Aiming at privacy preservation, Federated Learning (FL) is an emerging machine learning approach enabling model training on decentralized devices or data sources. The learning mechanism of FL relies on aggregating parameter updates from individual clients. However, this process may pose a potential security risk due to the presence of malicious devices. Existing solutions are either costly due to the use of compute-intensive technology, or restrictive for reasons of strong assumptions such as the prior knowledge of the number of attackers and how they attack. Few methods consider both privacy constraints and uncertain attack scenarios. In this paper, we propose a robust FL approach based on the credibility management scheme, called Fed-Credit. Unlike previous studies, our approach does not require prior knowledge of the nodes and the data distribution. It maintains and employs a credibility set, which weighs the historical clients' contributions based on the similarity between the local models and global model, to adjust the global model update. The subtlety of Fed-Credit is that the time decay and attitudinal value factor are incorporated into the dynamic adjustment of the reputation weights and it boasts a computational complexity of O(n) (n is the number of the clients). We conducted extensive experiments on the MNIST and CIFAR-10 datasets under 5 types of attacks. The results exhibit superior accuracy and resilience against adversarial attacks, all while maintaining comparatively low computational complexity. Among these, on the Non-IID CIFAR-10 dataset, our algorithm exhibited performance enhancements of 19.5% and 14.5%, respectively, in comparison to the state-of-the-art algorithm when dealing with two types of data poisoning attacks.

翻译：摘要：为了实现隐私保护，联邦学习（FL）作为一种新兴的机器学习方法，能够在分散的设备或数据源上进行模型训练。FL的学习机制依赖于聚合各个客户端的参数更新。然而，由于存在恶意设备，这一过程可能带来潜在的安全风险。现有解决方案要么因使用计算密集型技术而成本高昂，要么因强假设（如预先知晓攻击者数量及其攻击方式）而具有局限性。很少有方法同时考虑隐私约束和不确定的攻击场景。本文提出了一种基于信誉管理方案的鲁棒FL方法，称为Fed-Credit。与以往研究不同，我们的方法无需预先了解节点和数据分布信息。它维护并使用一个信誉集合，根据局部模型与全局模型之间的相似性衡量历史客户端的贡献，以调整全局模型更新。Fed-Credit的精妙之处在于，它将时间衰减因子和态度价值因子融入信誉权重的动态调整中，且计算复杂度仅为O(n)（n为客户端数量）。我们在MNIST和CIFAR-10数据集上针对5种攻击类型进行了大量实验。结果表明，该算法在保持较低计算复杂度的同时，在抵御对抗攻击方面展现出优越的准确性和鲁棒性。其中，在非独立同分布（Non-IID）的CIFAR-10数据集上，面对两种数据投毒攻击时，我们的算法相对于最先进算法分别实现了19.5%和14.5%的性能提升。