Litcius/Paper detail

WMDefense: Using Watermark to Defense Byzantine Attacks in Federated Learning

Xu Zheng, Qihao Dong, Anmin Fu

2022IEEE INFOCOM 2022 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)26 citationsDOI

Abstract

Federated learning enables data owners to train a global ML model without exchanging data. However, the unique pattern of training in federated learning can be exploited by malicious adversaries. These malicious adversaries degrade the accuracy of the federated training model by sending malicious inputs during the federated training process. Existing Byzantine robust federated learning algorithms remain vulnerable to customized local model poisoning attacks because they are not designed with a suitable malicious client detection mechanism. To defend against the latest Byzantine attacks, this work proposes an effective algorithm, WMDefense, which identifies malicious clients by embedding a watermark to the global model and tracking the degree of watermark recession after local model training. Our experiments apply WMDefense to two recent Byzantine attack algorithms and validate them using two publicly available datasets, showing that it can defend well against both attacks. Furthermore, we compare WMDefense with two current state-of-the-art Byzantine robustness federated learning algorithms and show our superior performance.

Topics & Concepts

Federated learningComputer scienceRobustness (evolution)Byzantine fault toleranceEmbeddingByzantine architectureComputer securityQuantum Byzantine agreementArtificial intelligenceMachine learningDistributed computingFault toleranceAncient historyChemistryGeneBiochemistryHistoryPrivacy-Preserving Technologies in DataAdversarial Robustness in Machine LearningInternet Traffic Analysis and Secure E-voting
WMDefense: Using Watermark to Defense Byzantine Attacks in Federated Learning | Litcius