Attack-Resistant Federated Learning

The Hong Kong University of Science and Technology
Department of Computer Science and Engineering

Final Year Thesis Oral Defense

Title: "Attack-Resistant Federated Learning"

by

FU Shuhao

Abstract:

Learning machine learning models through multiparty training has a variety 
of applications in multiple domains. Federated learning, as one of the 
most popular approaches, iteratively aggregates a large pool of machine 
learning models to one collectively shared model. Unfortunately, the 
aggregation process is highly vulnerable to noises and model poisoning 
attacks because it simply averages all the models from various unknown, 
and even malicious clients.

In this paper, we propose a novel reweighting algorithm to defend model 
poisoning attacks and noises by dynamically assigning weights to models 
based on a median-based M-estimator. Our algorithm is the first single-round 
statistical algorithm applied to non-i.i.d. (not independent and 
identically distributed) data. To suppress extreme values from models, we 
also add a bounding technique to restrict model values. We show that our 
algorithm is robust, meaning that it maintains its performance even with 
the presence of attackers, through extensive experiments.



Date            : 3 May 2019 (Friday)

Time            : 09:00 - 09:40

Venue           : Room 5566 (near lifts 27/28), HKUST

Advisor         : Dr. CHEN Qifeng

2nd Reader      : Prof. GOLIN Mordecai J.