RAB$^2$-DEF: Dynamic and explainable defense against adversarial attacks in Federated Learning to fair poor clients
Nuria Rodríguez-Barroso, M. Victoria Luzón, Francisco Herrera
TL;DR
The paper tackles the vulnerability of Federated Learning to adversarial threats while maintaining data privacy. It introduces RAB2-DEF, a dynamic, explainable defense that uses Local Linear Explanations (LLEs) to rank client updates and a dynamic linguistic quantifier to weight contributions, enabling resilience to both Byzantine and backdoor attacks. The method provides visual explanations for filtering decisions and distinguishes adversarial from poor (skewed-data) clients to improve fairness. Empirical results on Fed-EMNIST, Fashion-MNIST, and CIFAR-10 show competitive robustness to Byzantine attacks and strong protection against backdoors, with added benefits in explainability and fairness for poor clients.
Abstract
At the same time that artificial intelligence is becoming popular, concern and the need for regulation is growing, including among other requirements the data privacy. In this context, Federated Learning is proposed as a solution to data privacy concerns derived from different source data scenarios due to its distributed learning. The defense mechanisms proposed in literature are just focused on defending against adversarial attacks and the performance, leaving aside other important qualities such as explainability, fairness to poor quality clients, dynamism in terms of attacks configuration and generality in terms of being resilient against different kinds of attacks. In this work, we propose RAB$^2$-DEF, a $\textbf{r}$esilient $\textbf{a}$gainst $\textbf{b}\text{yzantine}$ and $\textbf{b}$ackdoor attacks which is $\textbf{d}$ynamic, $\textbf{e}$xplainable and $\textbf{f}$air to poor clients using local linear explanations. We test the performance of RAB$^2$-DEF in image datasets and both byzantine and backdoor attacks considering the state-of-the-art defenses and achieve that RAB$^2$-DEF is a proper defense at the same time that it boosts the other qualities towards trustworthy artificial intelligence.