FedSV: Byzantine-Robust Federated Learning via Shapley Value

TL;DR

FedSV introduces a Shapley Value-based method to enhance robustness against malicious clients in federated learning, effectively identifying and mitigating attacks to protect model integrity.

Contribution

This paper proposes FedSV, a novel Shapley Value-based approach for detecting malicious clients in federated learning, improving robustness over existing defenses.

Findings

FedSV effectively detects malicious clients under various attack scenarios.

Experiments on MNIST demonstrate improved model robustness.

Shapley Value estimation enhances client contribution assessment.

Abstract

In Federated Learning (FL), several clients jointly learn a machine learning model: each client maintains a local model for its local learning dataset, while a master server maintains a global model by aggregating the local models of the client devices. However, the repetitive communication between server and clients leaves room for attacks aimed at compromising the integrity of the global model, causing errors in its targeted predictions. In response to such threats on FL, various defense measures have been proposed in the literature. In this paper, we present a powerful defense against malicious clients in FL, called FedSV, using the Shapley Value (SV), which has been proposed recently to measure user contribution in FL by computing the marginal increase of average accuracy of the model due to the addition of local data of a user. Our approach makes the identification of malicious clients more robust, since during the learning phase, it estimates the contribution of each client according to the different groups to which the target client belongs. FedSV's effectiveness is demonstrated by extensive experiments on MNIST datasets in a cross-silo context under various attacks.