Mitigating Poisoning Attack in Federated Learning
Aashma Uprety, Danda B. Rawat
Abstract
Adversarial machine learning (AML) has emerged as one of the significant research areas in machine learning (ML) because models we train lack robustness and trustworthiness. Federated learning (FL) trains models over distributed devices and model parameters are shared instead of actual data in a privacy-preserving manner. Unfortunately, FL is also vulnerable to attacks including parameter/data poisoning attacks. In this paper, we first analyze the impact of the data poisoning attack on this training method with a label-flipping attack. We propose a poisoning attack mitigation technique based on the reputation of nodes' involved in the training process. The reputation score for each client is calculated using the beta probability distribution method. This is the first work to show the removal of malicious nodes with the poisoned dataset from the training environment based on the calculated reputation score. The improvement in model performance after filtering malicious nodes is validated using the benchmark MNIST dataset. At the same time, our work contributes to preventing denial of service attacks by considering a blockchain-based server network. Our results hold for two different attack settings with different proportions of poisoned data samples.