Robust Federated Inference

Federated inference, in the form of one-shot federated learning, edge ensembles, or federated ensembles, has emerged as an attractive solution to combine predictions from multiple models. This paradigm enables each model to remain local and proprietary while a central server queries them and aggregates predictions. Yet, the robustness of federated inference has been largely neglected, leaving them vulnerable to even simple attacks. To address this critical gap, we formalize the problem of robust federated inference and provide the first robustness analysis of this class of methods. Our analysis of averaging-based aggregators shows that the error of the aggregator is small either when the dissimilarity between honest responses is small or the margin between the two most probable classes is large. Moving beyond linear averaging, we show that problem of robust federated inference with non-linear aggregators can be cast as an adversarial machine learning problem. We then introduce an advanced technique using the DeepSet aggregation model, proposing a novel composition of adversarial training and test-time robust aggregation to robustify non-linear aggregators. Our composition yields significant improvements, surpassing existing robust aggregation methods by 4.7 - 22.2% in accuracy points across diverse benchmarks.

Key Contributions

• First formal robustness analysis of federated inference aggregators under Byzantine corruptions, deriving certificates for averaging-based schemes based on class margin and client dissimilarity
• Reformulation of robust federated inference with non-linear aggregators as an adversarial ML problem over the probability simplex
• Robust DeepSet aggregator combining permutation-invariant architecture, adversarial training, and test-time robust aggregation (CWTM), outperforming baselines by 4.7–22.2% accuracy points

🛡️ Threat Analysis

Details

Similar Papers