FedRDF: A Robust and Dynamic Aggregation Function against Poisoning Attacks in Federated Learning

TL;DR

This paper introduces FedRDF, a Fourier Transform-based aggregation method for federated learning that effectively defends against sophisticated poisoning attacks without prior knowledge of attacker count, outperforming existing methods.

Contribution

The paper presents a novel Fourier Transform-based aggregation function that enhances robustness against poisoning attacks in federated learning, without needing attacker number prior knowledge.

Findings

FedRDF effectively detects and excludes malicious client weights.

It outperforms state-of-the-art aggregation methods in various attack scenarios.

The approach maintains high model accuracy under attack conditions.

Abstract

Federated Learning (FL) represents a promising approach to typical privacy concerns associated with centralized Machine Learning (ML) deployments. Despite its well-known advantages, FL is vulnerable to security attacks such as Byzantine behaviors and poisoning attacks, which can significantly degrade model performance and hinder convergence. The effectiveness of existing approaches to mitigate complex attacks, such as median, trimmed mean, or Krum aggregation functions, has been only partially demonstrated in the case of specific attacks. Our study introduces a novel robust aggregation mechanism utilizing the Fourier Transform (FT), which is able to effectively handling sophisticated attacks without prior knowledge of the number of attackers. Employing this data technique, weights generated by FL clients are projected into the frequency domain to ascertain their density function, selecting the one exhibiting the highest frequency. Consequently, malicious clients' weights are excluded. Our proposed approach was tested against various model poisoning attacks, demonstrating superior performance over state-of-the-art aggregation methods.