Practical Framework for Privacy-Preserving and Byzantine-robust Federated Learning

Federated Learning (FL) allows multiple clients to collaboratively train a model without sharing their private data. However, FL is vulnerable to Byzantine attacks, where adversaries manipulate client models to compromise the federated model, and privacy inference attacks, where adversaries exploit client models to infer private data. Existing defenses against both backdoor and privacy inference attacks introduce significant computational and communication overhead, creating a gap between theory and practice. To address this, we propose ABBR, a practical framework for Byzantine-robust and privacy-preserving FL. We are the first to utilize dimensionality reduction to speed up the private computation of complex filtering rules in privacy-preserving FL. Additionally, we analyze the accuracy loss of vector-wise filtering in low-dimensional space and introduce an adaptive tuning strategy to minimize the impact of malicious models that bypass filtering on the global model. We implement ABBR with state-of-the-art Byzantine-robust aggregation rules and evaluate it on public datasets, showing that it runs significantly faster, has minimal communication overhead, and maintains nearly the same Byzantine-resilience as the baselines.

Key Contributions

• First use of dimensionality reduction to speed up private computation of complex Byzantine-filtering rules in privacy-preserving FL, substantially reducing overhead.
• Theoretical analysis of accuracy loss from vector-wise filtering in low-dimensional space and an adaptive tuning strategy to minimize the impact of malicious models that bypass filtering.
• ABBR framework integrating state-of-the-art Byzantine-robust aggregation rules with privacy-preserving computation, achieving near-baseline Byzantine-resilience with significantly lower cost.

🛡️ Threat Analysis

Details

Similar Papers