Secure and Private Federated Learning: Achieving Adversarial Resilience through Robust Aggregation

• URL: http://arxiv.org/abs/2505.17226v2
• Date: Tue, 03 Jun 2025 21:06:36 GMT
• Title: Secure and Private Federated Learning: Achieving Adversarial Resilience through Robust Aggregation
• Authors: Kun Yang, Neena Imam,
• Abstract summary: Federated Learning (FL) enables collaborative machine learning across decentralized data sources without sharing raw data.<n>FL remains vulnerable to adversarial threats from malicious participants, referred to as Byzantine clients.<n>We propose Average-rKrum (ArKrum), a novel aggregation strategy designed to enhance both the resilience and privacy guarantees of FL systems.
• Score: 4.001189641238278
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Federated Learning (FL) enables collaborative machine learning across decentralized data sources without sharing raw data. It offers a promising approach to privacy-preserving AI. However, FL remains vulnerable to adversarial threats from malicious participants, referred to as Byzantine clients, who can send misleading updates to corrupt the global model. Traditional aggregation methods, such as simple averaging, are not robust to such attacks. More resilient approaches, like the Krum algorithm, require prior knowledge of the number of malicious clients, which is often unavailable in real-world scenarios. To address these limitations, we propose Average-rKrum (ArKrum), a novel aggregation strategy designed to enhance both the resilience and privacy guarantees of FL systems. Building on our previous work (rKrum), ArKrum introduces two key innovations. First, it includes a median-based filtering mechanism that removes extreme outliers before estimating the number of adversarial clients. Second, it applies a multi-update averaging scheme to improve stability and performance, particularly when client data distributions are not identical. We evaluate ArKrum on benchmark image and text datasets under three widely studied Byzantine attack types. Results show that ArKrum consistently achieves high accuracy and stability. It performs as well as or better than other robust aggregation methods. These findings demonstrate that ArKrum is an effective and practical solution for secure FL systems in adversarial environments.

Related papers

• Not All Edges are Equally Robust: Evaluating the Robustness of Ranking-Based Federated Learning [49.68790647579509]
  Federated Ranking Learning (FRL) is a state-of-the-art FL framework that stands out for its communication efficiency and resilience to poisoning attacks.<n>We introduce a novel local model poisoning attack against FRL, namely the Vulnerable Edge Manipulation (VEM) attack.<n>Our attack achieves an overall 53.23% attack impact and is 3.7x more impactful than existing methods.
  arXiv  Detail & Related papers  (2025-03-12T00:38:14Z)
• Privacy Preserving and Robust Aggregation for Cross-Silo Federated Learning in Non-IID Settings [1.8434042562191815]
  Federated Averaging remains the most widely used aggregation strategy in federated learning.<n>Our method relies solely on gradient updates, eliminating the need for any additional client metadata.<n>Our results establish the effectiveness of gradient masking as a practical and secure solution for federated learning.
  arXiv  Detail & Related papers  (2025-03-06T14:06:20Z)
• Rethinking Byzantine Robustness in Federated Recommendation from Sparse Aggregation Perspective [65.65471972217814]
  federated recommendation (FR) based on federated learning (FL) emerges, keeping the personal data on the local client and updating a model collaboratively.<n>FR has a unique sparse aggregation mechanism, where the embedding of each item is updated by only partial clients, instead of full clients in a dense aggregation of general FL.<n>In this paper, we reformulate the Byzantine robustness under sparse aggregation by defining the aggregation for a single item as the smallest execution unit.<n>We propose a family of effective attack strategies, named Spattack, which exploit the vulnerability in sparse aggregation and are categorized along the adversary's knowledge and capability.
  arXiv  Detail & Related papers  (2025-01-06T15:19:26Z)
• Formal Logic-guided Robust Federated Learning against Poisoning Attacks [6.997975378492098]
  Federated Learning (FL) offers a promising solution to the privacy concerns associated with centralized Machine Learning (ML) FL is vulnerable to various security threats, including poisoning attacks, where adversarial clients manipulate the training data or model updates to degrade overall model performance. We present a defense mechanism designed to mitigate poisoning attacks in federated learning for time-series tasks.
  arXiv  Detail & Related papers  (2024-11-05T16:23:19Z)
• FedCAP: Robust Federated Learning via Customized Aggregation and Personalization [13.17735010891312]
  Federated learning (FL) has been applied to various privacy-preserving scenarios. We propose FedCAP, a robust FL framework against both data heterogeneity and Byzantine attacks. We show that FedCAP performs well in several non-IID settings and shows strong robustness under a series of poisoning attacks.
  arXiv  Detail & Related papers  (2024-10-16T23:01:22Z)
• PriRoAgg: Achieving Robust Model Aggregation with Minimum Privacy Leakage for Federated Learning [49.916365792036636]
  Federated learning (FL) has recently gained significant momentum due to its potential to leverage large-scale distributed user data. The transmitted model updates can potentially leak sensitive user information, and the lack of central control of the local training process leaves the global model susceptible to malicious manipulations on model updates. We develop a general framework PriRoAgg, utilizing Lagrange coded computing and distributed zero-knowledge proof, to execute a wide range of robust aggregation algorithms while satisfying aggregated privacy.
  arXiv  Detail & Related papers  (2024-07-12T03:18:08Z)
• Fed-Credit: Robust Federated Learning with Credibility Management [18.349127735378048]
  Federated Learning (FL) is an emerging machine learning approach enabling model training on decentralized devices or data sources. We propose a robust FL approach based on the credibility management scheme, called Fed-Credit. The results exhibit superior accuracy and resilience against adversarial attacks, all while maintaining comparatively low computational complexity.
  arXiv  Detail & Related papers  (2024-05-20T03:35:13Z)
• Client-side Gradient Inversion Against Federated Learning from Poisoning [59.74484221875662]
  Federated Learning (FL) enables distributed participants to train a global model without sharing data directly to a central server. Recent studies have revealed that FL is vulnerable to gradient inversion attack (GIA), which aims to reconstruct the original training samples. We propose Client-side poisoning Gradient Inversion (CGI), which is a novel attack method that can be launched from clients.
  arXiv  Detail & Related papers  (2023-09-14T03:48:27Z)
• Mitigating Cross-client GANs-based Attack in Federated Learning [78.06700142712353]
  Multi distributed multimedia clients can resort to federated learning (FL) to jointly learn a global shared model. FL suffers from the cross-client generative adversarial networks (GANs)-based (C-GANs) attack. We propose Fed-EDKD technique to improve the current popular FL schemes to resist C-GANs attack.
  arXiv  Detail & Related papers  (2023-07-25T08:15:55Z)
• FedCC: Robust Federated Learning against Model Poisoning Attacks [0.0]
  Federated learning is a distributed framework designed to address privacy concerns.<n>It introduces new attack surfaces, which are especially prone when data is non-Independently and Identically Distributed.<n>We present FedCC, a simple yet effective novel defense algorithm against model poisoning attacks.
  arXiv  Detail & Related papers  (2022-12-05T01:52:32Z)
• MUDGUARD: Taming Malicious Majorities in Federated Learning using Privacy-Preserving Byzantine-Robust Clustering [34.429892915267686]
  Byzantine-robust Federated Learning (FL) aims to counter malicious clients and train an accurate global model while maintaining an extremely low attack success rate. Most existing systems, however, are only robust when most of the clients are honest. We propose a novel Byzantine-robust and privacy-preserving FL system, called MUDGUARD, that can operate under malicious minority emphor majority in both the server and client sides.
  arXiv  Detail & Related papers  (2022-08-22T09:17:58Z)
• Local Learning Matters: Rethinking Data Heterogeneity in Federated Learning [61.488646649045215]
  Federated learning (FL) is a promising strategy for performing privacy-preserving, distributed learning with a network of clients (i.e., edge devices)
  arXiv  Detail & Related papers  (2021-11-28T19:03:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.