Articles producció científica> Enginyeria Informàtica i Matemàtiques

Fair detection of poisoning attacks in federated learning on non-i.i.d. data

  • Dades identificatives

    Identificador: imarina:9287830
    Autors:
    Singh, AKBlanco-Justicia, ADomingo-Ferrer, J
    Resum:
    Reconciling machine learning with individual privacy is one of the main motivations behind federated learning (FL), a decentralized machine learning technique that aggregates partial models trained by clients on their own private data to obtain a global deep learning model. Even if FL provides stronger privacy guarantees to the participating clients than centralized learning collecting the clients’ data in a central server, FL is vulnerable to some attacks whereby malicious clients submit bad updates in order to prevent the model from converging or, more subtly, to introduce artificial bias in the classification (poisoning). Poisoning detection techniques compute statistics on the updates to identify malicious clients. A downside of anti-poisoning techniques is that they might lead to discriminate minority groups whose data are significantly and legitimately different from those of the majority of clients. This would not only be unfair, but would yield poorer models that would fail to capture the knowledge in the training data, especially when data are not independent and identically distributed (non-i.i.d.). In this work, we strive to strike a balance between fighting poisoning and accommodating diversity to help learning fairer and less discriminatory federated learning models. In this way, we forestall the exclusion of diverse clients while still ensuring detection of poisoning attacks. Empirical work on three data sets shows that employing our approach to tell legitimate from malicious updates produces models that are more accurate than those obtained with state-of-the-art poisoning detection techniques. Additionally, we explore the impact of our proposal on the performance of models on non-i.i.d local training data.
  • Altres:

    Autor segons l'article: Singh, AK; Blanco-Justicia, A; Domingo-Ferrer, J
    Departament: Enginyeria Informàtica i Matemàtiques
    Autor/s de la URV: Blanco Justicia, Alberto / Domingo Ferrer, Josep
    Paraules clau: Security Privacy Minorities Microaggregation Federated learning Fairness security privacy minorities fairness
    Resum: Reconciling machine learning with individual privacy is one of the main motivations behind federated learning (FL), a decentralized machine learning technique that aggregates partial models trained by clients on their own private data to obtain a global deep learning model. Even if FL provides stronger privacy guarantees to the participating clients than centralized learning collecting the clients’ data in a central server, FL is vulnerable to some attacks whereby malicious clients submit bad updates in order to prevent the model from converging or, more subtly, to introduce artificial bias in the classification (poisoning). Poisoning detection techniques compute statistics on the updates to identify malicious clients. A downside of anti-poisoning techniques is that they might lead to discriminate minority groups whose data are significantly and legitimately different from those of the majority of clients. This would not only be unfair, but would yield poorer models that would fail to capture the knowledge in the training data, especially when data are not independent and identically distributed (non-i.i.d.). In this work, we strive to strike a balance between fighting poisoning and accommodating diversity to help learning fairer and less discriminatory federated learning models. In this way, we forestall the exclusion of diverse clients while still ensuring detection of poisoning attacks. Empirical work on three data sets shows that employing our approach to tell legitimate from malicious updates produces models that are more accurate than those obtained with state-of-the-art poisoning detection techniques. Additionally, we explore the impact of our proposal on the performance of models on non-i.i.d local training data.
    Àrees temàtiques: Information systems Engenharias iv Engenharias iii Computer science, information systems Computer science, artificial intelligence Computer science applications Computer networks and communications Ciências biológicas i Ciência da computação
    Accès a la llicència d'ús: https://creativecommons.org/licenses/by/3.0/es/
    Adreça de correu electrònic de l'autor: alberto.blanco@urv.cat josep.domingo@urv.cat
    Identificador de l'autor: 0000-0002-1108-8082 0000-0001-7213-4962
    Data d'alta del registre: 2024-08-03
    Versió de l'article dipositat: info:eu-repo/semantics/publishedVersion
    Enllaç font original: https://link.springer.com/article/10.1007/s10618-022-00912-6
    URL Document de llicència: https://repositori.urv.cat/ca/proteccio-de-dades/
    Referència a l'article segons font original: Data Mining And Knowledge Discovery. 37 (5): 1998-2023
    Referència de l'ítem segons les normes APA: Singh, AK; Blanco-Justicia, A; Domingo-Ferrer, J (2023). Fair detection of poisoning attacks in federated learning on non-i.i.d. data. Data Mining And Knowledge Discovery, 37(5), 1998-2023. DOI: 10.1007/s10618-022-00912-6
    DOI de l'article: 10.1007/s10618-022-00912-6
    Entitat: Universitat Rovira i Virgili
    Any de publicació de la revista: 2023
    Tipus de publicació: Journal Publications
  • Paraules clau:

    Computer Networks and Communications,Computer Science Applications,Computer Science, Artificial Intelligence,Computer Science, Information Systems,Information Systems
    Security
    Privacy
    Minorities
    Microaggregation
    Federated learning
    Fairness
    security
    privacy
    minorities
    fairness
    Information systems
    Engenharias iv
    Engenharias iii
    Computer science, information systems
    Computer science, artificial intelligence
    Computer science applications
    Computer networks and communications
    Ciências biológicas i
    Ciência da computação
  • Documents:

  • Cerca a google

    Search to google scholar