Dynamic Free-Rider Detection in Federated Learning via Simulated Attack Patterns

TL;DR

This paper introduces S2-WEF, a novel method for detecting dynamic free-riders in federated learning by simulating attack patterns and analyzing WEF behavior, improving robustness without needing proxy data.

Contribution

The paper proposes S2-WEF, a simulation-based detection approach that effectively identifies clients switching to free-riding during training in federated learning.

Findings

S2-WEF outperforms existing methods in robustness across multiple datasets and attack types.

It successfully detects clients that switch to free-riding behavior during training.

The method does not require proxy datasets or pre-training.

Abstract

Federated learning (FL) enables multiple clients to collaboratively train a global model by aggregating local updates without sharing private data. However, FL often faces the challenge of free-riders, clients who submit fake model parameters without performing actual training to obtain the global model without contributing. Chen et al. proposed a free-rider detection method based on the weight evolving frequency (WEF) of model parameters. This detection approach is a leading candidate for practical free-rider detection methods, as it requires neither a proxy dataset nor pre-training. Nevertheless, it struggles to detect ``dynamic'' free-riders who behave honestly in early rounds and later switch to free-riding, particularly under global-model-mimicking attacks such as the delta weight attack and our newly proposed adaptive WEF-camouflage attack. In this paper, we propose a novel detection method S2-WEF that simulates the WEF patterns of potential global-model-based attacks on the server side using previously broadcasted global models, and identifies clients whose submitted WEF patterns resemble the simulated ones. To handle a variety of free-rider attack strategies, S2-WEF further combines this simulation-based similarity score with a deviation score computed from mutual comparisons among submitted WEFs, and separates benign and free-rider clients by two-dimensional clustering and per-score classification. This method enables dynamic detection of clients that transition into free-riders during training without proxy datasets or pre-training. We conduct extensive experiments across three datasets and five attack types, demonstrating that S2-WEF achieves higher robustness than existing approaches.