ARFED: Attack-Resistant Federated averaging based on outlier elimination

In federated learning, each participant trains its local model with its own data and a global model is formed at a trusted server by aggregating model updates coming from these participants. Since the server has no effect and visibility on the training procedure of the participants to ensure privacy, the global model becomes vulnerable to attacks such as data poisoning and model poisoning. Although many defense algorithms have recently been proposed to address these attacks, they often make strong assumptions that do not agree with the nature of federated learning, such as assuming Non-IID datasets. Moreover, they mostly lack comprehensive experimental analyses. In this work, we propose a defense algorithm called ARFED that does not make any assumptions about data distribution, update similarity of participants, or the ratio of the malicious participants. ARFED mainly considers the outlier status of participant updates for each layer of the model architecture based on the distance to the global model. Hence, the participants that do not have any outlier layer are involved in model aggregation. We have performed extensive experiments on diverse scenarios and shown that the proposed approach provides a robust defense against different attacks. To test the defense capability of the ARFED in different conditions, we considered label flipping, Byzantine, and partial knowledge attacks for both IID and Non-IID settings in our experimental evaluations. Moreover, we proposed a new attack, called organized partial knowledge attack, where malicious participants use their training statistics collaboratively to define a common poisoned model. We have shown that organized partial knowledge attacks are more effective than independent attacks.
Future Generation Computer Systems


Işık Polat, Ece; Koçyiğit, Altan; Department of Bioinformatics (2021-9-09)
In federated learning (FL), collaborators train a global model collectively without sharing their local data. The local model parameters of the collaborators obtained from their local training process are collected on a trusted server to form the global model. In order to preserve privacy, the server has no authority over the local training procedure. Therefore, the global model is vulnerable to attacks such as data poisoning and model poisoning. Even though many defense strategies have been proposed agains...
Çetinkaya, Anıl; Kaya, Muhammed Çağrı; Danaci, Erkan; Oğuztüzün, Mehmet Halit S. (2022-01-01)
Providing automated and networked solutions on the cloud will remarkably facilitate ongoing digitalization efforts in Metrology and the calibration industry. The AutoRFPower application was developed to automate the RF power measurement process and uncertainty calculations. This study presents our ongoing research on moving this application to a cloud environment and adapting it to perform power sensor calibrations. The cloud-based application initiates communication with calibration equipment, transfers te...
BOFRF: A Novel Boosting-Based Federated Random Forest Algorithm on Horizontally Partitioned Data
Gencturk, Mert; Sınacı, Ali Anıl; Cicekli, Nihan Kesim (2014-1-01)
The application of federated learning on ensemble methods is a common practice with the goal of increasing the predictive power of local models. However, although existing federated solutions utilizing ensemble methods can achieve this when the datasets of sites are balanced and of good quality, i.e., the local models are already above a certain accuracy threshold, they usually fail to provide the same level of improvement to the models of sites that have an unsuccessful classifier because of their poor qua...
End User Evaluation of the FAIR4Health Data Curation Tool
Gencturk, Mert; Teoman, Alper; Alvarez-Romero, Celia; Martinez-Garcia, Alicia; Parra-Calderon, Carlos Luis; Poblador-Plou, Beatriz; Löbe, Matthias; Sinaci, A Anil (2021-05-27)
The aim of this study is to build an evaluation framework for the user-centric testing of the Data Curation Tool. The tool was developed in the scope of the FAIR4Health project to make health data FAIR by transforming them from legacy formats into a Common Data Model based on HL7 FHIR. The end user evaluation framework was built by following a methodology inspired from the Delphi method. We applied a series of questionnaires to a group of experts not only in different roles and skills, but also from various...
BB-graph: a new subgraph isomorphism algorithm for querying big graph databases
Asiler, Merve; Yazıcı, Adnan; Department of Computer Engineering (2016)
With the emergence of the big data concept, the big graph database model has become very popular since it provides very flexible and quick querying for the cases that require costly join operations in RDBMs. However, it is a big challenge to find all exact matches of a query graph in a big database graph, which is known as the subgraph isomorphism problem. Although many related studies exist in literature, there is not a perfect algorithm that works for all types of queries efficiently since it is an NP-har...
Citation Formats
E. Işık Polat, G. Polat, and A. Koçyiğit, “ARFED: Attack-Resistant Federated averaging based on outlier elimination,” Future Generation Computer Systems, vol. 141, pp. 626–650, 2023, Accessed: 00, 2023. [Online]. Available: