Federated learning (FL) enables multiple clients to collaboratively train an accurate global model while protecting clients' data privacy. However, FL is susceptible to Byzantine attacks from malicious participants. Although the problem has gained significant attention, existing defenses have several flaws: the server irrationally chooses malicious clients for aggregation even after they have been detected in previous rounds; the defenses perform ineffectively against sybil attacks or in the heterogeneous data setting. To overcome these issues, we propose MAB-RFL, a new method for robust aggregation in FL. By modelling the client selection as an extended multi-armed bandit (MAB) problem, we propose an adaptive client selection strategy to choose honest clients that are more likely to contribute high-quality updates. We then propose two approaches to identify malicious updates from sybil and non-sybil attacks, based on which rewards for each client selection decision can be accurately evaluated to discourage malicious behaviors. MAB-RFL achieves a satisfying balance between exploration and exploitation on the potential benign clients. Extensive experimental results show that MAB-RFL outperforms existing defenses in three attack scenarios under different percentages of attackers.

翻译：联邦学习（FL）允许多个客户端协作训练精准的全局模型，同时保护客户端的数据隐私。然而，FL易受到恶意参与者的拜占庭攻击。尽管该问题已引起广泛关注，现有防御机制存在若干缺陷：服务器即使在前几轮检测到恶意客户端后仍可能非理性地选择其参与聚合；此外，现有防御对女巫攻击或异质性数据场景的防御效果不佳。为解决这些问题，我们提出MAB-RFL——一种面向联邦学习鲁棒聚合的新方法。通过将客户端选择建模为扩展型多臂老虎机（MAB）问题，我们提出自适应客户端选择策略，优先选择更可能贡献高质量更新的诚实客户端。随后，我们提出两种方法分别识别来自女巫攻击与非女巫攻击的恶意更新，并据此准确评估每次客户端选择决策的奖励，以抑制恶意行为。MAB-RFL在潜在良性客户端的探索与利用之间实现了满意平衡。大量实验结果表明，在三种攻击场景及不同攻击者比例下，MAB-RFL的性能均优于现有防御机制。