In Federated Learning (FL), models are as fragile as centrally trained models against adversarial examples. However, the adversarial robustness of federated learning remains largely unexplored. This paper casts light on the challenge of adversarial robustness of federated learning. To facilitate a better understanding of the adversarial vulnerability of the existing FL methods, we conduct comprehensive robustness evaluations on various attacks and adversarial training methods. Moreover, we reveal the negative impacts induced by directly adopting adversarial training in FL, which seriously hurts the test accuracy, especially in non-IID settings. In this work, we propose a novel algorithm called Decision Boundary based Federated Adversarial Training (DBFAT), which consists of two components (local re-weighting and global regularization) to improve both accuracy and robustness of FL systems. Extensive experiments on multiple datasets demonstrate that DBFAT consistently outperforms other baselines under both IID and non-IID settings.

翻译：在联邦学习中，模型在面对对抗样本时与集中训练的模型同样脆弱。然而，联邦学习的对抗鲁棒性在很大程度上仍未被探索。本文揭示了联邦学习中对抗鲁棒性这一挑战。为了更深入地理解现有联邦学习方法在对抗攻击下的脆弱性，我们对多种攻击手段和对抗训练方法进行了全面的鲁棒性评估。此外，我们揭示了在联邦学习中直接采用对抗训练所带来的负面影响，即严重损害测试准确率，尤其在非独立同分布设置下。本文提出了一种新颖算法，称为基于决策边界的联邦对抗训练，该算法包含局部重加权与全局正则化两个组成部分，旨在提升联邦学习系统的准确性与鲁棒性。在多个数据集上进行的大量实验表明，无论是在独立同分布还是非独立同分布设置下，基于决策边界的联邦对抗训练均持续优于其他基线方法。