Celtibero: Robust Layered Aggregation for Federated Learning

TL;DR

Celtibero is a new layered aggregation method that significantly improves the robustness of federated learning against poisoning attacks, especially under non-i.i.d data conditions, while maintaining high accuracy.

Contribution

It introduces Celtibero, a novel layered aggregation technique that enhances security in federated learning against sophisticated poisoning attacks under realistic data distributions.

Findings

Celtibero achieves high main task accuracy (MTA) across various attacks.

It maintains minimal attack success rates (ASR) in diverse poisoning scenarios.

Outperforms existing defenses like FL-Defender, LFighter, and FLAME.

Abstract

Federated Learning (FL) is an innovative approach to distributed machine learning. While FL offers significant privacy advantages, it also faces security challenges, particularly from poisoning attacks where adversaries deliberately manipulate local model updates to degrade model performance or introduce hidden backdoors. Existing defenses against these attacks have been shown to be effective when the data on the nodes is identically and independently distributed (i.i.d.), but they often fail under less restrictive, non-i.i.d data conditions. To overcome these limitations, we introduce Celtibero, a novel defense mechanism that integrates layered aggregation to enhance robustness against adversarial manipulation. Through extensive experiments on the MNIST and IMDB datasets, we demonstrate that Celtibero consistently achieves high main task accuracy (MTA) while maintaining minimal attack success rates (ASR) across a range of untargeted and targeted poisoning attacks. Our results highlight the superiority of Celtibero over existing defenses such as FL-Defender, LFighter, and FLAME, establishing it as a highly effective solution for securing federated learning systems against sophisticated poisoning attacks.