Abstract

Federated learning enables clients to train a global model jointly without sharing their private local datasets. Despite its benefits, due to the untrustworthiness of clients and the server, traditional federated learning faces the risk of privacy leakage and poisoning attacks. Privacy-preserving methods change the original model parameters whereas robust aggregation algorithms required accurate parameters. To solve such a dilemma, we propose a new framework named FedSIGN. On the one hand, it utilizes the sign of local model update to update the global model to protect privacy and improve efficiency. On the other hand, focus on the Sybil-based poisoning attack: malicious client controlled by a single adversary who directs those clients to launch a poisoning attack, we design a Poisoning Attack Detector to identify malicious clients based on the similarity between sign vectors. Experimental results show that FedSIGN resists privacy and poisoning attacks while maintaining better global model performance. Especially, FedSIGN is not affected by the number of malicious clients and is effective in both the IID and non-IID scenarios.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.