Fast, Private, and Protected: Safeguarding Data Privacy and Defending Against Model Poisoning Attacks in Federated Learning

TL;DR

This paper introduces FPP, a federated learning framework that enhances data privacy and model robustness against poisoning attacks through secure aggregation, reputation mechanisms, and attack recovery, demonstrating rapid convergence and resilience in experiments.

Contribution

FPP is a novel federated learning approach that combines privacy-preserving secure aggregation with attack mitigation and recovery strategies, improving robustness against malicious participants.

Findings

FPP achieves rapid convergence compared to existing methods.

FPP maintains model accuracy even with malicious participants.

Experimental validation shows FPP outperforms FedAvg, Power-of-Choice, Trimmed Mean, and Median.

Abstract

Federated Learning (FL) is a distributed training paradigm wherein participants collaborate to build a global model while ensuring the privacy of the involved data, which remains stored on participant devices. However, proposals aiming to ensure such privacy also make it challenging to protect against potential attackers seeking to compromise the training outcome. In this context, we present Fast, Private, and Protected (FPP), a novel approach that aims to safeguard federated training while enabling secure aggregation to preserve data privacy. This is accomplished by evaluating rounds using participants' assessments and enabling training recovery after an attack. FPP also employs a reputation-based mechanism to mitigate the participation of attackers. We created a dockerized environment to validate the performance of FPP compared to other approaches in the literature (FedAvg, Power-of-Choice, and aggregation via Trimmed Mean and Median). Our experiments demonstrate that FPP achieves a rapid convergence rate and can converge even in the presence of malicious participants performing model poisoning attacks.