Federated learning provides a privacy-aware learning framework by enabling participants to jointly train models without exposing their private data. However, federated learning has exhibited vulnerabilities to Byzantine attacks, where the adversary aims to destroy the convergence and performance of the global model. Meanwhile, we observe that most existing robust AGgregation Rules (AGRs) fail to stop the aggregated gradient deviating from the optimal gradient (the average of honest gradients) in the non-IID setting. We attribute the reason of the failure of these AGRs to two newly proposed concepts: identification failure and integrity failure. The identification failure mainly comes from the exacerbated curse of dimensionality in the non-IID setting. The integrity failure is a combined result of conservative filtering strategy and gradient heterogeneity. In order to address both failures, we propose GAIN, a gradient decomposition scheme that can help adapt existing robust algorithms to heterogeneous datasets. We also provide convergence analysis for integrating existing robust AGRs into GAIN. Experiments on various real-world datasets verify the efficacy of our proposed GAIN.

翻译：联邦学习通过使参与者能够在不披露私人数据的情况下联合培训模型,提供了一个隐私意识学习框架;然而,联邦学习暴露了拜占庭攻击的弱点,对手攻击拜占庭攻击的目的是破坏全球模型的趋同和性能;同时,我们注意到,大多数现有的强势聚合规则未能阻止非二维环境中偏离最佳梯度(诚实梯度平均值)的汇总梯度。我们将这些AGR失败的原因归因于两个新提出的概念:识别失败和完整性失败。识别失败主要来自非二维环境中对维度的诅咒加剧。完整性失败是保守过滤战略和梯度异性变性的综合结果。为了应对这两种失败,我们建议GAIN,即梯度分解法,有助于将现有的强势算法适应各种数据集。我们还为将现有强势AGR纳入GIN提供了趋同分析。关于各种现实世界数据集的实验证实了我们提议的GIN的功效。