RAB$^2$-DEF: Dynamic and explainable defense against adversarial attacks in Federated Learning to fair poor clients

TL;DR

RAB$^2$-DEF is a dynamic, explainable, and fair defense mechanism for federated learning that effectively counters adversarial attacks while maintaining transparency and fairness for clients with poor data quality.

Contribution

This work introduces RAB$^2$-DEF, a novel defense that combines resilience, explainability, and fairness in federated learning against multiple attack types.

Findings

RAB$^2$-DEF outperforms state-of-the-art defenses in accuracy and robustness.

It provides local linear explanations for better interpretability.

The method maintains fairness towards poor-quality clients.

Abstract

At the same time that artificial intelligence is becoming popular, concern and the need for regulation is growing, including among other requirements the data privacy. In this context, Federated Learning is proposed as a solution to data privacy concerns derived from different source data scenarios due to its distributed learning. The defense mechanisms proposed in literature are just focused on defending against adversarial attacks and the performance, leaving aside other important qualities such as explainability, fairness to poor quality clients, dynamism in terms of attacks configuration and generality in terms of being resilient against different kinds of attacks. In this work, we propose RAB$^2$-DEF, a $\textbf{r}$esilient $\textbf{a}$gainst $\textbf{b}\text{yzantine}$ and $\textbf{b}$ackdoor attacks which is $\textbf{d}$ynamic, $\textbf{e}$xplainable and $\textbf{f}$air to poor clients using local linear explanations. We test the performance of RAB$^2$-DEF in image datasets and both byzantine and backdoor attacks considering the state-of-the-art defenses and achieve that RAB$^2$-DEF is a proper defense at the same time that it boosts the other qualities towards trustworthy artificial intelligence.