Leveraging MTD to Mitigate Poisoning Attacks in Decentralized FL with Non-IID Data

TL;DR

This paper introduces a Moving Target Defense framework to enhance the robustness of decentralized federated learning against poisoning attacks, especially in non-IID data scenarios, through continuous attack surface modification and a reputation system.

Contribution

It proposes a novel MTD-based framework with proactive and reactive modes, improving defense effectiveness in non-IID decentralized federated learning environments.

Findings

Significantly reduces success of poisoning attacks across datasets

Effective in non-IID data distributions

Outperforms existing defense strategies

Abstract

Decentralized Federated Learning (DFL), a paradigm for managing big data in a privacy-preserved manner, is still vulnerable to poisoning attacks where malicious clients tamper with data or models. Current defense methods often assume Independently and Identically Distributed (IID) data, which is unrealistic in real-world applications. In non-IID contexts, existing defensive strategies face challenges in distinguishing between models that have been compromised and those that have been trained on heterogeneous data distributions, leading to diminished efficacy. In response, this paper proposes a framework that employs the Moving Target Defense (MTD) approach to bolster the robustness of DFL models. By continuously modifying the attack surface of the DFL system, this framework aims to mitigate poisoning attacks effectively. The proposed MTD framework includes both proactive and reactive modes, utilizing a reputation system that combines metrics of model similarity and loss, alongside various defensive techniques. Comprehensive experimental evaluations indicate that the MTD-based mechanism significantly mitigates a range of poisoning attack types across multiple datasets with different topologies.