A Multi-Shuffler Framework to Establish Mutual Confidence for Secure Federated Learning

Abstract

Albeit the popularity of federated learning (FL), recently emerging model-inversion and poisoning attacks arouse extensive concerns towards privacy or model integrity, which catalyzes the developments of secure federated learning (SFL) methods. Nonetheless, the collisions between its privacy and integrity, two equally crucial elements in collaborative learning scenarios, are relatively underexplored. Individuals' wish to “hide in the crowd” for privacy frequently clashes with aggregator' need to resist abnormal participants for integrity (i.e., the incompatibility between Byzantine robustness and differential privacy). The dilemma prompts researchers to reflect on how to build mutual confidence between individuals and aggregators. Against the backdrop, this paper proposes a multi-shuffler secure federated learning (MSFL) framework, based on which we further propound three modules (hierarchical shuffling mechanism, malice evaluation module, and composite defense strategy) to jointly guarantee strong privacy protection, efficient poisoning resistance, and agile adversary elimination. Extensive experiments on standard datasets exhibited the method's effectiveness in thwarting different FL poisoning attack paradigms with a minimal cost of privacy breaches.