TY - GEN
T1 - PR-PFL
T2 - 16th International Conference on Cyber-Enabled Distributed Computing and Knowledge Discover, CyberC 2024
AU - Yang, Ruiguang
AU - Shen, Xiaodong
AU - Xu, Chang
AU - Zhu, Liehuang
AU - Sharif, Kashif
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Personalized Federated Learning (PFL) tackles the challenges of FL on heterogeneous data and provides customized solutions to each client. However, like commonly employed FL settings, PFL is still vulnerable to attacks on privacy and model availability. Existing PFL frameworks focus on either privacy protection or attack defense instead of simultaneously implementing both functionalities. To address this challenge, we design and implement a novel Privacy-preserving and Robust Personalized Federated Learning framework, PR-PFL, which can simultaneously protect data privacy and defend against model availability attacks. Specifically, PR-PFL adopts Mean Regularized Multi-Task Learning (MR-MTL) as the base training paradigm. Clients perform per-sample DP to protect data privacy, and the central server executes a robust aggregation algorithm to filter out potential attackers. After collective training, clients tune their models locally to eliminate malicious injections further. To the best of our knowledge, this is the first PFL framework that protects both clients' privacy and model availability. The method combining robust aggregation and local tuning we have designed can effectively defend against 5 kinds of attacks. We conduct an extensive empirical evaluation demonstrating that our framework is practical and achieves reasonable robustness under an honest majority setting (attackers <50%).
AB - Personalized Federated Learning (PFL) tackles the challenges of FL on heterogeneous data and provides customized solutions to each client. However, like commonly employed FL settings, PFL is still vulnerable to attacks on privacy and model availability. Existing PFL frameworks focus on either privacy protection or attack defense instead of simultaneously implementing both functionalities. To address this challenge, we design and implement a novel Privacy-preserving and Robust Personalized Federated Learning framework, PR-PFL, which can simultaneously protect data privacy and defend against model availability attacks. Specifically, PR-PFL adopts Mean Regularized Multi-Task Learning (MR-MTL) as the base training paradigm. Clients perform per-sample DP to protect data privacy, and the central server executes a robust aggregation algorithm to filter out potential attackers. After collective training, clients tune their models locally to eliminate malicious injections further. To the best of our knowledge, this is the first PFL framework that protects both clients' privacy and model availability. The method combining robust aggregation and local tuning we have designed can effectively defend against 5 kinds of attacks. We conduct an extensive empirical evaluation demonstrating that our framework is practical and achieves reasonable robustness under an honest majority setting (attackers <50%).
KW - differential privacy
KW - personalized federated learning
KW - robust aggregation
UR - http://www.scopus.com/inward/record.url?scp=85215082260&partnerID=8YFLogxK
U2 - 10.1109/CyberC62439.2024.00037
DO - 10.1109/CyberC62439.2024.00037
M3 - Conference contribution
AN - SCOPUS:85215082260
T3 - Proceedings - 2024 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discover, CyberC 2024
SP - 163
EP - 170
BT - Proceedings - 2024 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discover, CyberC 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 24 October 2024 through 26 October 2024
ER -