FLShield: A Validation Based Federated Learning Framework to Defend Against Poisoning Attacks

TL;DR

FLShield is a novel federated learning framework that uses participant data to validate local models, effectively defending against poisoning and backdoor attacks while maintaining privacy and practicality.

Contribution

Introduces FLShield, a validation-based federated learning framework that does not rely on server-held clean data, enhancing security and privacy in collaborative learning.

Findings

Effectively defends against poisoning and backdoor attacks

Preserves privacy against gradient inversion attacks

Works in diverse experimental settings

Abstract

Federated learning (FL) is revolutionizing how we learn from data. With its growing popularity, it is now being used in many safety-critical domains such as autonomous vehicles and healthcare. Since thousands of participants can contribute in this collaborative setting, it is, however, challenging to ensure security and reliability of such systems. This highlights the need to design FL systems that are secure and robust against malicious participants' actions while also ensuring high utility, privacy of local data, and efficiency. In this paper, we propose a novel FL framework dubbed as FLShield that utilizes benign data from FL participants to validate the local models before taking them into account for generating the global model. This is in stark contrast with existing defenses relying on server's access to clean datasets -- an assumption often impractical in real-life scenarios and conflicting with the fundamentals of FL. We conduct extensive experiments to evaluate our FLShield framework in different settings and demonstrate its effectiveness in thwarting various types of poisoning and backdoor attacks including a defense-aware one. FLShield also preserves privacy of local data against gradient inversion attacks.