Xutong Mu,Ke Cheng,Yulong Shen,Xiaoxiao Li,Zhao Chang,Tao Zhang,Xindi Ma

DOI: https://doi.org/10.1109/tdsc.2024.3372634

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Federated learning (FL) has gained popularity in the field of machine learning, which allows multiple participants to collaboratively learn a highly-accurate global model without exposing their sensitive data. However, FL is susceptible to poisoning attacks, in which malicious clients manipulate local model parameters to corrupt the global model. Existing FL frameworks based on detecting malicious clients suffer from unreasonable assumptions (e.g., clean validation datasets) or fail to balance robustness and efficiency. To address these deficiencies, we propose FedDMC, which implements robust federated learning by efficiently and precisely detecting malicious clients. Specifically, FedDMC first applies principal component analysis to reduce the dimensionality of the model parameters, which retains the primary parameter feature and reduces the computational overhead for subsequent clustering. Then, a binary tree-based clustering method with noise is designed to eliminate the effect of noisy points in the clustering process, facilitating accurate and efficient malicious client detection. Finally, we design a self-ensemble detection correction module that utilizes historical results via exponential moving averages to improve the robustness of malicious client detection. Extensive experiments conducted on three benchmark datasets demonstrate that FedDMC outperforms state-of-the-art methods in terms of detection precision, global model accuracy, and computational complexity.

computer science, information systems, software engineering, hardware & architecture

Suyi Li,Yong Cheng,Wei Wang,Yang Liu,Tianjian Chen

DOI: https://doi.org/10.48550/arXiv.2002.00211

IF: 5.414

2020-02-01

Machine Learning

Abstract:Federated learning systems are vulnerable to attacks from malicious clients. As the central server in the system cannot govern the behaviors of the clients, a rogue client may initiate an attack by sending malicious model updates to the server, so as to degrade the learning performance or enforce targeted model poisoning attacks (a.k.a. backdoor attacks). Therefore, timely detecting these malicious model updates and the underlying attackers becomes critically important. In this work, we propose a new framework for robust federated learning where the central server learns to detect and remove the malicious model updates using a powerful detection model, leading to targeted defense. We evaluate our solution in both image classification and sentiment analysis tasks with a variety of machine learning models. Experimental results show that our solution ensures robust federated learning that is resilient to both the Byzantine attacks and the targeted model poisoning attacks.

Zongxiang Zhang,Chenghong Zhang,Gang Chen,Shuaiyong Xiao,Lihua Huang

DOI: https://doi.org/10.1007/978-3-031-36049-7_19

2023-01-01

Abstract:Breaking down data silos and promoting data circulation and cooperation is an important topic in the digital age. As data security and privacy protection have received widespread attention, the traditional cooperation model based on data centralization has been challenged. Federated learning provides technical solutions to solve this problem, but the characteristics of multi-party cooperation and data invisibility make it face the risk of data fraud. Malicious participants can manipulate data individually or in collusion to illegally obtain data or influence federated learning model. This paper proposes a novel data fraud detection method based on distributed collaborative representation and realizes the effective detection of federated learning data fraud through collaborative clustering, adaptive representation and dynamic weighting. The method proposed in this paper overcomes weakness in the existing methods that detect data fraud mechanically and statically, which cannot be organically combined with the training objectives and process. It realizes the dynamically continuous anti-collusion soft constraint detection while ensuring fraud detection and contribution evaluation are relatively independent. Our research is of great significance for federated learning to deal with the risk of data fraud and better apply to real-world scenarios.

Xicong Shen,Ying Liu,Fu Li,Chunguang Li

DOI: https://doi.org/10.1109/jiot.2023.3288886

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) has attracted widespread attention in the Internet of Things domain recently. With FL, multiple distributed devices can cooperatively train a global model by transmitting model updates without disclosing the original data. However, the distributed nature of FL makes it vulnerable to data poisoning attacks. In practice, malicious clients can launch the label-flipping attack (LFA) by simply tampering with the labels of local data, thus causing the global model to misclassify the samples of a selected class as the target class. Although some defense mechanisms have been proposed, they rely on specific assumptions about data distribution, and their performance degrades significantly when the data on clients are non-IID. Besides, most existing methods require clients to upload model updates in plaintext so that the server can identify and remove the malicious updates. But, direct transmission of model updates may still reveal private information. Considering these issues, we develop a label-flipping-robust and privacy-preserving FL (LFR-PPFL) algorithm, which is applicable to both independent and identically distributed (IID) and non-IID data. We first propose a detection method based on temporal analysis on cosine similarity to distinguish malicious clients from benign clients. Then, we propose a privacy-preserving computation protocol based on homomorphic encryption to implement this detection method and perform federated aggregation while protecting the privacy of clients. Besides, a detailed theoretical analysis is given to demonstrate the privacy guarantee of the proposed protocol. Experimental results on real-world data sets show that the proposed algorithm can effectively defend against LFAs under various data distributions.

Yujie Zhou,Ruyan Wang,Xingyue Mo,Zhidu Li,Tong Tang

DOI: https://doi.org/10.3390/electronics12010112

IF: 2.9

2022-12-28

Electronics

Abstract:Federated learning (FL) enables devices to collaborate on machine learning (ML) model training with distributed data while preserving privacy. However, the traditional FL is inefficient and costly in cloud–edge–end cooperation networks since the adopted classical client-server communication framework fails to consider the real network structure. Moreover, malicious attackers and malfunctioning clients may be implied in all participators to exert adverse impacts as abnormal behaviours on the FL process. To address the above challenges, we leverage cloud–edge–end cooperation to propose a robust hierarchical federated learning (R-HFL) framework to enhance inherent system resistance to abnormal behaviours while improving communication efficiency in practical networks and keeping the advantages of the traditional FL. Specifically, we introduce a hierarchical cloud–edge–end collaboration-based FL framework to reduce communication costs. For the framework, we design a detection mechanism as partial cosine similarity (PCS) to filter adverse clients to improve performance, where the proposed lightweight technique has high computation parallelization. Besides, we theoretically discuss the influence of the proposed PCS on the convergence and stabilization of FL. Finally, the experimental results show that the proposed R-HFL always outperforms baselines in general cases under malicious attacks, which further shows the effectiveness of our scheme.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xiaoyu Cao,Jinyuan Jia,Neil Zhenqiang Gong

DOI: https://doi.org/10.48550/arXiv.2102.01854

2021-10-27

Abstract:Federated learning enables clients to collaboratively learn a shared global model without sharing their local training data with a cloud server. However, malicious clients can corrupt the global model to predict incorrect labels for testing examples. Existing defenses against malicious clients leverage Byzantine-robust federated learning methods. However, these methods cannot provably guarantee that the predicted label for a testing example is not affected by malicious clients. We bridge this gap via ensemble federated learning. In particular, given any base federated learning algorithm, we use the algorithm to learn multiple global models, each of which is learnt using a randomly selected subset of clients. When predicting the label of a testing example, we take majority vote among the global models. We show that our ensemble federated learning with any base federated learning algorithm is provably secure against malicious clients. Specifically, the label predicted by our ensemble global model for a testing example is provably not affected by a bounded number of malicious clients. Moreover, we show that our derived bound is tight. We evaluate our method on MNIST and Human Activity Recognition datasets. For instance, our method can achieve a certified accuracy of 88% on MNIST when 20 out of 1,000 clients are malicious.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning

Valerian Rey,Pedro Miguel Sánchez Sánchez,Alberto Huertas Celdrán,Gérôme Bovet

DOI: https://doi.org/10.1016/j.comnet.2021.108693

IF: 5.493

2022-02-01

Computer Networks

Abstract:Billions of IoT devices lacking proper security mechanisms have been manufactured and deployed for the last years, and more will come with the development of Beyond 5G technologies. Their vulnerability to malware has motivated the need for efficient techniques to detect infected IoT devices inside networks. With data privacy and integrity becoming a major concern in recent years, increasing with the arrival of 5G and Beyond networks, new technologies such as federated learning and blockchain emerged. They allow training machine learning models with decentralized data while preserving its privacy by design. This work investigates the possibilities enabled by federated learning concerning IoT malware detection and studies security issues inherent to this new learning paradigm. In this context, a framework that uses federated learning to detect malware affecting IoT devices is presented. N-BaIoT, a dataset modeling network traffic of several real IoT devices while affected by malware, has been used to evaluate the proposed framework. Both supervised and unsupervised federated models (multi-layer perceptron and autoencoder) able to detect malware affecting seen and unseen IoT devices of N-BaIoT have been trained and evaluated. Furthermore, their performance has been compared to two traditional approaches. The first one lets each participant locally train a model using only its own data, while the second consists of making the participants share their data with a central entity in charge of training a global model. This comparison has shown that the use of more diverse and large data, as done in the federated and centralized methods, has a considerable positive impact on the model performance. Besides, the federated models, while preserving the participant’s privacy, show similar results as the centralized ones. As an additional contribution and to measure the robustness of the federated approach, an adversarial setup with several malicious participants poisoning the federated model has been considered. The baseline model aggregation averaging step used in most federated learning algorithms appears highly vulnerable to different attacks, even with a single adversary. The performance of other model aggregation functions acting as countermeasures is thus evaluated under the same attack scenarios. These functions provide a significant improvement against malicious participants, but more efforts are still needed to make federated approaches robust.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Xinjun Pei,Xiaoheng Deng,Shengwei Tian,Lan Zhang,Kaiping Xue

DOI: https://doi.org/10.1109/tdsc.2022.3173664

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:As the demand for Internet of Things (IoT) technologies continues to grow, IoT devices have been viable targets for malware infections. Although deep learning-based malware detection has achieved great success, the detection models are usually trained based on the collected user records, thereby leading to significant privacy risks. One promising solution is to leverage federated learning (FL) to enable distributed on-device training without centralizing the private user records. However, it is non-trivial for IoT users to label these records, where the quality and the trustworthiness of data labeling are hard to guarantee. To address the above issues, this paper develops a semi-supervised federated IoT malware detection framework based on knowledge transfer technologies, named by FedMalDE. Specifically, FedMalDE explores the underlying correlation between labeled and unlabeled records to infer labels towards unlabeled samples by the knowledge transfer mechanism. Moreover, a specially designed subgraph aggregated capsule network (SACN) is used to efficiently capture varied malicious behaviors. The extensive experiments conducted on real-world data demonstrate the effectiveness of FedMalDE in detecting IoT malware and its sufficient privacy and robustness guarantee.

Yu Bi,Yekai Li,Xuan Feng,Xianghang Mi

2024-04-08

Abstract:Despite achieving good performance and wide adoption, machine learning based security detection models (e.g., malware classifiers) are subject to concept drift and evasive evolution of attackers, which renders up-to-date threat data as a necessity. However, due to enforcement of various privacy protection regulations (e.g., GDPR), it is becoming increasingly challenging or even prohibitive for security vendors to collect individual-relevant and privacy-sensitive threat datasets, e.g., SMS spam/non-spam messages from mobile devices. To address such obstacles, this study systematically profiles the (in)feasibility of federated learning for privacy-preserving cyber threat detection in terms of effectiveness, byzantine resilience, and efficiency. This is made possible by the build-up of multiple threat datasets and threat detection models, and more importantly, the design of realistic and security-specific experiments.

Cryptography and Security

Hyejun Jeong,Hamin Son,Seohu Lee,Jayun Hyun,Tai-Myoung Chung

2024-06-06

Abstract:Federated Learning, designed to address privacy concerns in learning models, introduces a new distributed paradigm that safeguards data privacy but differentiates the attack surface due to the server's inaccessibility to local datasets and the change in protection objective--parameters' integrity. Existing approaches, including robust aggregation algorithms, fail to effectively filter out malicious clients, especially those with non-Independently and Identically Distributed data. Furthermore, these approaches often tackle non-IID data and poisoning attacks separately. To address both challenges simultaneously, we present FedCC, a simple yet novel algorithm. It leverages the Centered Kernel Alignment similarity of Penultimate Layer Representations for clustering, allowing it to identify and filter out malicious clients by selectively averaging chosen parameters, even in non-IID data settings. Our extensive experiments demonstrate the effectiveness of FedCC in mitigating untargeted model poisoning and backdoor attacks. FedCC reduces the attack confidence to a consistent zero compared to existing outlier detection-based and first-order statistics-based methods. Specifically, it significantly minimizes the average degradation of global performance by 65.5\%. We believe that this new perspective of assessing learning models makes it a valuable contribution to the field of FL model security and privacy. The code will be made available upon paper acceptance.

Cryptography and Security,Artificial Intelligence

Xiang-Yu Liang,Heng-Ru Zhang,Wei Tang,Fan Min

DOI: https://doi.org/10.1016/j.future.2023.11.015

IF: 7.307

2023-11-21

Future Generation Computer Systems

Abstract:Federated learning is vulnerable to poisoning attacks due to the inability to verify the authenticity of local data. Existing robust federated learning methods maintain a global model by discarding potentially risky local updates. However, they generally assume that the server knows the number of potentially abnormal clients. In this paper, we propose a robust federated learning method based on voting and scaling that relaxes such assumption. Malicious updates usually manifest in abnormal direction and magnitude. On one hand, the server computes the relative-angle between the target and other local updates. Angles greater than 90° are considered negative votes, otherwise positive votes. If the negative votes exceed a predefined threshold, the target is considered abnormal. On the other hand, the server computes the magnitude median of the remaining updates after filtering out updates in abnormal directions. The magnitudes of local updates above/below the median are scaled down/increased. Experiments are carried out on five datasets in comparison to five state-of-the-art algorithms. Results on the two metrics of poisoning and main task rates show that our method can effectively improve the robustness of federated learning. Source codes are available at https://github.com/liangxyswpu/lxyCode .

computer science, theory & methods

Zhirong Luan,Wenrui Li,Meiqin Liu,Badong Chen

DOI: https://doi.org/10.1109/tnnls.2024.3383294

IF: 14.255

2024-01-01

IEEE Transactions on Neural Networks and Learning Systems

Abstract:As an emerging decentralized machine learning technique, federated learning organizes collaborative training and preserves the privacy and security of participants. However, untrustworthy devices, typically Byzantine attackers, pose a significant challenge to federated learning since they can upload malicious parameters to corrupt the global model. To defend against such attacks, we propose a novel robust aggregation method—maximum correntropy aggregation (MCA), which applies the maximum correntropy criterion (MCC) to derive a central value from parameters. Different from the previous use of MCC for denoising, we utilize it as a similarity metric to measure parameter distribution and aggregate a robust center. Correntropy in MCC, with all even-order moments of the parameter, contains high-order statistical properties, which allows for a comprehensive capture of parameter characteristics, thus helping to prevent interference from attackers. Meanwhile, correntropy extracts information from the parameters themselves, without requiring the proportion of malicious attackers. Through the fixed-point iteration, we solve the optimization objective, demonstrating the linear convergence of the iteration formula. Theoretical analysis reveals the robustness aggregation property of MCA and the error bound between MCA and the global optimal solution, with linear convergence to the optimal solution neighborhood. By performing independent identically distribution (IID) and non-IID experiments on three different datasets, we show that MCA exhibits significant robustness under mainstream attacks, whereas other methods cannot withstand all of them.

Hongyong Xiao,Xutong Mu,Ke Cheng

DOI: https://doi.org/10.33969/j-nana.2024.040104

2024-01-01

Journal of Networking and Network Applications

Abstract:Federated learning allows clients to collaboratively train models without disclosing local data, yet it faces the threat of poisoning attacks from malicious clients. Existing research has proposed various robust federated learning schemes, but these often consider only a single type of poisoning attack and are inadequate for scenarios where multiple poisoning attacks occur simultaneously. To address this problem, this paper proposes FedRMA, a robust federated learning scheme resistant to multiple poisoning attacks. FedRMA eliminates the need for unrealistic prior knowledge and defends against multiple poisoning attacks by identifying and removing malicious clients. FedRMA adopts the Affinity Propagation clustering algorithm to adaptively partition clients, thereby enhancing its ability to handle multiple poisoning attacks. To mitigate the impact of uncertainty in client data distribution on model selection, FedRMA uses the L-BFGS algorithm to predict the expected global model and uses it to identify malicious clients. We evaluate the performance of FedRMA on the MNIST and CIFAR-10 datasets and compare it with two existing baselines. The experimental results show that FedRMA successfully eliminates the negative impact of multiple poisoning attacks by accurately identifying malicious clients and outperforms the baseline schemes.

Jiayan Chen,Zhirong Qian,Tianhui Meng,Xitong Gao,Tian Wang,Weijia Jia

2024-05-20

Abstract:Aiming at privacy preservation, Federated Learning (FL) is an emerging machine learning approach enabling model training on decentralized devices or data sources. The learning mechanism of FL relies on aggregating parameter updates from individual clients. However, this process may pose a potential security risk due to the presence of malicious devices. Existing solutions are either costly due to the use of compute-intensive technology, or restrictive for reasons of strong assumptions such as the prior knowledge of the number of attackers and how they attack. Few methods consider both privacy constraints and uncertain attack scenarios. In this paper, we propose a robust FL approach based on the credibility management scheme, called Fed-Credit. Unlike previous studies, our approach does not require prior knowledge of the nodes and the data distribution. It maintains and employs a credibility set, which weighs the historical clients' contributions based on the similarity between the local models and global model, to adjust the global model update. The subtlety of Fed-Credit is that the time decay and attitudinal value factor are incorporated into the dynamic adjustment of the reputation weights and it boasts a computational complexity of O(n) (n is the number of the clients). We conducted extensive experiments on the MNIST and CIFAR-10 datasets under 5 types of attacks. The results exhibit superior accuracy and resilience against adversarial attacks, all while maintaining comparatively low computational complexity. Among these, on the Non-IID CIFAR-10 dataset, our algorithm exhibited performance enhancements of 19.5% and 14.5%, respectively, in comparison to the state-of-the-art algorithm when dealing with two types of data poisoning attacks.

Machine Learning,Artificial Intelligence

Zhaosen Shi,Xuyang Ding,Fagen Li,Yingni Chen,Canran Li

DOI: https://doi.org/10.1007/s12243-022-00929-4

2022-01-01

Abstract:Federated learning provides a way to achieve joint model training while keeping the data of every party stored locally, and it protects the data privacy of all participants in cooperative training. However, there are availability and integrity threats in federated learning, as malicious parties may pretend to be benign ones to interfere with the global model. In this paper, we consider a federated learning scenario with one center server and multiple clients, where malicious clients launch poisoning attacks. We explore the statistical relationship of Euclidean distance among models, including benign versus benign models and malicious versus benign models. Then, we design a defense method based on our findings and inspired by evolutionary clustering. The center server uses this defense scheme to screen possible malicious clients and mitigate their attacks. Our mitigation scheme refers to the detection results of both the current and previous rounds. Moreover, we improve our scheme to apply it to a privacy threat scenario. Finally, we demonstrate the effectiveness of our scheme through experiments in several different scenarios.

Khanh Huu The Dam,Charles-Henry Bertrand Van Ouytsel,Axel Legay

DOI: https://doi.org/10.48550/arXiv.2204.14159

2022-04-29

Abstract:Over past years, the manually methods to create detection rules were no longer practical in the anti-malware product since the number of malware threats has been growing. Thus, the turn to the machine learning approaches is a promising way to make the malware recognition more efficient. The traditional centralized machine learning requires a large amount of data to train a model with excellent performance. To boost the malware detection, the training data might be on various kind of data sources such as data on host, network and cloud-based anti-malware components, or even, data from different enterprises. To avoid the expenses of data collection as well as the leakage of private data, we present a federated learning system to identify malwares through the behavioural graphs, i.e., system call dependency graphs. It is based on a deep learning model including a graph autoencoder and a multi-classifier module. This model is trained by a secure learning protocol among clients to preserve the private data against the inference attacks. Using the model to identify malwares, we achieve the accuracy of 85\% for the homogeneous graph data and 93\% for the inhomogeneous graph data.

Cryptography and Security

Yufei Han,Xiangliang Zhang

DOI: https://doi.org/10.48550/arXiv.1905.02941

2019-05-08

Abstract:Federated learning performs distributed model training using local data hosted by agents. It shares only model parameter updates for iterative aggregation at the server. Although it is privacy-preserving by design, federated learning is vulnerable to noise corruption of local agents, as demonstrated in the previous study on adversarial data poisoning threat against federated learning systems. Even a single noise-corrupted agent can bias the model training. In our work, we propose a collaborative and privacy-preserving machine teaching paradigm with multiple distributed teachers, to improve robustness of the federated training process against local data corruption. We assume that each local agent (teacher) have the resources to verify a small portions of trusted instances, which may not by itself be adequate for learning. In the proposed collaborative machine teaching method, these trusted instances guide the distributed agents to jointly select a compact while informative training subset from data hosted by their own. Simultaneously, the agents learn to add changes of limited magnitudes into the selected data instances, in order to improve the testing performances of the federally trained model despite of the training data corruption. Experiments on toy and real data demonstrate that our approach can identify training set bugs effectively and suggest appropriate changes to the labels. Our algorithm is a step toward trustworthy machine learning.

Machine Learning,Artificial Intelligence

Xiaolong Xu,Haoyuan Li,Zheng Li,Xiaokang Zhou

DOI: https://doi.org/10.1109/tii.2022.3195896

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the increasing data scale in the Industrial Internet of Things, edge computing coordinated with machine learning is regarded as an effective way to raise the novel latency-sensitive services. To ensure the data privacy for frequent service access, federated learning (FL), as a privacy-preserving distributed framework, is integrated into edge computing, enabling user data invisible to the training process. However, sophisticated network attacks threaten deep learning (DL) models by data poison and malicious reasoning, making the DL-based system untrustworthy. To this end, a synergic data filtering method, named Safe, is proposed to deal with the poisoning attacks. Specifically, considering that the distributed support vector machine is at risk of being attacked due to its distribution and openness to communication, edge-cloud empowered FL framework is designed. Then, the alternating direction method of multipliers is deployed to detect attacked devices whose training processes will be interrupted. Moreover, due to the untrustworthiness of label data, the poisoned data in the attacked devices are figured out and filtered by clustering the trusted data with K -means clustering algorithm. Eventually, extensive experiment results proved that the Safe outperforms correlation methods in detection accuracy and trustworthiness.

Qilei Li,Ahmed M. Abdelmoniem

2024-08-17

Abstract:Federated Learning (FL) is a distributed machine learning diagram that enables multiple clients to collaboratively train a global model without sharing their private local data. However, FL systems are vulnerable to attacks that are happening in malicious clients through data poisoning and model poisoning, which can deteriorate the performance of aggregated global model. Existing defense methods typically focus on mitigating specific types of poisoning and are often ineffective against unseen types of attack. These methods also assume an attack happened moderately while is not always holds true in real. Consequently, these methods can significantly fail in terms of accuracy and robustness when detecting and addressing updates from attacked malicious clients. To overcome these challenges, in this work, we propose a simple yet effective framework to detect malicious clients, namely Confidence-Aware Defense (CAD), that utilizes the confidence scores of local models as criteria to evaluate the reliability of local updates. Our key insight is that malicious attacks, regardless of attack type, will cause the model to deviate from its previous state, thus leading to increased uncertainty when making predictions. Therefore, CAD is comprehensively effective for both model poisoning and data poisoning attacks by accurately identifying and mitigating potential malicious updates, even under varying degrees of attacks and data heterogeneity. Experimental results demonstrate that our method significantly enhances the robustness of FL systems against various types of attacks across various scenarios by achieving higher model accuracy and stability.

Machine Learning,Cryptography and Security,Computer Vision and Pattern Recognition,Distributed, Parallel, and Cluster Computing

Li Chen,Fan Ang,Yunfei Chen,Weidong Wang

DOI: https://doi.org/10.1109/tnse.2022.3227287

IF: 6.6

2023-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Federated learning (FL) is a communication-efficient machine learning paradigm to leverage distributed data at the network edge. Nevertheless, FL usually fails to train a high-quality model from the networks, where the edge nodes collect noisy labeled data. To tackle this challenge, this paper focuses on developing an innovative robust FL. We consider two kinds of networks with different data distribution. Firstly, we design a reweighted FL under a full-data network, where all edge nodes are equipped with both numerous noisy labeled dataset and small clean dataset. The key idea is that edge devices learn to assign the local weights of loss functions in noisy labeled dataset, and cooperate with central server to update global weights. Secondly, we consider a part-data network where some edge nodes exclude clean dataset, and can not compute the weights locally. The broadcasting of the global weights is added to help those edge nodes without clean dataset to reweight their noisy loss functions. Both designs have a convergence rate of $\mathcal {O}(1/T^{2})$ . Simulation results illustrate that the both proposed training processes improve the prediction accuracy due to the proper weights assignments of noisy loss function.