Federated Robustness Propagation: Sharing Adversarial Robustness in Federated Learning

• URL: http://arxiv.org/abs/2106.10196v1
• Date: Fri, 18 Jun 2021 15:52:33 GMT
• Title: Federated Robustness Propagation: Sharing Adversarial Robustness in Federated Learning
• Authors: Junyuan Hong, Haotao Wang, Zhangyang Wang, Jiayu Zhou
• Abstract summary: Federated learning (FL) emerges as a popular distributed learning schema that learns from a set of participating users without requiring raw data to be shared. adversarial training (AT) provides a sound solution for centralized learning, extending its usage for FL users has imposed significant challenges. We show that existing FL techniques cannot effectively propagate adversarial robustness among non-iid users. We propose a simple yet effective propagation approach that transfers robustness through carefully designed batch-normalization statistics.
• Score: 98.05061014090913
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Federated learning (FL) emerges as a popular distributed learning schema that learns a model from a set of participating users without requiring raw data to be shared. One major challenge of FL comes from heterogeneity in users, which may have distributionally different (or non-iid) data and varying computation resources. Just like in centralized learning, FL users also desire model robustness against malicious attackers at test time. Whereas adversarial training (AT) provides a sound solution for centralized learning, extending its usage for FL users has imposed significant challenges, as many users may have very limited training data as well as tight computational budgets, to afford the data-hungry and costly AT. In this paper, we study a novel learning setting that propagates adversarial robustness from high-resource users that can afford AT, to those low-resource users that cannot afford it, during the FL process. We show that existing FL techniques cannot effectively propagate adversarial robustness among non-iid users, and propose a simple yet effective propagation approach that transfers robustness through carefully designed batch-normalization statistics. We demonstrate the rationality and effectiveness of our method through extensive experiments. Especially, the proposed method is shown to grant FL remarkable robustness even when only a small portion of users afford AT during learning. Codes will be published upon acceptance.

Related papers

• StatAvg: Mitigating Data Heterogeneity in Federated Learning for Intrusion Detection Systems [22.259297167311964]
  Federated learning (FL) is a decentralized learning technique that enables devices to collaboratively build a shared Machine Leaning (ML) or Deep Learning (DL) model without revealing their raw data to a third party. Due to its privacy-preserving nature, FL has sparked widespread attention for building Intrusion Detection Systems (IDS) within the realm of cybersecurity. We propose an effective method called Statistical Averaging (StatAvg) to alleviate non-independently and identically (non-iid) distributed features across local clients' data in FL.
  arXiv  Detail & Related papers  (2024-05-20T14:41:59Z)
• Towards Robust Federated Learning via Logits Calibration on Non-IID Data [49.286558007937856]
  Federated learning (FL) is a privacy-preserving distributed management framework based on collaborative model training of distributed devices in edge networks. Recent studies have shown that FL is vulnerable to adversarial examples, leading to a significant drop in its performance. In this work, we adopt the adversarial training (AT) framework to improve the robustness of FL models against adversarial example (AE) attacks.
  arXiv  Detail & Related papers  (2024-03-05T09:18:29Z)
• Towards Reliable Participation in UAV-Enabled Federated Edge Learning on Non-IID Data [22.775113283662883]
  Federated Learning (FL) is a decentralized machine learning (ML) technique that allows a number of participants to train an ML model collaboratively. FL can be targeted by poisoning attacks, in which malicious UAVs upload poisonous local models to the FL server. We propose in this paper a novel client selection scheme that enhances convergence by prioritizing fast UAVs with high-reliability scores.
  arXiv  Detail & Related papers  (2023-12-16T10:35:06Z)
• Federated Learning Under Restricted User Availability [3.0846824529023387]
  Non-uniform availability or participation of users is unavoidable due to an adverse or environment. We propose a new formulation of the FL problem which effectively captures and mitigates limited participation of data originating from infrequent, or restricted users. Our experiments on synthetic and benchmark datasets show that the proposed approach significantly improved performance as compared with standard FL.
  arXiv  Detail & Related papers  (2023-09-25T14:40:27Z)
• Efficient Split-Mix Federated Learning for On-Demand and In-Situ Customization [107.72786199113183]
  Federated learning (FL) provides a distributed learning framework for multiple participants to collaborate learning without sharing raw data. In this paper, we propose a novel Split-Mix FL strategy for heterogeneous participants that, once training is done, provides in-situ customization of model sizes and robustness.
  arXiv  Detail & Related papers  (2022-03-18T04:58:34Z)
• Do Gradient Inversion Attacks Make Federated Learning Unsafe? [70.0231254112197]
  Federated learning (FL) allows the collaborative training of AI models without needing to share raw data. Recent works on the inversion of deep neural networks from model gradients raised concerns about the security of FL in preventing the leakage of training data. In this work, we show that these attacks presented in the literature are impractical in real FL use-cases and provide a new baseline attack.
  arXiv  Detail & Related papers  (2022-02-14T18:33:12Z)
• Towards Understanding Quality Challenges of the Federated Learning: A First Look from the Lens of Robustness [4.822471415125479]
  Federated learning (FL) aims to preserve users' data privacy while leveraging the entire dataset of all participants for training. FL still tends to suffer from quality issues such as attacks or byzantine faults. This paper investigates the effectiveness of state-of-the-art (SOTA) robust FL techniques in the presence of attacks and faults.
  arXiv  Detail & Related papers  (2022-01-05T02:06:39Z)
• Local Learning Matters: Rethinking Data Heterogeneity in Federated Learning [61.488646649045215]
  Federated learning (FL) is a promising strategy for performing privacy-preserving, distributed learning with a network of clients (i.e., edge devices)
  arXiv  Detail & Related papers  (2021-11-28T19:03:39Z)
• FedPrune: Towards Inclusive Federated Learning [1.308951527147782]
  Federated learning (FL) is a distributed learning technique that trains a shared model over distributed data in a privacy-preserving manner. We propose FedPrune; a system that tackles this challenge by pruning the global model for slow clients based on their device characteristics. By using insights from Central Limit Theorem, FedPrune incorporates a new aggregation technique that achieves robust performance over non-IID data.
  arXiv  Detail & Related papers  (2021-10-27T06:33:38Z)
• WAFFLe: Weight Anonymized Factorization for Federated Learning [88.44939168851721]
  In domains where data are sensitive or private, there is great value in methods that can learn in a distributed manner without the data ever leaving the local devices. We propose Weight Anonymized Factorization for Federated Learning (WAFFLe), an approach that combines the Indian Buffet Process with a shared dictionary of weight factors for neural networks.
  arXiv  Detail & Related papers  (2020-08-13T04:26:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.