The Impact of Adversarial Node Placement in Decentralized Federated Learning Networks

TL;DR

The paper tackles security in decentralized Federated Learning by examining how coordinated adversarial node placement affects attack potency, introducing MaxSpAN-FL to maximize inter-adversary distance via $d_{ ext{avg}}$ and BFS-based clustering. It compares MaxSpAN-FL against random and eigenvector-centrality baselines across DG and ER network topologies with IID and Non-IID Fashion-MNIST data, showing up to a $66.5\%$ improvement in attack effectiveness in certain scenarios. The study provides nuanced insights into how graph structure, connectivity, network size, data heterogeneity, and attack timing shape vulnerability, highlighting that topology-informed attacks can substantially degrade decentralized FL performance. These findings inform the design of more robust decentralized FL systems and secure aggregation strategies.

Abstract

As Federated Learning (FL) grows in popularity, new decentralized frameworks are becoming widespread. These frameworks leverage the benefits of decentralized environments to enable fast and energy-efficient inter-device communication. However, this growing popularity also intensifies the need for robust security measures. While existing research has explored various aspects of FL security, the role of adversarial node placement in decentralized networks remains largely unexplored. This paper addresses this gap by analyzing the performance of decentralized FL for various adversarial placement strategies when adversaries can jointly coordinate their placement within a network. We establish two baseline strategies for placing adversarial node: random placement and network centrality-based placement. Building on this foundation, we propose a novel attack algorithm that prioritizes adversarial spread over adversarial centrality by maximizing the average network distance between adversaries. We show that the new attack algorithm significantly impacts key performance metrics such as testing accuracy, outperforming the baseline frameworks by between $9\%$ and $66.5\%$ for the considered setups. Our findings provide valuable insights into the vulnerabilities of decentralized FL systems, setting the stage for future research aimed at developing more secure and robust decentralized FL frameworks.

Figures (5)

• Figure 1: Decentralized federated learning with adversarial nodes.
• Figure 2: Average testing accuracy of honest nodes in 25-node networks, comparing Directed Geometric graphs with connection radius $r = 0.2$ and Erdős–Rényi graphs with edge probability $p = 0.5$, for both IID and Non-IID data distributions. The effects of various attack placement strategies on the network's performance are illustrated. Adversarial percentage is $20\%$.
• Figure 3: Average Attack Accuracy Loss for Directed Geometric and ER graphs with 25 nodes and $20\%$ adversaries for different connectivity parameters.
• Figure 4: Average Attack Accuracy Loss for Directed Geometric graphs with $r = 0.2$ and IID data distribution, for different network sizes and number of adversaries
• Figure 5: Average testing accuracy over honest nodes in 25-node Directed Geometric Graph with $r=0.2$, for both IID and Non-IID data distributions for different attack deployment times. Adversarial percentage is $20\%$.