Abstract:Federated Learning (FL) enables training of a global model from distributed data, while preserving data privacy. However, the singular-model based operation of FL is open with uploading poisoned models compatible with the global model structure and can be exploited as a vulnerability to conduct model poisoning attacks. This paper proposes a multi-model based FL as a proactive mechanism to enhance the opportunity of model poisoning attack mitigation. A master model is trained by a set of slave models. To enhance the opportunity of attack mitigation, the structure of client models dynamically change within learning epochs, and the supporter FL protocol is provided. For a MEC system, the model selection problem is modeled as an optimization to minimize loss and recognition time, while meeting a robustness confidence. In adaption with dynamic network condition, a deep reinforcement learning based model selection is proposed. For a DDoS attack detection scenario, results illustrate a competitive accuracy gain under poisoning attack with the scenario that the system is without attack, and also a potential of recognition time improvement.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is how to effectively defend against model poisoning attacks in Federated Learning (FL). Federated Learning is a distributed machine - learning technique that allows multiple devices to collaborate in training a global model without sharing the original data, thereby protecting data privacy. However, since Federated Learning is usually based on a single - model operation, this enables attackers to manipulate the aggregation process of the global model by uploading poisoned models that are compatible with the global model structure, thereby reducing the accuracy and availability of the model. To meet this challenge, the paper proposes a Multi - Model - based Federated Learning (MM - FL) method. It trains the master model by introducing multiple slave models and dynamically changes the structure of the client - side model during the learning process. This method not only increases the difficulty for attackers to successfully carry out poisoning attacks but also provides a method for detecting and mitigating poisoned models during the aggregation stage. Specifically, the main contributions of the paper include: 1. **Multi - model architecture**: A multi - model architecture is proposed, in which the master model is trained by a set of slave models, and each slave model changes dynamically in different learning rounds to increase the difficulty for attackers to imitate or predict the model structure. 2. **Model selection optimization**: For the Multi - Access Edge Computing (MEC) system, the model selection problem is modeled as an optimization problem, aiming to minimize the loss function and identification time while meeting the robustness requirements. To this end, the paper proposes a model selection method based on Deep Reinforcement Learning (DRL) to adapt to the dynamic changes of network conditions. 3. **Attack detection and mitigation**: During the aggregation stage, by checking whether the uploaded model parameters match the planned model structure, poisoned models can be detected and excluded, thereby reducing the impact of poisoning attacks. 4. **Experimental verification**: Through experiments in the Distributed Denial of Service (DDoS) attack detection scenario, the effectiveness of the proposed method is verified. The experimental results show that compared with the un - attacked system, MM - FL can still maintain a high accuracy rate when under poisoning attacks, and there is also a potential improvement in the identification time. In conclusion, by introducing a multi - model architecture and a model selection strategy based on deep reinforcement learning, this paper provides an effective defense mechanism to enhance the robustness and security of the Federated Learning system.

Multi-Model based Federated Learning Against Model Poisoning Attack: A Deep Learning Based Model Selection for MEC Systems

Poisoning Deep Learning Based Recommender Model in Federated Learning Scenarios.

Oblivion: Poisoning Federated Learning by Inducing Catastrophic Forgetting.

MODEL: A Model Poisoning Defense Framework for Federated Learning via Truth Discovery

Model Poisoning Attacks to Federated Learning via Multi-Round Consistency

Leveraging MTD to Mitigate Poisoning Attacks in Decentralized FL with Non-IID Data

Mitigating Malicious Attacks in Federated Learning via Confidence-aware Defense

Data Poisoning Attacks Against Federated Learning Systems

FLDetector: Defending Federated Learning Against Model Poisoning Attacks via Detecting Malicious Clients

Federated Learning Under Attack: Exposing Vulnerabilities through Data Poisoning Attacks in Computer Networks

Federated Learning in Adversarial Environments: Testbed Design and Poisoning Resilience in Cybersecurity

A Robust and Efficient Federated Learning Algorithm Against Adaptive Model Poisoning Attacks

Learning to Attack Federated Learning: A Model-based Reinforcement Learning Attack Framework

Low Dimensional Secure Federated Learning Framework Against Poisoning Attacks

FedCC: Robust Federated Learning against Model Poisoning Attacks

Denial-of-Service or Fine-Grained Control: Towards Flexible Model Poisoning Attacks on Federated Learning

FL-PTD: A Privacy Preserving Defense Strategy Against Poisoning Attacks in Federated Learning.

FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning

Data-Agnostic Model Poisoning Against Federated Learning: A Graph Autoencoder Approach

DART: A Solution for Decentralized Federated Learning Model Robustness Analysis

Avoid Adversarial Adaption in Federated Learning by Multi-Metric Investigations