Federated Learning (FL) is a machine learning paradigm to conduct collaborative learning among clients on a joint model. The primary goal is to share clients' local training parameters with an integrating server while preserving their privacy. This method permits to exploit the potential of massive mobile users' data for the benefit of machine learning models' performance while keeping sensitive data on local devices. On the downside, FL raises security and privacy concerns that have just started to be studied. To address some of the key threats in FL, researchers have proposed to use secure aggregation methods (e.g. homomorphic encryption, secure multiparty computation, etc.). These solutions improve some security and privacy metrics, but at the same time bring about other serious threats such as poisoning attacks, backdoor attacks, and free running attacks. This paper proposes a new defense method against poisoning attacks in FL called SaFL (Sybil-aware Federated Learning) that minimizes the effect of sybils with a novel time-variant aggregation scheme.

翻译：摘要：联邦学习是一种机器学习范式，使各客户端能够在联合模型上进行协作学习。其主要目标是在保护客户端隐私的同时，将客户端的本地训练参数共享给集成服务器。该方法允许利用海量移动用户数据的潜力来提升机器学习模型的性能，同时将敏感数据保留在本地设备上。然而，联邦学习也引发了安全与隐私问题，这些问题目前正开始被研究。为应对联邦学习中的一些关键威胁，研究者提出了使用安全聚合方法（如同态加密、安全多方计算等）。这些方案改善了某些安全与隐私指标，但同时也带来了其他严重威胁，例如投毒攻击、后门攻击和自由运行攻击。本文提出了一种名为SaFL（女巫感知联邦学习）的新型防御方法，用于对抗联邦学习中的投毒攻击，该方法通过一种新颖的时变聚合方案最小化女巫攻击的影响。