Decentralized federated learning (DFL) enables clients (e.g., hospitals and banks) to jointly train machine learning models without a central orchestration server. In each global training round, each client trains a local model on its own training data and then they exchange local models for aggregation. In this work, we propose SelfishAttack, a new family of attacks to DFL. In SelfishAttack, a set of selfish clients aim to achieve competitive advantages over the remaining non-selfish ones, i.e., the final learnt local models of the selfish clients are more accurate than those of the non-selfish ones. Towards this goal, the selfish clients send carefully crafted local models to each remaining non-selfish one in each global training round. We formulate finding such local models as an optimization problem and propose methods to solve it when DFL uses different aggregation rules. Theoretically, we show that our methods find the optimal solutions to the optimization problem. Empirically, we show that SelfishAttack successfully increases the accuracy gap (i.e., competitive advantage) between the final learnt local models of selfish clients and those of non-selfish ones. Moreover, SelfishAttack achieves larger accuracy gaps than poisoning attacks when extended to increase competitive advantages.

翻译：去中心化联邦学习（DFL）使客户端（如医院和银行）能够无需中央编排服务器即可联合训练机器学习模型。在每个全局训练轮次中，每个客户端在其自身训练数据上训练本地模型，然后交换本地模型进行聚合。本文提出了SelfishAttack，一种针对DFL的新型攻击家族。在SelfishAttack中，一组自私客户端旨在相比剩余的非自私客户端获得竞争优势，即自私客户端最终学习到的本地模型比非自私客户端的更准确。为实现这一目标，自私客户端在每个全局训练轮次中向每个剩余的非自私客户端发送精心设计的本地模型。我们将寻找此类本地模型问题建模为优化问题，并提出了DFL使用不同聚合规则时的求解方法。理论上，我们证明了我们的方法能够找到该优化问题的最优解。实验上，我们展示了SelfishAttack成功扩大了自私客户端与非自私客户端最终学习到的本地模型之间的准确率差距（即竞争优势）。此外，当扩展用于增加竞争优势时，SelfishAttack比投毒攻击实现了更大的准确率差距。