Bayesian Robust Aggregation for Federated Learning

• URL: http://arxiv.org/abs/2505.02490v1
• Date: Mon, 05 May 2025 09:16:43 GMT
• Title: Bayesian Robust Aggregation for Federated Learning
• Authors: Aleksandr Karakulev, Usama Zafar, Salman Toor, Prashant Singh,
• Abstract summary: Federated Learning enables collaborative training of machine learning models on decentralized data.<n> adversarial attacks, when some of the clients submit corrupted model updates.<n>We propose an adaptive approach for robust aggregation of model updates based on Bayesian inference.
• Score: 42.29248343585333
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Federated Learning enables collaborative training of machine learning models on decentralized data. This scheme, however, is vulnerable to adversarial attacks, when some of the clients submit corrupted model updates. In real-world scenarios, the total number of compromised clients is typically unknown, with the extent of attacks potentially varying over time. To address these challenges, we propose an adaptive approach for robust aggregation of model updates based on Bayesian inference. The mean update is defined by the maximum of the likelihood marginalized over probabilities of each client to be `honest'. As a result, the method shares the simplicity of the classical average estimators (e.g., sample mean or geometric median), being independent of the number of compromised clients. At the same time, it is as effective against attacks as methods specifically tailored to Federated Learning, such as Krum. We compare our approach with other aggregation schemes in federated setting on three benchmark image classification data sets. The proposed method consistently achieves state-of-the-art performance across various attack types with static and varying number of malicious clients.

Related papers

• Whispers of Data: Unveiling Label Distributions in Federated Learning Through Virtual Client Simulation [4.81392127803963]
  Federated Learning enables collaborative training of a global model across multiple geographically dispersed clients without the need for data sharing.<n>It is susceptible to inference attacks, particularly label inference attacks.<n>We propose a novel label distribution inference attack that is stable and adaptable to various scenarios.
  arXiv  Detail & Related papers  (2025-04-30T08:51:06Z)
• Towards Attack-tolerant Federated Learning via Critical Parameter Analysis [85.41873993551332]
  Federated learning systems are susceptible to poisoning attacks when malicious clients send false updates to the central server. This paper proposes a new defense strategy, FedCPA (Federated learning with Critical Analysis) Our attack-tolerant aggregation method is based on the observation that benign local models have similar sets of top-k and bottom-k critical parameters, whereas poisoned local models do not.
  arXiv  Detail & Related papers  (2023-08-18T05:37:55Z)
• Client-specific Property Inference against Secure Aggregation in Federated Learning [52.8564467292226]
  Federated learning has become a widely used paradigm for collaboratively training a common model among different participants. Many attacks have shown that it is still possible to infer sensitive information such as membership, property, or outright reconstruction of participant data. We show that simple linear models can effectively capture client-specific properties only from the aggregated model updates.
  arXiv  Detail & Related papers  (2023-03-07T14:11:01Z)
• Invariant Aggregator for Defending against Federated Backdoor Attacks [28.416262423174796]
  Federated learning enables training high-utility models across several clients without directly sharing their private data. As a downside, the federated setting makes the model vulnerable to various adversarial attacks in the presence of malicious clients. We propose an invariant aggregator that redirects the aggregated update to invariant directions that are generally useful.
  arXiv  Detail & Related papers  (2022-10-04T18:06:29Z)
• Federated Learning with Uncertainty via Distilled Predictive Distributions [14.828509220023387]
  We present a framework for federated learning with uncertainty where, in each round, each client infers the posterior distribution over its parameters as well as the posterior predictive distribution (PPD) Unlike some of the recent Bayesian approaches to federated learning, our approach does not require sending the whole posterior distribution of the parameters from each client to the server. Our approach does not make any restrictive assumptions, such as the form of the clients' posterior distributions, or of their PPDs.
  arXiv  Detail & Related papers  (2022-06-15T14:24:59Z)
• Robust Quantity-Aware Aggregation for Federated Learning [72.59915691824624]
  Malicious clients can poison model updates and claim large quantities to amplify the impact of their model updates in the model aggregation. Existing defense methods for FL, while all handling malicious model updates, either treat all quantities benign or simply ignore/truncate the quantities of all clients. We propose a robust quantity-aware aggregation algorithm for federated learning, called FedRA, to perform the aggregation with awareness of local data quantities.
  arXiv  Detail & Related papers  (2022-05-22T15:13:23Z)
• Performance Weighting for Robust Federated Learning Against Corrupted Sources [1.76179873429447]
  Federated learning has emerged as a dominant computational paradigm for distributed machine learning. In real-world applications, a federated environment may consist of a mixture of benevolent and malicious clients. We show that the standard global aggregation scheme of local weights is inefficient in the presence of corrupted clients.
  arXiv  Detail & Related papers  (2022-05-02T20:01:44Z)
• Gradient Masked Averaging for Federated Learning [24.687254139644736]
  Federated learning allows a large number of clients with heterogeneous data to coordinate learning of a unified global model. Standard FL algorithms involve averaging of model parameters or gradient updates to approximate the global model at the server. We propose a gradient masked averaging approach for FL as an alternative to the standard averaging of client updates.
  arXiv  Detail & Related papers  (2022-01-28T08:42:43Z)
• Robust Federated Learning via Over-The-Air Computation [48.47690125123958]
  Simple averaging of model updates via over-the-air computation makes the learning task vulnerable to random or intended modifications of the local model updates of some malicious clients. We propose a robust transmission and aggregation framework to such attacks while preserving the benefits of over-the-air computation for federated learning.
  arXiv  Detail & Related papers  (2021-11-01T19:21:21Z)
• Byzantine-robust Federated Learning through Spatial-temporal Analysis of Local Model Updates [6.758334200305236]
  Federated Learning (FL) enables multiple distributed clients (e.g., mobile devices) to collaboratively train a centralized model while keeping the training data locally on the client. In this paper, we propose to mitigate these failures and attacks from a spatial-temporal perspective. Specifically, we use a clustering-based method to detect and exclude incorrect updates by leveraging their geometric properties in the parameter space.
  arXiv  Detail & Related papers  (2021-07-03T18:48:11Z)
• Learning Diverse Representations for Fast Adaptation to Distribution Shift [78.83747601814669]
  We present a method for learning multiple models, incorporating an objective that pressures each to learn a distinct way to solve the task. We demonstrate our framework's ability to facilitate rapid adaptation to distribution shift.
  arXiv  Detail & Related papers  (2020-06-12T12:23:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.