What problem does this paper attempt to address?

The problem that this paper attempts to solve is the decline in model performance caused by Byzantine poisoning attacks in Federated Learning (FL). Specifically, the paper points out that due to its distributed nature, Federated Learning cannot directly access training data, and thus is vulnerable to attacks by malicious clients. These attacks tamper with local training data or model updates, resulting in damage to the performance of the global model. To solve this problem, the paper proposes a dynamic defense mechanism, namely **Dynamic Defense Against Byzantine Attacks (DDaBA)**, to dynamically select trustworthy clients and filter out malicious or low - quality clients, thereby protecting the global model from the impact of attacks. ### Key Problem Summary: 1. **The Threat of Byzantine Poisoning Attacks**: In Federated Learning, malicious clients can undermine the performance of the global model by tampering with local data or model updates. 2. **The Deficiencies of Existing Defense Mechanisms**: Existing defense mechanisms usually rely on preset parameters, which are difficult to accurately set in practical applications, especially when the number and nature of attackers are unknown. 3. **Data Privacy Limitations**: Since one of the core advantages of Federated Learning is to protect data privacy, the server cannot directly access the data of clients, so traditional defense methods based on data inspection are not feasible. ### Solution: The DDaBA proposed in the paper is a dynamic aggregation mechanism based on the Induced Ordered Weighted Averaging (IOWA) operator. It effectively defends against Byzantine attacks through the following steps: - **Accuracy - Based Ranking Function**: Use the validation set to evaluate the local model performance of each client and rank them according to their performance. - **Dynamic Linguistic Quantifier**: Dynamically adjust the weights according to the client performance distribution to ensure that high - performing clients obtain higher weights, while low - performing or abnormal clients are filtered out. - **Tukey Criterion**: Use the Tukey criterion to detect outliers and dynamically determine the proportion of clients that need to be filtered. In this way, DDaBA can dynamically identify and exclude malicious clients without relying on preset parameters, thereby improving the robustness and performance of the global model. ### Formula Presentation: 1. **Local Accuracy Function**: \[ f_{LA}(L_i)=\text{accuracy}(L_i, VD) \] where \(\text{accuracy}(L_i, VD)\) represents the accuracy of the local model \(L_i\) on the validation set \(VD\). 2. **Performance Difference Random Variable**: \[ X_{fLA}^i = \max_i \{f_{LA}(L_i)\}-f_{LA}(L_i) \] This variable is used to measure the performance differences between client models. 3. **Dynamic Linguistic Quantifier**: \[ Q_{a,b,c,y_b}(x)= \begin{cases} 0 & \text{if } 0\leq x\leq a\\ \frac{x - a}{b - a}\cdot y_b & \text{if } a\leq x\leq b\\ \frac{x - b}{c - b}\cdot(1 - y_b)+y_b & \text{if } b\leq x\leq c\\ 1 & \text{if } c\leq x\leq 1 \end{cases} \] where \(a, b, c, y_b\) are dynamically adjusted parameters used to control weight distribution. 4. **Client Weight Calculation**: \[ w_{a,b,c,y_b}^i = Q_{a,b,c,y_b}\left(\frac{i}{n}\right)