Decentralized machine learning (DL) has been receiving an increasing interest recently due to the elimination of a single point of failure, present in Federated learning setting. Yet, it is threatened by the looming threat of Byzantine clients who intentionally disrupt the learning process by broadcasting arbitrary model updates to other clients, seeking to degrade the performance of the global model. In response, robust aggregation schemes have emerged as promising solutions to defend against such Byzantine clients, thereby enhancing the robustness of Decentralized Learning. Defenses against Byzantine adversaries, however, typically require access to the updates of other clients, a counterproductive privacy trade-off that in turn increases the risk of inference attacks on those same model updates. In this paper, we introduce SecureDL, a novel DL protocol designed to enhance the security and privacy of DL against Byzantine threats. SecureDL~facilitates a collaborative defense, while protecting the privacy of clients' model updates through secure multiparty computation. The protocol employs efficient computation of cosine similarity and normalization of updates to robustly detect and exclude model updates detrimental to model convergence. By using MNIST, Fashion-MNIST, SVHN and CIFAR-10 datasets, we evaluated SecureDL against various Byzantine attacks and compared its effectiveness with four existing defense mechanisms. Our experiments show that SecureDL is effective even in the case of attacks by the malicious majority (e.g., 80% Byzantine clients) while preserving high training accuracy.

翻译：去中心化机器学习（DL）因消除了联邦学习设置中存在的单点故障而近期受到越来越多的关注。然而，它正面临拜占庭客户端的潜在威胁——这些客户端故意通过向其他客户端广播任意模型更新来干扰学习过程，试图降低全局模型的性能。为此，鲁棒聚合方案应运而生，成为抵御此类拜占庭客户端的有力手段，从而增强去中心化学习的鲁棒性。然而，针对拜占庭对手的防御通常需要访问其他客户端的更新，这种违背隐私保护的权衡反而增加了对这些模型更新进行推理攻击的风险。在本文中，我们提出SecureDL——一种新型去中心化学习协议，旨在增强去中心化学习在应对拜占庭威胁时的安全性与隐私保护能力。SecureDL通过安全多方计算在保护客户端模型更新隐私的同时实现协作防御。该协议通过高效计算余弦相似度与更新归一化，能够鲁棒地检测并排除对模型收敛有害的更新。我们使用MNIST、Fashion-MNIST、SVHN和CIFAR-10数据集，针对多种拜占庭攻击评估了SecureDL，并将其与四种现有防御机制进行了比较。实验表明，即使在恶意多数攻击（例如80%的拜占庭客户端）场景下，SecureDL仍能保持高训练准确率。