Defending against Data Poisoning Attacks in Federated Learning via User Elimination

TL;DR

This paper proposes a novel defense mechanism in federated learning that detects and eliminates malicious users by analyzing metadata during aggregation, effectively mitigating data poisoning attacks while preserving privacy.

Contribution

It introduces a unique approach that uses metadata beyond model gradients for user honesty verification, enhancing security in federated learning.

Findings

Significantly reduces impact of data poisoning attacks

Maintains high model performance and user privacy

Demonstrates effectiveness through extensive experiments

Abstract

In the evolving landscape of Federated Learning (FL), a new type of attacks concerns the research community, namely Data Poisoning Attacks, which threaten the model integrity by maliciously altering training data. This paper introduces a novel defensive framework focused on the strategic elimination of adversarial users within a federated model. We detect those anomalies in the aggregation phase of the Federated Algorithm, by integrating metadata gathered by the local training instances with Differential Privacy techniques, to ensure that no data leakage is possible. To our knowledge, this is the first proposal in the field of FL that leverages metadata other than the model's gradients in order to ensure honesty in the reported local models. Our extensive experiments demonstrate the efficacy of our methods, significantly mitigating the risk of data poisoning while maintaining user privacy and model performance. Our findings suggest that this new user elimination approach serves us with a great balance between privacy and utility, thus contributing to the arsenal of arguments in favor of the safe adoption of FL in safe domains, both in academic setting and in the industry.