The thesis focuses on a specific type of attack called Byzantine, where a subset of malicious clients participating in the FL network attempts to poison the global model by sending arbitrarily corrupted local updatesto the server. Without a robust aggregation scheme at the server's end, the global model may get significantly jeopardized or even fail to converge. Thus, we propose FLANDERS, a novel FL aggregation rule robust to Byzantine attacks. FLANDERS considers the model updates sent by clients at each FL round as a matrix-valued time series. Then, it identifies malicious clients as outliers of this time series by comparing actual observations with those estimated by a matrix autoregressive forecasting model. Experiments conducted on several datasets demonstrate that FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies.

FLANDERS: A Byzantine-Resilient Aggregation Scheme for Federated Learning via Matrix Autore- gression on Client Updates / Gabrielli, Edoardo. - (2023 Jan 31).

FLANDERS: A Byzantine-Resilient Aggregation Scheme for Federated Learning via Matrix Autore- gression on Client Updates

2023

Abstract

The thesis focuses on a specific type of attack called Byzantine, where a subset of malicious clients participating in the FL network attempts to poison the global model by sending arbitrarily corrupted local updatesto the server. Without a robust aggregation scheme at the server's end, the global model may get significantly jeopardized or even fail to converge. Thus, we propose FLANDERS, a novel FL aggregation rule robust to Byzantine attacks. FLANDERS considers the model updates sent by clients at each FL round as a matrix-valued time series. Then, it identifies malicious clients as outliers of this time series by comparing actual observations with those estimated by a matrix autoregressive forecasting model. Experiments conducted on several datasets demonstrate that FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies.
31-gen-2023
Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI
Federated Learning
Robust Aggregation
Byzantine Model Poisoning
Gabriele Tolomei; Dimitri Belli
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/452367
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact