Byzantine-Robust Federated Learning: An Overview With Focus on Developing Sybil-based Attacks to Backdoor Augmented Secure Aggregation Protocols

TL;DR

This paper reviews Byzantine-robust federated learning, analyzes existing defenses, introduces new Sybil-based backdoor attacks exploiting vulnerabilities, and suggests future improvements for secure aggregation protocols.

Contribution

It provides an exhaustive taxonomy of defenses, introduces novel Sybil-based attacks on RoFL, and offers detailed implementation and future directions for robust federated learning.

Findings

Existing defenses have specific strengths and weaknesses.

New Sybil-based attacks can exploit vulnerabilities in RoFL.

Recommendations for improving Byzantine robustness in FL protocols.

Abstract

Federated Learning (FL) paradigms enable large numbers of clients to collaboratively train Machine Learning models on private data. However, due to their multi-party nature, traditional FL schemes are left vulnerable to Byzantine attacks that attempt to hurt model performance by injecting malicious backdoors. A wide variety of prevention methods have been proposed to protect frameworks from such attacks. This paper provides a exhaustive and updated taxonomy of existing methods and frameworks, before zooming in and conducting an in-depth analysis of the strengths and weaknesses of the Robustness of Federated Learning (RoFL) protocol. From there, we propose two novel Sybil-based attacks that take advantage of vulnerabilities in RoFL. Finally, we conclude with comprehensive proposals for future testing, describe and detail implementation of the proposed attacks, and offer direction for improvements in the RoFL protocol as well as Byzantine-robust frameworks as a whole.