Federated learning is a technique that allows multiple entities to collaboratively train models using their data without compromising data privacy. However, despite its advantages, federated learning can be susceptible to false data injection attacks. In these scenarios, a malicious entity with control over specific agents in the network can manipulate the learning process, leading to a suboptimal model. Consequently, addressing these data injection attacks presents a significant research challenge in federated learning systems. In this paper, we propose a novel technique to detect and mitigate data injection attacks on federated learning systems. Our mitigation method is a local scheme, performed during a single instance of training by the coordinating node, allowing the mitigation during the convergence of the algorithm. Whenever an agent is suspected to be an attacker, its data will be ignored for a certain period, this decision will often be re-evaluated. We prove that with probability 1, after a finite time, all attackers will be ignored while the probability of ignoring a trustful agent becomes 0, provided that there is a majority of truthful agents. Simulations show that when the coordinating node detects and isolates all the attackers, the model recovers and converges to the truthful model.

翻译：联邦学习是一种允许多个实体在不损害数据隐私的前提下，利用各自数据协同训练模型的技术。然而，尽管具有诸多优势，联邦学习仍易遭受虚假数据注入攻击。在此类场景中，恶意实体通过控制网络中特定代理节点，可操纵学习过程，导致模型性能次优。因此，应对这些数据注入攻击成为联邦学习系统面临的重要研究挑战。本文提出了一种新型技术，用于检测并缓解联邦学习系统中的数据注入攻击。我们的缓解方法是一种本地化方案，在协调节点的单次训练实例中执行，从而在算法收敛过程中实现缓解。当某代理节点被怀疑为攻击者时，其数据将在特定时间段内被忽略，且此决策会被频繁重新评估。我们证明，若诚实的代理节点占多数，则以概率1存在一个有限时间，此后所有攻击者均被忽略，而忽略诚信代理的概率趋近于0。仿真结果表明，当协调节点检测并隔离所有攻击者后，模型得以恢复并收敛至真实模型。