Federated learning (FL) is revolutionizing how we learn from data. With its growing popularity, it is now being used in many safety-critical domains such as autonomous vehicles and healthcare. Since thousands of participants can contribute in this collaborative setting, it is, however, challenging to ensure security and reliability of such systems. This highlights the need to design FL systems that are secure and robust against malicious participants' actions while also ensuring high utility, privacy of local data, and efficiency. In this paper, we propose a novel FL framework dubbed as FLShield that utilizes benign data from FL participants to validate the local models before taking them into account for generating the global model. This is in stark contrast with existing defenses relying on server's access to clean datasets -- an assumption often impractical in real-life scenarios and conflicting with the fundamentals of FL. We conduct extensive experiments to evaluate our FLShield framework in different settings and demonstrate its effectiveness in thwarting various types of poisoning and backdoor attacks including a defense-aware one. FLShield also preserves privacy of local data against gradient inversion attacks.

翻译：联邦学习正革新着我们从数据中学习的方式。随着其日益普及，它正被广泛应用于自动驾驶、医疗等安全关键领域。然而，由于成千上万的参与者可在此协作环境中贡献数据，确保此类系统的安全性与可靠性变得极具挑战。这凸显出设计联邦学习系统的必要性——既要安全鲁棒以抵御恶意参与者行为，又要保障高效用、本地数据隐私及效率。本文提出一种名为FLShield的新型联邦学习框架，该框架利用联邦学习参与者的良性数据对本地模型进行验证，随后再将其纳入全局模型生成过程。这与现有依赖服务器访问干净数据集的防御机制形成鲜明对比——这种假设在现实场景中往往不切实际，且与联邦学习的基本原则相悖。我们通过广泛实验在不同设置下评估FLShield框架，证明其在抵御包括一种具备防御意识的攻击在内的多种投毒攻击与后门攻击时的有效性。同时，FLShield还能保护本地数据隐私免受梯度反演攻击。