Certified Robustness in Federated Learning
- URL: http://arxiv.org/abs/2206.02535v1
- Date: Mon, 6 Jun 2022 12:10:53 GMT
- Title: Certified Robustness in Federated Learning
- Authors: Motasem Alfarra, Juan C. P\'erez, Egor Shulgin, Peter Richt\'arik,
Bernard Ghanem
- Abstract summary: We study the interplay between federated training, personalization, and certified robustness.
We find that the simple federated averaging technique is effective in building not only more accurate, but also more certifiably-robust models.
- Score: 54.03574895808258
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Federated learning has recently gained significant attention and popularity
due to its effectiveness in training machine learning models on distributed
data privately. However, as in the single-node supervised learning setup,
models trained in federated learning suffer from vulnerability to imperceptible
input transformations known as adversarial attacks, questioning their
deployment in security-related applications. In this work, we study the
interplay between federated training, personalization, and certified
robustness. In particular, we deploy randomized smoothing, a widely-used and
scalable certification method, to certify deep networks trained on a federated
setup against input perturbations and transformations. We find that the simple
federated averaging technique is effective in building not only more accurate,
but also more certifiably-robust models, compared to training solely on local
data. We further analyze personalization, a popular technique in federated
training that increases the model's bias towards local data, on robustness. We
show several advantages of personalization over both~(that is, only training on
local data and federated training) in building more robust models with faster
training. Finally, we explore the robustness of mixtures of global and
local~(\ie personalized) models, and find that the robustness of local models
degrades as they diverge from the global model
Related papers
- Proximity-based Self-Federated Learning [1.0066310107046081]
This paper introduces a novel, fully-distributed federated learning strategy called proximity-based self-federated learning.
Unlike traditional algorithms, our approach encourages clients to share and adjust their models with neighbouring nodes based on geographic proximity and model accuracy.
arXiv Detail & Related papers (2024-07-17T08:44:45Z) - Towards Robust Federated Learning via Logits Calibration on Non-IID Data [49.286558007937856]
Federated learning (FL) is a privacy-preserving distributed management framework based on collaborative model training of distributed devices in edge networks.
Recent studies have shown that FL is vulnerable to adversarial examples, leading to a significant drop in its performance.
In this work, we adopt the adversarial training (AT) framework to improve the robustness of FL models against adversarial example (AE) attacks.
arXiv Detail & Related papers (2024-03-05T09:18:29Z) - Federated Learning with Projected Trajectory Regularization [65.6266768678291]
Federated learning enables joint training of machine learning models from distributed clients without sharing their local data.
One key challenge in federated learning is to handle non-identically distributed data across the clients.
We propose a novel federated learning framework with projected trajectory regularization (FedPTR) for tackling the data issue.
arXiv Detail & Related papers (2023-12-22T02:12:08Z) - Acceleration of Federated Learning with Alleviated Forgetting in Local
Training [61.231021417674235]
Federated learning (FL) enables distributed optimization of machine learning models while protecting privacy.
We propose FedReg, an algorithm to accelerate FL with alleviated knowledge forgetting in the local training stage.
Our experiments demonstrate that FedReg not only significantly improves the convergence rate of FL, especially when the neural network architecture is deep.
arXiv Detail & Related papers (2022-03-05T02:31:32Z) - Comparative assessment of federated and centralized machine learning [0.0]
Federated Learning (FL) is a privacy preserving machine learning scheme, where training happens with data federated across devices.
In this paper, we discuss the various factors that affect the federated learning training, because of the non-IID distributed nature of the data.
We show that federated learning does have an advantage in cost when the model sizes to be trained are not reasonably large.
arXiv Detail & Related papers (2022-02-03T11:20:47Z) - WAFFLe: Weight Anonymized Factorization for Federated Learning [88.44939168851721]
In domains where data are sensitive or private, there is great value in methods that can learn in a distributed manner without the data ever leaving the local devices.
We propose Weight Anonymized Factorization for Federated Learning (WAFFLe), an approach that combines the Indian Buffet Process with a shared dictionary of weight factors for neural networks.
arXiv Detail & Related papers (2020-08-13T04:26:31Z) - Continual Local Training for Better Initialization of Federated Models [14.289213162030816]
Federated learning (FL) refers to the learning paradigm that trains machine learning models directly in decentralized systems.
The popular FL algorithm emphFederated Averaging (FedAvg) suffers from weight divergence.
We propose the local continual training strategy to address this problem.
arXiv Detail & Related papers (2020-05-26T12:27:31Z) - Federated Residual Learning [53.77128418049985]
We study a new form of federated learning where the clients train personalized local models and make predictions jointly with the server-side shared model.
Using this new federated learning framework, the complexity of the central shared model can be minimized while still gaining all the performance benefits that joint training provides.
arXiv Detail & Related papers (2020-03-28T19:55:24Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.