Sensitivity Curve Maximization: Attacking Robust Aggregators in Distributed Learning

TL;DR

This paper introduces a method using the sensitivity curve from robust statistics to identify optimal attack strategies against robust aggregation schemes in distributed learning, exposing their vulnerabilities.

Contribution

It demonstrates how the sensitivity curve can systematically generate effective attacks, challenging the robustness of existing aggregation methods in distributed learning.

Findings

Sensitivity curve can be used to derive optimal attack patterns

Proposed attacks effectively compromise robust aggregators in simulations

Robust schemes are vulnerable to carefully crafted malicious attacks

Abstract

In distributed learning agents aim at collaboratively solving a global learning problem. It becomes more and more likely that individual agents are malicious or faulty with an increasing size of the network. This leads to a degeneration or complete breakdown of the learning process. Classical aggregation schemes are prone to breakdown at small contamination rates, therefore robust aggregation schemes are sought for. While robust aggregation schemes can generally tolerate larger contamination rates, many have been shown to be susceptible to carefully crafted malicious attacks. In this work, we show how the sensitivity curve (SC), a classical tool from robust statistics, can be used to systematically derive optimal attack patterns against arbitrary robust aggregators, in most cases rendering them ineffective. We show the effectiveness of the proposed attack in multiple simulations.