Previous research has shown that federated learning (FL) systems are exposed to an array of security risks. Despite the proposal of several defensive strategies, they tend to be non-adaptive and specific to certain types of attacks, rendering them ineffective against unpredictable or adaptive threats. This work models adversarial federated learning as a Bayesian Stackelberg Markov game (BSMG) to capture the defender's incomplete information of various attack types. We propose meta-Stackelberg learning (meta-SL), a provably efficient meta-learning algorithm, to solve the equilibrium strategy in BSMG, leading to an adaptable FL defense. We demonstrate that meta-SL converges to the first-order $\varepsilon$-equilibrium point in $O(\varepsilon^{-2})$ gradient iterations, with $O(\varepsilon^{-4})$ samples needed per iteration, matching the state of the art. Empirical evidence indicates that our meta-Stackelberg framework performs exceptionally well against potent model poisoning and backdoor attacks of an uncertain nature.

翻译：先前研究表明，联邦学习系统面临多种安全风险。尽管已提出若干防御策略，但这些方法往往缺乏自适应性且仅针对特定攻击类型，难以应对不可预测或自适应威胁。本文将对抗性联邦学习建模为贝叶斯Stackelberg马尔可夫博弈，以捕捉防御方对不同攻击类型的不完全信息。我们提出元Stackelberg学习——一种可证明高效的元学习算法，用于求解博弈中的均衡策略，从而构建自适应的联邦学习防御机制。我们证明，元Stackelberg学习通过$O(\varepsilon^{-2})$次梯度迭代即可收敛至一阶$\varepsilon$-均衡点，每次迭代仅需$O(\varepsilon^{-4})$个样本，达到当前最优性能。实验证据表明，我们的元Stackelberg框架在应对不确定性的强效模型投毒攻击和后门攻击时表现优异。