Robust Federated Learning under Adversarial Attacks via Loss-Based Client Clustering

TL;DR

This paper introduces a robust federated learning method that effectively defends against adversarial attacks using loss-based client clustering, requiring only two honest participants and no prior knowledge of malicious client count.

Contribution

The proposed approach is the first to achieve robust federated learning with minimal honest participants and no prior malicious client information, backed by theoretical and experimental validation.

Findings

Outperforms standard and robust FL baselines under various attacks.

Works effectively with only two honest participants without prior malicious client knowledge.

Demonstrates bounded optimality gaps under strong Byzantine attacks.

Abstract

Federated Learning (FL) enables collaborative model training across multiple clients without sharing private data. We consider FL scenarios wherein FL clients are subject to adversarial (Byzantine) attacks, while the FL server is trusted (honest) and has a trustworthy side dataset. This may correspond to, e.g., cases where the server possesses trusted data prior to federation, or to the presence of a trusted client that temporarily assumes the server role. Our approach requires only two honest participants, i.e., the server and one client, to function effectively, without prior knowledge of the number of malicious clients. Theoretical analysis demonstrates bounded optimality gaps even under strong Byzantine attacks. Experimental results show that our algorithm significantly outperforms standard and robust FL baselines such as Mean, Trimmed Mean, Median, Krum, and Multi-Krum under various attack strategies including label flipping, sign flipping, and Gaussian noise addition across MNIST, FMNIST, and CIFAR-10 benchmarks using the Flower framework.