The thesis focuses on a specific type of attack called Byzantine, where a subset of malicious clients participating in the FL network attempts to poison the global model by sending arbitrarily corrupted local updatesto the server. Without a robust aggregation scheme at the server's end, the global model may get significantly jeopardized or even fail to converge. Thus, we propose FLANDERS, a novel FL aggregation rule robust to Byzantine attacks. FLANDERS considers the model updates sent by clients at each FL round as a matrix-valued time series. Then, it identifies malicious clients as outliers of this time series by comparing actual observations with those estimated by a matrix autoregressive forecasting model. Experiments conducted on several datasets demonstrate that FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies.
FLANDERS: A Byzantine-Resilient Aggregation Scheme for Federated Learning via Matrix Autore- gression on Client Updates / Gabrielli, Edoardo. - (2023 Jan 31).
FLANDERS: A Byzantine-Resilient Aggregation Scheme for Federated Learning via Matrix Autore- gression on Client Updates
2023
Abstract
The thesis focuses on a specific type of attack called Byzantine, where a subset of malicious clients participating in the FL network attempts to poison the global model by sending arbitrarily corrupted local updatesto the server. Without a robust aggregation scheme at the server's end, the global model may get significantly jeopardized or even fail to converge. Thus, we propose FLANDERS, a novel FL aggregation rule robust to Byzantine attacks. FLANDERS considers the model updates sent by clients at each FL round as a matrix-valued time series. Then, it identifies malicious clients as outliers of this time series by comparing actual observations with those estimated by a matrix autoregressive forecasting model. Experiments conducted on several datasets demonstrate that FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.