GANFAT: Robust federated adversarial learning with label distribution skew

Abstract

As privacy concerns and regulatory constraints on data protection continue to grow, the distribution of collected data has become more dispersed, resembling a ”data silo” style. To harness these data effectively without exchanging raw data, federated learning has emerged as a prominent solution. However, distributions of user-generated data often exhibit imbalances between devices and labels, which adversely affect model performance, especially in the presence of adversarial attacks, making models more susceptible. To address the challenge of balancing natural accuracy and robustness in federated training, especially under skewed label distribution scenarios, we propose a novel approach based on Generative Adversarial Networks for Federated Adversarial Training (GANFAT). GANFAT leverages GAN to enhance the authenticity and effectiveness of adversarial samples and addresses label distribution skew issues by incorporating class probability distribution information. Through a balanced interplay of natural accuracy loss and adversarial loss, GANFAT demonstrates significantly superior performance across multiple datasets under various settings compared to other frameworks. Particularly on the SVHN dataset, GANFAT achieves a remarkable 9.30% enhancement in robustness against FGSM attacks compared to the best baseline method (FedRBN). On the CIFAR-100 dataset, GANFAT showcases a noteworthy 6.68% improvement in natural accuracy compared to the best baseline method (CalFAT). GANFAT provides a powerful solution for confronting diverse attacks, yielding models comparable to those produced by centralized training. Experimental results underscore GANFAT’s outstanding performance, offering a robust solution for scenarios characterized by uneven data distribution and adversarial attacks.