DART: A Solution for Decentralized Federated Learning Model Robustness Analysis

TL;DR

This paper reviews poisoning attacks on decentralized federated learning (DFL), introduces DART for robustness evaluation, and compares DFL and CFL under attacks to identify key factors affecting model security.

Contribution

It presents a comprehensive review of poisoning attacks on DFL, introduces DART for robustness assessment, and provides empirical comparisons between DFL and CFL under various attack scenarios.

Findings

DFL and CFL exhibit different vulnerabilities to poisoning attacks.

Defense mechanisms for CFL may not be directly applicable to DFL.

Key factors influencing attack success include network topology and attack strategies.

Abstract

Federated Learning (FL) has emerged as a promising approach to address privacy concerns inherent in Machine Learning (ML) practices. However, conventional FL methods, particularly those following the Centralized FL (CFL) paradigm, utilize a central server for global aggregation, which exhibits limitations such as bottleneck and single point of failure. To address these issues, the Decentralized FL (DFL) paradigm has been proposed, which removes the client-server boundary and enables all participants to engage in model training and aggregation tasks. Nevertheless, as CFL, DFL remains vulnerable to adversarial attacks, notably poisoning attacks that undermine model performance. While existing research on model robustness has predominantly focused on CFL, there is a noteworthy gap in understanding the model robustness of the DFL paradigm. In this paper, a thorough review of poisoning attacks targeting the model robustness in DFL systems, as well as their corresponding countermeasures, are presented. Additionally, a solution called DART is proposed to evaluate the robustness of DFL models, which is implemented and integrated into a DFL platform. Through extensive experiments, this paper compares the behavior of CFL and DFL under diverse poisoning attacks, pinpointing key factors affecting attack spread and effectiveness within the DFL. It also evaluates the performance of different defense mechanisms and investigates whether defense mechanisms designed for CFL are compatible with DFL. The empirical results provide insights into research challenges and suggest ways to improve the robustness of DFL models for future research.