What problem does this paper attempt to address?

The paper attempts to address the problem of how to effectively detect and defend against data poisoning and model poisoning attacks from malicious clients in Federated Learning (FL) systems to improve the robustness and accuracy of the system. ### Background and Problem Federated Learning is a distributed machine learning paradigm that allows multiple clients to collaboratively train a global model without sharing their local private data. However, FL systems are vulnerable to attacks from malicious clients that degrade the performance of the global model through data poisoning and model poisoning. Existing defense methods are often tailored to specific types of attacks and assume moderate attack intensity, which is not always the case in real-world scenarios. Therefore, these methods have significant shortcomings in terms of accuracy and robustness when detecting and handling malicious client updates. ### Paper Objective To overcome these challenges, the paper proposes a simple yet effective framework—Confidence-Aware Defense (CAD), which uses the confidence scores of local models as a criterion for evaluating the reliability of local updates. The core idea is that regardless of the type of attack, malicious attacks will cause the model to deviate from its previous state, thereby increasing the uncertainty of predictions. Thus, CAD can comprehensively and effectively detect and mitigate various types of data poisoning and model poisoning attacks, maintaining high performance even under different attack intensities and data heterogeneity conditions. ### Main Contributions 1. **Proposed a confidence-based malicious client detection method**: This method is applicable to various types of data poisoning and model poisoning attacks and can work effectively under different data heterogeneity conditions. 2. **Significantly improved the robustness of FL systems**: The method ensures higher model accuracy and stability in the face of moderate (25% malicious clients), severe (50% malicious clients), and extreme (75% malicious clients) attacks. 3. **Validated the effectiveness of the method through extensive experiments**: Experiments conducted on multiple datasets show that the confidence-based defense mechanism outperforms existing methods in detecting and mitigating malicious updates, especially in terms of robustness and accuracy. ### Method Overview 1. **Collect confidence scores of each client update**: In each training round, collect the confidence scores of each client model update. 2. **Establish confidence boundaries**: Based on the collected confidence scores, evaluate the uncertainty of each client model update and set boundaries as a reference. 3. **Detect and handle malicious updates**: Identify high-uncertainty updates based on the boundaries and take appropriate actions, such as discarding or adjusting these updates. ### Experimental Results Experimental results show that the CAD model maintains high accuracy and robustness under different attack intensities (including moderate, severe, and extreme cases), significantly outperforming other existing methods. Additionally, CAD performs well across different model and dataset combinations, demonstrating its broad applicability and reliability. In summary, the paper proposes a confidence-based defense mechanism that effectively addresses the problem of malicious attacks in FL systems, enhancing the robustness and security of the system.