In this work, we introduce SureFED, a novel framework for byzantine robust federated learning. Unlike many existing defense methods that rely on statistically robust quantities, making them vulnerable to stealthy and colluding attacks, SureFED establishes trust using the local information of benign clients. SureFED utilizes an uncertainty aware model evaluation and introspection to safeguard against poisoning attacks. In particular, each client independently trains a clean local model exclusively using its local dataset, acting as the reference point for evaluating model updates. SureFED leverages Bayesian models that provide model uncertainties and play a crucial role in the model evaluation process. Our framework exhibits robustness even when the majority of clients are compromised, remains agnostic to the number of malicious clients, and is well-suited for non-IID settings. We theoretically prove the robustness of our algorithm against data and model poisoning attacks in a decentralized linear regression setting. Proof-of Concept evaluations on benchmark image classification data demonstrate the superiority of SureFED over the state of the art defense methods under various colluding and non-colluding data and model poisoning attacks.

翻译：本文提出SureFED，一种用于拜占庭鲁棒联邦学习的新框架。与许多依赖统计鲁棒量因而易受隐蔽共谋攻击的现有防御方法不同，SureFED通过利用良性客户端的本地信息建立信任。SureFED采用不确定性感知的模型评估与自省机制来防范投毒攻击。具体而言，每个客户端独立使用其本地数据集训练干净的本地模型，作为评估模型更新的参考基准。SureFED利用提供模型不确定性的贝叶斯模型，该模型在评估过程中发挥关键作用。即使多数客户端被攻破，本框架仍能保持鲁棒性，不依赖恶意客户端数量，并高度适应非独立同分布场景。我们从理论上证明，在去中心化线性回归设置中，本算法能够抵御数据和模型投毒攻击。基于基准图像分类数据的概念验证评估表明，在各种共谋与非共谋的数据与模型投毒攻击下，SureFED的性能优于现有最先进的防御方法。