R-SFLLM: Jamming Resilient Framework for Split Federated Learning with Large Language Models

Aladin Djuhera,Vlad C. Andrei,Xinyang Li,Ullrich J. Mönich,Holger Boche,Walid Saad
2024-07-16
Abstract:Split federated learning (SFL) is a compute-efficient paradigm in distributed machine learning (ML), where components of large ML models are outsourced to remote servers. A significant challenge in SFL, particularly when deployed over wireless channels, is the susceptibility of transmitted model parameters to adversarial jamming that could jeopardize the learning process. This is particularly pronounced for word embedding parameters in large language models (LLMs), which are crucial for language understanding. In this paper, rigorous insights are provided into the influence of jamming LLM word embeddings in SFL by deriving an expression for the ML training loss divergence and showing that it is upper-bounded by the mean squared error (MSE). Based on this analysis, a physical layer framework is developed for resilient SFL with LLMs (R-SFLLM) over wireless networks. R-SFLLM leverages wireless sensing data to gather information on the jamming directions-of-arrival (DoAs) for the purpose of devising a novel, sensing-assisted anti-jamming strategy while jointly optimizing beamforming, user scheduling, and resource allocation. Extensive experiments using BERT and RoBERTa models demonstrate R-SFLLM's effectiveness, achieving close-to-baseline performance across various natural language processing (NLP) tasks and datasets. The proposed methodology further introduces an adversarial training component, where controlled noise exposure significantly enhances the LLM's resilience to perturbed parameters during training. The results show that more noise-sensitive models, such as RoBERTa, benefit from this feature, especially when resource allocation is unfair. It is also shown that worst-case jamming in particular translates into worst-case model outcomes, thereby necessitating the need for jamming-resilient SFL protocols.
Machine Learning,Artificial Intelligence,Signal Processing
What problem does this paper attempt to address?
The problem that this paper attempts to solve is how to enhance the resistance of large language models (LLMs) to adversarial jamming when implementing split federated learning (SFL) in wireless networks. Specifically, the paper focuses on the fact that the LLM word - embedding parameters transmitted during the SFL process are vulnerable to malicious jamming, which may harm the learning process and lead to poor model training results. To solve this problem, the paper proposes a framework named R - SFLLM (Resilient Split Federated Learning with Large Language Models). This framework uses wireless sensing data to identify the direction of jamming and designs a new anti - jamming method by optimizing beamforming, user scheduling, and resource allocation strategies. In addition, R - SFLLM also introduces an adversarial training component, which improves the model's resistance to parameter perturbations by being exposed to control noise during the training process. The key contributions of the paper include: 1. **Analysis of the impact of word - embedding jamming on model training**: The paper derives an analytical expression for the divergence of machine - learning training loss, showing that its upper bound depends on the communication mean - squared error (MSE), thus providing a theoretical basis for anti - jamming strategies in wireless environments. 2. **Minimum system rate analysis**: It provides a new analysis of the minimum system rate that guarantees the robustness of SFL training, characterizing the minimum network conditions based on the outage rate caused by jamming. 3. **R - SFLLM framework development**: A novel, sensing - assisted anti - jamming framework is proposed, which uses the direction information of jamming signals to design anti - jamming strategies, which are formulated as a joint optimization problem of beamforming, user scheduling, and resource allocation. 4. **Worst - case jamming strategy**: To evaluate the effectiveness of R - SFLLM, the paper uses a worst - case jamming strategy that aims to minimize the total system rate. 5. **Experimental verification**: Through extensive simulation experiments, it is shown that after enabling the anti - jamming function, the performance of BERT and RoBERTa models on various natural language processing tasks is close to optimal, while in the unprotected case, the performance is significantly worse. Through these contributions, the paper not only provides an effective technical solution but also deeply explores the impact of jamming on SFL and LLMs, providing important guidance for future wireless network design.