FedSIGN: A sign-based federated learning framework with privacy and robustness guarantees

Zhenyuan Guo, Lei Xu*, Liehuang Zhu

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)

Abstract

Federated learning enables clients to train a global model jointly without sharing their private local datasets. Despite its benefits, due to the untrustworthiness of clients and the server, traditional federated learning faces the risk of privacy leakage and poisoning attacks. Privacy-preserving methods change the original model parameters whereas robust aggregation algorithms required accurate parameters. To solve such a dilemma, we propose a new framework named FedSIGN. On the one hand, it utilizes the sign of local model update to update the global model to protect privacy and improve efficiency. On the other hand, focus on the Sybil-based poisoning attack: malicious client controlled by a single adversary who directs those clients to launch a poisoning attack, we design a Poisoning Attack Detector to identify malicious clients based on the similarity between sign vectors. Experimental results show that FedSIGN resists privacy and poisoning attacks while maintaining better global model performance. Especially, FedSIGN is not affected by the number of malicious clients and is effective in both the IID and non-IID scenarios.

Original languageEnglish
Article number103474
JournalComputers and Security
Volume135
DOIs
Publication statusPublished - Dec 2023

Keywords

  • Byzantine robustness
  • Federated learning
  • Poisoning attack
  • Privacy attack
  • Privacy protection
  • Sign-based SGD

Fingerprint

Dive into the research topics of 'FedSIGN: A sign-based federated learning framework with privacy and robustness guarantees'. Together they form a unique fingerprint.

Cite this