This paper focuses on the problem of adversarial attacks from Byzantine machines in a Federated Learning setting where non-Byzantine machines can be partitioned into disjoint clusters. In this setting, non-Byzantine machines in the same cluster have the same underlying data distribution, and different clusters of non-Byzantine machines have different learning tasks. Byzantine machines can adversarially attack any cluster and disturb the training process on clusters they attack. In the presence of Byzantine machines, the goal of our work is to identify cluster membership of non-Byzantine machines and optimize the models learned by each cluster. We adopt the Iterative Federated Clustering Algorithm (IFCA) framework of Ghosh et al. (2020) to alternatively estimate cluster membership and optimize models. In order to make this framework robust against adversarial attacks from Byzantine machines, we use coordinate-wise trimmed mean and coordinate-wise median aggregation methods used by Yin et al. (2018). Specifically, we propose a new Byzantine-Robust Iterative Federated Clustering Algorithm to improve on the results in Ghosh et al. (2019). We prove a convergence rate for this algorithm for strongly convex loss functions. We compare our convergence rate with the convergence rate of an existing algorithm, and we demonstrate the performance of our algorithm on simulated data.

翻译：本文聚焦于联邦学习场景中来自拜占庭机器的对抗攻击问题，在该场景中非拜占庭机器可划分为不相交的聚类。在此设定下，同一聚类中的非拜占庭机器具有相同的数据分布，而不同聚类的非拜占庭机器则承担不同的学习任务。拜占庭机器可对任意聚类发起对抗性攻击，并干扰其训练过程。在存在拜占庭机器的情况下，本文旨在识别非拜占庭机器的聚类归属，并优化每个聚类所学得的模型。我们采用Ghosh等人（2020）提出的迭代联邦聚类算法（IFCA）框架，交替估计聚类归属并优化模型。为使该框架抵御拜占庭机器的对抗攻击，我们使用Yin等人（2018）提出的坐标向修剪均值和坐标向中位数聚合方法。具体而言，我们提出一种新型拜占庭鲁棒迭代联邦聚类算法，以改进Ghosh等人（2019）的研究结果。我们证明了该算法在强凸损失函数下的收敛速率，并将其与现有算法的收敛速率进行比较，最后在模拟数据上展示了算法的性能表现。