In this work, we propose FLANDERS, a novel federated learning (FL) aggregation scheme robust to Byzantine attacks. FLANDERS considers the local model updates sent by clients at each FL round as a matrix-valued time series. Then, it identifies malicious clients as outliers of this time series by comparing actual observations with those estimated by a matrix autoregressive forecasting model. Experiments conducted on several datasets under different FL settings demonstrate that FLANDERS matches the robustness of the most powerful baselines against Byzantine clients. Furthermore, FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies.

翻译：本文提出了FLANDERS，一种对拜占庭攻击具有鲁棒性的新型联邦学习聚合方案。FLANDERS将每一轮联邦学习中客户端发送的局部模型更新视为矩阵值时间序列。随后，通过将实际观测值与矩阵自回归预测模型的估计值进行比较，将该时间序列中的异常点识别为恶意客户端。在不同联邦学习设置下的多个数据集上进行的实验表明，FLANDERS在对抗拜占庭客户端方面达到了最强基线的鲁棒性。此外，与现有防御策略不同，FLANDERS即使在极其严重的攻击场景下仍能保持高效。