Byzantine Machine Learning: MultiKrum and an optimal notion of robustness

TL;DR

This paper proves the robustness of MultiKrum aggregation in Byzantine machine learning, introduces an optimal robustness coefficient, and compares it with Krum, providing theoretical bounds and empirical validation.

Contribution

It provides the first theoretical proof of MultiKrum's robustness and introduces a new optimal robustness coefficient for aggregation rules.

Findings

MultiKrum is proven to be a robust aggregation rule.

Bounds on MultiKrum's robustness coefficient are established.

MultiKrum outperforms Krum in realistic regimes.

Abstract

Aggregation rules are the cornerstone of distributed (or federated) learning in the presence of adversaries, under the so-called Byzantine threat model. They are also interesting mathematical objects from the point of view of robust mean estimation. The Krum aggregation rule has been extensively studied, and endowed with formal robustness and convergence guarantees. Yet, MultiKrum, a natural extension of Krum, is often preferred in practice for its superior empirical performance, even though no theoretical guarantees were available until now. In this work, we provide the first proof that MultiKrum is a robust aggregation rule, and bound its robustness coefficient. To do so, we introduce $\kappa^\star$, the optimal *robustness coefficient* of an aggregation rule, which quantifies the accuracy of mean estimation in the presence of adversaries in a tighter manner compared with previously adopted notions of robustness. We then construct an upper and a lower bound on MultiKrum's robustness coefficient. As a by-product, we also improve on the best-known bounds on Krum's robustness coefficient. We show that MultiKrum's bounds are never worse than Krum's, and better in realistic regimes. We illustrate this analysis by an experimental investigation on the quality of the lower bound.