Attack-Resistant Federated Learning with Residual-based Reweighting
About
Federated learning has a variety of applications in multiple domains by utilizing private training data stored on different devices. However, the aggregation process in federated learning is highly vulnerable to adversarial attacks so that the global model may behave abnormally under attacks. To tackle this challenge, we present a novel aggregation algorithm with residual-based reweighting to defend federated learning. Our aggregation algorithm combines repeated median regression with the reweighting scheme in iteratively reweighted least squares. Our experiments show that our aggregation algorithm outperforms other alternative algorithms in the presence of label-flipping and backdoor attacks. We also provide theoretical analysis for our aggregation algorithm.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Image Classification | CIFAR-100 (test) | Accuracy72.05 | 3518 | |
| Image Classification | CIFAR-10 (test) | Accuracy60.19 | 3381 | |
| Image Classification | Clothing1M (test) | Accuracy70.91 | 598 | |
| Image Classification | CIFAR-100 non-IID (test) | Test Accuracy (Avg Best)48.03 | 113 | |
| Image Classification | CIFAR-10 IID partition (test) | Targeted Communication Cost120 | 48 | |
| Image Classification | CIFAR-10 (test) | Targeted Communication Cost290 | 33 | |
| Safety and Utility Evaluation | BeaverTails & WildChat | Rule Adherence50.58 | 11 | |
| Robust Safety and Utility Evaluation in Federated Learning | BeaverTails & LMSYS-Chat | Rule Score53.08 | 8 | |
| Robust Safety and Utility Evaluation in Federated Learning | MaliciousGen & LMSYS-Chat | Rule Compliance52.88 | 8 | |
| Robust Safety and Utility Evaluation in Federated Learning | MaliciousGen & WildChat | Rule Score47.31 | 8 |