In this work, we propose FLANDERS, a novel federated learning (FL) aggregation scheme robust to Byzantine attacks. FLANDERS considers the local model updates sent by clients at each FL round as a matrix-valued time series. Then, it identifies malicious clients as outliers of this time series by comparing actual observations with those estimated by a matrix autoregressive forecasting model. Experiments conducted on several datasets under different FL settings demonstrate that FLANDERS matches the robustness of the most powerful baselines against Byzantine clients. Furthermore, FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies.

翻译：在本文中，我们提出了FLANDERS，一种新型的联邦学习（FL）聚合方案，可以在面对拜占庭攻击时保持鲁棒性。FLANDERS将每个FL轮次客户端发送的局部模型更新视为矩阵值时间序列。然后，将实际观测值与矩阵自回归预测模型估计值进行比较从而将恶意客户端识别为时间序列的离群值。在不同FL设置下进行的几个数据集的实验表明，FLANDERS与最强的基线方法相比，可以匹配面对拜占庭攻击的鲁棒性。此外，与现有的防御策略不同，FLANDERS即使在极端严格的攻击场景下仍然非常有效。