FedSV: Byzantine-Robust Federated Learning via Shapley Value
Khaoula Otmani, Rachid Elazouzi, Vincent Labatut
TL;DR
FedSV addresses Byzantine robustness in Federated Learning by leveraging the Shapley Value to quantify each client’s contribution to the global model. It introduces a lightweight SV estimator (EstimateSV) based on TAMC and stratified sampling, and a clustering-driven client selection method (ClusFed) to prune malicious clients during training. Experiments on MNIST with non-IID data and varying proportions of malicious nodes show FedSV maintains near-baseline accuracy and outperforms several baselines under aggressive attacks. The work presents a scalable defense framework that integrates SV-based evaluation with adaptive client selection to enhance security in FL applications.
Abstract
In Federated Learning (FL), several clients jointly learn a machine learning model: each client maintains a local model for its local learning dataset, while a master server maintains a global model by aggregating the local models of the client devices. However, the repetitive communication between server and clients leaves room for attacks aimed at compromising the integrity of the global model, causing errors in its targeted predictions. In response to such threats on FL, various defense measures have been proposed in the literature. In this paper, we present a powerful defense against malicious clients in FL, called FedSV, using the Shapley Value (SV), which has been proposed recently to measure user contribution in FL by computing the marginal increase of average accuracy of the model due to the addition of local data of a user. Our approach makes the identification of malicious clients more robust, since during the learning phase, it estimates the contribution of each client according to the different groups to which the target client belongs. FedSV's effectiveness is demonstrated by extensive experiments on MNIST datasets in a cross-silo context under various attacks.