Formal Logic-guided Robust Federated Learning against Poisoning Attacks

Dung Thuy Nguyen,Ziyan An,Taylor T. Johnson,Meiyi Ma,Kevin Leach
2024-11-06
Abstract:Federated Learning (FL) offers a promising solution to the privacy concerns associated with centralized Machine Learning (ML) by enabling decentralized, collaborative learning. However, FL is vulnerable to various security threats, including poisoning attacks, where adversarial clients manipulate the training data or model updates to degrade overall model performance. Recognizing this threat, researchers have focused on developing defense mechanisms to counteract poisoning attacks in FL systems. However, existing robust FL methods predominantly focus on computer vision tasks, leaving a gap in addressing the unique challenges of FL with time series data. In this paper, we present FLORAL, a defense mechanism designed to mitigate poisoning attacks in federated learning for time-series tasks, even in scenarios with heterogeneous client data and a large number of adversarial participants. Unlike traditional model-centric defenses, FLORAL leverages logical reasoning to evaluate client trustworthiness by aligning their predictions with global time-series patterns, rather than relying solely on the similarity of client updates. Our approach extracts logical reasoning properties from clients, then hierarchically infers global properties, and uses these to verify client updates. Through formal logic verification, we assess the robustness of each client contribution, identifying deviations indicative of adversarial behavior. Experimental results on two datasets demonstrate the superior performance of our approach compared to existing baseline methods, highlighting its potential to enhance the robustness of FL to time series applications. Notably, FLORAL reduced the prediction error by 93.27\% in the best-case scenario compared to the second-best baseline. Our code is available at \url{<a class="link-external link-https" href="https://anonymous.4open.science/r/FLORAL-Robust-FTS" rel="external noopener nofollow">this https URL</a>}.
Cryptography and Security,Artificial Intelligence,Distributed, Parallel, and Cluster Computing,Logic in Computer Science
What problem does this paper attempt to address?
The problem that this paper attempts to solve is how to effectively defend against poisoning attacks in Federated Learning (FL), especially when dealing with Time Series Data. Specifically, the paper points out that although existing robust Federated Learning methods have achieved certain results in computer vision tasks, their effectiveness in time - series tasks is still insufficient. Time - series data has unique sequential dependencies and temporal patterns, which make existing defense mechanisms difficult to deal with poisoning attacks against time - series data. ### Main contributions of the paper 1. **Propose FLORAL**: - FLORAL is a new defense mechanism specifically designed to mitigate poisoning attacks in Federated Time Series (FTS) tasks and can work effectively even in the presence of a large number of malicious clients and complex attack strategies. - FLORAL identifies and eliminates suspicious clients that may distort the global model through logical - reasoning - based property inference and verification. 2. **Study the effectiveness of existing robust FL defenses in FTS**: - For the first time, the authors systematically study the effectiveness of existing robust FL defense methods in FTS and point out their limitations in time - series tasks. 3. **Experimental verification**: - The authors conduct comprehensive experiments under multiple datasets, FL settings, and attack scenarios, demonstrating that FLORAL can reduce poisoning attacks while maintaining high model performance. ### Method overview #### 1. Local Logic Inference - Each client updates its local model using Stochastic Gradient Descent (SGD). - After completing local training, each client performs local logic inference, obtains its logical properties, and submits them to the server. - Specifically, given the local model \(G_t^i\) of client \(C_i\) in the \(t\)-th round and a small part of the centralized server data \(D_v\), the client generates predictions \(Y_t^i\) and uses these predictions to infer logical properties \(\varphi(p_i)\). #### 2. Global Logic Inference - The server collects the logical properties submitted by all clients and performs global logic inference. - Through the hierarchical clustering method, the server groups the clients' updates and infers global logical properties based on these groups. #### 3. Global Property Verification - The server uses formal logic verification methods to evaluate the consistency and validity of each client's contribution and identify clients that deviate from the expected model behavior. - By verifying the consistency between each client's logical properties and the global logical properties, the server can detect malicious behavior. #### 4. Malicious Client Detection - Based on the above steps, the server can identify malicious clients that attempt to manipulate the global model and exclude them from the aggregation process. ### Experimental results - The experimental results show that FLORAL performs well in multiple datasets and attack scenarios. In particular, in the best - case scenario, the prediction error is reduced by 93.27% compared to the second - best baseline method. ### Conclusion FLORAL provides a new defense mechanism by introducing logical - reasoning - based property inference and verification, which effectively mitigates poisoning attacks in Federated Time Series tasks. This method not only improves the robustness of the model but also provides new ideas for future Federated Learning research.