FedCut : A Spectral Analysis Framework for Reliable Detection of Byzantine Colluders

This paper proposes a general spectral analysis framework that thwarts a security risk in federated Learning caused by groups of malicious Byzantine attackers or colluders, who conspire to upload vicious model updates to severely debase global model performances. The proposed framework delineates th...

Ausführliche Beschreibung

Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on pattern analysis and machine intelligence. - 1979. - 46(2024), 9 vom: 10. Aug., Seite 5905-5920
1. Verfasser: Gu, Hanlin (VerfasserIn)
Weitere Verfasser: Fan, Lixin, Tang, XingXing, Yang, Qiang
Format: Online-Aufsatz
Sprache:English
Veröffentlicht: 2024
Zugriff auf das übergeordnete Werk:IEEE transactions on pattern analysis and machine intelligence
Schlagworte:Journal Article
LEADER 01000caa a22002652 4500
001 NLM369563263
003 DE-627
005 20240807232449.0
007 cr uuu---uuuuu
008 240312s2024 xx |||||o 00| ||eng c
024 7 |a 10.1109/TPAMI.2024.3375287  |2 doi 
028 5 2 |a pubmed24n1494.xml 
035 |a (DE-627)NLM369563263 
035 |a (NLM)38466598 
040 |a DE-627  |b ger  |c DE-627  |e rakwb 
041 |a eng 
100 1 |a Gu, Hanlin  |e verfasserin  |4 aut 
245 1 0 |a FedCut  |b A Spectral Analysis Framework for Reliable Detection of Byzantine Colluders 
264 1 |c 2024 
336 |a Text  |b txt  |2 rdacontent 
337 |a ƒaComputermedien  |b c  |2 rdamedia 
338 |a ƒa Online-Ressource  |b cr  |2 rdacarrier 
500 |a Date Revised 07.08.2024 
500 |a published: Print-Electronic 
500 |a Citation Status PubMed-not-MEDLINE 
520 |a This paper proposes a general spectral analysis framework that thwarts a security risk in federated Learning caused by groups of malicious Byzantine attackers or colluders, who conspire to upload vicious model updates to severely debase global model performances. The proposed framework delineates the strong consistency and temporal coherence between Byzantine colluders' model updates from a spectral analysis lens, and, formulates the detection of Byzantine misbehaviours as a community detection problem in weighted graphs. The modified normalized graph cut is then utilized to discern attackers from benign participants. Moreover, the Spectral heuristics is adopted to make the detection robust against various attacks. The proposed Byzantine colluder resilient method, i.e., FedCut, is guaranteed to converge with bounded errors. Extensive experimental results under a variety of settings justify the superiority of FedCut, which demonstrates extremely robust model accuracy (MA) under various attacks. It was shown that FedCut's averaged MA is 2.1% to 16.5% better than that of the state of the art Byzantine-resilient methods. In terms of the worst-case model accuracy (MA), FedCut is 17.6% to 69.5% better than these methods 
650 4 |a Journal Article 
700 1 |a Fan, Lixin  |e verfasserin  |4 aut 
700 1 |a Tang, XingXing  |e verfasserin  |4 aut 
700 1 |a Yang, Qiang  |e verfasserin  |4 aut 
773 0 8 |i Enthalten in  |t IEEE transactions on pattern analysis and machine intelligence  |d 1979  |g 46(2024), 9 vom: 10. Aug., Seite 5905-5920  |w (DE-627)NLM098212257  |x 1939-3539  |7 nnns 
773 1 8 |g volume:46  |g year:2024  |g number:9  |g day:10  |g month:08  |g pages:5905-5920 
856 4 0 |u http://dx.doi.org/10.1109/TPAMI.2024.3375287  |3 Volltext 
912 |a GBV_USEFLAG_A 
912 |a SYSFLAG_A 
912 |a GBV_NLM 
912 |a GBV_ILN_350 
951 |a AR 
952 |d 46  |j 2024  |e 9  |b 10  |c 08  |h 5905-5920