Table of Contents
Fetching ...

Toward Malicious Clients Detection in Federated Learning

Zhihao Dou, Jiaqi Wang, Wei Sun, Zhuqing Liu, Minghong Fang

TL;DR

Federated Learning is vulnerable to poisoning attacks that contaminate the global model. The paper introduces SafeFL, a detection-based defense that builds a synthetic dataset D_syn from a trajectory of global models {\mathbf{w}^t} and detects malicious clients using two variants: SafeFL-ML (median-loss) and SafeFL-CL (clustering-loss). Across five datasets and eleven attacks, SafeFL achieves superior detection (DACC) and final-model performance (TACC) with low ASR, outperforming both detection- and prevention-based baselines. While effective, SafeFL raises privacy concerns due to storing model trajectories, which the authors propose to address via privacy-preserving extensions and potential decentralization. Overall, SafeFL offers a robust approach to maintaining training integrity in FL with practical implications for secure and reliable distributed learning.

Abstract

Federated learning (FL) enables multiple clients to collaboratively train a global machine learning model without sharing their raw data. However, the decentralized nature of FL introduces vulnerabilities, particularly to poisoning attacks, where malicious clients manipulate their local models to disrupt the training process. While Byzantine-robust aggregation rules have been developed to mitigate such attacks, they remain inadequate against more advanced threats. In response, recent advancements have focused on FL detection techniques to identify potentially malicious participants. Unfortunately, these methods often misclassify numerous benign clients as threats or rely on unrealistic assumptions about the server's capabilities. In this paper, we propose a novel algorithm, SafeFL, specifically designed to accurately identify malicious clients in FL. The SafeFL approach involves the server collecting a series of global models to generate a synthetic dataset, which is then used to distinguish between malicious and benign models based on their behavior. Extensive testing demonstrates that SafeFL outperforms existing methods, offering superior efficiency and accuracy in detecting malicious clients.

Toward Malicious Clients Detection in Federated Learning

TL;DR

Federated Learning is vulnerable to poisoning attacks that contaminate the global model. The paper introduces SafeFL, a detection-based defense that builds a synthetic dataset D_syn from a trajectory of global models {\mathbf{w}^t} and detects malicious clients using two variants: SafeFL-ML (median-loss) and SafeFL-CL (clustering-loss). Across five datasets and eleven attacks, SafeFL achieves superior detection (DACC) and final-model performance (TACC) with low ASR, outperforming both detection- and prevention-based baselines. While effective, SafeFL raises privacy concerns due to storing model trajectories, which the authors propose to address via privacy-preserving extensions and potential decentralization. Overall, SafeFL offers a robust approach to maintaining training integrity in FL with practical implications for secure and reliable distributed learning.

Abstract

Federated learning (FL) enables multiple clients to collaboratively train a global machine learning model without sharing their raw data. However, the decentralized nature of FL introduces vulnerabilities, particularly to poisoning attacks, where malicious clients manipulate their local models to disrupt the training process. While Byzantine-robust aggregation rules have been developed to mitigate such attacks, they remain inadequate against more advanced threats. In response, recent advancements have focused on FL detection techniques to identify potentially malicious participants. Unfortunately, these methods often misclassify numerous benign clients as threats or rely on unrealistic assumptions about the server's capabilities. In this paper, we propose a novel algorithm, SafeFL, specifically designed to accurately identify malicious clients in FL. The SafeFL approach involves the server collecting a series of global models to generate a synthetic dataset, which is then used to distinguish between malicious and benign models based on their behavior. Extensive testing demonstrates that SafeFL outperforms existing methods, offering superior efficiency and accuracy in detecting malicious clients.
Paper Structure (26 sections, 5 equations, 13 figures, 19 tables, 2 algorithms)

This paper contains 26 sections, 5 equations, 13 figures, 19 tables, 2 algorithms.

Figures (13)

  • Figure 1: Impact of length of trajectory, where CIFAR-10 dataset is considered.
  • Figure 2: Impact of the number of synthetic data, where CIFAR-10 dataset is considered.
  • Figure 3: The loss values of benign and malicious clients’ local models computed on the synthetic dataset, using SafeFL-ML with the CIFAR-10 dataset.
  • Figure 4: The loss values of benign and malicious clients’ local models computed on the synthetic dataset, using SafeFL-ML with the MNIST dataset.
  • Figure 5: The loss values of benign and malicious clients’ local models computed on the synthetic dataset, using SafeFL-ML with the FEMNIST dataset.
  • ...and 8 more figures