Skip to main content

Robust Federated Learning with Realistic Corruption

  • Conference paper
  • First Online:
Web and Big Data (APWeb-WAIM 2024)

Abstract

Robustness is one of the critical concerns in federated learning. Existing research focuses primarily on the worst case, typically modeled as the Byzantine attack, which alters the gradients in an optimal way. However, in practice, the corruption usually happens randomly, and is much weaker than the Byzantine attack. Therefore, existing methods overestimate the power of corruption, resulting in unnecessary sacrifice of performance. In this paper, we aim at building learning algorithms robust to realistic corruption. Towards this goal, we propose a new iterative filtering approach. In each iteration, it calculates the geometric median of all gradient vectors uploaded from clients and remove the gradients that are far away from the geometric median. A theoretical analysis is then provided, showing that under suitable parameter regimes, gradient vectors from corrupted clients are filtered if the noise is large, while those from benign clients are never filtered throughout the training process. For realistic gradient noise, our approach significantly outperforms existing methods, while the performance under the worst-case attack (i.e. the Byzantine attack) remains nearly the same. Experiments on both synthesized and real data validate our theoretical results, as well as the practical performance of our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273–1282 (2017)

    Google Scholar 

  2. Kairouz, P., et al.: Advances and open problems in federated learning. Found. Trends® Mach. Learn. 14(1–2), 1–210 (2021)

    Google Scholar 

  3. Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: International Conference on Artificial Intelligence and Statistics, pp. 2938–2948 (2020)

    Google Scholar 

  4. Lyu, W., Zheng, S., Pang, L., Ling, H., Chen, C.: Attention-enhancing backdoor attacks against BERT-based models. Find. Assoc. Comput. Linguist. EMNLP 2023, 10672–10690 (2023)

    Google Scholar 

  5. Lyu, W., Zheng, S., Ma, T., Chen, C.: A study of the attention abnormality in Trojaned BERTs. In: Proceedings of the 2022 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, pp. 4727–4741 (2022)

    Google Scholar 

  6. Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)

    Article  Google Scholar 

  7. Sun, G., Cong, Y., Dong, J., Wang, Q., Lyu, L., Liu, J.: Data poisoning attacks on federated machine learning. IEEE Internet Things J. 9(13), 11365–11375 (2021)

    Article  Google Scholar 

  8. Fang, M., Cao, X., Jia, J., Gong, N.: Local model poisoning attacks to byzantine-robust federated learning. In: 29th USENIX security symposium (USENIX Security 20), pp. 1605–1622 (2020)

    Google Scholar 

  9. Blanchard, P., El Mhamdi, E.M., Guerraoui, R., Stainer, J.: Machine learning with adversaries: byzantine tolerant gradient descent. In: Advances in Neural Information Processing Systems, vol. 30 (2017)

    Google Scholar 

  10. Chen, Y., Su, L., Xu, J.: Distributed statistical machine learning in adversarial settings: byzantine gradient descent. Proc. ACM Measur. Anal. Comput. Syst. 1(2), 1–25 (2017)

    Google Scholar 

  11. Yin, D., Chen, Y., Kannan, R., Bartlett, P.: Byzantine-robust distributed learning: towards optimal statistical rates. In: International Conference on Machine Learning, pp. 5650–5659 (2018)

    Google Scholar 

  12. Zhao, P., Yu, F., Wan, Z.: A Huber loss minimization approach to byzantine robust federated learning. In: AAAI (2024)

    Google Scholar 

  13. Cao, X., Lai, L.: Distributed gradient descent algorithm robust to an arbitrary number of byzantine attackers. IEEE Trans. Signal Process. 67(22), 5850–5864 (2019)

    Article  MathSciNet  Google Scholar 

  14. Xie, C., Koyejo, S., Gupta, I.: Zeno: distributed stochastic gradient descent with suspicion-based fault-tolerance. In: International Conference on Machine Learning, pp. 6893–6901 (2019)

    Google Scholar 

  15. Xie, C., Koyejo, S., Gupta, I.: Zeno++: robust fully asynchronous SGD. In: International Conference on Machine Learning, pp. 10495–10503 (2020)

    Google Scholar 

  16. Diakonikolas, I., Kamath, G., Kane, D.M., Li, J., Moitra, A., Stewart, A.: Robust estimators in high dimensions without the computational intractability. In: 57th Annual Symposium on Foundations of Computer Science, pp. 655–664 (2016)

    Google Scholar 

  17. Diakonikolas, I., Kamath, G., Kane, D.M., Li, J., Moitra, A., Stewart, A.: Being robust (in high dimensions) can be practical. In: International Conference on Machine Learning, pp. 999–1008 (2017)

    Google Scholar 

  18. Diakonikolas, I., Kane, D.M., Stewart, A.: List-decodable robust mean estimation and learning mixtures of spherical gaussians. In: Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing, pp. 1047–1060 (2018)

    Google Scholar 

  19. Diakonikolas, I., Kane, D.M.: Recent advances in algorithmic high-dimensional robust statistics (2019). arXiv preprint arXiv:1911.05911

  20. Diakonikolas, I., Kane, D.M.: Algorithmic High-Dimensional Robust Statistics. Cambridge University Press, Cambridge (2023)

    Google Scholar 

  21. Steinhardt, J.: Robust learning: Information theory and algorithms. PhD thesis (2018)

    Google Scholar 

  22. Su, L., Xu, J.: Securing distributed machine learning in high dimensions, pp. 1536–1233 (2018). arXiv preprint arXiv:1804.10140

  23. Shejwalkar, V., Houmansadr, A.: Manipulating the byzantine: optimizing model poisoning attacks and defenses for federated learning. In: 28th Annual Network and Distributed System Security Symposium, 2021, The Internet Society (2021)

    Google Scholar 

  24. Zhu, B., et al.: Byzantine-robust federated learning with optimal statistical rates. In: International Conference on Artificial Intelligence and Statistics, pp. 3151–3178 (2023)

    Google Scholar 

  25. Zhao, P., Wan, Z.: Robust nonparametric regression under poisoning attack. In: AAAI (2024)

    Google Scholar 

  26. Li, L., Xu, W., Chen, T., Giannakis, G.B., Ling, Q.: RSA: byzantine-robust stochastic aggregation methods for distributed learning from heterogeneous datasets. In: The Thirty-Third AAAI Conference on Artificial Intelligence, AAAI, pp. 1544–1551 (2019)

    Google Scholar 

  27. Ghosh, A., Hong, J., Yin, D., Ramchandran, K.: Robust federated learning in a heterogeneous environment (2019). arXiv preprint arXiv:1906.06629

  28. Pillutla, K., Kakade, S.M., Harchaoui, Z.: Robust aggregation for federated learning. IEEE Trans. Signal Process. 70, 1142–1154 (2022)

    Article  MathSciNet  Google Scholar 

  29. Zuo, S., Yan, X., Fan, R., Hu, H., Shan, H., Quek, T.Q.: Byzantine-resilient federated learning with adaptivity to data heterogeneity (2024). arXiv preprint arXiv:2403.13374

  30. Farhadkhani, S., Guerraoui, R., Gupta, N., Pinot, R.: Brief announcement: a case for byzantine machine learning. In: Proceedings of the 43rd ACM Symposium on Principles of Distributed Computing, pp. 131–134 (2024)

    Google Scholar 

  31. Weiszfeld, E., Plastria, F.: On the point for which the sum of the distances to n given points is minimum. Ann. Oper. Res. 167(1), 7–41 (2009)

    Article  MathSciNet  Google Scholar 

  32. LeCun, Y.: The MNIST database of handwritten digits (1998). http://yannlecun.com/exdb/mnist/

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Puning Zhao .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhao, P., Wu, J., Liu, Z. (2024). Robust Federated Learning with Realistic Corruption. In: Zhang, W., Tung, A., Zheng, Z., Yang, Z., Wang, X., Guo, H. (eds) Web and Big Data. APWeb-WAIM 2024. Lecture Notes in Computer Science, vol 14964. Springer, Singapore. https://doi.org/10.1007/978-981-97-7241-4_15

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-7241-4_15

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-7240-7

  • Online ISBN: 978-981-97-7241-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics