Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

RobustFSM: Submodular Maximization in Federated Setting with Malicious Clients

Duc A. Tran, Dung Truong, Duy Le

TL;DR

RobustFSM tackles robustness in Federated Submodular Maximization where malicious clients can mislead the aggregation. It introduces a Byzantine-robust aggregation via two coreset-based global candidates: one built from maximally similar local gradients and another from maximally diverse gradients, with clients selecting the candidate best aligned to their local objective before proceeding with local updates. Empirical results on CIFAR10 and PATHMNIST show RobustFSM substantially outperforms the standard FedCG under targeted attacks (up to 200% improvement in some scenarios) while remaining competitive in no-attack settings. This work pioneers robustness in FSM, providing a practical defense and a benchmark for future studies in federated submodular optimization.$S^* = \arg \max_S \{ f(S) = \frac{1}{|C|} \sum_{i\in C} f_i(S) : S\in\mathcal{I} \}$, with a continuous-greedy based approach and a novel two-coreset aggregation to resist Byzantine clients.

Abstract

Submodular maximization is an optimization problem benefiting many machine learning applications, where we seek a small subset best representing an extremely large dataset. We focus on the federated setting where the data are locally owned by decentralized clients who have their own definitions for the quality of representability. This setting requires repetitive aggregation of local information computed by the clients. While the main motivation is to respect the privacy and autonomy of the clients, the federated setting is vulnerable to client misbehaviors: malicious clients might share fake information. An analogy is backdoor attack in conventional federated learning, but our challenge differs freshly due to the unique characteristics of submodular maximization. We propose RobustFSM, a federated submodular maximization solution that is robust to various practical client attacks. Its performance is substantiated with an empirical evaluation study using real-world datasets. Numerical results show that the solution quality of RobustFSM substantially exceeds that of the conventional federated algorithm when attacks are severe. The degree of this improvement depends on the dataset and attack scenarios, which can be as high as 200%

RobustFSM: Submodular Maximization in Federated Setting with Malicious Clients

TL;DR

RobustFSM tackles robustness in Federated Submodular Maximization where malicious clients can mislead the aggregation. It introduces a Byzantine-robust aggregation via two coreset-based global candidates: one built from maximally similar local gradients and another from maximally diverse gradients, with clients selecting the candidate best aligned to their local objective before proceeding with local updates. Empirical results on CIFAR10 and PATHMNIST show RobustFSM substantially outperforms the standard FedCG under targeted attacks (up to 200% improvement in some scenarios) while remaining competitive in no-attack settings. This work pioneers robustness in FSM, providing a practical defense and a benchmark for future studies in federated submodular optimization., with a continuous-greedy based approach and a novel two-coreset aggregation to resist Byzantine clients.

Abstract

Submodular maximization is an optimization problem benefiting many machine learning applications, where we seek a small subset best representing an extremely large dataset. We focus on the federated setting where the data are locally owned by decentralized clients who have their own definitions for the quality of representability. This setting requires repetitive aggregation of local information computed by the clients. While the main motivation is to respect the privacy and autonomy of the clients, the federated setting is vulnerable to client misbehaviors: malicious clients might share fake information. An analogy is backdoor attack in conventional federated learning, but our challenge differs freshly due to the unique characteristics of submodular maximization. We propose RobustFSM, a federated submodular maximization solution that is robust to various practical client attacks. Its performance is substantiated with an empirical evaluation study using real-world datasets. Numerical results show that the solution quality of RobustFSM substantially exceeds that of the conventional federated algorithm when attacks are severe. The degree of this improvement depends on the dataset and attack scenarios, which can be as high as 200%

Paper Structure

This paper contains 17 sections, 26 equations, 8 figures.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Submodular Maximization (SM)
  5. Federated Submodular Maximization (FSM)
  6. Robust FSM
  7. Threat Model
  8. Robust Aggregation
  9. Good-Set Representation
  10. Aggregation Algorithm
  11. Client Local Update
  12. Numerical Results
  13. Experimental Setup
  14. Effect of client attacks on FSM
  15. Improvement of $\mathsf{RobustFSM}$ over $\mathsf{FedCG}$
  16. ...and 2 more sections

Figures (8)

  • Figure 3: Visual comparison of top representative images. In each subfigure (a) or (b): (top row) $\mathsf{FedCG}$ under no attack, (middle row) $\mathsf{RobustFSM}$ under 33% $\mathsf{Include}$ attack, and (bottom row) $\mathsf{FedCG}$ under 33% $\mathsf{Include}$ attack. Yellow-marked images are those that match precisely with the no-attack solution.
  • Figure 4: Max-similarity-only or max-diversity-only heuristic and geometric median are bad under certain attacks.
  • Figure : (a) CIFAR10
  • Figure : (a) CIFAR10
  • Figure : (a) CIFAR10
  • ...and 3 more figures