Towards Attack-tolerant Federated Learning via Critical Parameter Analysis
Sungwon Han, Sungwon Park, Fangzhao Wu, Sundong Kim, Bin Zhu, Xing Xie, and Meeyoung Cha
TL;DR
This paper introduces FedCPA, a novel defense strategy for federated learning that analyzes critical parameters to identify and mitigate poisoning attacks, especially effective under non-IID data conditions.
Contribution
FedCPA is the first approach to leverage critical parameter analysis for attack tolerance in federated learning, improving robustness against poisoning attacks.
Findings
Outperforms existing defenses in various attack scenarios
Effective under non-IID data distributions
Identifies benign models by similarity in critical parameters
Abstract
Federated learning is used to train a shared model in a decentralized way without clients sharing private data with each other. Federated learning systems are susceptible to poisoning attacks when malicious clients send false updates to the central server. Existing defense strategies are ineffective under non-IID data settings. This paper proposes a new defense strategy, FedCPA (Federated learning with Critical Parameter Analysis). Our attack-tolerant aggregation method is based on the observation that benign local models have similar sets of top-k and bottom-k critical parameters, whereas poisoned local models do not. Experiments with different attack scenarios on multiple datasets demonstrate that our model outperforms existing defense strategies in defending against poisoning attacks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
Towards Attack-tolerant Federated Learning via Critical Parameter Analysis· youtube
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Internet Traffic Analysis and Secure E-voting · Privacy, Security, and Data Protection