Embedding Byzantine Fault Tolerance into Federated Learning via Consistency Scoring

TL;DR

This paper introduces a plugin that enhances federated learning's robustness against Byzantine attacks by using consistency scoring of local updates, significantly improving model accuracy under attack scenarios.

Contribution

A novel plugin method that embeds Byzantine fault tolerance into federated learning by evaluating model consistency scores to filter malicious updates.

Findings

Achieves over 89.6% accuracy under targeted attacks

Maintains 65-70% accuracy under untargeted attacks

Significantly outperforms non-robust federated learning methods

Abstract

Given sufficient data from multiple edge devices, federated learning (FL) enables training a shared model without transmitting private data to the central server. However, FL is generally vulnerable to Byzantine attacks from compromised edge devices, which can significantly degrade the model performance. In this work, we propose an intuitive plugin that seamlessly embeds Byzantine resilience into existing FL methods. The key idea is to generate virtual data samples and evaluate model consistency scores across local updates to effectively filter out compromised updates. By utilizing this scoring mechanism before the aggregation phase, the proposed plugin enables existing FL methods to become robust against Byzantine attacks while maintaining their original benefits. Numerical results on blood cell classification task demonstrate that the proposed plugin provides strong Byzantine resilience. In detail, plugin-attached FedAvg achieves over 89.6% test accuracy under 30% targeted attacks (vs.19.5% w/o plugin) and maintains 65-70% test accuracy under untargeted attacks (vs.17-19% w/o plugin).