Federated Learning (FL) thrives in training a global model with numerous clients by only sharing the parameters of their local models trained with their private training datasets. Therefore, without revealing the private dataset, the clients can obtain a deep learning (DL) model with high performance. However, recent research proposed poisoning attacks that cause a catastrophic loss in the accuracy of the global model when adversaries, posed as benign clients, are present in a group of clients. Therefore, recent studies suggested byzantine-robust FL methods that allow the server to train an accurate global model even with the adversaries present in the system. However, many existing methods require the knowledge of the number of malicious clients or the auxiliary (clean) dataset or the effectiveness reportedly decreased hugely when the private dataset was non-independently and identically distributed (non-IID). In this work, we propose FLGuard, a novel byzantine-robust FL method that detects malicious clients and discards malicious local updates by utilizing the contrastive learning technique, which showed a tremendous improvement as a self-supervised learning method. With contrastive models, we design FLGuard as an ensemble scheme to maximize the defensive capability. We evaluate FLGuard extensively under various poisoning attacks and compare the accuracy of the global model with existing byzantine-robust FL methods. FLGuard outperforms the state-of-the-art defense methods in most cases and shows drastic improvement, especially in non-IID settings. https://github.com/201younghanlee/FLGuard

翻译：联邦学习通过仅共享客户端使用私有训练数据集训练得到的本地模型参数，即可聚合大量客户端合作训练全局模型。因此在不暴露私有数据集的前提下，客户端能够获得高性能的深度学习模型。然而近期研究表明，当恶意攻击者伪装成良性客户端混入群体时，投毒攻击会导致全局模型精度出现灾难性下降。为此，近年研究提出了拜占庭鲁棒联邦学习方法，使服务器即使在系统中存在攻击者的情况下仍能训练出准确的全局模型。但现有多数方法需要预知恶意客户端数量或依赖辅助（干净）数据集，且在私有数据集非独立同分布时防御效果显著下降。本文提出FLGuard——一种新型拜占庭鲁棒联邦学习方法，该方法利用对比学习技术检测恶意客户端并丢弃恶意局部更新。作为自监督学习方法，对比学习展现出显著性能提升。基于对比模型，我们设计FLGuard采用集成方案以最大化防御能力。我们在多种投毒攻击场景下对FLGuard进行广泛评估，并将全局模型精度与现有拜占庭鲁棒联邦学习方法进行比较。实验表明，FLGuard在大多数场景下优于现有最优防御方法，尤其在非独立同分布设定下展现出显著性能提升。https://github.com/201younghanlee/FLGuard