Byzantine-Robust Federated Learning with Variance Reduction and Differential Privacy

TL;DR

This paper presents a federated learning framework that enhances robustness against Byzantine attacks and maintains rigorous privacy guarantees by integrating variance reduction techniques into the differential privacy mechanism.

Contribution

The paper introduces a novel federated learning scheme combining variance reduction with differential privacy to defend against Byzantine attacks without compromising privacy guarantees.

Findings

Effective defense against Byzantine attacks demonstrated.

Maintains state-of-the-art client-level differential privacy.

Improves robustness across IID and non-IID datasets.

Abstract

Federated learning (FL) is designed to preserve data privacy during model training, where the data remains on the client side (i.e., IoT devices), and only model updates of clients are shared iteratively for collaborative learning. However, this process is vulnerable to privacy attacks and Byzantine attacks: the local model updates shared throughout the FL network will leak private information about the local training data, and they can also be maliciously crafted by Byzantine attackers to disturb the learning. In this paper, we propose a new FL scheme that guarantees rigorous privacy and simultaneously enhances system robustness against Byzantine attacks. Our approach introduces sparsification- and momentum-driven variance reduction into the client-level differential privacy (DP) mechanism, to defend against Byzantine attackers. The security design does not violate the privacy guarantee of the client-level DP mechanism; hence, our approach achieves the same client-level DP guarantee as the state-of-the-art. We conduct extensive experiments on both IID and non-IID datasets and different tasks and evaluate the performance of our approach against different Byzantine attacks by comparing it with state-of-the-art defense methods. The results of our experiments show the efficacy of our framework and demonstrate its ability to improve system robustness against Byzantine attacks while achieving a strong privacy guarantee.