FedCAP: Robust Federated Learning via Customized Aggregation and Personalization

TL;DR

FedCAP introduces a robust federated learning framework that effectively handles data heterogeneity and Byzantine threats through customized aggregation, model calibration, anomaly detection, and client personalization, demonstrating superior performance and security.

Contribution

The paper proposes FedCAP, a novel federated learning approach that enhances robustness against non-IID data and malicious attacks with a calibration mechanism and personalized aggregation.

Findings

FedCAP outperforms state-of-the-art baselines in non-IID settings.

FedCAP effectively detects and removes malicious clients.

FedCAP maintains high accuracy under poisoning attacks.

Abstract

Federated learning (FL), an emerging distributed machine learning paradigm, has been applied to various privacy-preserving scenarios. However, due to its distributed nature, FL faces two key issues: the non-independent and identical distribution (non-IID) of user data and vulnerability to Byzantine threats. To address these challenges, in this paper, we propose FedCAP, a robust FL framework against both data heterogeneity and Byzantine attacks. The core of FedCAP is a model update calibration mechanism to help a server capture the differences in the direction and magnitude of model updates among clients. Furthermore, we design a customized model aggregation rule that facilitates collaborative training among similar clients while accelerating the model deterioration of malicious clients. With a Euclidean norm-based anomaly detection mechanism, the server can quickly identify and permanently remove malicious clients. Moreover, the impact of data heterogeneity and Byzantine attacks can be further mitigated through personalization on the client side. We conduct extensive experiments, comparing multiple state-of-the-art baselines, to demonstrate that FedCAP performs well in several non-IID settings and shows strong robustness under a series of poisoning attacks.