The growing concern over malicious attacks targeting the robustness of both Centralized and Decentralized Federated Learning (FL) necessitates novel defensive strategies. In contrast to the centralized approach, Decentralized FL (DFL) has the advantage of utilizing network topology and local dataset information, enabling the exploration of Moving Target Defense (MTD) based approaches. This work presents a theoretical analysis of the influence of network topology on the robustness of DFL models. Drawing inspiration from these findings, a three-stage MTD-based aggregation protocol, called Voyager, is proposed to improve the robustness of DFL models against poisoning attacks by manipulating network topology connectivity. Voyager has three main components: an anomaly detector, a network topology explorer, and a connection deployer. When an abnormal model is detected in the network, the topology explorer responds strategically by forming connections with more trustworthy participants to secure the model. Experimental evaluations show that Voyager effectively mitigates various poisoning attacks without imposing significant resource and computational burdens on participants. These findings highlight the proposed reactive MTD as a potent defense mechanism in the context of DFL.

翻译：针对集中式和去中心化联邦学习（FL）鲁棒性的恶意攻击日益引发关注，亟需新型防御策略。与集中式方法相比，去中心化联邦学习（DFL）具有利用网络拓扑和本地数据集信息的优势，从而能够探索基于移动目标防御（MTD）的方法。本文对网络拓扑对DFL模型鲁棒性的影响进行了理论分析。受这些发现启发，提出了一种名为Voyager的三阶段基于MTD的聚合协议，通过操控网络拓扑连接性来提升DFL模型抵御中毒攻击的鲁棒性。Voyager包含三个主要组件：异常检测器、网络拓扑探索器和连接部署器。当网络中检测到异常模型时，拓扑探索器会通过策略性地与更可信的参与者建立连接来保护模型。实验评估表明，Voyager能有效缓解多种中毒攻击，且不会给参与者带来显著的资源和计算负担。这些发现突显了所提出的反应式MTD在DFL场景中作为一种强大防御机制的价值。