FedDefender: Client-Side Attack-Tolerant Federated Learning
Sungwon Park, Sungwon Han, Fangzhao Wu, Sundong Kim, Bin Zhu, Xing Xie, and Meeyoung Cha
TL;DR
FedDefender introduces a client-side defense mechanism for federated learning that enhances robustness against model poisoning attacks, especially when server-side defenses are insufficient or data distributions are non-i.i.d.
Contribution
It proposes a novel client-side defense method with attack-tolerant local updates and knowledge distillation, complementing server-side defenses to improve attack resilience.
Findings
Improves robustness against model poisoning attacks in federated learning.
Compatible with existing server-side defense strategies.
Effective across multiple datasets and real-world scenarios.
Abstract
Federated learning enables learning from decentralized data sources without compromising privacy, which makes it a crucial technique. However, it is vulnerable to model poisoning attacks, where malicious clients interfere with the training process. Previous defense mechanisms have focused on the server-side by using careful model aggregation, but this may not be effective when the data is not identically distributed or when attackers can access the information of benign clients. In this paper, we propose a new defense mechanism that focuses on the client-side, called FedDefender, to help benign clients train robust local models and avoid the adverse impact of malicious model updates from attackers, even when a server-side defense cannot identify or remove adversaries. Our method consists of two main components: (1) attack-tolerant local meta update and (2) attack-tolerant global…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data