Federated Learning (FL) represents a promising approach to typical privacy concerns associated with centralized Machine Learning (ML) deployments. Despite its well-known advantages, FL is vulnerable to security attacks such as Byzantine behaviors and poisoning attacks, which can significantly degrade model performance and hinder convergence. The effectiveness of existing approaches to mitigate complex attacks, such as median, trimmed mean, or Krum aggregation functions, has been only partially demonstrated in the case of specific attacks. Our study introduces a novel robust aggregation mechanism utilizing the Fourier Transform (FT), which is able to effectively handling sophisticated attacks without prior knowledge of the number of attackers. Employing this data technique, weights generated by FL clients are projected into the frequency domain to ascertain their density function, selecting the one exhibiting the highest frequency. Consequently, malicious clients' weights are excluded. Our proposed approach was tested against various model poisoning attacks, demonstrating superior performance over state-of-the-art aggregation methods.

翻译：联邦学习（FL）为解决集中式机器学习（ML）部署中常见隐私问题提供了一种有前景的方法。尽管FL具有公认的优势，但它容易受到拜占庭行为和投毒攻击等安全威胁，这些攻击会显著降低模型性能并阻碍收敛。现有缓解复杂攻击的方法（如中位数、截尾均值或Krum聚合函数）仅在特定攻击情况下部分证明了其有效性。本研究提出了一种利用傅里叶变换（FT）的新型鲁棒聚合机制，该机制能在无需预先知晓攻击者数量的情况下有效处理复杂攻击。通过采用这一数据处理技术，FL客户端生成的权重被映射到频域以确定其密度函数，并选择频率最高的权重。由此，恶意客户端的权重得以排除。我们提出的方法针对多种模型投毒攻击进行了测试，结果表明其性能优于现有最先进的聚合方法。