Federated learning (FL) systems are susceptible to attacks from malicious actors who might attempt to corrupt the training model through various poisoning attacks. FL also poses new challenges in addressing group bias, such as ensuring fair performance for different demographic groups. Traditional methods used to address such biases require centralized access to the data, which FL systems do not have. In this paper, we present a novel approach FedVal for both robustness and fairness that does not require any additional information from clients that could raise privacy concerns and consequently compromise the integrity of the FL system. To this end, we propose an innovative score function based on a server-side validation method that assesses client updates and determines the optimal aggregation balance between locally-trained models. Our research shows that this approach not only provides solid protection against poisoning attacks but can also be used to reduce group bias and subsequently promote fairness while maintaining the system's capability for differential privacy. Extensive experiments on the CIFAR-10, FEMNIST, and PUMS ACSIncome datasets in different configurations demonstrate the effectiveness of our method, resulting in state-of-the-art performances. We have proven robustness in situations where 80% of participating clients are malicious. Additionally, we have shown a significant increase in accuracy for underrepresented labels from 32% to 53%, and increase in recall rate for underrepresented features from 19% to 50%.

翻译：摘要：联邦学习系统易受恶意攻击者的威胁，其可能通过多种投毒攻击破坏训练模型。此外，联邦学习在应对群体偏差（如确保不同人口统计群体的公平性能）方面也面临新挑战。传统解决此类偏差的方法需集中访问数据，而联邦学习系统不具备该条件。本文提出了一种兼顾鲁棒性与公平性的新方法FedVal，该方法无需从客户端获取可能引发隐私担忧进而破坏联邦学习系统完整性的额外信息。为此，我们设计了一种基于服务端验证方法的创新评分函数，用于评估客户端更新并确定本地训练模型间的最优聚合平衡。研究表明，该方法不仅能有效防御投毒攻击，还可用于减少群体偏差、促进公平性，同时保持系统的差分隐私能力。在不同配置的CIFAR-10、FEMNIST和PUMS ACSIncome数据集上的大量实验证明了该方法的有效性，取得了最先进的性能。我们在80%参与客户端为恶意节点的情况下验证了其鲁棒性。此外，针对代表性不足的标签，准确率从32%提升至53%；针对代表性不足的特征，召回率从19%提升至50%。