We investigate the Byzantine attack problem within the context of model training in distributed learning systems. While ensuring the convergence of current model training processes, common solvers (e.g. SGD, Adam, RMSProp, etc.) can be easily compromised by malicious nodes in these systems. Consequently, the training process may either converge slowly or even diverge. To develop effective secure distributed learning solvers, it is crucial to first examine attack methods to assess the robustness of these solvers. In this work, we contribute to the design of attack strategies by initially highlighting the limitations of finite-norm attacks. We then introduce the seesaw attack, which has been demonstrated to be more effective than the finite-norm attack. Through numerical experiments, we evaluate the efficacy of the seesaw attack across various gradient aggregation rules.
翻译:本文研究了分布式学习系统中模型训练过程中的拜占庭攻击问题。尽管当前模型训练过程能够保证收敛,但常见的求解器(如SGD、Adam、RMSProp等)极易受到系统中恶意节点的攻击。因此,训练过程可能收敛缓慢甚至发散。为开发有效的安全分布式学习求解器,首先需要研究攻击方法以评估这些求解器的鲁棒性。本工作通过首先指出有限范数攻击的局限性,为攻击策略设计做出贡献。随后我们提出跷跷板攻击,该攻击方法被证明比有限范数攻击更为有效。通过数值实验,我们评估了跷跷板攻击在不同梯度聚合规则下的有效性。