The increasing popularity of the federated learning (FL) framework due to its success in a wide range of collaborative learning tasks also induces certain security concerns. Among many vulnerabilities, the risk of Byzantine attacks is of particular concern, which refers to the possibility of malicious clients participating in the learning process. Hence, a crucial objective in FL is to neutralize the potential impact of Byzantine attacks, and to ensure that the final model is trustable. It has been observed that the higher the variance among the clients' models/updates, the more space there is for Byzantine attacks to be hidden. As a consequence, by utilizing momentum, and thus, reducing the variance, it is possible to weaken the strength of known Byzantine attacks. The centered clipping (CC) framework has further shown that, the momentum term from the previous iteration, besides reducing the variance, can be used as a reference point to neutralize Byzantine attacks better. In this work, we first expose vulnerabilities of CC framework, and introduce a novel attack strategy that can circumvent its defences and other robust aggregators by reducing test accuracy up to %33 on best-case scenarios in image classification tasks. Then, we propose a new robust and fast defence mechanism to prevent the proposed attack and other existing Byzantine attacks.

翻译：联邦学习（FL）框架因其在各种协作学习任务中的成功而日益流行，但也引发了一定的安全隐患。在众多漏洞中，拜占庭攻击的风险尤其令人担忧，它指的是恶意客户端可能参与学习过程。因此，FL的一个关键目标是消除拜占庭攻击的潜在影响，并确保最终模型的可信度。已观察到，客户端模型/更新之间的方差越高，拜占庭攻击就越有隐藏空间。因此，通过利用动量来降低方差，可以削弱已知拜占庭攻击的强度。中心裁剪（CC）框架进一步表明，除了降低方差外，上一迭代的动量项还可以作为参考点来更好地抵御拜占庭攻击。在这项工作中，我们首先揭示了CC框架的脆弱性，并引入了一种新型攻击策略，该策略能够绕过其防御和其他鲁棒聚合器，在图像分类任务的最佳情况下将测试准确率降低高达33%。随后，我们提出了一种新的鲁棒且快速的防御机制，以阻止所提出的攻击及其他现有的拜占庭攻击。