Abstract
Robustness is one of the critical concerns in federated learning. Existing research focuses primarily on the worst case, typically modeled as the Byzantine attack, which alters the gradients in an optimal way. However, in practice, the corruption usually happens randomly, and is much weaker than the Byzantine attack. Therefore, existing methods overestimate the power of corruption, resulting in unnecessary sacrifice of performance. In this paper, we aim at building learning algorithms robust to realistic corruption. Towards this goal, we propose a new iterative filtering approach. In each iteration, it calculates the geometric median of all gradient vectors uploaded from clients and remove the gradients that are far away from the geometric median. A theoretical analysis is then provided, showing that under suitable parameter regimes, gradient vectors from corrupted clients are filtered if the noise is large, while those from benign clients are never filtered throughout the training process. For realistic gradient noise, our approach significantly outperforms existing methods, while the performance under the worst-case attack (i.e. the Byzantine attack) remains nearly the same. Experiments on both synthesized and real data validate our theoretical results, as well as the practical performance of our approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273–1282 (2017)
Kairouz, P., et al.: Advances and open problems in federated learning. Found. Trends® Mach. Learn. 14(1–2), 1–210 (2021)
Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: International Conference on Artificial Intelligence and Statistics, pp. 2938–2948 (2020)
Lyu, W., Zheng, S., Pang, L., Ling, H., Chen, C.: Attention-enhancing backdoor attacks against BERT-based models. Find. Assoc. Comput. Linguist. EMNLP 2023, 10672–10690 (2023)
Lyu, W., Zheng, S., Ma, T., Chen, C.: A study of the attention abnormality in Trojaned BERTs. In: Proceedings of the 2022 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, pp. 4727–4741 (2022)
Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)
Sun, G., Cong, Y., Dong, J., Wang, Q., Lyu, L., Liu, J.: Data poisoning attacks on federated machine learning. IEEE Internet Things J. 9(13), 11365–11375 (2021)
Fang, M., Cao, X., Jia, J., Gong, N.: Local model poisoning attacks to byzantine-robust federated learning. In: 29th USENIX security symposium (USENIX Security 20), pp. 1605–1622 (2020)
Blanchard, P., El Mhamdi, E.M., Guerraoui, R., Stainer, J.: Machine learning with adversaries: byzantine tolerant gradient descent. In: Advances in Neural Information Processing Systems, vol. 30 (2017)
Chen, Y., Su, L., Xu, J.: Distributed statistical machine learning in adversarial settings: byzantine gradient descent. Proc. ACM Measur. Anal. Comput. Syst. 1(2), 1–25 (2017)
Yin, D., Chen, Y., Kannan, R., Bartlett, P.: Byzantine-robust distributed learning: towards optimal statistical rates. In: International Conference on Machine Learning, pp. 5650–5659 (2018)
Zhao, P., Yu, F., Wan, Z.: A Huber loss minimization approach to byzantine robust federated learning. In: AAAI (2024)
Cao, X., Lai, L.: Distributed gradient descent algorithm robust to an arbitrary number of byzantine attackers. IEEE Trans. Signal Process. 67(22), 5850–5864 (2019)
Xie, C., Koyejo, S., Gupta, I.: Zeno: distributed stochastic gradient descent with suspicion-based fault-tolerance. In: International Conference on Machine Learning, pp. 6893–6901 (2019)
Xie, C., Koyejo, S., Gupta, I.: Zeno++: robust fully asynchronous SGD. In: International Conference on Machine Learning, pp. 10495–10503 (2020)
Diakonikolas, I., Kamath, G., Kane, D.M., Li, J., Moitra, A., Stewart, A.: Robust estimators in high dimensions without the computational intractability. In: 57th Annual Symposium on Foundations of Computer Science, pp. 655–664 (2016)
Diakonikolas, I., Kamath, G., Kane, D.M., Li, J., Moitra, A., Stewart, A.: Being robust (in high dimensions) can be practical. In: International Conference on Machine Learning, pp. 999–1008 (2017)
Diakonikolas, I., Kane, D.M., Stewart, A.: List-decodable robust mean estimation and learning mixtures of spherical gaussians. In: Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing, pp. 1047–1060 (2018)
Diakonikolas, I., Kane, D.M.: Recent advances in algorithmic high-dimensional robust statistics (2019). arXiv preprint arXiv:1911.05911
Diakonikolas, I., Kane, D.M.: Algorithmic High-Dimensional Robust Statistics. Cambridge University Press, Cambridge (2023)
Steinhardt, J.: Robust learning: Information theory and algorithms. PhD thesis (2018)
Su, L., Xu, J.: Securing distributed machine learning in high dimensions, pp. 1536–1233 (2018). arXiv preprint arXiv:1804.10140
Shejwalkar, V., Houmansadr, A.: Manipulating the byzantine: optimizing model poisoning attacks and defenses for federated learning. In: 28th Annual Network and Distributed System Security Symposium, 2021, The Internet Society (2021)
Zhu, B., et al.: Byzantine-robust federated learning with optimal statistical rates. In: International Conference on Artificial Intelligence and Statistics, pp. 3151–3178 (2023)
Zhao, P., Wan, Z.: Robust nonparametric regression under poisoning attack. In: AAAI (2024)
Li, L., Xu, W., Chen, T., Giannakis, G.B., Ling, Q.: RSA: byzantine-robust stochastic aggregation methods for distributed learning from heterogeneous datasets. In: The Thirty-Third AAAI Conference on Artificial Intelligence, AAAI, pp. 1544–1551 (2019)
Ghosh, A., Hong, J., Yin, D., Ramchandran, K.: Robust federated learning in a heterogeneous environment (2019). arXiv preprint arXiv:1906.06629
Pillutla, K., Kakade, S.M., Harchaoui, Z.: Robust aggregation for federated learning. IEEE Trans. Signal Process. 70, 1142–1154 (2022)
Zuo, S., Yan, X., Fan, R., Hu, H., Shan, H., Quek, T.Q.: Byzantine-resilient federated learning with adaptivity to data heterogeneity (2024). arXiv preprint arXiv:2403.13374
Farhadkhani, S., Guerraoui, R., Gupta, N., Pinot, R.: Brief announcement: a case for byzantine machine learning. In: Proceedings of the 43rd ACM Symposium on Principles of Distributed Computing, pp. 131–134 (2024)
Weiszfeld, E., Plastria, F.: On the point for which the sum of the distances to n given points is minimum. Ann. Oper. Res. 167(1), 7–41 (2009)
LeCun, Y.: The MNIST database of handwritten digits (1998). http://yannlecun.com/exdb/mnist/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhao, P., Wu, J., Liu, Z. (2024). Robust Federated Learning with Realistic Corruption. In: Zhang, W., Tung, A., Zheng, Z., Yang, Z., Wang, X., Guo, H. (eds) Web and Big Data. APWeb-WAIM 2024. Lecture Notes in Computer Science, vol 14964. Springer, Singapore. https://doi.org/10.1007/978-981-97-7241-4_15
Download citation
DOI: https://doi.org/10.1007/978-981-97-7241-4_15
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-7240-7
Online ISBN: 978-981-97-7241-4
eBook Packages: Computer ScienceComputer Science (R0)