AdaBFL: Multi-Layer Defensive Adaptive Aggregation for Bzantine-Robust Federated Learning

Federated learning (FL) is a popular distributed learning paradigm in machine learning, which enables multiple clients to collaboratively train models under the guidance of a server without exposing private client data. However, FL's decentralized nature makes it vulnerable to poisoning attacks, where malicious clients can submit corrupted models to manipulate the system. To counter such attacks, although various Byzantine-robust methods have been proposed, these methods struggle to provide balanced defense against multiple types of attacks or rely on possessing the dataset in the server. To deal with these drawbacks, thus, we propose an effective multi-layer defensive adaptive aggregation for Bzantine-robust federated learning (AdaBFL) based on a novel three-layer defensive mechanism, which can adaptively adjust the weights of defense algorithms to counter complex attacks. Moreover, we provide convergence properties of our AdaBFL method under the non-convex setting on non-iid data. Comprehensive experiments across multiple datasets validate the superiority of our AdaBFL over the comparable algorithms.

Key Contributions

Novel three-layer defensive mechanism that adaptively adjusts weights of defense algorithms to counter complex Byzantine attacks
Convergence guarantees for AdaBFL under non-convex settings on non-iid data
Defense method that does not require server-side dataset possession unlike prior Byzantine-robust methods

🛡️ Threat Analysis

Data Poisoning Attack

Defends against Byzantine poisoning attacks in federated learning where malicious clients submit corrupted model updates to degrade global model performance. The paper explicitly addresses both targeted and non-targeted poisoning attacks through model update manipulation during training.