DART: A Solution for Decentralized Federated Learning Model Robustness Analysis
Chao Feng, Alberto Huertas Celdrán, Jan von der Assen, Enrique Tomás Martínez Beltrán, Gérôme Bovet, Burkhard Stiller
TL;DR
This paper tackles the robustness of Decentralized Federated Learning (DFL) to poisoning attacks, addressing a gap where most work focuses on Centralized FL (CFL). It introduces DART, a dual- component framework (attack and defense) integrated into the Fedstellar platform to quantitatively analyze DFL model robustness and defense compatibility. Through extensive experiments on MNIST, FashionMNIST, and CIFAR-10 under untargeted and targeted attacks, the work shows that DFL’s robustness is highly topology-dependent and that CFL defenses often underperform in DFL unless adapted (e.g., Sentinel, Voyager). The findings highlight topology-driven attack surfaces, defense trade-offs, and practical guidelines for deploying robust DFL in real-world IoT and edge environments.
Abstract
Federated Learning (FL) has emerged as a promising approach to address privacy concerns inherent in Machine Learning (ML) practices. However, conventional FL methods, particularly those following the Centralized FL (CFL) paradigm, utilize a central server for global aggregation, which exhibits limitations such as bottleneck and single point of failure. To address these issues, the Decentralized FL (DFL) paradigm has been proposed, which removes the client-server boundary and enables all participants to engage in model training and aggregation tasks. Nevertheless, as CFL, DFL remains vulnerable to adversarial attacks, notably poisoning attacks that undermine model performance. While existing research on model robustness has predominantly focused on CFL, there is a noteworthy gap in understanding the model robustness of the DFL paradigm. In this paper, a thorough review of poisoning attacks targeting the model robustness in DFL systems, as well as their corresponding countermeasures, are presented. Additionally, a solution called DART is proposed to evaluate the robustness of DFL models, which is implemented and integrated into a DFL platform. Through extensive experiments, this paper compares the behavior of CFL and DFL under diverse poisoning attacks, pinpointing key factors affecting attack spread and effectiveness within the DFL. It also evaluates the performance of different defense mechanisms and investigates whether defense mechanisms designed for CFL are compatible with DFL. The empirical results provide insights into research challenges and suggest ways to improve the robustness of DFL models for future research.