DefendFL: A Privacy-Preserving Federated Learning Scheme Against Poisoning Attacks.

Abstract

Federated learning (FL) has become a popular mode of learning, allowing model training without the need to share data. Unfortunately, it remains vulnerable to privacy leakage and poisoning attacks, which compromise user data security and degrade model quality. Therefore, numerous privacy-preserving frameworks have been proposed, among which mask-based framework has certain advantages in terms of efficiency and functionality. However, it is more susceptible to poisoning attacks from malicious users, and current works lack practical means to detect such attacks within this framework. To overcome this challenge, we present DefendFL, an efficient, privacy-preserving, and poisoning-detectable mask-based FL scheme. We first leverage collinearity mask to protect users' gradient privacy. Then, cosine similarity is utilized to detect masked gradients to identify poisonous gradients. Meanwhile, a verification mechanism is designed to detect the mask, ensuring the mask's validity in aggregation and preventing poisoning attacks by intentionally changing the mask. Finally, we resist poisoning attacks by removing malicious gradients or lowering their weights in aggregation. Through security analysis and experimental evaluation, DefendFL can effectively detect and mitigate poisoning attacks while outperforming existing privacy-preserving detection works in efficiency.