Skip to main content
Springer Nature Link
Log in

Achieving Provable Byzantine Fault-tolerance in a Semi-honest Federated Learning Setting

  • Conference paper
  • First Online:
Advances in Knowledge Discovery and Data Mining (PAKDD 2023)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 13936))

Included in the following conference series:

  • 1560 Accesses

Abstract

Federated learning (FL) is a suite of technology that allows multiple distributed participants to collaboratively build a global machine learning model without disclosing private datasets to each other. We consider an FL setting in which there may exist both a) semi-honest participants who aim to eavesdrop on other participants’ private datasets; and b) Byzantine participants who aim to degrade the performances of the global model by submitting detrimental model updates. The proposed framework leverages the Expectation-Maximization algorithm first in E-step to estimate unknown participant membership, respectively, of Byzantine and benign participants, and in M-step to optimize the global model performance by excluding malicious model updates uploaded by Byzantine participants. One novel feature of the proposed method, which facilitates reliable detection of Byzantine participants even with HE or MPC protections, is to estimate participant membership based on the performances of a set of randomly generated candidate models evaluated by all participants. The extensive experiments and theoretical analysis demonstrate that our framework guarantees Byzantine Fault-tolerance in various federated learning settings with private-preserving mechanisms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    DP adds random noise to data to protect individual privacy while allowing useful data insights [1]. HE is a cryptographic technique that allows computation on encrypted data without the need for decryption, preserving privacy and security [3, 18]. MPC is a protocol or technique that enables multiple parties to jointly perform a specific computation task without revealing their private data [6].

  2. 2.

    Online appendix: https://github.com/TangXing/PAKDD2023-FedPBF.

  3. 3.

    Such privacy leakage risks have been demonstrated for particular cases (e.g., see [33]) where attackers can exploit unprotected deep neural network model updates to reconstruct training images with pixel-level accuracy.

  4. 4.

    Notions of exact Fault-tolerance is previously introduced in [13], in which a comparative elimination (CE) filtered-based scheme was proposed to achieve Byzantine Fault-tolerance under different conditions. We adopt these definitions to prove that the framework proposed in this article does admit these Fault-tolerances in the presence of privacy-preserving mechanisms.

  5. 5.

    For some protection mechanisms such as DP, this process may cause the loss of model precision.

References

  1. Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 308–318 (2016)

    Google Scholar 

  2. Allen-Zhu, Z., Ebrahimianghazani, F., Li, J., Alistarh, D.: Byzantine-resilient non-convex stochastic gradient descent. In: International Conference on Learning Representations (2020)

    Google Scholar 

  3. Aono, Y., Hayashi, T., Wang, L., Moriai, S., et al.: Privacy-preserving deep learning via additively homomorphic encryption. IEEE Trans. Inf. Forensics Secur. 13(5), 1333–1345 (2017)

    Google Scholar 

  4. Baruch, G., Baruch, M., Goldberg, Y.: A little is enough: circumventing defenses for distributed learning. Advances in Neural Information Processing Systems 32 (2019)

    Google Scholar 

  5. Blanchard, P., El Mhamdi, E.M., Guerraoui, R., Stainer, J.: Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in Neural Information Processing Systems 30 (2017)

    Google Scholar 

  6. Bonawitz, K., et al.: Practical secure aggregation for privacy-preserving machine learning. In: proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1175–1191 (2017)

    Google Scholar 

  7. Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 337–367. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_12

    Chapter  Google Scholar 

  8. Cao, X., Fang, M., Liu, J., Gong, N.Z.: FLTrust: Byzantine-robust federated learning via trust bootstrapping. arXiv preprint arXiv:2012.13995 (2020)

  9. Dempster, A.P., Laird, N.M., Rubin, D.B.: Maximum likelihood from incomplete data via the EM algorithm. J. Roy. Stat. Soc.: Ser. B (Methodol.) 39(1), 1–22 (1977)

    MathSciNet  MATH  Google Scholar 

  10. Dieuleveut, A., Fort, G., Moulines, E., Robin, G.: Federated-EM with heterogeneity mitigation and variance reduction. Adv. Neural. Inf. Process. Syst. 34, 29553–29566 (2021)

    Google Scholar 

  11. Fang, M., Cao, X., Jia, J., Gong, N.: Local model poisoning attacks to \(\{\)Byzantine-Robust\(\}\) federated learning. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1605–1622 (2020)

    Google Scholar 

  12. Gu, H., Fan, L., Tang, X., Yang, Q.: FedCut: a spectral analysis framework for reliable detection of byzantine colluders. arXiv preprint arXiv:2211.13389 (2022)

  13. Gupta, N., Doan, T.T., Vaidya, N.: Byzantine fault-tolerance in federated local SGD under 2f-redundancy. arXiv preprint arXiv:2108.11769 (2021)

  14. He, L., Karimireddy, S.P., Jaggi, M.: Secure byzantine-robust machine learning. arXiv preprint arXiv:2006.04747 (2020)

  15. Karimireddy, S.P., He, L., Jaggi, M.: Byzantine-robust learning on heterogeneous datasets via bucketing. arXiv preprint arXiv:2006.09365 (2020)

  16. Lai, F., Zhu, X., Madhyastha, H.V., Chowdhury, M.: Oort: efficient federated learning via guided participant selection. In: 15th \(\{\)USENIX\(\}\) Symposium on Operating Systems Design and Implementation (\(\{\)OSDI\(\}\) 21), pp. 19–35 (2021)

    Google Scholar 

  17. Li, Q., Diao, Y., Chen, Q., He, B.: Federated learning on non-IID data silos: an experimental study. arXiv preprint arXiv:2102.02079 (2021)

  18. Ma, J., Naas, S.A., Sigg, S., Lyu, X.: Privacy-preserving federated learning based on multi-key homomorphic encryption. Int. J. Intell. Syst. 37, 5880–5901 (2022)

    Google Scholar 

  19. Ma, X., Sun, X., Wu, Y., Liu, Z., Chen, X., Dong, C.: Differentially private byzantine-robust federated learning. IEEE Trans. Parallel Distrib. Syst. 33(12), 3690–3701 (2022). https://doi.org/10.1109/TPDS.2022.3167434

    Article  Google Scholar 

  20. Ma, X., Zhou, Y., Wang, L., Miao, M.: Privacy-preserving byzantine-robust federated learning. Comput. Stand. Interfaces 80, 103561 (2022)

    Article  Google Scholar 

  21. McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial intelligence and statistics, pp. 1273–1282. PMLR (2017)

    Google Scholar 

  22. Prakash, S., Avestimehr, A.S.: Mitigating byzantine attacks in federated learning. arXiv preprint arXiv:2010.07541 (2020)

  23. Sattler, F., Müller, K.R., Wiegand, T., Samek, W.: On the byzantine robustness of clustered federated learning. In: ICASSP 2020–2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 8861–8865. IEEE (2020)

    Google Scholar 

  24. Shen, S., Tople, S., Saxena, P.: AUROR: defending against poisoning attacks in collaborative deep learning systems. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 508–519 (2016)

    Google Scholar 

  25. So, J., Güler, B., Avestimehr, A.S.: Byzantine-resilient secure federated learning. IEEE J. Sel. Areas Commun. 39(7), 2168–2181 (2020)

    Article  Google Scholar 

  26. Xie, C., Koyejo, O., Gupta, I.: Zeno: Byzantine-suspicious stochastic gradient descent. arXiv preprint arXiv:1805.10032 24 (2018)

  27. Xie, C., Koyejo, O., Gupta, I.: Fall of empires: Breaking byzantine-tolerant SGD by inner product manipulation. In: Uncertainty in Artificial Intelligence, pp. 261–270. PMLR (2020)

    Google Scholar 

  28. Xie, C., Koyejo, S., Gupta, I.: Zeno++: robust fully asynchronous SGD. In: International Conference on Machine Learning, pp. 10495–10503. PMLR (2020)

    Google Scholar 

  29. Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications. ACM Trans. Intell. Syst. Technol. (TIST) 10(2), 1–19 (2019)

    Article  Google Scholar 

  30. Yin, D., Chen, Y., Kannan, R., Bartlett, P.: Byzantine-robust distributed learning: Towards optimal statistical rates. In: International Conference on Machine Learning, pp. 5650–5659. PMLR (2018)

    Google Scholar 

  31. Zhang, Z., Cao, X., Jia, J., Gong, N.Z.: FLDetector: defending federated learning against model poisoning attacks via detecting malicious clients. In: Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, pp. 2545–2555 (2022)

    Google Scholar 

  32. Zhu, H., Ling, Q.: Bridging differential privacy and byzantine-robustness via model aggregation. arXiv preprint arXiv:2205.00107 (2022)

  33. Zhu, L., Liu, Z., Han, S.: Deep leakage from gradients. Advances in Neural Information Processing Systems 32 (2019)

    Google Scholar 

Download references

Acknowledgments

This work is partly supported by National Key Research and Development Program of China (2020YFB1805501).

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, HKUST, Hong Kong, China

    Xingxing Tang & Qiang Yang

  2. WeBank AI Lab, WeBank, Shenzhen, China

    Hanlin Gu, Lixin Fan & Qiang Yang

Authors
  1. Xingxing Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hanlin Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lixin Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qiang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lixin Fan .

Editor information

Editors and Affiliations

  1. Kyoto University, Kyoto, Japan

    Hisashi Kashima

  2. IBM Research, Thomas J. Watson Research Center, Yorktown Heights, NY, USA

    Tsuyoshi Ide

  3. National Chiao Tung University, Hsinchu, Taiwan

    Wen-Chih Peng

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tang, X., Gu, H., Fan, L., Yang, Q. (2023). Achieving Provable Byzantine Fault-tolerance in a Semi-honest Federated Learning Setting. In: Kashima, H., Ide, T., Peng, WC. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2023. Lecture Notes in Computer Science(), vol 13936. Springer, Cham. https://doi.org/10.1007/978-3-031-33377-4_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-33377-4_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-33376-7

  • Online ISBN: 978-3-031-33377-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics