The increasing popularity of the federated learning (FL) framework due to its success in a wide range of collaborative learning tasks also induces certain security concerns. Among many vulnerabilities, the risk of Byzantine attacks is of particular concern, which refers to the possibility of malicious clients participating in the learning process. Hence, a crucial objective in FL is to neutralize the potential impact of Byzantine attacks and to ensure that the final model is trustable. It has been observed that the higher the variance among the clients' models/updates, the more space there is for Byzantine attacks to be hidden. As a consequence, by utilizing momentum, and thus, reducing the variance, it is possible to weaken the strength of known Byzantine attacks. The centered clipping (CC) framework has further shown that the momentum term from the previous iteration, besides reducing the variance, can be used as a reference point to neutralize Byzantine attacks better. In this work, we first expose vulnerabilities of the CC framework, and introduce a novel attack strategy that can circumvent the defences of CC and other robust aggregators and reduce their test accuracy up to %33 on best-case scenarios in image classification tasks. Then, we propose a new robust and fast defence mechanism that is effective against the proposed and other existing Byzantine attacks.

翻译：联邦学习（FL）框架因其在广泛协作学习任务中的成功而日益流行，这也引发了某些安全问题。在众多漏洞中，拜占庭攻击的风险尤其值得关注，其指恶意客户端参与学习过程的可能性。因此，FL的一个关键目标是消除拜占庭攻击的潜在影响，确保最终模型的可靠性。已有研究表明，客户端模型/更新之间的方差越高，拜占庭攻击隐藏的空间就越大。因此，利用动量机制降低方差，可以削弱已知拜占庭攻击的强度。中心裁剪（CC）框架进一步表明，前一轮迭代的动量项除了降低方差外，还可作为参考点以更好地抵御拜占庭攻击。本文首先揭示了CC框架的漏洞，并提出了一种新型攻击策略，该策略能够绕过CC及其他鲁棒聚合器的防御，在图像分类任务的最佳情景下将其测试准确率降低高达33%。随后，我们提出了一种新的鲁棒且快速的防御机制，该机制能有效应对所提出的攻击及其他现有的拜占庭攻击。