Federated learning (FL) is a distributed collaborative learning method, where multiple clients learn together by sharing gradient updates instead of raw data. However, it is well-known that FL is vulnerable to manipulated updates from clients. In this work we study the impact of data heterogeneity on clients' incentives to manipulate their updates. First, we present heterogeneous collaborative learning scenarios where a client can modify their updates to be better off, and show that these manipulations can lead to diminishing model performance. To prevent such modifications, we formulate a game in which clients may misreport their gradient updates in order to "steer" the server model to their advantage. We develop a payment rule that provably disincentivizes sending modified updates under the FedSGD protocol. We derive explicit bounds on the clients' payments and the convergence rate of the global model, which allows us to study the trade-off between heterogeneity, payments and convergence. Finally, we provide an experimental evaluation of the effectiveness of our payment rule in the FedSGD, median-based aggregation FedSGD and FedAvg protocols on three tasks in computer vision and natural language processing. In all cases we find that our scheme successfully disincentivizes modifications.

翻译：联邦学习（FL）是一种分布式协作学习方法，多个客户端通过共享梯度更新而非原始数据共同学习。然而，众所周知，FL 容易受到客户端操纵更新的攻击。本文研究了数据异构性对客户端操纵更新动机的影响。首先，我们提出了异构协作学习场景，其中客户端可通过修改更新以获取优势，并证明此类操纵会导致模型性能下降。为防止此类修改，我们构建了一个博弈模型，其中客户端可能误报其梯度更新以"引导"服务器模型向有利于自身的方向发展。我们设计了一种支付规则，可证明在 FedSGD 协议下抑制发送修改后的更新。我们推导了客户端支付金额与全局模型收敛速度的显式边界，从而能够研究异构性、支付成本与收敛性之间的权衡关系。最后，我们在计算机视觉和自然语言处理的三项任务上，对 FedSGD、基于中位数聚合的 FedSGD 以及 FedAvg 协议中支付规则的有效性进行了实验评估。在所有案例中，我们的方案均成功抑制了更新修改行为。