Abstract
Privacy protection is increasingly important in contemporary machine learning-based applications. While federated learning can provide privacy protection to some extent, it assumes that clients (and their updates) are trusted. However, we also need to consider the potential of malicious or compromised clients. In this paper, we propose a robust federated learning (RoFL) scheme, designed to detect multiple attacks and block malicious updates from being passed to the central model. To validate our scheme, we train a CNN classification model based on the MNIST dataset. We then conduct experiments focusing on the impacts of model parameters (e.g., malicious amplification factors, fractions of training clients, fractions of malicious clients, and data distribution characteristics (i.e., IID or Non-IID)) on the proposed (RoFL) scheme. The findings demonstrate that the proposed (RoFL) scheme can effectively protect federated learning models from malicious attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In this paper, we consider the federated learning for deep neural networks.
- 2.
Note that the malicious clients are randomly selected from the m clients for each round, which means the gradients of one client may be corrupted in the current round but be normal in the next round.
References
Aledhari, M., Razzak, R., Parizi, R.M., Saeed, F.: Federated learning: a survey on enabling technologies, protocols, and applications. IEEE Access 8, 140699–140725 (2020)
Xiao, R., Ren, W., Zhu, T., Choo, K.-K.R.: A mixing scheme using a decentralized signature protocol for privacy protection in bitcoin blockchain. IEEE Trans. Dependable Secure Comput. 18(4), 1793–1803 (2019)
Li, B., Liang, R., Zhou, W., Yin, H., Gao, H., Cai, K.: LBS meets blockchain: an efficient method with security preserving trust in SAGIN. IEEE Internet Things J. 9(8), 5932–5942 (2021)
Liu, Y., et al.: A blockchain-based decentralized, fair and authenticated information sharing scheme in zero trust Internet-of-Things. IEEE Trans. Comput. 72(2), 501–512 (2023)
McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273–1282. PMLR (2017)
Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications. ACM Trans. Intell. Syst. Technol. (TIST) 10(2), 1–19 (2019)
Bonawitz, K., et al.: Towards federated learning at scale: system design. arXiv preprint arXiv:1902.01046 (2019)
Mandal, K., Gong, G.: PrivFL: practical privacy-preserving federated regressions on high-dimensional data over mobile networks. In: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop, pp. 57–68 (2019)
Buescher, N., Boukoros, S., Bauregger, S., Katzenbeisser, S.: Two is not enough: privacy assessment of aggregation schemes in smart metering. Proc. Priv. Enhancing Technol. 2017(4), 198–214 (2017)
Bonawitz, K., et al.: Practical secure aggregation for privacy-preserving machine learning. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security 2017, pp. 1175–1191 (2017)
Bhowmick, A., Duchi, J., Freudiger, J., Kapoor, G., Rogers, R.: Protection against reconstruction and its applications in private federated learning. arXiv preprint arXiv:1812.00984 (2018)
Agarwal, N., Suresh, A.T., Yu, F., Kumar, S., Mcmahan, H.B.: cpSGD: communication-efficient and differentially-private distributed SGD. arXiv preprint arXiv:1805.10559 (2018)
Xu, R., Baracaldo, N., Zhou, Y., Anwar, A., Ludwig, H.: HybridAlpha: an efficient approach for privacy-preserving federated learning. In: Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, pp. 13–23 (2019)
Truex, S., et al.: A hybrid approach to privacy-preserving federated learning. In: Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, pp. 1–11 (2019)
Li, T., Sahu, A.K., Talwalkar, A., Smith, V.: Federated learning: challenges, methods, and future directions. IEEE Sig. Process. Mag. 37(3), 50–60 (2020)
Mothukuri, V., Parizi, R.M., Pouriyeh, S., Huang, Y., Dehghantanha, A., Srivastava, G.: A survey on security and privacy of federated learning. Future Gener. Comput. Syst. 115, 619–640 (2021). https://www.sciencedirect.com/science/article/pii/S0167739X20329848
Mothukuri, V., Khare, P., Parizi, R.M., Pouriyeh, S., Dehghantanha, A., Srivastava, G.: Federated-learning-based anomaly detection for IoT security attacks. IEEE Internet Things J. 9(4), 2545–2554 (2022)
Konečnỳ, J., McMahan, H.B., Yu, F.X., Richtárik, P., Suresh, A.T., Bacon, D.: Federated learning: strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492 (2016)
Deng, L.: The MNIST database of handwritten digit images for machine learning research [best of the web]. IEEE Sig. Process. Mag. 29(6), 141–142 (2012)
Acknowledgement
The research was financially supported by the National Natural Science Foundation of China (No. 61972366), the Provincial Key Research and Development Program of Hubei (No. 2020BAB105), the Foundation of Henan Key Laboratory of Network Cryptography Technology (No. LNCT2020-A01), and the Foundation of Hubei Key Laboratory of Intelligent Geo-Information Processing (No. KLIGIP-2021B06).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wei, M., Liu, X., Ren, W. (2023). RoFL: A Robust Federated Learning Scheme Against Malicious Attacks. In: Li, B., Yue, L., Tao, C., Han, X., Calvanese, D., Amagasa, T. (eds) Web and Big Data. APWeb-WAIM 2022. Lecture Notes in Computer Science, vol 13423. Springer, Cham. https://doi.org/10.1007/978-3-031-25201-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-25201-3_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25200-6
Online ISBN: 978-3-031-25201-3
eBook Packages: Computer ScienceComputer Science (R0)