Abstract:Federated Learning (FL) is a machine learning paradigm to conduct collaborative learning among clients on a joint model. The primary goal is to share clients' local training parameters with an integrating server while preserving their privacy. This method permits to exploit the potential of massive mobile users' data for the benefit of machine learning models' performance while keeping sensitive data on local devices. On the downside, FL raises security and privacy concerns that have just started to be studied. To address some of the key threats in FL, researchers have proposed to use secure aggregation methods (e.g. homomorphic encryption, secure multiparty computation, etc.). These solutions improve some security and privacy metrics, but at the same time bring about other serious threats such as poisoning attacks, backdoor attacks, and free running attacks. This paper proposes a new defense method against poisoning attacks in FL called SaFL (Sybil-aware Federated Learning) that minimizes the effect of sybils with a novel time-variant aggregation scheme.

What problem does this paper attempt to address?

The paper attempts to address the problem of how to defend against targeted poisoning attacks in Federated Learning (FL), particularly in facial recognition applications. Specifically, the paper proposes a new defense method called SaFL (Sybil-aware Federated Learning), which aims to minimize the impact of Sybil attacks through a novel time-varying aggregation scheme. ### Background and Problem Federated Learning is a distributed machine learning paradigm that allows multiple clients to collaboratively train a shared model without sharing actual data. Although this method can protect the privacy of participants, it also faces various security threats, especially poisoning attacks, backdoor attacks, and free-riding attacks. These attacks can manipulate gradient updates to affect the model's training process, leading to degraded model performance or malicious exploitation. ### Main Contributions of the Paper 1. **Proposing the SaFL Method**: SaFL minimizes the impact of Sybil attacks by combining two main ideas: - Disregarding client updates that fall outside a certain range. - Varying this range over time to adapt to the progressive learning process in the federated learning architecture. 2. **Performance Comparison**: The SaFL method is compared with two popular defense methods (Multi-Krum and FoolsGold) in terms of protection rate and learning performance. ### Experiments and Evaluation The paper evaluates the SaFL method through the following three experiments: 1. **Attack Success Rate Comparison**: Comparing the attack success rates of different defense methods under single-target and multi-target Sybil attack conditions. 2. **Performance Comparison**: Comparing the impact of different defense methods on model training loss under single-target and multi-target Sybil attack conditions. 3. **Accuracy of Poisoning Rate Estimation**: Calculating the difference between the proposed estimated poisoning rate and the actual poisoning rate. ### Experimental Results - **Attack Success Rate**: SaFL performs well in single-target attacks, especially with a threshold of 0.6, where the attack success rate is 0.3. In multi-target attacks, SaFL's performance is close to that of FoolsGold. - **Performance Comparison**: SaFL maintains good learning performance under both single-target and multi-target attack conditions, particularly with a threshold of 0.8, where its training loss is close to the baseline model. ### Conclusion The paper proposes an effective defense method, SaFL, which can effectively defend against targeted poisoning attacks in federated learning while maintaining the model's learning performance. Experimental results show that SaFL performs well under both single-target and multi-target attack conditions, especially when using a decaying threshold, providing higher protection. Future research directions include exploring the potential benefits of meta-learning in heterogeneous federated learning settings and investigating resource-adaptive federated learning methods.

SaFL: Sybil-aware Federated Learning with Application to Face Recognition

Privacy preserving and secure robust federated learning: A survey

Achieving Security and Privacy in Federated Learning Systems: Survey, Research Challenges and Future Directions

Privacy-Preserving Federated Learning Against Label-Flipping Attacks on Non-IID Data

Secure and Efficient Decentralized Federated Learning with Data Representation Protection

SAMFL: Secure Aggregation Mechanism for Federated Learning with Byzantine-robustness by functional encryption

A Generalized Look at Federated Learning: Survey and Perspectives

Secure Aggregation for Federated Learning in Flower

Efficient, Private and Robust Federated Learning

Security and Privacy Issues of Federated Learning

Security and Privacy Threats to Federated Learning: Issues, Methods, and Challenges

Secure and efficient federated learning via novel multi-party computation and compressed sensing

Enhancing Privacy in Federated Learning: Secure Aggregation for Real-World Healthcare Applications

ACCESS-FL: Agile Communication and Computation for Efficient Secure Aggregation in Stable Federated Learning Networks

Shielding Federated Learning: Robust Aggregation with Adaptive Client Selection

A Multifaceted Survey on Federated Learning: Fundamentals, Paradigm Shifts, Practical Issues, Recent Developments, Partnerships, Trade-Offs, Trustworthiness, and Ways Forward

Federated learning: A cutting-edge survey of the latest advancements and applications

Threats and Defenses in Federated Learning Life Cycle: A Comprehensive Survey and Challenges

A multifaceted survey on privacy preservation of federated learning: progress, challenges, and opportunities

Social-Aware Clustered Federated Learning With Customized Privacy Preservation

FedSV: Byzantine-Robust Federated Learning via Shapley Value