demonstrate that meta-SL converges to the first-order $\varepsilon$-equilibrium point in $O(\varepsilon^{-2})$ gradient iterations, with $O(\varepsilon^{-4})$ samples needed per iteration, matching the state of the art. Empirical evidence indicates that our meta-Stackelberg framework performs exceptionally well against potent model poisoning and backdoor attacks of an uncertain nature.