Goto

Collaborating Authors

 fedgt


Detect \& Score: Privacy-Preserving Misbehaviour Detection and Contribution Evaluation in Federated Learning

arXiv.org Artificial Intelligence

Federated learning with secure aggregation enables private and collaborative learning from decentralised data without leaking sensitive client information. However, secure aggregation also complicates the detection of malicious client behaviour and the evaluation of individual client contributions to the learning. To address these challenges, QI (Pejo et al.) and FedGT (Xhemrishi et al.) were proposed for contribution evaluation (CE) and misbehaviour detection (MD), respectively. QI, however, lacks adequate MD accuracy due to its reliance on the random selection of clients in each training round, while FedGT lacks the CE ability. In this work, we combine the strengths of QI and FedGT to achieve both robust MD and accurate CE. Our experiments demonstrate superior performance compared to using either method independently.


FedGT: Federated Node Classification with Scalable Graph Transformer

arXiv.org Artificial Intelligence

Graphs are widely used to model relational data. As graphs are getting larger and larger in real-world scenarios, there is a trend to store and compute subgraphs in multiple local systems. For example, recently proposed subgraph federated learning methods train Graph Neural Networks (GNNs) distributively on local subgraphs and aggregate GNN parameters with a central server. However, existing methods have the following limitations: (1) The links between local subgraphs are missing in subgraph federated learning. This could severely damage the performance of GNNs that follow message-passing paradigms to update node/edge features. To address the aforementioned challenges, we propose a scalable Federated Graph Transformer (FedGT) in the paper. Firstly, we design a hybrid attention scheme to reduce the complexity of the Graph Transformer to linear while ensuring a global receptive field with theoretical bounds. Specifically, each node attends to the sampled local neighbors and a set of curated global nodes to learn both local and global information and be robust to missing links. The global nodes are dynamically updated during training with an online clustering algorithm to capture the data distribution of the corresponding local subgraph. Secondly, FedGT computes clients' similarity based on the aligned global nodes with optimal transport. The similarity is then used to perform weighted averaging for personalized aggregation, which well addresses the data heterogeneity problem. Finally, extensive experimental results on 6 datasets and 2 subgraph settings demonstrate the superiority of FedGT. Many real-world relational data can be represented as graphs, such as social networks (Fan et al., 2019), molecule graphs (Satorras et al., 2021), and commercial trading networks (Xu et al., 2021). Due to the ever-growing size of graph (Hu et al., 2020a) and stricter privacy constraints such as GDPR (Voigt & Von dem Bussche, 2017), it becomes more practical to collect and store sensitive graph data in local systems instead in a central server. For example, banks may have their own relational databases to track commercial relationships between companies and customers. In such scenarios, it is desirable to collaboratively train a powerful and generalizable graph mining model for business, e.g., loan prediction with distributed subgraphs while not sharing private data.


FedGT: Identification of Malicious Clients in Federated Learning with Secure Aggregation

arXiv.org Artificial Intelligence

We propose FedGT, a novel framework for identifying malicious clients in federated learning with secure aggregation. Inspired by group testing, the framework leverages overlapping groups of clients to identify the presence of malicious clients in the groups via a decoding operation. The clients identified as malicious are then removed from the training of the model, which is performed over the remaining clients. By choosing the size, number, and overlap between groups, FedGT strikes a balance between privacy and security. Specifically, the server learns the aggregated model of the clients in each group - vanilla federated learning and secure aggregation correspond to the extreme cases of FedGT with group size equal to one and the total number of clients, respectively. The effectiveness of FedGT is demonstrated through extensive experiments on the MNIST, CIFAR-10, and ISIC2019 datasets in a cross-silo setting under different data-poisoning attacks. These experiments showcase FedGT's ability to identify malicious clients, resulting in high model utility. We further show that FedGT significantly outperforms the private robust aggregation approach based on the geometric median recently proposed by Pillutla et al. on heterogeneous client data (ISIC2019) and in the presence of targeted attacks (CIFAR-10 and ISIC2019).