A Byzantine-Robust Federated Learning Algorithm Based on Matrix Mapping

Liu Biao; Zhang Fangjiao; Wang Wenxin; Xie Kang; Zhang Jianyi

doi:10.7544/issn1000-1239.2021.20210633

Journal of Computer Research and Development > 2021 > 58(11): 2416-2429. > DOI: 10.7544/issn1000-1239.2021.20210633

Liu Biao, Zhang Fangjiao, Wang Wenxin, Xie Kang, Zhang Jianyi. A Byzantine-Robust Federated Learning Algorithm Based on Matrix Mapping[J]. Journal of Computer Research and Development, 2021, 58(11): 2416-2429. DOI: 10.7544/issn1000-1239.2021.20210633

Citation:

PDF (1923 KB)

A Byzantine-Robust Federated Learning Algorithm Based on Matrix Mapping

¹(Beijing Electronic Science and Technology Institute, Beijing 100070)
²(Key Lab of Information Network Security of Ministry of Public Security (The Third Research Institute of Ministry of Public Security), Shanghai 200031)
³(CAS Key Laboratory of Network Assessment Technology (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)

Funds: This work was supported by the National Key Research and Development Program of China (2018YFB1004100), the Opening Project of Key Lab of Information Network Security of Ministry of Public Security (The Third Research Institute of Ministry of Public Security) (C18612), and the Project of CAS Key Laboratory of Network Assessment Technology (Institute of Information Engineering, Chinese Academy of Sciences) (KFKT2019-004).

More Information

Published Date: October 31, 2021

Graphical Abstract

Abstract

Abstract

Federated learning can better protect data privacy because the parameter server only collects the client model and does not touch the local data of the client. However, its basic aggregation algorithm FedAvg is vulnerable to Byzantine client attacks. In response to this problem, many studies have proposed different aggregation algorithms, but these aggregation algorithms have insufficient defensive capabilities, and the model assumptions do not fit the reality. Therefore, we propose a new type of Byzantine robust aggregation algorithm. Different from the existing aggregation algorithms, our algorithm focuses on detecting the probability distribution of the Softmax layer. Specifically, after collecting the client model, the parameter server obtains the Softmax layer probability distribution of the model through the generated matrix to map the updated part of the model, and eliminates the client model with abnormal distribution. The experimental results show that without reducing the accuracy of FedAvg, the Byzantine tolerance rate is increased from 40% to 45% in convergence prevention attacks, and the defense against edge-case backdoor attacks is realized in backdoor attacks. In addition, according to the current state-of-the-art adaptive attack framework, an adaptive attack is designed specifically for our algorithm, and experimental evaluations have been carried out. The experimental results show that our aggregation algorithm can defend at least 30% of Byzantine clients.
- federated learning,
- matrix mapping,
- convergence prevention attack,
- backdoor attack,
- robust aggregation algorithm

FullText(HTML)

References (0)

[1]	Zhao Anning, Xu Nuo, Liu Kang, Luo Li, Pan Bingzheng, Bo Ziyi, Tan Chenghao. The Synthesis of Multiple Stateful Logic Gates for In-memory Computing with Low Wear[J]. Journal of Computer Research and Development, 2025, 62(3): 620-632. DOI: 10.7544/issn1000-1239.202440627
[2]	Xu Lijuan, Wang Bailing, Yang Meihong, Zhao Dawei, Han Jideng. Multi-Mode Attack Detection and Evaluation of Abnormal States for Industrial Control Network[J]. Journal of Computer Research and Development, 2021, 58(11): 2333-2349. DOI: 10.7544/issn1000-1239.2021.20210598
[3]	Li Yin. Test Suite Generating for Stateful Web Services Using Interface Contract[J]. Journal of Computer Research and Development, 2017, 54(3): 609-622. DOI: 10.7544/issn1000-1239.2017.20151045
[4]	Yi Maoxiang, Yu Chenglin, Fang Xiangsheng, Huang Zhengfeng, Ouyang Yiming, Liang Huaguo. State Vector Selective Generation of Parallel Folding Counters[J]. Journal of Computer Research and Development, 2015, 52(11): 2468-2475. DOI: 10.7544/issn1000-1239.2015.20140591
[5]	Zhao Ze, Shang Pengfei, Liu Qiang, Cui Li. Identification of Communication State for Wireless Sensor Networks[J]. Journal of Computer Research and Development, 2014, 51(11): 2382-2392. DOI: 10.7544/issn1000-1239.2014.20131079
[6]	Li Zhetao, Wang Zhiqiang, Zhu Gengming, Li Renfa. A Data Gathering MAC Protocol Based on State Translation and Grouping for WSN[J]. Journal of Computer Research and Development, 2014, 51(6): 1167-1175.
[7]	Xie Zhengwei, Zhai Ying, Deng Peimin, Yi Zhong. Algebraic Properties of Probabilistic Finite State Automata[J]. Journal of Computer Research and Development, 2013, 50(12): 2691-2698.
[8]	Yu Wanjun, Liu Dayou, Liu Quan, Yang Bo. An Approach to Monitoring and Controlling Workflow Systems Based on the Instance State[J]. Journal of Computer Research and Development, 2006, 43(8): 1345-1353.
[9]	Zhang Shichao, Xu Yinjun, Gu Ning, Shi Baile. A Norm-Driven Grid Workflow State Machine Model[J]. Journal of Computer Research and Development, 2006, 43(2): 307-313.
[10]	Huang Kui, Wu Yichuan, Zheng Jianping, Wu Zhimei. Forwarding State Reduction Scheme Based on Interface Format for Sparse Mode Multicast[J]. Journal of Computer Research and Development, 2005, 42(9): 1564-1570.