We propose FedGT, a novel framework for identifying malicious clients in federated learning with secure aggregation. Inspired by group testing, the framework leverages overlapping groups of clients to detect the presence of malicious clients in the groups and to identify them via a decoding operation. The identified clients are then removed from the training of the model, which is performed over the remaining clients. FedGT strikes a balance between privacy and security, allowing for improved identification capabilities while still preserving data privacy. Specifically, the server learns the aggregated model of the clients in each group. The effectiveness of FedGT is demonstrated through extensive experiments on the MNIST and CIFAR-10 datasets, showing its ability to identify malicious clients with low misdetection and false alarm probabilities, resulting in high model utility.

翻译：我们提出FedGT，一种基于安全聚合的联邦学习中识别恶意客户端的新框架。受分组测试启发，该框架利用重叠的客户端分组检测组内恶意客户端的存在，并通过解码操作进行识别。被识别的恶意客户端将从模型训练中移除，而模型训练将在剩余客户端上继续进行。FedGT在隐私与安全之间取得平衡，在提升识别能力的同时保护数据隐私。具体而言，服务器仅学习每个分组内客户端的聚合模型。通过MNIST和CIFAR-10数据集上的广泛实验，FedGT的有效性得到验证，其能够以低漏检率和低虚警率识别恶意客户端，从而保持较高的模型效用。