Do We Really Need to Design New Byzantine-robust Aggregation Rules?
Minghong Fang, Seyedsina Nabavirazavi, Zhuqing Liu, Wei Sun, Sundararaja Sitharama Iyengar, Haibo Yang
TL;DR
This paper addresses poisoning attacks in federated learning by arguing that there is no need for new Byzantine-robust aggregation rules. It introduces FoundationFL, where the server generates synthetic updates based on client updates and combines them with real updates using established robust aggregators such as Trimmed-mean or Median, thereby reducing update variance and improving robustness under attack. The authors provide convergence guarantees under standard FL assumptions and validate the approach across six datasets and twelve poisoning attacks, showing robust performance and scalability, including under non-IID data and high fractions of malicious clients. The work suggests a practical, provably effective defense that leverages existing aggregation principles with synthetic augmentations, offering a less brittle and more adaptable defense against poisoning in FL with broad theoretical and empirical support.
Abstract
Federated learning (FL) allows multiple clients to collaboratively train a global machine learning model through a server, without exchanging their private training data. However, the decentralized aspect of FL makes it susceptible to poisoning attacks, where malicious clients can manipulate the global model by sending altered local model updates. To counter these attacks, a variety of aggregation rules designed to be resilient to Byzantine failures have been introduced. Nonetheless, these methods can still be vulnerable to sophisticated attacks or depend on unrealistic assumptions about the server. In this paper, we demonstrate that there is no need to design new Byzantine-robust aggregation rules; instead, FL can be secured by enhancing the robustness of well-established aggregation rules. To this end, we present FoundationFL, a novel defense mechanism against poisoning attacks. FoundationFL involves the server generating synthetic updates after receiving local model updates from clients. It then applies existing Byzantine-robust foundational aggregation rules, such as Trimmed-mean or Median, to combine clients' model updates with the synthetic ones. We theoretically establish the convergence performance of FoundationFL under Byzantine settings. Comprehensive experiments across several real-world datasets validate the efficiency of our FoundationFL method.