Resilience in Online Federated Learning: Mitigating Model-Poisoning Attacks via Partial Sharing

Ehsan Lari,Reza Arablouei,Vinay Chakravarthi Gogineni,Stefan Werner
2024-08-16
Abstract:Federated learning (FL) allows training machine learning models on distributed data without compromising privacy. However, FL is vulnerable to model-poisoning attacks where malicious clients tamper with their local models to manipulate the global model. In this work, we investigate the resilience of the partial-sharing online FL (PSO-Fed) algorithm against such attacks. PSO-Fed reduces communication overhead by allowing clients to share only a fraction of their model updates with the server. We demonstrate that this partial sharing mechanism has the added advantage of enhancing PSO-Fed's robustness to model-poisoning attacks. Through theoretical analysis, we show that PSO-Fed maintains convergence even under Byzantine attacks, where malicious clients inject noise into their updates. Furthermore, we derive a formula for PSO-Fed's mean square error, considering factors like stepsize, attack probability, and the number of malicious clients. Interestingly, we find a non-trivial optimal stepsize that maximizes PSO-Fed's resistance to these attacks. Extensive numerical experiments confirm our theoretical findings and showcase PSO-Fed's superior performance against model-poisoning attacks compared to other leading FL algorithms.
Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing,Signal Processing
What problem does this paper attempt to address?
### Problems the paper attempts to solve This paper aims to solve the problem of model - poisoning attacks in Federated Learning (FL). Specifically, the paper studies the robustness of the Partial - Sharing Online Federated Learning (PSO - Fed) algorithm in the face of model - poisoning attacks by Byzantine clients. ### Background and motivation 1. **Advantages of Federated Learning**: - Federated Learning allows machine - learning models to be trained on distributed data without directly disclosing local raw data, thus protecting privacy. - It is especially suitable for scenarios where data is distributed across multiple devices, such as smartphones, Internet - of - Things nodes, and media - streaming devices. 2. **Communication overhead problem**: - The communication load in Federated Learning refers to the amount of data transferred between the central server and participating devices, which may affect the efficiency and scalability of FL in practical applications. - To reduce the communication load, various algorithms have been proposed, such as SignSGD, CS - Fed, and QS - Fed. 3. **Model - poisoning attacks**: - Malicious clients can manipulate the global model by tampering with their local models. This behavior is called a model - poisoning attack. - These attacks may lead to a decline in the performance of the global model or complete failure, so effective defense strategies are required. ### Main contributions 1. **Analysis of PSO - Fed performance under model - poisoning attacks**: - Through theoretical analysis, it is proved that PSO - Fed can maintain convergence under the partial - parameter - sharing mechanism even in the presence of Byzantine attacks. - The Mean Square Error (MSE) formula of PSO - Fed is derived, taking into account factors such as step size, attack probability, and the number of malicious clients. 2. **Introduction of an intermittent model - poisoning attack model**: - An intermittent model - poisoning attack model is proposed, and combined with a method of randomly scheduling clients to simulate practical application scenarios. 3. **Derivation of the optimal step size**: - A non - trivial optimal step size is discovered, which maximizes the resistance of PSO - Fed under model - poisoning attacks. - This finding highlights the unique optimization considerations in robust Federated Learning. 4. **Experimental verification**: - Through extensive numerical experiments, the accuracy of the theoretical analysis is verified, demonstrating the superior performance of PSO - Fed under model - poisoning attacks without increasing the computational burden on participating clients. ### Conclusion Through theoretical analysis and experimental verification, the paper proves that PSO - Fed has strong robustness under the partial - parameter - sharing mechanism, can effectively resist model - poisoning attacks, and maintain a low communication overhead. This research result provides a new solution for the reliability and security of Federated Learning in practical applications.