The content discusses a new defense mechanism called FedZZ that aims to mitigate data poisoning attacks in federated learning (FL) environments. The key highlights are:
FedZZ leverages a Zone-Based Deviating Update (ZBDU) approach to effectively counter data poisoning attacks in FL. ZBDU identifies clusters of benign clients whose collective updates exhibit notable deviations from those of malicious clients engaged in data poisoning attacks.
FedZZ introduces a precision-guided methodology that actively characterizes these client clusters (zones), which in turn aids in recognizing and discarding malicious updates at the server.
Evaluation of FedZZ across CIFAR10 and EMNIST datasets demonstrates its efficacy in mitigating data poisoning attacks, outperforming state-of-the-art methods in both single and multi-client attack scenarios and varying attack volumes.
FedZZ functions as a robust client selection strategy, even in highly non-IID and attack-free scenarios. It displays superior resilience compared to existing techniques when confronted with escalating poisoning rates.
The authors provide a formal guarantee of monotonically increasing the accuracy of the global model using FedZZ.
FedZZ can be easily integrated into existing FL systems with no measurable overhead.
他の言語に翻訳
原文コンテンツから
arxiv.org
深掘り質問