Federated Learning (FL) has emerged as a powerful paradigm for training machine learning models in a decentralized manner, preserving data privacy by keeping local data on clients. However, evaluating the robustness of these models against data perturbations on clients remains a significant challenge. Previous studies have assessed the effectiveness of models in centralized training based on certified accuracy, which guarantees that a certain percentage of the model's predictions will remain correct even if the input data is perturbed. However, the challenge of extending these evaluations to FL remains unresolved due to the unknown client's local data. To tackle this challenge, this study proposed a method named FedCert to take the first step toward evaluating the robustness of FL systems. The proposed method is designed to approximate the certified accuracy of a global model based on the certified accuracy and class distribution of each client. Additionally, considering the Non-Independent and Identically Distributed (Non-IID) nature of data in real-world scenarios, we introduce the client grouping algorithm to ensure reliable certified accuracy during the aggregation step of the approximation algorithm. Through theoretical analysis, we demonstrate the effectiveness of FedCert in assessing the robustness and reliability of FL systems. Moreover, experimental results on the CIFAR-10 and CIFAR-100 datasets under various scenarios show that FedCert consistently reduces the estimation error compared to baseline methods. This study offers a solution for evaluating the robustness of FL systems and lays the groundwork for future research to enhance the dependability of decentralized learning. The source code is available at https://github.com/thanhhff/FedCert/.

翻译：联邦学习（Federated Learning, FL）已成为一种强大的范式，用于以去中心化的方式训练机器学习模型，通过将本地数据保留在客户端来保护数据隐私。然而，评估这些模型在客户端数据扰动下的鲁棒性仍然是一个重大挑战。先前的研究基于认证准确度评估了集中式训练模型的有效性，该指标保证即使输入数据受到扰动，模型预测中仍有一定比例保持正确。然而，由于客户端本地数据未知，将这些评估扩展到联邦学习的挑战仍未解决。为应对这一挑战，本研究提出了一种名为FedCert的方法，迈出了评估联邦学习系统鲁棒性的第一步。所提方法旨在基于每个客户端的认证准确度和类别分布来近似全局模型的认证准确度。此外，考虑到现实场景中数据的非独立同分布（Non-IID）特性，我们引入了客户端分组算法，以确保在近似算法的聚合步骤中获得可靠的认证准确度。通过理论分析，我们证明了FedCert在评估联邦学习系统鲁棒性与可靠性方面的有效性。此外，在CIFAR-10和CIFAR-100数据集上多种场景下的实验结果表明，与基线方法相比，FedCert持续降低了估计误差。本研究为评估联邦学习系统的鲁棒性提供了一种解决方案，并为未来增强去中心化学习的可靠性研究奠定了基础。源代码可在 https://github.com/thanhhff/FedCert/ 获取。