SureFED: Robust Federated Learning via Uncertainty-Aware Inward and Outward Inspection

TL;DR

SureFED introduces an uncertainty-aware federated learning framework that enhances robustness against poisoning attacks by leveraging local client trust and Bayesian model uncertainties, effective even with many malicious clients.

Contribution

It presents a novel trust-based approach using local models and Bayesian uncertainties for robust federated learning, unlike prior statistically robust methods.

Findings

Outperforms existing defenses under various attack scenarios.

Proves robustness theoretically in linear regression.

Demonstrates superior accuracy on benchmark image classification data.

Abstract

In this work, we introduce SureFED, a novel framework for byzantine robust federated learning. Unlike many existing defense methods that rely on statistically robust quantities, making them vulnerable to stealthy and colluding attacks, SureFED establishes trust using the local information of benign clients. SureFED utilizes an uncertainty aware model evaluation and introspection to safeguard against poisoning attacks. In particular, each client independently trains a clean local model exclusively using its local dataset, acting as the reference point for evaluating model updates. SureFED leverages Bayesian models that provide model uncertainties and play a crucial role in the model evaluation process. Our framework exhibits robustness even when the majority of clients are compromised, remains agnostic to the number of malicious clients, and is well-suited for non-IID settings. We theoretically prove the robustness of our algorithm against data and model poisoning attacks in a decentralized linear regression setting. Proof-of Concept evaluations on benchmark image classification data demonstrate the superiority of SureFED over the state of the art defense methods under various colluding and non-colluding data and model poisoning attacks.