FIDELIS: Blockchain-Enabled Protection Against Poisoning Attacks in Federated Learning

TL;DR

FIDELIS introduces a blockchain-based framework for detecting data poisoning in federated learning, decentralizing trust and ensuring robustness against attacks while maintaining scalability.

Contribution

The paper proposes a novel blockchain-enabled poison detection framework with a decentralized global server role and a consensus-based judge model for improved security.

Findings

Robustness against data poisoning attacks demonstrated

Scalable creation of judge models confirmed

Decentralized architecture enhances trustworthiness

Abstract

Federated learning enhances traditional deep learning by enabling the joint training of a model with the use of IoT device's private data. It ensures privacy for clients, but is susceptible to data poisoning attacks during training that degrade model performance and integrity. Current poisoning detection methods in federated learning lack a standardized detection method or take significant liberties with trust. In this paper, we present \Sys, a novel blockchain-enabled poison detection framework in federated learning. The framework decentralizes the role of the global server across participating clients. We introduce a judge model used to detect data poisoning in model updates. The judge model is produced by each client and verified to reach consensus on a single judge model. We implement our solution to show \Sys is robust against data poisoning attacks and the creation of our judge model is scalable.