Rethinking the defense against free-rider attack from the perspective of model weight evolving frequency

Abstract

Federated learning (FL) is a distributed machine learning approach where multiple clients collaboratively train a joint model without exchanging their own data. Despite FL's unprecedented success in data privacy-preserving, its vulnerability towards free-rider attacks. Numerous defense methods have been proposed, however, they fail to resist highly camouflaged free-riders. To address these challenges, we reconsider the defense from a novel perspective, i.e., model weight evolving frequency. Empirically, we gain a novel insight that during the FL's training, the model weight evolving frequency of free-riders and that of benign clients are significantly different. Inspired by this insight, we propose a novel defense method based on the model Weight Evolving Frequency, referred to as WEF-Defense. Specifically, we first collect the weight evolving frequency (defined as WEF-Matrix) during local training. Each client uploads the WEF-Matrix of the local model as well as the model weights to the server. The server then separates free-riders from benign clients based on the difference in the WEF-Matrix. At last, the server provides different global models for the corresponding clients using a personalization algorithm, which prevents free-riders from gaining high-quality models. Comprehensive experiments conducted on five datasets and five models demonstrate that WEF-Defense achieves better defense effectiveness (∼×1.4) than the state-of-the-art baselines and identifies free-riders at an earlier stage of training. Besides, we verify the effectiveness of WEF-Defense against an adaptive attack and visualize the WEF-Matrix during the training to interpret its effectiveness. The data and code of WEF-Defense are available at: https://github.com/research-limingjun/WEF-Defense.git.