skip to main content
research-article

FedSuper: A Byzantine-Robust Federated Learning Under Supervision

Published: 10 January 2024 Publication History

Abstract

Federated Learning (FL) is a machine learning setting where multiple worker devices collaboratively train a model under the orchestration of a central server, while keeping the training data local. However, owing to the lack of supervision on worker devices, FL is vulnerable to Byzantine attacks where the worker devices controlled by an adversary arbitrarily generate poisoned local models and send to FL server, ultimately degrading the utility (e.g., model accuracy) of the global model. Most of existing Byzantine-robust algorithms, however, cannot well react to the threatening Byzantine attacks when the ratio of compromised worker devices (i.e., Byzantine ratio) is over 0.5 and worker devices’ local training datasets are not independent and identically distributed (non-IID). We propose a novel Byzantine-robust Federated Learning under Supervision (FedSuper), which can maintain robustness against Byzantine attacks even in the threatening scenario with a very high Byzantine ratio (0.9 in our experiments) and the largest level of non-IID data (1.0 in our experiments) when the state-of-the-art Byzantine attacks are conducted. The main idea of FedSuper is that the FL server supervises worker devices via injecting a shadow dataset into their local training processes. Moreover, according to the local models’ accuracies or losses on the shadow dataset, we design a Local Model Filter to remove poisoned local models and output an optimal global model. Extensive experimental results on three real-world datasets demonstrate the effectiveness and the superior performance of FedSuper, compared to five latest Byzantine-robust FL algorithms and two baselines, in defending against two state-of-the-art Byzantine attacks with high Byzantine ratios and high levels of non-IID data.

References

[1]
LEAF a benchmark for federated settings. Retrieved August 10, 2023 from https://leaf.cmu.edu/
[2]
Federated learning: Collaborative machine learning without centralized training data. Retrieved October 03, 2021 from https://ai.googleblog.com/2017/04/federated-learning-collaborative.html
[3]
Utilization of FATE in risk management of credit in small and micro enterprises. Retrieved October 03, 2021 from https://www.fedai.org/cases/utilization-of-fate-in-risk-management-of-credit-in-small-and-micro-enterprises/
[4]
Dan Alistarh, Zeyuan Allen-Zhu, and Jerry Li. 2018. Byzantine stochastic gradient descent. In Proc. of Conference on Neural Information Processing Systems.
[5]
Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How to backdoor federated learning. In Proc. of Artificial Intelligence and Statistics (AISTATS’20).
[6]
Marco Barreno, Blaine Nelson, Anthony D. Joseph, and J. D. Tygar. 2010. The security of machine learning. Mach. Learn. 81, 2 (2010), 121–148. DOI:
[7]
Arjun Nitin Bhagoji, Supriyo Chakraborty, Prateek Mittal, and Seraphin B. Calo. 2019. Analyzing federated learning through an adversarial lens. In Proc. of International Conference on Machine Learning (ICML’19).
[8]
Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. In Proc. of Conference on Neural Information Processing Systems.
[9]
Di Cao, Shan Chang, Zhijian Lin, Guohua Liu, and Donghong Sun. 2019. Understanding distributed poisoning attack in federated learning. In Proc. of IEEE International Conference on Parallel and Distributed Systems.
[10]
Xiaoyu Cao, Minghong Fang, Jia Liu, and Neil Zhenqiang Gong. 2021. FLTrust: Byzantine-robust federated learning via trust bootstrapping. In Proc. of Network and Distributed System Security Symposium (NDSS’21).
[11]
Yudong Chen, Lili Su, and Jiaming Xu. 2018. Distributed statistical machine learning in adversarial settings: Byzantine gradient descent. In Proc. of International Conference on Measurement and Modeling of Computer Systems.
[12]
Caiqin Dong, Jian Weng, Ming Li, Jia-Nan Liu, Zhiquan Liu, Yudan Cheng, and Shui Yu. 2023. Privacy-preserving and byzantine-robust federated learning. IEEE Transactions on Dependable and Secure Computing (2023), 1–16. DOI:
[13]
Ye Dong, Xiaojun Chen, Kaiyun Li, Dakui Wang, and Shuai Zeng. 2021. FLOD: Oblivious defender for private byzantine-robust federated learning with dishonest-majority. IACR Cryptol. ePrint Arch. 12972 (2021), 993.
[14]
Minghong Fang, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong. 2020. Local model poisoning attacks to byzantine-robust federated learning. In Proc. of USENIX Security Symposium.
[15]
Clement Fung, Chris J. M. Yoon, and Ivan Beschastnikh. 2018. Mitigating sybils in federated learning poisoning. arXiv:1808.04866. Retrieved from https://arxiv.org/abs/1808.04866
[16]
Liang Huang, Suzhi Bi, and Ying-Jun Angela Zhang. 2020. Deep reinforcement learning for online computation offloading in wireless powered mobile-edge computing networks. IEEE Trans. Mob. Comput. 19, 11 (2020), 2581–2593. DOI:
[17]
Yutao Huang, Lingyang Chu, Zirui Zhou, Lanjun Wang, Jiangchuan Liu, Jian Pei, and Yong Zhang. 2021. Personalized cross-silo federated learning on Non-IID data. In Proc. of AAAI Conference on Artificial Intelligence.
[18]
Ashwin R. Jadhav, Amit Portnoy, and Jamshid Tursunboyev. Accessed on July 3, 2021. Federated-Learning-PyTorch. Retrieved July 3, 2021 from https://github.com/AshwinRJ/Federated-Learning-PyTorch
[19]
Matthew Jagielski, Alina Oprea, Battista Biggio, Chang Liu, Cristina Nita-Rotaru, and Bo Li. 2018. Manipulating machine learning: Poisoning attacks and countermeasures for regression learning. In Proc. of IEEE Symposium on Security and Privacy.
[20]
Hongbo Jiang, Jie Li, Ping Zhao, Fanzi Zeng, Zhu Xiao, and Arun Iyengar. 2021. Location privacy-preserving mechanisms in location-based services: A comprehensive survey. ACM Comput. Surv. 54, 1 (2021), 4:1–4:36. DOI:
[21]
Hongbo Jiang, Wenping Liu, Guoyin Jiang, Yufu Jia, Xingjun Liu, Zhicheng Lui, Xiaofei Liao, Jing Xing, and Daibo Liu. 2021. Fly-Navi: A novel indoor navigation system with on-the-fly map generation. IEEE Trans. Mob. Comput. 20, 9 (2021), 2820–2834. DOI:
[22]
Peter Kairouz, H. Brendan McMahan, Brendan Avent, and et al.2021. Advances and open problems in federated learning. Found. Trends Mach. Learn. 14, 1-2 (2021), 1–210. DOI:
[23]
Alex Krizhevsky. 2009. Learning multiple layers of features from tiny images. (2009).
[24]
Yann LeCun, Léon Bottou, Yoshua Bengio, and Patrick Haffner. 1998. Gradient-based learning applied to document recognition. Proc. IEEE 86, 11 (1998), 2278–2324.
[25]
Jie Li, Fanzi Zeng, Zhu Xiao, Hongbo Jiang, Zhirun Zheng, Wenping Liu, and Ju Ren. 2020. Drive2friends: Inferring social relationships from individual vehicle mobility data. IEEE Internet Things J. 7, 6 (2020), 5116–5127. DOI:
[26]
Shenghui Li, Edith C.-H. Ngai, and Thiemo Voigt. 2023. An experimental study of byzantine-robust aggregation schemes in federated learning. IEEE Transactions on Big Data (2023), 1–13. DOI:
[27]
Xiaoxiao Li, Meirui Jiang, Xiaofei Zhang, Michael Kamp, and Qi Dou. 2021. FedBN: Federated learning on Non-IID features via local batch normalization. In Proc. of International Conference on Learning Representations (ICLR’21).
[28]
Daibo Liu, Zhichao Cao, Mengshu Hou, Huigui Rong, and Hongbo Jiang. 2020. Pushing the limits of transmission concurrency for low power wireless networks. ACM Trans. Sens. Networks 16, 4 (2020), 40:1–40:29. DOI:
[29]
Xindi Ma, Qi Jiang, Mohammad Shojafar, Mamoun Alazab, Sachin Kumar, and Saru Kumari. 2023. DisBezant: Secure and robust federated learning against byzantine attack in IoT-Enabled MTS. IEEE Transactions on Intelligent Transportation Systems 24, 2 (2023), 2492–2502.
[30]
Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Agüera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Proc. of Artificial Intelligence and Statistics.
[31]
El Mahdi El Mhamdi, Rachid Guerraoui, and Sébastien Rouault. 2018. The hidden vulnerability of distributed learning in byzantium. In Proc. of International Conference on Machine Learning.
[32]
Xudong Pan, Mi Zhang, Duocai Wu, Qifan Xiao, Shouling Ji, and Min Yang. 2020. Justinian’s GAAvernor: Robust distributed learning with gradient aggregation agent. In Proc. of USENIX Security Symposium.
[33]
Venkata Krishna Pillutla, Sham M. Kakade, and Zaïd Harchaoui. 2019. Robust aggregation for federated learning. arXiv:1912.13445. Retrieved from https://arxiv.org/abs/1912.13445
[34]
Felix Sattler, Simon Wiedemann, Klaus-Robert Müller, and Wojciech Samek. 2020. Robust and communication-efficient federated learning from Non-i.i.d. data. IEEE Trans. Neural Networks Learn. Syst. 31, 9 (2020), 3400–3413. DOI:
[35]
A. Schlesinger, K. O’Hara, and A. S. Taylor. 2018. Let’s talk about race: Identity, chatbots, and AI. In Proc. of Chi Conference.
[36]
Virat Shejwalkar and Amir Houmansadr. 2021. Manipulating the byzantine: Optimizing model poisoning attacks and defenses for federated learning. In Proc. of ISOC Network and Distributed System Security Symposium.
[37]
Shiqi Shen, Shruti Tople, and Prateek Saxena. 2016. Auror: Defending against poisoning attacks in collaborative deep learning systems. In Proc. of Conference on Computer Security Applications.
[38]
Jinhyun So, Basak Güler, and Amir Salman Avestimehr. 2021. Byzantine-resilient secure federated learning. IEEE J. Sel. Areas Commun. 39, 7 (2021), 2168–2181. DOI:
[39]
Yuwei Sun, Hideya Ochiai, and Jun Sakuma. 2023. Attacking distance-aware attack: Semi-targeted model poisoning on federated learning. IEEE Transactions on Artificial Intelligence (2023), 1–15. DOI:
[40]
Vale Tolpegin, Stacey Truex, Mehmet Emre Gursoy, and Ling Liu. 2020. Data poisoning attacks against federated learning systems. In Proc. of European Symposium on Research in Computer Security.
[41]
Hao Wang, Zakhary Kaplan, Di Niu, and Baochun Li. 2020. Optimizing federated learning on Non-IID data with reinforcement learning. In Proc. of IEEE Conference on Computer Communications.
[42]
Zhibo Wang, Mengkai Song, Zhifei Zhang, Yang Song, Qian Wang, and Hairong Qi. 2019. Beyond inferring class representatives: User-level privacy leakage from federated learning. In Proc. of IEEE Conference on Computer Communications.
[43]
Han Xiao, Kashif Rasul, and Roland Vollgraf. 2017. Fashion-MNIST: A Novel Image Dataset for Benchmarking Machine Learning Algorithms. arXiv:1708.07747. Retrieved from https://arxiv.org/abs/1708.07747
[44]
Jianhang Xiao, Chunhui Du, Zijing Duan, and Wei Guo. 2021. A novel server-side aggregation strategy for federated learning in Non-IID situations. In Proc. of International Symposium on Parallel and Distributed Computing (ISPDC’21).
[45]
Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li. 2020. DBA: Distributed backdoor attacks against federated learning. In Proc. of International Conference on Learning Representations (ICLR’20).
[46]
Cong Xie, Oluwasanmi Koyejo, and Indranil Gupta. 2019. Fall of empires: Breaking byzantine-tolerant SGD by inner product manipulation. In Proc. of Conference on Uncertainty in Artificial Intelligence (UAI’19).
[47]
Cong Xie, Sanmi Koyejo, and Indranil Gupta. 2019. Zeno: Distributed stochastic gradient descent with suspicion-based fault-tolerance. In Proc. of International Conference on Machine Learning.
[48]
Dong Yin, Yudong Chen, Kannan Ramchandran, and Peter L. Bartlett. 2018. Byzantine-robust distributed learning: Towards optimal statistical rates. In Proc. of International Conference on Machine Learning.
[49]
Dong Yuan, Yuanli Miao, Neil Zhenqiang Gong, Zheng Yang, Qi Li, Dawn Song, Qian Wang, and Xiao Liang. 2019. Detecting fake accounts in online social networks at the time of registrations. In Proc. of ACM Conference on Computer and Communications Security.
[50]
Zhuangzhuang Zhang, Libing Wu, Chuanguo Ma, Jianxin Li, Jing Wang, Qian Wang, and Shui Yu. 2023. LSFL: A lightweight and secure federated learning scheme for edge computing. IEEE Transactions on Information Forensics and Security 18 (2023), 365–379.
[51]
Bo Zhao, Peng Sun, Liming Fang, Tao Wang, and Keyu Jiang. 2021. FedCom: A byzantine-robust local model aggregation rule using data commitment for federated learning. CoRR (2021).
[52]
Ping Zhao, Hongbo Jiang, Jie Li, Zhu Xiao, Daibo Liu, Ju Ren, and Deke Guo. 2021. Garbage In, garbage out: Poisoning attacks disguised with plausible mobility in data aggregation. IEEE Trans. Netw. Sci. Eng. 8, 3 (2021), 2679–2693. DOI:
[53]
Ping Zhao, Jie Li, Fanzi Zeng, Fu Xiao, Chen Wang, and Hongbo Jiang. 2018. ILLIA: Enabling k-anonymity-based privacy preserving against location injection attacks in continuous LBS queries. IEEE Internet Things J. 5, 2 (2018), 1033–1042. DOI:
[54]
Ping Zhao, Wuwu Liu, Guanglin Zhang, Zongpeng Li, and Lin Wang. 2020. Preserving privacy in WiFi localization with plausible dummy locations. IEEE Trans. Veh. Technol. 69, 10 (2020), 11909–11925. DOI:
[55]
Ping Zhao, Jiawei Tao, and Guanglin Zhang. 2022. Deep reinforcement learning-based joint optimization of delay and privacy in multiple-user MEC systems. IEEE Transactions on Cloud Computing (2022). DOI:

Cited By

View all
  • (2024)Fair and Robust Federated Learning via Decentralized and Adaptive Aggregation based on BlockchainACM Transactions on Sensor Networks10.1145/3673656Online publication date: 17-Jun-2024

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Sensor Networks
ACM Transactions on Sensor Networks  Volume 20, Issue 2
March 2024
572 pages
EISSN:1550-4867
DOI:10.1145/3618080
  • Editor:
  • Wen Hu
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

Publication History

Published: 10 January 2024
Online AM: 14 November 2023
Accepted: 19 October 2023
Revised: 13 August 2023
Received: 04 February 2023
Published in TOSN Volume 20, Issue 2

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Federated learning
  2. Byzantine attack
  3. Byzantine ratio
  4. non-IID

Qualifiers

  • Research-article

Funding Sources

  • National Natural Science Foundation of China
  • Fundamental Research Funds
  • Central Universities
  • Shanghai Sailing Program
  • Open Foundation of State key Laboratory of Networking and Switching Technology (Beijing University of Posts, and Telecommunications)

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)338
  • Downloads (Last 6 weeks)28
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Fair and Robust Federated Learning via Decentralized and Adaptive Aggregation based on BlockchainACM Transactions on Sensor Networks10.1145/3673656Online publication date: 17-Jun-2024

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

Full Text

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media