Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Adversarial Node Placement in Decentralized Federated Learning: Maximum Spanning-Centrality Strategy and Performance Analysis

Adam Piaseczny, Eric Ruzomberka, Rohit Parasnis, Christopher G. Brinton

TL;DR

This work investigates adversarial node placement in decentralized Federated Learning, revealing how network topology and data distribution shape attack potency. It introduces four placement strategies—Random, eigenvector centrality, MaxSpAN-FL, and Hopping-Augmented MaxSpAN-FL—and demonstrates that the hybrid MaxSpAN-FL variants consistently induce the strongest degradation across diverse graph types and data regimes. A theoretical analysis shows eigenvector centrality alone is not optimal for maximizing attack impact, and a $O(n^3)$ complexity bound is established for MaxSpAN-FL. The findings highlight critical security vulnerabilities in decentralized FL and motivate developing topology-aware defenses and more robust consensus mechanisms.

Abstract

As Federated Learning (FL) becomes more widespread, there is growing interest in its decentralized variants. Decentralized FL leverages the benefits of fast and energy-efficient device-to-device communications to obviate the need for a central server. However, this opens the door to new security vulnerabilities as well. While FL security has been a popular research topic, the role of adversarial node placement in decentralized FL remains largely unexplored. This paper addresses this gap by evaluating the impact of various coordinated adversarial node placement strategies on decentralized FL's model training performance. We adapt two threads of placement strategies to this context: maximum span-based algorithms, and network centrality-based approaches. Building on them, we propose a novel attack strategy, MaxSpAN-FL, which is a hybrid between these paradigms that adjusts node placement probabilistically based on network topology characteristics. Numerical experiments demonstrate that our attack consistently induces the largest degradation in decentralized FL models compared with baseline schemes across various network configurations and numbers of coordinating adversaries. We also provide theoretical support for why eigenvector centrality-based attacks are suboptimal in decentralized FL. Overall, our findings provide valuable insights into the vulnerabilities of decentralized FL systems, setting the stage for future research aimed at developing more secure and robust decentralized FL frameworks.

Adversarial Node Placement in Decentralized Federated Learning: Maximum Spanning-Centrality Strategy and Performance Analysis

TL;DR

This work investigates adversarial node placement in decentralized Federated Learning, revealing how network topology and data distribution shape attack potency. It introduces four placement strategies—Random, eigenvector centrality, MaxSpAN-FL, and Hopping-Augmented MaxSpAN-FL—and demonstrates that the hybrid MaxSpAN-FL variants consistently induce the strongest degradation across diverse graph types and data regimes. A theoretical analysis shows eigenvector centrality alone is not optimal for maximizing attack impact, and a complexity bound is established for MaxSpAN-FL. The findings highlight critical security vulnerabilities in decentralized FL and motivate developing topology-aware defenses and more robust consensus mechanisms.

Abstract

As Federated Learning (FL) becomes more widespread, there is growing interest in its decentralized variants. Decentralized FL leverages the benefits of fast and energy-efficient device-to-device communications to obviate the need for a central server. However, this opens the door to new security vulnerabilities as well. While FL security has been a popular research topic, the role of adversarial node placement in decentralized FL remains largely unexplored. This paper addresses this gap by evaluating the impact of various coordinated adversarial node placement strategies on decentralized FL's model training performance. We adapt two threads of placement strategies to this context: maximum span-based algorithms, and network centrality-based approaches. Building on them, we propose a novel attack strategy, MaxSpAN-FL, which is a hybrid between these paradigms that adjusts node placement probabilistically based on network topology characteristics. Numerical experiments demonstrate that our attack consistently induces the largest degradation in decentralized FL models compared with baseline schemes across various network configurations and numbers of coordinating adversaries. We also provide theoretical support for why eigenvector centrality-based attacks are suboptimal in decentralized FL. Overall, our findings provide valuable insights into the vulnerabilities of decentralized FL systems, setting the stage for future research aimed at developing more secure and robust decentralized FL frameworks.

Paper Structure

This paper contains 27 sections, 1 theorem, 17 equations, 10 figures, 1 table, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Summary of Contributions
  4. System and Attack Model
  5. Adversarial Placement Methodology
  6. Random Placement Algorithm
  7. Centrality-based Attack Algorithm
  8. MaxSpAN-FL Attack Algorithm
  9. Hopping-Augmented MaxSpAN-FL
  10. Results and Discussion
  11. Experimental Setup
  12. Experimental Results
  13. Effects of Graph Distribution
  14. Effects of Connectivity
  15. Effects of Network Size and Number of Adversaries
  16. ...and 12 more sections

Key Result

Lemma 1

Given a decentralized Federated Learning (FL) network represented by a strongly connected, time-invariant, directed graph $G = (V, E)$, partitioned into a set of adversarial nodes $A$ and honest nodes $H:=V\setminus A$, and under the Assumptions 1 and 2 regarding the undirected graph structure and n where $\delta_{adv,min}$ is the lower bound on the adversarial gradients, $v_j$ is the eigenvector

Figures (10)

  • Figure 1: Decentralized federated learning with adversarial nodes.
  • Figure 2: Trade-off between distancde-based and centrality-based node selection depending on the hop probability. As the hop probability increases, the adversaries will tend to occupy more central nodes.
  • Figure 3: Average testing accuracy of honest nodes in 25-node networks, comparing Directed Geometric graphs with connection radius $r = 0.2$, Erdős–Rényi graphs with edge probability $p = 0.3$, and Prefrential Attachment graphs with initial graph size of 1 node, for both IID and Non-IID data distributions. The effects of various attack placement strategies on the network's performance are illustrated. Adversarial percentage is $20\%$. Lower accuracy is better.
  • Figure 4: Average Attack Accuracy Loss (AAL) for Directed Geometric, ER, and Preferential Attachment graphs with 25 nodes and $20\%$ adversaries for various connectivity parameters. Higher AAL corresponds to a more effective attack.
  • Figure 5: Average Attack Accuracy Loss (AAL) for Directed Geometric graphs with $r = 0.2$ and Preferential Attachment graphs with starting node number $= 1$ and IID data distribution, for different network sizes and number of adversaries. Higher AAL corresponds to a more effective attack.
  • ...and 5 more figures

Theorems & Definitions (2)

  • Lemma 1: Impact of Adversarial Nodes on Convergence given Node Centralities
  • proof