Provably Secure Federated Learning against Malicious Clients
- URL: http://arxiv.org/abs/2102.01854v2
- Date: Thu, 4 Feb 2021 03:43:50 GMT
- Title: Provably Secure Federated Learning against Malicious Clients
- Authors: Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong
- Abstract summary: Malicious clients can corrupt the global model to predict incorrect labels for testing examples.
We show that our ensemble federated learning with any base federated learning algorithm is provably secure against malicious clients.
Our method can achieve a certified accuracy of 88% on MNIST when 20 out of 1,000 clients are malicious.
- Score: 31.85264586217373
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Federated learning enables clients to collaboratively learn a shared global
model without sharing their local training data with a cloud server. However,
malicious clients can corrupt the global model to predict incorrect labels for
testing examples. Existing defenses against malicious clients leverage
Byzantine-robust federated learning methods. However, these methods cannot
provably guarantee that the predicted label for a testing example is not
affected by malicious clients. We bridge this gap via ensemble federated
learning. In particular, given any base federated learning algorithm, we use
the algorithm to learn multiple global models, each of which is learnt using a
randomly selected subset of clients. When predicting the label of a testing
example, we take majority vote among the global models. We show that our
ensemble federated learning with any base federated learning algorithm is
provably secure against malicious clients. Specifically, the label predicted by
our ensemble global model for a testing example is provably not affected by a
bounded number of malicious clients. Moreover, we show that our derived bound
is tight. We evaluate our method on MNIST and Human Activity Recognition
datasets. For instance, our method can achieve a certified accuracy of 88% on
MNIST when 20 out of 1,000 clients are malicious.
Related papers
- Federated Learning with Only Positive Labels by Exploring Label Correlations [78.59613150221597]
Federated learning aims to collaboratively learn a model by using the data from multiple users under privacy constraints.
In this paper, we study the multi-label classification problem under the federated learning setting.
We propose a novel and generic method termed Federated Averaging by exploring Label Correlations (FedALC)
arXiv Detail & Related papers (2024-04-24T02:22:50Z) - FedBayes: A Zero-Trust Federated Learning Aggregation to Defend Against
Adversarial Attacks [1.689369173057502]
Federated learning has created a decentralized method to train a machine learning model without needing direct access to client data.
malicious clients are able to corrupt the global model and degrade performance across all clients within a federation.
Our novel aggregation method, FedBayes, mitigates the effect of a malicious client by calculating the probabilities of a client's model weights.
arXiv Detail & Related papers (2023-12-04T21:37:50Z) - FedSampling: A Better Sampling Strategy for Federated Learning [81.85411484302952]
Federated learning (FL) is an important technique for learning models from decentralized data in a privacy-preserving way.
Existing FL methods usually uniformly sample clients for local model learning in each round.
We propose a novel data uniform sampling strategy for federated learning (FedSampling)
arXiv Detail & Related papers (2023-06-25T13:38:51Z) - Client-specific Property Inference against Secure Aggregation in
Federated Learning [52.8564467292226]
Federated learning has become a widely used paradigm for collaboratively training a common model among different participants.
Many attacks have shown that it is still possible to infer sensitive information such as membership, property, or outright reconstruction of participant data.
We show that simple linear models can effectively capture client-specific properties only from the aggregated model updates.
arXiv Detail & Related papers (2023-03-07T14:11:01Z) - Anomaly Detection via Federated Learning [3.0755847416657613]
We propose a novel anomaly detector via federated learning to detect malicious network activity on a client's server.
By using our novel min-max scalar and sampling technique, called FedSam, we determined federated learning allows the global model to learn from each client's data.
arXiv Detail & Related papers (2022-10-12T22:40:29Z) - FLCert: Provably Secure Federated Learning against Poisoning Attacks [67.8846134295194]
We propose FLCert, an ensemble federated learning framework that is provably secure against poisoning attacks.
Our experiments show that the label predicted by our FLCert for a test input is provably unaffected by a bounded number of malicious clients.
arXiv Detail & Related papers (2022-10-02T17:50:04Z) - RSCFed: Random Sampling Consensus Federated Semi-supervised Learning [40.998176838813045]
Federated semi-supervised learning (FSSL) aims to derive a global model by training fully-labeled and fully-unlabeled clients or training partially labeled clients.
We present a Random Sampling Consensus Federated learning, namely RSCFed, by considering the uneven reliability among models from fully-labeled clients, fully-unlabeled clients or partially labeled clients.
arXiv Detail & Related papers (2022-03-26T05:10:44Z) - ABC-FL: Anomalous and Benign client Classification in Federated Learning [0.0]
Federated Learning is a distributed machine learning framework designed for data privacy preservation.
It inherits the vulnerabilities and susceptibilities raised in deep learning techniques.
It is difficult to correctly identify malicious clients due to the non-Independently and/or Identically Distributed (non-IID) data.
We propose a method that detects and classifies anomalous clients from benign clients when benign ones have non-IID data.
arXiv Detail & Related papers (2021-08-10T09:54:25Z) - Intrinsic Certified Robustness of Bagging against Data Poisoning Attacks [75.46678178805382]
In a emphdata poisoning attack, an attacker modifies, deletes, and/or inserts some training examples to corrupt the learnt machine learning model.
We prove the intrinsic certified robustness of bagging against data poisoning attacks.
Our method achieves a certified accuracy of $91.1%$ on MNIST when arbitrarily modifying, deleting, and/or inserting 100 training examples.
arXiv Detail & Related papers (2020-08-11T03:12:42Z) - Federated Semi-Supervised Learning with Inter-Client Consistency &
Disjoint Learning [78.88007892742438]
We study two essential scenarios of Federated Semi-Supervised Learning (FSSL) based on the location of the labeled data.
We propose a novel method to tackle the problems, which we refer to as Federated Matching (FedMatch)
arXiv Detail & Related papers (2020-06-22T09:43:41Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.