Resilient Federated Chain: Transforming Blockchain Consensus into an Active Defense Layer for Federated Learning

TL;DR

Resilient Federated Chain (RFC) is introduced, a novel blockchain-enabled FL framework designed specifically to enhance resilience against adversarial attacks, and introduces a flexible evaluation function in its consensus mechanism, allowing for adaptive defense against different attack strategies.

Abstract

Federated Learning (FL) has emerged as a key paradigm for building Trustworthy AI systems by enabling privacy-preserving, decentralized model training. However, FL is highly susceptible to adversarial attacks that compromise model integrity and data confidentiality, a vulnerability exacerbated by the fact that conventional data inspection methods are incompatible with its decentralized design. While integrating FL with Blockchain technology has been proposed to address some limitations, its potential for mitigating adversarial attacks remains largely unexplored. This paper introduces Resilient Federated Chain (RFC), a novel blockchain-enabled FL framework designed specifically to enhance resilience against such threats. RFC builds upon the existing Proof of Federated Learning architecture by repurposing the redundancy of its Pooled Mining mechanism as an active defense layer that can be combined with robust aggregation rules. Furthermore, the framework introduces a flexible evaluation function in its consensus mechanism, allowing for adaptive defense against different attack strategies. Extensive experimental evaluation on image classification tasks under various adversarial scenarios, demonstrates that RFC significantly improves robustness compared to baseline methods, providing a viable solution for securing decentralized learning environments.

Figures (6)

• Figure 1: Descriptive diagram showing the architecture of a FL system. Source: luzon2024tutorial.
• Figure 2: Schematic of the pooled mining architecture. By clustering clients into independent pools, this framework enhances system scalability and reduces blockchain communication overhead. Furthermore, the accuracy-based selection mechanism incentivizes the contribution of high quality model updates, ensuring the robustness of the global model against low-quality or malicious local contributions.
• Figure 3: Diagram showing the architecture of the proposed RFC framework. Components diverging from the PoFL structure are marked in red. More precisely, the aggregation algorithm employed and the metric used to select the best model in the consensus are treated as hyperparameters, allowing for a more flexible and robust architecture.
• Figure 4: Performance of the proposal under the no attack scenario. We see how RFC variants are superior to their baselines both in Figures \ref{['fig:no_attack_celeba_acc']} and \ref{['fig:no_attack_fashion_loss']}. Non robust aggregation operators obtain the better accuracy, which is an expected result.
• Figure 5: Performance of the proposal under the one pool attack scenario. Figure \ref{['fig:one_backdoor_fashion_loss']} and \ref{['fig:one_labelflip_fashion_loss_pofl']} shows how the PoFL framework effectively mitigates both backdoor and labelflip attacks while FedAvg fails to do so. Figure \ref{['fig:one_labelflip_fashion_loss']} illustrates the overfitting issue observed with Krum and GeoMed in the labelflip attack, which is mitigated by their RFC variants.