FedSIGN: A sign-based federated learning framework with privacy and robustness guarantees

Federated learning enables clients to train a global model jointly without sharing their private local datasets. Despite its benefits, due to the untrustworthiness of clients and the server, traditional federated learning faces the risk of privacy leakage and poisoning attacks. Privacy-preserving methods change the original model parameters whereas robust aggregation algorithms required accurate parameters. To solve such a dilemma, we propose a new framework named FedSIGN. On the one hand, it utilizes the sign of local model update to update the global model to protect privacy and improve efficiency. On the other hand, focus on the Sybil-based poisoning attack: malicious client controlled by a single adversary who directs those clients to launch a poisoning attack, we design a Poisoning Attack Detector to identify malicious clients based on the similarity between sign vectors. Experimental results show that FedSIGN resists privacy and poisoning attacks while maintaining better global model performance. Especially, FedSIGN is not affected by the number of malicious clients and is effective in both the IID and non-IID scenarios.