Better Together: Attaining the Triad of Byzantine-robust Federated Learning via Local Update Amplification

Shen, L; Zhang, Y; Wang, J; Bai, G

Better Together: Attaining the Triad of Byzantine-robust Federated Learning via Local Update Amplification

Shen, L Zhang, Y

Wang, J Bai, G

Permalink

Publisher:: ASSOC COMPUTING MACHINERY
Publication Type:: Conference Proceeding
Citation:: ACM International Conference Proceeding Series, 2022, pp. 201-213
Issue Date:: 2022-12-05

Closed Access

	Filename	Description	Size
	22‘ ACSAC Shen-2022-Better-together-attaining-the-triad.pdf	Accepted version	1.05 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Shen, L
dc.contributor.author	Zhang, Y https://orcid.org/0000-0001-5611-3483
dc.contributor.author	Wang, J
dc.contributor.author	Bai, G
dc.date	2022-12-05
dc.date.accessioned	2024-02-01T02:45:10Z
dc.date.available	2024-02-01T02:45:10Z
dc.date.issued	2022-12-05
dc.identifier.citation	ACM International Conference Proceeding Series, 2022, pp. 201-213
dc.identifier.isbn	9781450397599
dc.identifier.uri	http://hdl.handle.net/10453/175190
dc.description.abstract	Manipulation of local training data and local updates, i.e., the Byzantine poisoning attack, is the main threat arising from the collaborative nature of the federated learning (FL) paradigm. Many Byzantine-robust aggregation algorithms (AGRs) have been proposed to filter out or moderate suspicious local updates uploaded by Byzantine participants at the central aggregator. However, they largely suffer from model quality degradation due to the over-removal of local updates or/and the inefficiency caused by the expensive analysis of the high-dimensional local updates. In this work, we propose AgrAmplifier that aims to simultaneously attain the triad of robustness, fidelity and efficiency for FL. AgrAmplifier features the amplification of the "morality"of local updates to render their maliciousness and benignness clearly distinguishable. It re-organizes the local updates into patches and extracts the most activated features in the patches. This strategy can effectively enhance the robustness of the aggregator, and it also retains high fidelity as the amplified updates become more resistant to local translations. Furthermore, the significant dimension reduction in the feature space greatly benefits the efficiency of the aggregation. AgrAmplifier is compatible with any existing Byzantine-robust mechanism. In this paper, we integrate it with three mainstream ones, i.e., distance-based, prediction-based, and trust bootstrapping-based mechanisms. Our extensive evaluation against five representative poisoning attacks on five datasets across diverse domains demonstrates the consistent enhancement for all of them, with average gains at, and in terms of robustness, fidelity, and efficiency respectively. We release the source code of AgrAmplifier and our artifacts to facilitate future research in this area: https://github.com/UQ-Trust-Lab/AgrAmplifier.
dc.language	en
dc.publisher	ASSOC COMPUTING MACHINERY
dc.relation.ispartof	ACM International Conference Proceeding Series
dc.relation.ispartof	38th Annual Computer Security Applications Conference (ACSAC)
dc.relation.isbasedon	10.1145/3564625.3564658
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	Better Together: Attaining the Triad of Byzantine-robust Federated Learning via Local Update Amplification
dc.type	Conference Proceeding
utslib.location.activity	TX, Austin
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access	*
dc.date.updated	2024-02-01T02:45:09Z
pubs.finish-date	2022-12-09
pubs.publication-status	Published
pubs.start-date	2022-12-05

Abstract:

Manipulation of local training data and local updates, i.e., the Byzantine poisoning attack, is the main threat arising from the collaborative nature of the federated learning (FL) paradigm. Many Byzantine-robust aggregation algorithms (AGRs) have been proposed to filter out or moderate suspicious local updates uploaded by Byzantine participants at the central aggregator. However, they largely suffer from model quality degradation due to the over-removal of local updates or/and the inefficiency caused by the expensive analysis of the high-dimensional local updates. In this work, we propose AgrAmplifier that aims to simultaneously attain the triad of robustness, fidelity and efficiency for FL. AgrAmplifier features the amplification of the "morality"of local updates to render their maliciousness and benignness clearly distinguishable. It re-organizes the local updates into patches and extracts the most activated features in the patches. This strategy can effectively enhance the robustness of the aggregator, and it also retains high fidelity as the amplified updates become more resistant to local translations. Furthermore, the significant dimension reduction in the feature space greatly benefits the efficiency of the aggregation. AgrAmplifier is compatible with any existing Byzantine-robust mechanism. In this paper, we integrate it with three mainstream ones, i.e., distance-based, prediction-based, and trust bootstrapping-based mechanisms. Our extensive evaluation against five representative poisoning attacks on five datasets across diverse domains demonstrates the consistent enhancement for all of them, with average gains at, and in terms of robustness, fidelity, and efficiency respectively. We release the source code of AgrAmplifier and our artifacts to facilitate future research in this area: https://github.com/UQ-Trust-Lab/AgrAmplifier.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/175190