SignSGD with Federated Defense: Harnessing Adversarial Attacks through Gradient Sign Decoding

• URL: http://arxiv.org/abs/2402.01340v1
• Date: Fri, 2 Feb 2024 11:53:27 GMT
• Title: SignSGD with Federated Defense: Harnessing Adversarial Attacks through Gradient Sign Decoding
• Authors: Chanho Park, Namyoon Lee
• Abstract summary: SignSGD with majority voting (signSGD-MV) is a simple yet effective approach to accelerate model training using multiple workers. We show that the convergence rate is invariant as the number of adversarial workers increases, provided that the number of adversarial workers is smaller than that of benign workers. Unlike the traditional approaches, signSGD-FD exploits the gradient information sent by adversarial workers with the proper weights.
• Score: 26.433639269480345
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Distributed learning is an effective approach to accelerate model training using multiple workers. However, substantial communication delays emerge between workers and a parameter server due to massive costs associated with communicating gradients. SignSGD with majority voting (signSGD-MV) is a simple yet effective optimizer that reduces communication costs through one-bit quantization, yet the convergence rates considerably decrease as adversarial workers increase. In this paper, we show that the convergence rate is invariant as the number of adversarial workers increases, provided that the number of adversarial workers is smaller than that of benign workers. The key idea showing this counter-intuitive result is our novel signSGD with federated defense (signSGD-FD). Unlike the traditional approaches, signSGD-FD exploits the gradient information sent by adversarial workers with the proper weights, which are obtained through gradient sign decoding. Experimental results demonstrate signSGD-FD achieves superior convergence rates over traditional algorithms in various adversarial attack scenarios.

Related papers

• SignSGD with Federated Voting [69.06621279967865]
  SignSGD with majority voting (signSGD-MV) is an effective distributed learning algorithm that can significantly reduce communication costs by one-bit quantization. We propose a novel signSGD with textitfederated voting (signSGD-FV) The idea of federated voting is to exploit learnable weights to perform weighted majority voting. We demonstrate that the proposed signSGD-FV algorithm has a theoretical convergence guarantee even when edge devices use heterogeneous mini-batch sizes.
  arXiv  Detail & Related papers  (2024-03-25T02:32:43Z)
• Magnitude Matters: Fixing SIGNSGD Through Magnitude-Aware Sparsification in the Presence of Data Heterogeneity [60.791736094073]
  Communication overhead has become one of the major bottlenecks in the distributed training of deep neural networks. We propose a magnitude-driven sparsification scheme, which addresses the non-convergence issue of SIGNSGD. The proposed scheme is validated through experiments on Fashion-MNIST, CIFAR-10, and CIFAR-100 datasets.
  arXiv  Detail & Related papers  (2023-02-19T17:42:35Z)
• Sparse-SignSGD with Majority Vote for Communication-Efficient Distributed Learning [20.22227794319504]
  $sf S3$GD-MV is a communication-efficient distributed optimization algorithm. We show that it converges at the same rate as signSGD while significantly reducing communication costs. These findings highlight the potential of $sf S3$GD-MV as a promising solution for communication-efficient distributed optimization in deep learning.
  arXiv  Detail & Related papers  (2023-02-15T05:36:41Z)
• Staircase Sign Method for Boosting Adversarial Attacks [123.19227129979943]
  Crafting adversarial examples for the transfer-based attack is challenging and remains a research hot spot. We propose a novel Staircase Sign Method (S$2$M) to alleviate this issue, thus boosting transfer-based attacks. Our method can be generally integrated into any transfer-based attacks, and the computational overhead is negligible.
  arXiv  Detail & Related papers  (2021-04-20T02:31:55Z)
• Training GANs with Stronger Augmentations via Contrastive Discriminator [80.8216679195]
  We introduce a contrastive representation learning scheme into the GAN discriminator, coined ContraD. This "fusion" enables the discriminators to work with much stronger augmentations without increasing their training instability. Our experimental results show that GANs with ContraD consistently improve FID and IS compared to other recent techniques incorporating data augmentations.
  arXiv  Detail & Related papers  (2021-03-17T16:04:54Z)
• Distributed Sparse SGD with Majority Voting [5.32836690371986]
  We introduce a majority voting based sparse communication strategy for distributed learning. We show that it is possible to achieve up to x4000 compression without any loss in the test accuracy.
  arXiv  Detail & Related papers  (2020-11-12T17:06:36Z)
• Accelerated Convergence for Counterfactual Learning to Rank [65.63997193915257]
  We show that convergence rate of SGD approaches with IPS-weighted gradients suffers from the large variance introduced by the IPS weights. We propose a novel learning algorithm, called CounterSample, that has provably better convergence than standard IPS-weighted gradient descent methods. We prove that CounterSample converges faster and complement our theoretical findings with empirical results.
  arXiv  Detail & Related papers  (2020-05-21T12:53:36Z)
• Detached Error Feedback for Distributed SGD with Random Sparsification [98.98236187442258]
  Communication bottleneck has been a critical problem in large-scale deep learning. We propose a new distributed error feedback (DEF) algorithm, which shows better convergence than error feedback for non-efficient distributed problems. We also propose DEFA to accelerate the generalization of DEF, which shows better bounds than DEF.
  arXiv  Detail & Related papers  (2020-04-11T03:50:59Z)
• Towards Rapid and Robust Adversarial Training with One-Step Attacks [0.0]
  Adversarial training is the most successful method for increasing the robustness of neural networks against adversarial attacks. We present two ideas that enable adversarial training with the computationally less expensive Fast Gradient Sign Method. We show that noise injection in conjunction with FGSM-based adversarial training achieves comparable results to adversarial training with PGD while being considerably faster.
  arXiv  Detail & Related papers  (2020-02-24T07:28:43Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.