Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Enhancing Security and Privacy in Federated Learning using Low-Dimensional Update Representation and Proximity-Based Defense

Wenjie Li, Kai Fan, Jingyuan Zhang, Hui Li, Wei Yang Bryan Lim, Qiang Yang

TL;DR

FLURP tackles the dual challenge of privacy and Byzantine robustness in federated learning by introducing Low-Dimensional Update Representations (LURs) via LinfSample and a privacy-preserving proximity-based defense. The framework replaces direct, large-scale distance computations with efficient SMPC-enabled operations on LURs, achieving substantial reductions in communication and computation overhead while maintaining strong defense against eight attack types, including backdoors. A suite of optimized secure protocols (packedCompare, matrixSharedShuffle, mulRowPartition, mulRowQuickSelect) enable private, scalable proximity analysis and client qualification. Empirical results across image and text tasks show FLURP delivers superior Byzantine resilience under varying data distributions and attacker proportions, with adaptivity to challenging threat models. FLURP thus offers a practical, scalable path to secure and reliable FL in distributed environments.

Abstract

Federated Learning (FL) is a promising privacy-preserving machine learning paradigm that allows data owners to collaboratively train models while keeping their data localized. Despite its potential, FL faces challenges related to the trustworthiness of both clients and servers, particularly against curious or malicious adversaries. In this paper, we introduce a novel framework named \underline{F}ederated \underline{L}earning with Low-Dimensional \underline{U}pdate \underline{R}epresentation and \underline{P}roximity-Based defense (FLURP), designed to address privacy preservation and resistance to Byzantine attacks in distributed learning environments. FLURP employs $\mathsf{LinfSample}$ method, enabling clients to compute the $l_{\infty}$ norm across sliding windows of updates, resulting in a Low-Dimensional Update Representation (LUR). Calculating the shared distance matrix among LURs, rather than updates, significantly reduces the overhead of Secure Multi-Party Computation (SMPC) by three orders of magnitude while effectively distinguishing between benign and poisoned updates. Additionally, FLURP integrates a privacy-preserving proximity-based defense mechanism utilizing optimized SMPC protocols to minimize communication rounds. Our experiments demonstrate FLURP's effectiveness in countering Byzantine adversaries with low communication and runtime overhead. FLURP offers a scalable framework for secure and reliable FL in distributed environments, facilitating its application in scenarios requiring robust data management and security.

Enhancing Security and Privacy in Federated Learning using Low-Dimensional Update Representation and Proximity-Based Defense

TL;DR

FLURP tackles the dual challenge of privacy and Byzantine robustness in federated learning by introducing Low-Dimensional Update Representations (LURs) via LinfSample and a privacy-preserving proximity-based defense. The framework replaces direct, large-scale distance computations with efficient SMPC-enabled operations on LURs, achieving substantial reductions in communication and computation overhead while maintaining strong defense against eight attack types, including backdoors. A suite of optimized secure protocols (packedCompare, matrixSharedShuffle, mulRowPartition, mulRowQuickSelect) enable private, scalable proximity analysis and client qualification. Empirical results across image and text tasks show FLURP delivers superior Byzantine resilience under varying data distributions and attacker proportions, with adaptivity to challenging threat models. FLURP thus offers a practical, scalable path to secure and reliable FL in distributed environments.

Abstract

Federated Learning (FL) is a promising privacy-preserving machine learning paradigm that allows data owners to collaboratively train models while keeping their data localized. Despite its potential, FL faces challenges related to the trustworthiness of both clients and servers, particularly against curious or malicious adversaries. In this paper, we introduce a novel framework named \underline{F}ederated \underline{L}earning with Low-Dimensional \underline{U}pdate \underline{R}epresentation and \underline{P}roximity-Based defense (FLURP), designed to address privacy preservation and resistance to Byzantine attacks in distributed learning environments. FLURP employs method, enabling clients to compute the norm across sliding windows of updates, resulting in a Low-Dimensional Update Representation (LUR). Calculating the shared distance matrix among LURs, rather than updates, significantly reduces the overhead of Secure Multi-Party Computation (SMPC) by three orders of magnitude while effectively distinguishing between benign and poisoned updates. Additionally, FLURP integrates a privacy-preserving proximity-based defense mechanism utilizing optimized SMPC protocols to minimize communication rounds. Our experiments demonstrate FLURP's effectiveness in countering Byzantine adversaries with low communication and runtime overhead. FLURP offers a scalable framework for secure and reliable FL in distributed environments, facilitating its application in scenarios requiring robust data management and security.
Paper Structure (38 sections, 4 theorems, 2 equations, 6 figures, 6 tables, 5 algorithms)

This paper contains 38 sections, 4 theorems, 2 equations, 6 figures, 6 tables, 5 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Byzantine Resilient Aggregation Rule (BRAR)
  4. Privacy-Preserving Byzantine Resilient Aggregation Rule (ppBRAR)
  5. Preliminaries
  6. Federated Learning
  7. Byzantine Attacks in FL
  8. Untargeted attacks
  9. Targeted attack / Backdoor attackbackdoor-DBLP:journals/corr/abs-1911-07963backdoor-pmlr-v108-bagdasaryan20ayimingli9802938
  10. Additive Secret Sharing
  11. Additive Homomorphic Encryption
  12. Overview
  13. System Model
  14. Threat Model
  15. Design Goals
  16. ...and 23 more sections

Key Result

Theorem 1

The security of $\mathsf{packedCompare}$ holds in the $(\left( \substack{M \\ 1} \right) - \mathsf{OT}_2, \mathcal{F}_{\mathsf{correlated AND}})$-hybrid, as $\lbrace\langle lt_{0,j} \rangle^B, \langle eq_{0,j} \rangle^B \rbrace_{j \in [0,n \cdot q -1]}$ are uniformly random.

Figures (6)

  • Figure 1: System model
  • Figure 2: The MA and ASR (%) of the three baselines and $\mathsf{LinfSample}$ across three training tasks.
  • Figure 3: Under the scenario with a 40% malicious client ratio, MA and ASR (%) of FLURP and the other six comparative schemes against Byzantine attacks across three datasets.
  • Figure 4: The MA and ASR (%) of FedAvg and FLURP under Task 3 (AgNews + Bi-LSTM) across three different non-IID distributions.
  • Figure 5: Robustness of FLURP under Adaptive-FLURP Attack.
  • ...and 1 more figures

Theorems & Definitions (8)

  • Theorem 1
  • proof
  • Theorem 2
  • proof
  • Theorem 3
  • proof
  • Theorem 4
  • proof