TY - GEN
T1 - Siren
T2 - 12th Annual ACM Symposium on Cloud Computing, SoCC 2021
AU - Guo, Hanxi
AU - Wang, Hao
AU - Song, Tao
AU - Hua, Yang
AU - Lv, Zhangcheng
AU - Jin, Xiulang
AU - Xue, Zhengui
AU - Ma, Ruhui
AU - Guan, Haibing
N1 - Publisher Copyright:
© 2021 Association for Computing Machinery.
PY - 2021/11/1
Y1 - 2021/11/1
N2 - With the popularity of machine learning on many applications, data privacy has become a severe issue when machine learning is applied in the real world. Federated learning (FL), an emerging paradigm in machine learning, aims to train a centralized model while distributing training data among a large number of clients in order to avoid data privacy leaking, which has attracted great attention recently. However, the distributed training scheme in FL is susceptible to different kinds of attacks. Existing defense systems mainly utilize model weight analysis to identify malicious clients with many limitations. For example, some defense systems must know the exact number of malicious clients beforehand, which can be easily bypassed by well-designed attack methods and become impractical for real-world scenarios. This paper presents Siren, a Byzantine-robust federated learning system via a proactive alarming mechanism. Compared with current Byzantine-robust aggregation rules, Siren can defend against attacks from a higher proportion of malicious clients in the system while keeping the global model performing normally. Extensive experiments against different attack methods are conducted under diverse settings on both independent and identically distributed (IID) and non-IID data. The experimental results illustrate the effectiveness of Siren comparing with several state-of-the-art defense methods.
AB - With the popularity of machine learning on many applications, data privacy has become a severe issue when machine learning is applied in the real world. Federated learning (FL), an emerging paradigm in machine learning, aims to train a centralized model while distributing training data among a large number of clients in order to avoid data privacy leaking, which has attracted great attention recently. However, the distributed training scheme in FL is susceptible to different kinds of attacks. Existing defense systems mainly utilize model weight analysis to identify malicious clients with many limitations. For example, some defense systems must know the exact number of malicious clients beforehand, which can be easily bypassed by well-designed attack methods and become impractical for real-world scenarios. This paper presents Siren, a Byzantine-robust federated learning system via a proactive alarming mechanism. Compared with current Byzantine-robust aggregation rules, Siren can defend against attacks from a higher proportion of malicious clients in the system while keeping the global model performing normally. Extensive experiments against different attack methods are conducted under diverse settings on both independent and identically distributed (IID) and non-IID data. The experimental results illustrate the effectiveness of Siren comparing with several state-of-the-art defense methods.
KW - Attack-agnostic Defense System
KW - Byzantine-robust
KW - Federated Learning
UR - http://www.scopus.com/inward/record.url?scp=85119247393&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85119247393&partnerID=8YFLogxK
U2 - 10.1145/3472883.3486990
DO - 10.1145/3472883.3486990
M3 - Conference contribution
AN - SCOPUS:85119247393
T3 - SoCC 2021 - Proceedings of the 2021 ACM Symposium on Cloud Computing
SP - 47
EP - 60
BT - SoCC 2021 - Proceedings of the 2021 ACM Symposium on Cloud Computing
Y2 - 1 November 2021 through 4 November 2021
ER -