Resilient Federated Chain: Transforming Blockchain Consensus into an Active Defense Layer for Federated Learning

TL;DR

Resilient Federated Chain (RFC) integrates blockchain with federated learning to actively defend against adversarial attacks, significantly enhancing robustness in decentralized AI systems through adaptive consensus and robust aggregation.

Contribution

This paper introduces RFC, a novel blockchain-based federated learning framework that employs an active defense layer and adaptive consensus to improve security against adversarial threats.

Findings

RFC significantly improves robustness under adversarial attacks

The framework effectively combines blockchain redundancy with federated learning

Experimental results show enhanced security in image classification tasks

Abstract

Federated Learning (FL) has emerged as a key paradigm for building Trustworthy AI systems by enabling privacy-preserving, decentralized model training. However, FL is highly susceptible to adversarial attacks that compromise model integrity and data confidentiality, a vulnerability exacerbated by the fact that conventional data inspection methods are incompatible with its decentralized design. While integrating FL with Blockchain technology has been proposed to address some limitations, its potential for mitigating adversarial attacks remains largely unexplored. This paper introduces Resilient Federated Chain (RFC), a novel blockchain-enabled FL framework designed specifically to enhance resilience against such threats. RFC builds upon the existing Proof of Federated Learning architecture by repurposing the redundancy of its Pooled Mining mechanism as an active defense layer that can be combined with robust aggregation rules. Furthermore, the framework introduces a flexible evaluation function in its consensus mechanism, allowing for adaptive defense against different attack strategies. Extensive experimental evaluation on image classification tasks under various adversarial scenarios, demonstrates that RFC significantly improves robustness compared to baseline methods, providing a viable solution for securing decentralized learning environments.