Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

RIFLE: Robust Distillation-based FL for Deep Model Deployment on Resource-Constrained IoT Networks

Pouria Arefijamal, Mahdi Ahmadlou, Bardia Safaei, Jörg Henkel

TL;DR

RIFLE tackles robust federated learning in resource-constrained IoT by replacing gradient sharing with logit-level distillation and introducing a KL-divergence-based, label-free client-trust mechanism. It defines a dynamic trust metric via $\Delta KL_i$ and a new reliability measure, the PFPV, to mitigate poisoning while reducing false positives. The framework enables training of deep models like VGG-19 on tiny devices, achieving up to 28.3% accuracy gains and substantial reductions in training time and communication compared to baselines. This approach enhances privacy, robustness, and practicality of deploying deep learning in heterogeneous IoT ecosystems.

Abstract

Federated learning (FL) is a decentralized learning paradigm widely adopted in resource-constrained Internet of Things (IoT) environments. These devices, typically relying on TinyML models, collaboratively train global models by sharing gradients with a central server while preserving data privacy. However, as data heterogeneity and task complexity increase, TinyML models often become insufficient to capture intricate patterns, especially under extreme non-IID (non-independent and identically distributed) conditions. Moreover, ensuring robustness against malicious clients and poisoned updates remains a major challenge. Accordingly, this paper introduces RIFLE - a Robust, distillation-based Federated Learning framework that replaces gradient sharing with logit-based knowledge transfer. By leveraging a knowledge distillation aggregation scheme, RIFLE enables the training of deep models such as VGG-19 and Resnet18 within constrained IoT systems. Furthermore, a Kullback-Leibler (KL) divergence-based validation mechanism quantifies the reliability of client updates without exposing raw data, achieving high trust and privacy preservation simultaneously. Experiments on three benchmark datasets (MNIST, CIFAR-10, and CIFAR-100) under heterogeneous non-IID conditions demonstrate that RIFLE reduces false-positive detections by up to 87.5%, enhances poisoning attack mitigation by 62.5%, and achieves up to 28.3% higher accuracy compared to conventional federated learning baselines within only 10 rounds. Notably, RIFLE reduces VGG19 training time from over 600 days to just 1.39 hours on typical IoT devices (0.3 GFLOPS), making deep learning practical in resource-constrained networks.

RIFLE: Robust Distillation-based FL for Deep Model Deployment on Resource-Constrained IoT Networks

TL;DR

RIFLE tackles robust federated learning in resource-constrained IoT by replacing gradient sharing with logit-level distillation and introducing a KL-divergence-based, label-free client-trust mechanism. It defines a dynamic trust metric via and a new reliability measure, the PFPV, to mitigate poisoning while reducing false positives. The framework enables training of deep models like VGG-19 on tiny devices, achieving up to 28.3% accuracy gains and substantial reductions in training time and communication compared to baselines. This approach enhances privacy, robustness, and practicality of deploying deep learning in heterogeneous IoT ecosystems.

Abstract

Federated learning (FL) is a decentralized learning paradigm widely adopted in resource-constrained Internet of Things (IoT) environments. These devices, typically relying on TinyML models, collaboratively train global models by sharing gradients with a central server while preserving data privacy. However, as data heterogeneity and task complexity increase, TinyML models often become insufficient to capture intricate patterns, especially under extreme non-IID (non-independent and identically distributed) conditions. Moreover, ensuring robustness against malicious clients and poisoned updates remains a major challenge. Accordingly, this paper introduces RIFLE - a Robust, distillation-based Federated Learning framework that replaces gradient sharing with logit-based knowledge transfer. By leveraging a knowledge distillation aggregation scheme, RIFLE enables the training of deep models such as VGG-19 and Resnet18 within constrained IoT systems. Furthermore, a Kullback-Leibler (KL) divergence-based validation mechanism quantifies the reliability of client updates without exposing raw data, achieving high trust and privacy preservation simultaneously. Experiments on three benchmark datasets (MNIST, CIFAR-10, and CIFAR-100) under heterogeneous non-IID conditions demonstrate that RIFLE reduces false-positive detections by up to 87.5%, enhances poisoning attack mitigation by 62.5%, and achieves up to 28.3% higher accuracy compared to conventional federated learning baselines within only 10 rounds. Notably, RIFLE reduces VGG19 training time from over 600 days to just 1.39 hours on typical IoT devices (0.3 GFLOPS), making deep learning practical in resource-constrained networks.
Paper Structure (13 sections, 12 equations, 4 figures, 1 table, 1 algorithm)

This paper contains 13 sections, 12 equations, 4 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Preliminaries and system overview
  3. Preliminary Studies
  4. System Model and Threat Model
  5. Detailed Description of the RIFLE Framework
  6. Local Training and Logit Sharing
  7. Server-Side Aggregation and Heavy Model Training
  8. Attack Models and Defense Analysis
  9. Definition of Probability of False Positive Validation
  10. Experimental Setup and Evaluations
  11. Experimental Setup
  12. Results and Discussion
  13. Conclusion and Future Studies

Figures (4)

  • Figure 1: System model of aggregation and distillation process. Showing client knowledge aggregation, KL-based filtering, and federated distillation updating the global large model.
  • Figure 2: Computational-accuracy trade-off across model architectures. Heavy models achieve superior accuracy but require impractical computation for IoT devices, motivating our distillation approach.
  • Figure 3: PFPV comparison across datasets. RIFLE achieves significantly lower false rejection rates compared to baselines.
  • Figure 4: Accuracy of methods under extreme non-IID conditions with increasing dataset complexity.