Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
80 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Enhancing Security and Privacy in Federated Learning using Update Digests and Voting-Based Defense (2405.18802v1)

Published 29 May 2024 in cs.CR and cs.AI

Abstract: Federated Learning (FL) is a promising privacy-preserving machine learning paradigm that allows data owners to collaboratively train models while keeping their data localized. Despite its potential, FL faces challenges related to the trustworthiness of both clients and servers, especially in the presence of curious or malicious adversaries. In this paper, we introduce a novel framework named \underline{\textbf{F}}ederated \underline{\textbf{L}}earning with \underline{\textbf{U}}pdate \underline{\textbf{D}}igest (FLUD), which addresses the critical issues of privacy preservation and resistance to Byzantine attacks within distributed learning environments. FLUD utilizes an innovative approach, the $\mathsf{LinfSample}$ method, allowing clients to compute the $l_{\infty}$ norm across sliding windows of updates as an update digest. This digest enables the server to calculate a shared distance matrix, significantly reducing the overhead associated with Secure Multi-Party Computation (SMPC) by three orders of magnitude while effectively distinguishing between benign and malicious updates. Additionally, FLUD integrates a privacy-preserving, voting-based defense mechanism that employs optimized SMPC protocols to minimize communication rounds. Our comprehensive experiments demonstrate FLUD's effectiveness in countering Byzantine adversaries while incurring low communication and runtime overhead. FLUD offers a scalable framework for secure and reliable FL in distributed environments, facilitating its application in scenarios requiring robust data management and security.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (42)
  1. Communication-Efficient Learning of Deep Networks from Decentralized Data. In Aarti Singh and Jerry Zhu, editors, Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, volume 54 of Proceedings of Machine Learning Research, pages 1273–1282. PMLR, 20–22 Apr 2017.
  2. Fedhip: Federated learning for privacy-preserving human intention prediction in human-robot collaborative assembly tasks. Advanced Engineering Informatics, 60:102411, 2024.
  3. Shieldfl: Mitigating model poisoning attacks in privacy-preserving federated learning. IEEE Transactions on Information Forensics and Security, 17:1639–1654, 2022.
  4. Pbfl: Privacy-preserving and byzantine-robust federated learning empowered industry 4.0. IEEE Internet of Things Journal, 2023.
  5. Fltrust: Byzantine-robust federated learning via trust bootstrapping. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21-25, 2021. The Internet Society, 2021.
  6. FLOD: oblivious defender for private byzantine-robust federated learning with dishonest-majority. In Elisa Bertino, Haya Schulmann, and Michael Waidner, editors, Computer Security - ESORICS 2021 - 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021, Proceedings, Part I, volume 12972 of Lecture Notes in Computer Science, pages 497–518. Springer, 2021.
  7. Manipulating the byzantine: Optimizing model poisoning attacks and defenses for federated learning. In NDSS, 2021.
  8. Can you really backdoor federated learning? CoRR, abs/1911.07963, 2019.
  9. How to backdoor federated learning. In Silvia Chiappa and Roberto Calandra, editors, Proceedings of the Twenty Third International Conference on Artificial Intelligence and Statistics, volume 108 of Proceedings of Machine Learning Research, pages 2938–2948. PMLR, 26–28 Aug 2020.
  10. Machine learning with adversaries: Byzantine tolerant gradient descent. In I. Guyon, U. Von Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett, editors, Advances in Neural Information Processing Systems, volume 30. Curran Associates, Inc., 2017.
  11. A taxonomy of attacks on federated learning. IEEE Security & Privacy, 19(2):20–28, 2020.
  12. Byzantine-robust distributed learning: Towards optimal statistical rates. In Jennifer Dy and Andreas Krause, editors, Proceedings of the 35th International Conference on Machine Learning, volume 80 of Proceedings of Machine Learning Research, pages 5650–5659. PMLR, 10–15 Jul 2018.
  13. Fltracer: Accurate poisoning attack provenance in federated learning, 2023.
  14. Deep leakage from gradients. In H. Wallach, H. Larochelle, A. Beygelzimer, F. d'Alché-Buc, E. Fox, and R. Garnett, editors, Advances in Neural Information Processing Systems, volume 32. Curran Associates, Inc., 2019.
  15. idlg: Improved deep leakage from gradients. CoRR, abs/2001.02610, 2020.
  16. Inverting gradients - how easy is it to break privacy in federated learning? In H. Larochelle, M. Ranzato, R. Hadsell, M.F. Balcan, and H. Lin, editors, Advances in Neural Information Processing Systems, volume 33, pages 16937–16947. Curran Associates, Inc., 2020.
  17. Source inference attacks in federated learning. In 2021 IEEE International Conference on Data Mining (ICDM), pages 1102–1107. IEEE, 2021.
  18. Gradient obfuscation gives a false sense of security in federated learning. In Joseph A. Calandrino and Carmela Troncoso, editors, 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, pages 6381–6398. USENIX Association, 2023.
  19. Aby-a framework for efficient mixed-protocol secure two-party computation. In NDSS, 2015.
  20. Cryptflow2: Practical 2-party secure inference. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pages 325–342, 2020.
  21. Blades: A unified benchmark suite for byzantine attacks and defenses in federated learning. In 2024 IEEE/ACM Ninth International Conference on Internet-of-Things Design and Implementation (IoTDI), 2024.
  22. An experimental study of byzantine-robust aggregation schemes in federated learning. IEEE Transactions on Big Data, pages 1–13, 2023.
  23. Mesas: Poisoning defense for federated learning resilient against adaptive attackers. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS ’23, page 1526–1540, New York, NY, USA, 2023. Association for Computing Machinery.
  24. Flare: defending federated learning against model poisoning attacks via latent space representations. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pages 946–958, 2022.
  25. Privacy-preserving and byzantine-robust federated learning. IEEE Transactions on Dependable and Secure Computing, 2023.
  26. Privacy-preserving federated learning against label-flipping attacks on non-iid data. IEEE Internet of Things Journal, 2023.
  27. Rofl: Robustness of secure federated learning. In 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, pages 453–476. IEEE, 2023.
  28. ELSA: secure aggregation for federated learning with malicious actors. In 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, pages 1961–1979. IEEE, 2023.
  29. Byzantine-robust federated learning through collaborative malicious gradient filtering. In 2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS), pages 1223–1235. IEEE, 2022.
  30. Rsa: Byzantine-robust stochastic aggregation methods for distributed learning from heterogeneous datasets. In Proceedings of the AAAI conference on artificial intelligence, volume 33, pages 1544–1551, 2019.
  31. A little is enough: Circumventing defenses for distributed learning. Advances in Neural Information Processing Systems, 32, 2019.
  32. Fall of empires: Breaking byzantine-tolerant sgd by inner product manipulation. In Ryan P. Adams and Vibhav Gogate, editors, Proceedings of The 35th Uncertainty in Artificial Intelligence Conference, volume 115 of Proceedings of Machine Learning Research, pages 261–270. PMLR, 22–25 Jul 2020.
  33. Pascal Paillier. Public-key cryptosystems based on composite degree residuosity classes. In International conference on the theory and applications of cryptographic techniques, pages 223–238. Springer, 1999.
  34. Privacy-enhancing and robust backdoor defense for federated learning on heterogeneous data. IEEE Transactions on Information Forensics and Security, 2023.
  35. Yehuda Lindell. How to simulate it–a tutorial on the simulation proof technique. Tutorials on the Foundations of Cryptography: Dedicated to Oded Goldreich, pages 277–346, 2017.
  36. Practically efficient multi-party sorting protocols from comparison sort algorithms. In Information Security and Cryptology–ICISC 2012: 15th International Conference, Seoul, Korea, November 28-30, 2012, Revised Selected Papers 15, pages 202–216. Springer, 2013.
  37. Fpcnn: A fast privacy-preserving outsourced convolutional neural network with low-bandwidth. Knowledge-Based Systems, 283:111181, 2024.
  38. Cifar-10 (canadian institute for advanced research).
  39. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747, 2017.
  40. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11):2278–2324, 1998.
  41. Agramplifier: Defending federated learning against poisoning attacks through local update amplification. IEEE Transactions on Information Forensics and Security, 19:1241–1250, 2023.
  42. Ensemble distillation for robust model fusion in federated learning. Advances in Neural Information Processing Systems, 33:2351–2363, 2020.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (6)
  1. Wenjie Li (183 papers)
  2. Kai Fan (44 papers)
  3. Jingyuan Zhang (50 papers)
  4. Hui Li (1004 papers)
  5. Wei Yang Bryan Lim (28 papers)
  6. Qiang Yang (202 papers)
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets