Defend Against Poisoning Attacks in Federated Learning

Abstract

The rapid development of artificial intelligence not only brings convenience to people’s lives, but also leads to many privacy leaks. In order to resolve the contradiction between data availability and privacy protection, Google proposed the framework of federated learning. In federated learning, local clients upload model update values to the server, and the server aggregates all update values to obtain a new global model. However malicious attackers can upload malicious update values to perform poisoning attacks, making the global model unavailable or introducing a backdoor. In this paper, we deploy an AutoEncoder on the server side to calculate the reconstruction error of model update values. According to the size of the reconstruction error, we remove malicious update values and retain benign update values. Finally, the server aggregates all benign update values to obtain a new global model. Experimental results show that our scheme can effectively defend against poisoning attacks.