Do We Really Need to Design New Byzantine-robust Aggregation Rules?

TL;DR

This paper argues that improving existing aggregation rules with synthetic updates can effectively defend against poisoning attacks in federated learning, eliminating the need for designing new Byzantine-robust rules.

Contribution

The paper introduces FoundationFL, a novel method that enhances existing aggregation rules with synthetic updates to improve robustness against Byzantine attacks.

Findings

FoundationFL effectively defends against poisoning attacks.

Theoretical convergence of FoundationFL is established.

Experimental results validate the method's efficiency.

Abstract

Federated learning (FL) allows multiple clients to collaboratively train a global machine learning model through a server, without exchanging their private training data. However, the decentralized aspect of FL makes it susceptible to poisoning attacks, where malicious clients can manipulate the global model by sending altered local model updates. To counter these attacks, a variety of aggregation rules designed to be resilient to Byzantine failures have been introduced. Nonetheless, these methods can still be vulnerable to sophisticated attacks or depend on unrealistic assumptions about the server. In this paper, we demonstrate that there is no need to design new Byzantine-robust aggregation rules; instead, FL can be secured by enhancing the robustness of well-established aggregation rules. To this end, we present FoundationFL, a novel defense mechanism against poisoning attacks. FoundationFL involves the server generating synthetic updates after receiving local model updates from clients. It then applies existing Byzantine-robust foundational aggregation rules, such as Trimmed-mean or Median, to combine clients' model updates with the synthetic ones. We theoretically establish the convergence performance of FoundationFL under Byzantine settings. Comprehensive experiments across several real-world datasets validate the efficiency of our FoundationFL method.