RFLPA: A Robust Federated Learning Framework against Poisoning Attacks with Secure Aggregation

TL;DR

This paper introduces RFLPA, a federated learning framework that enhances robustness against poisoning attacks by integrating secure aggregation with cosine similarity-based robust aggregation, reducing overhead and maintaining accuracy.

Contribution

It proposes a novel secure aggregation framework that combines verifiable secret sharing and cosine similarity for robust federated learning against poisoning attacks.

Findings

Reduces communication and computation overhead by over 75% compared to BREA.

Maintains competitive accuracy while enhancing security against poisoning.

Effectively detects and mitigates poisoning attacks in federated learning environments.

Abstract

Federated learning (FL) allows multiple devices to train a model collaboratively without sharing their data. Despite its benefits, FL is vulnerable to privacy leakage and poisoning attacks. To address the privacy concern, secure aggregation (SecAgg) is often used to obtain the aggregation of gradients on sever without inspecting individual user updates. Unfortunately, existing defense strategies against poisoning attacks rely on the analysis of local updates in plaintext, making them incompatible with SecAgg. To reconcile the conflicts, we propose a robust federated learning framework against poisoning attacks (RFLPA) based on SecAgg protocol. Our framework computes the cosine similarity between local updates and server updates to conduct robust aggregation. Furthermore, we leverage verifiable packed Shamir secret sharing to achieve reduced communication cost of $O(M+N)$ per user, and design a novel dot product aggregation algorithm to resolve the issue of increased information leakage. Our experimental results show that RFLPA significantly reduces communication and computation overhead by over $75\%$ compared to the state-of-the-art secret sharing method, BREA, while maintaining competitive accuracy.