In this paper, we propose a robust aggregation method for federated learning (FL) that can effectively tackle malicious Byzantine attacks. At each user, model parameter is firstly updated by multiple steps, which is adjustable over iterations, and then pushed to the aggregation center directly. This decreases the number of interactions between the aggregation center and users, allows each user to set training parameter in a flexible way, and reduces computation burden compared with existing works that need to combine multiple historical model parameters. At the aggregation center, geometric median is leveraged to combine the received model parameters from each user. Rigorous proof shows that zero optimality gap is achieved by our proposed method with linear convergence, as long as the fraction of Byzantine attackers is below half. Numerical results verify the effectiveness of our proposed method.

翻译：本文提出一种能够有效应对恶意拜占庭攻击的联邦学习鲁棒聚合方法。在每个用户端，模型参数首先通过多步迭代更新（步长可根据迭代次数动态调整），随后直接推送至聚合中心。相比现有需组合多个历史模型参数的方法，该策略既减少了聚合中心与用户间的交互次数，又允许用户灵活设定训练参数，同时降低了计算负担。在聚合中心，采用几何中位数对接收到的各用户模型参数进行融合。严格理论证明表明：当拜占庭攻击者比例低于半数时，本方法可实现线性收敛下的零最优性差距。数值实验结果验证了所提方法的有效性。