Secure and Private Federated Learning: Achieving Adversarial Resilience through Robust Aggregation

TL;DR

This paper introduces ArKrum, a robust aggregation method for federated learning that enhances security and privacy by resisting adversarial attacks without prior knowledge of malicious client count.

Contribution

ArKrum combines median filtering and multi-update averaging to improve robustness and privacy in federated learning against Byzantine threats.

Findings

ArKrum achieves high accuracy under various Byzantine attacks.

It outperforms traditional aggregation methods in robustness.

It maintains stability even with non-i.i.d. data distributions.

Abstract

Federated Learning (FL) enables collaborative machine learning across decentralized data sources without sharing raw data. It offers a promising approach to privacy-preserving AI. However, FL remains vulnerable to adversarial threats from malicious participants, referred to as Byzantine clients, who can send misleading updates to corrupt the global model. Traditional aggregation methods, such as simple averaging, are not robust to such attacks. More resilient approaches, like the Krum algorithm, require prior knowledge of the number of malicious clients, which is often unavailable in real-world scenarios. To address these limitations, we propose Average-rKrum (ArKrum), a novel aggregation strategy designed to enhance both the resilience and privacy guarantees of FL systems. Building on our previous work (rKrum), ArKrum introduces two key innovations. First, it includes a median-based filtering mechanism that removes extreme outliers before estimating the number of adversarial clients. Second, it applies a multi-update averaging scheme to improve stability and performance, particularly when client data distributions are not identical. We evaluate ArKrum on benchmark image and text datasets under three widely studied Byzantine attack types. Results show that ArKrum consistently achieves high accuracy and stability. It performs as well as or better than other robust aggregation methods. These findings demonstrate that ArKrum is an effective and practical solution for secure FL systems in adversarial environments.