RFed: Robustness-Enhanced Privacy-Preserving Federated Learning Against Poisoning Attack
Yinbin Miao,Xinru Yan,Xinghua Li,Shujiang Xu,Ximeng Liu,Hongwei Li,Robert H. Deng
DOI: https://doi.org/10.1109/tifs.2024.3402113
IF: 7.231
2024-01-01
IEEE Transactions on Information Forensics and Security
Abstract:Federated learning not only realizes collaborative training of models, but also effectively maintains user privacy. However, with the widespread application of privacy-preserving federated learning, poisoning attacks threaten the model utility. Existing defense schemes suffer from a series of problems, including low accuracy, low robustness and reliance on strong assumptions, which limit the practicability of federated learning. To solve these problems, we propose a Robustness-enhanced privacy-preserving Federated learning with scaled dot-product attention (RFed) under dual-server model. Specifically, we design a highly robust defense mechanism that uses a dual-server model instead of traditional single-server model to significantly improve model accuracy and completely eliminate the reliance on strong assumptions. Formal security analysis proves that our scheme achieves convergence and provides privacy protection, and extensive experiments demonstrate that our scheme reduces high computational overhead while guaranteeing privacy preservation and model accuracy, and ensures that the failure rate of poisoning attacks is higher than 96%.
computer science, theory & methods,engineering, electrical & electronic