Federated learning has recently emerged as a decentralized approach to learn a high-performance model without access to user data. Despite its effectiveness, federated learning gives malicious users opportunities to manipulate the model by uploading poisoned model updates to the server. In this paper, we propose a review mechanism called FedReview to identify and decline the potential poisoned updates in federated learning. Under our mechanism, the server randomly assigns a subset of clients as reviewers to evaluate the model updates on their training datasets in each round. The reviewers rank the model updates based on the evaluation results and count the number of the updates with relatively low quality as the estimated number of poisoned updates. Based on review reports, the server employs a majority voting mechanism to integrate the rankings and remove the potential poisoned updates in the model aggregation process. Extensive evaluation on multiple datasets demonstrate that FedReview can assist the server to learn a well-performed global model in an adversarial environment.

翻译：联邦学习近来作为一种无需访问用户数据即可学习高性能模型的去中心化方法而兴起。尽管其效果显著，但联邦学习为恶意用户提供了通过向服务器上传中毒模型更新来操纵模型的机会。本文提出了一种名为FedReview的审查机制，用于识别并拒绝联邦学习中潜在的中毒更新。在该机制下，服务器在每一轮中随机分配一部分客户端作为审查者，以评估在其训练数据集上的模型更新。审查者基于评估结果对模型更新进行排序，并将质量相对较低的更新数量计为中毒更新的估计数量。基于审查报告，服务器采用多数投票机制来整合排序结果，并在模型聚合过程中移除潜在的中毒更新。在多个数据集上的广泛评估表明，FedReview能够帮助服务器在对抗环境中学习到性能良好的全局模型。