Learning to Detect Malicious Clients for Robust Federated Learning

Federated learning systems are vulnerable to attacks from malicious clients. As the central server in the system cannot govern the behaviors of the clients, a rogue client may initiate an attack by sending malicious model updates to the server, so as to degrade the learning performance or enforce targeted model poisoning attacks (a.k.a. Therefore, timely detecting these malicious model updates and the underlying attackers becomes critically important. In this work, we propose a new framework for robust federated learning where the central server learns to detect and remove the malicious model updates using a powerful detection model, leading to targeted defense . We evaluate our solution in both image classification and sentiment analysis tasks with a variety of machine learning models. Experimental results show that our solution ensures robust federated learning that is resilient to both the Byzantine attacks and the targeted model poisoning attacks. 1 Introduction Federated learning (FL) comes as a new distributed machine learning (ML) paradigm where multiple clients (e.g., mobile devices) collaboratively train an ML model without revealing their private data [ McMahan et al., 2017; Y ang et al., 2019b; Kairouz et al., 2019 ] . In a typical FL setting, a central server is used to maintain a global model and coordinate the clients. Each client transfers the local model updates to the central server for immediate aggregation, while keeping the raw data in their local storage.