Federated learning is a technique that allows multiple entities to collaboratively train models using their data without compromising data privacy. However, despite its advantages, federated learning can be susceptible to false data injection attacks. In these scenarios, a malicious entity with control over specific agents in the network can manipulate the learning process, leading to a suboptimal model. Consequently, addressing these data injection attacks presents a significant research challenge in federated learning systems. In this paper, we propose a novel technique to detect and mitigate data injection attacks on federated learning systems. Our mitigation method is a local scheme, performed during a single instance of training by the coordinating node, allowing the mitigation during the convergence of the algorithm. Whenever an agent is suspected to be an attacker, its data will be ignored for a certain period, this decision will often be re-evaluated. We prove that with probability 1, after a finite time, all attackers will be ignored while the probability of ignoring a trustful agent becomes 0, provided that there is a majority of truthful agents. Simulations show that when the coordinating node detects and isolates all the attackers, the model recovers and converges to the truthful model.

翻译：联邦学习是一种允许多个实体在不损害数据隐私的情况下，利用各自数据协作训练模型的技术。然而，尽管具有诸多优势，联邦学习仍易受虚假数据注入攻击的影响。在此类场景中，对网络中特定智能体具有控制权的恶意实体可操纵学习过程，导致生成次优模型。因此，应对这些数据注入攻击是联邦学习系统中的一项重要研究挑战。本文提出了一种新型技术，用于检测并缓解联邦学习系统中的数据注入攻击。我们的缓解方法是一种局部方案，由协调节点在单次训练实例中执行，从而在算法收敛期间实现缓解。当某智能体被怀疑为攻击者时，其数据将在一定时间内被忽略，且此决定将被定期重新评估。我们证明，在存在多数诚实智能体的条件下，经过有限时间后，所有攻击者被忽略的概率为1，而忽略可信智能体的概率变为0。仿真结果表明，当协调节点检测并隔离所有攻击者时，模型能够恢复并收敛至真实模型。