Traditional machine learning systems were designed in a centralized manner. In such designs, the central entity maintains both the machine learning model and the data used to adjust the model's parameters. As data centralization yields privacy issues, Federated Learning was introduced to reduce data sharing and have a central server coordinate the learning of multiple devices. While Federated Learning is more decentralized, it still relies on a central entity that may fail or be subject to attacks, provoking the failure of the whole system. Then, Decentralized Federated Learning removes the need for a central server entirely, letting participating processes handle the coordination of the model construction. This distributed control urges studying the possibility of malicious attacks by the participants themselves. While poisoning attacks on Federated Learning have been extensively studied, their effects in Decentralized Federated Learning did not get the same level of attention. Our work is the first to propose a methodology to assess poisoning attacks in Decentralized Federated Learning in both churn free and churn prone scenarios. Furthermore, in order to evaluate our methodology on a case study representative for gossip learning we extended the gossipy simulator with an attack injector module.

翻译：传统机器学习系统以集中式方式设计。在此类设计中，中央实体同时维护机器学习模型和用于调整模型参数的数据。由于数据集中化会引发隐私问题，联邦学习被引入以减少数据共享，并由中央服务器协调多个设备的学习过程。尽管联邦学习更加去中心化，但它仍依赖于可能故障或遭受攻击的中央实体，从而引发整个系统的失效。随后，去中心化联邦学习完全消除了对中央服务器的需求，让参与进程自行处理模型构建的协调。这种分布式控制促使我们研究参与者自身发起恶意攻击的可能性。虽然联邦学习中的投毒攻击已被广泛研究，但其在去中心化联邦学习中的影响并未受到同等关注。我们的工作首次提出了一种评估去中心化联邦学习中投毒攻击的方法论，涵盖了无节点流失和有节点流失两种场景。此外，为了在代表闲聊学习的案例研究中评估我们的方法论，我们扩展了gossipy模拟器，添加了一个攻击注入模块。