4 Conclusions
In this paper, we developed FedTop which significantly facilitates collaboration effectiveness between normal participants without suffering significant negative impacts from malicious participants. FedTop can both be regarded as a normal aggregation method for federated learning with normal data and stand more severe poisoning attacks including targeted and untargeted attacks with more loosen preconditions. In addition, we experimentally demonstrate that this method can significantly improve the learning performance in a malicious environment. However, our work still faces much limitations on data set choosing, base model choosing and the number of malicious models. Thus, our future work will be focused on experimentation with more scenarios, such as increasing the number of participants or designing more complex poisoning attacks on more complex data sets.
This is a preview of subscription content, log in via an institution to check access.
References
Yang Q, Liu Y, Chen T, Tong Y. Federated machine learning: concept and applications. ACM Transactions on Intelligent Systems and Technology, 2019, 10(2): 12
Gupta P, Yadav K, Gupta B B, Alazab M, Gadekallu T R. A novel data poisoning attack in federated learning based on inverted loss function. Computers & Security, 2023, 130: 103270
Pillutla K, Kakade S M, Harchaoui Z. Robust aggregation for federated learning. IEEE Transactions on Signal Processing, 2022, 70: 1142–1154
Xie C, Chen M, Chen P Y, Li B. CRFL: certifiably robust federated learning against backdoor attacks. In: Proceedings of the 38th International Conference on Machine Learning. 2021, 11372–11382
Xie C, Koyejo S, Gupta I. Zeno++: robust fully asynchronous SGD. In: Proceedings of the 37th International Conference on Machine Learning. 2020, 972
Li X, Huang K, Yang W, Wang S, Zhang Z. On the convergence of fedAvg on non-IID data. In: Proceedings of the 8th International Conference on Learning Representations. 2020
Blanchard P, El Mhamdi E M, Guerraoui R, Stainer J. Machine learning with adversaries: Byzantine tolerant gradient descent. In: Proceedings of the 31st International Conference on Neural Information Processing Systems. 2017, 118–128
Deng L. The MNIST database of handwritten digit images for machine learning research [Best of the Web]. IEEE Signal Processing Magazine, 2012, 29(6): 141–142
Krizhevsky A. Learning multiple layers of features from tiny images. Toronto: University of Toronto, 2009
Alamoudi E S, Alghamdi N S. Sentiment classification and aspect-based sentiment analysis on yelp reviews using deep learning and word embeddings. Journal of Decision Systems, 2021, 30(2–3): 259–281
Acknowledgment
This work was supported by the MoST Science and Technology Innovation Project of Xiong’an (2022XAGG0115), and the National Natural Science Foundation of China (Grant Nos. 62202011, 62172010).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Competing interests The authors declare that they have no competing interests or financial conflicts to disclose.
Electronic Supplementary Material
Rights and permissions
About this article
Cite this article
Wang, C., Wu, Z., Gao, J. et al. FedTop: a constraint-loosed federated learning aggregation method against poisoning attack. Front. Comput. Sci. 18, 185348 (2024). https://doi.org/10.1007/s11704-024-3767-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11704-024-3767-z