Fall of Empires: Breaking Byzantine-tolerant SGD by Inner Product Manipulation
About
Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show robust aggregation methods for synchronous SGD -- coordinate-wise median and Krum -- can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.
Cong Xie, Sanmi Koyejo, Indranil Gupta• 2019
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Image Classification | CIFAR-10 IID | Accuracy85.8 | 166 | |
| Image Classification | CIFAR10 non-iid | Accuracy83.3 | 162 | |
| Image Classification | CIFAR-10 non-IID (test) | Average Test Accuracy70.6 | 14 |
Showing 3 of 3 rows