ARFED: Attack-Resistant Federated averaging based on outlier elimination

© 2022 Elsevier B.V.In federated learning, each participant trains its local model with its own data and a global model is formed at a trusted server by aggregating model updates coming from these participants. Since the server has no effect and visibility on the training procedure of the participants to ensure privacy, the global model becomes vulnerable to attacks such as data poisoning and model poisoning. Although many defense algorithms have recently been proposed to address these attacks, they often make strong assumptions that do not agree with the nature of federated learning, such as assuming Non-IID datasets. Moreover, they mostly lack comprehensive experimental analyses. In this work, we propose a defense algorithm called ARFED that does not make any assumptions about data distribution, update similarity of participants, or the ratio of the malicious participants. ARFED mainly considers the outlier status of participant updates for each layer of the model architecture based on the distance to the global model. Hence, the participants that do not have any outlier layer are involved in model aggregation. We have performed extensive experiments on diverse scenarios and shown that the proposed approach provides a robust defense against different attacks. To test the defense capability of the ARFED in different conditions, we considered label flipping, Byzantine, and partial knowledge attacks for both IID and Non-IID settings in our experimental evaluations. Moreover, we proposed a new attack, called organized partial knowledge attack, where malicious participants use their training statistics collaboratively to define a common poisoned model. We have shown that organized partial knowledge attacks are more effective than independent attacks.
Future Generation Computer Systems


Işık Polat, Ece; Koçyiğit, Altan; Department of Bioinformatics (2021-9-09)
In federated learning (FL), collaborators train a global model collectively without sharing their local data. The local model parameters of the collaborators obtained from their local training process are collected on a trusted server to form the global model. In order to preserve privacy, the server has no authority over the local training procedure. Therefore, the global model is vulnerable to attacks such as data poisoning and model poisoning. Even though many defense strategies have been proposed agains...
End User Evaluation of the FAIR4Health Data Curation Tool
Gencturk, Mert; Teoman, Alper; Alvarez-Romero, Celia; Martinez-Garcia, Alicia; Parra-Calderon, Carlos Luis; Poblador-Plou, Beatriz; Löbe, Matthias; Sinaci, A Anil (2021-05-27)
The aim of this study is to build an evaluation framework for the user-centric testing of the Data Curation Tool. The tool was developed in the scope of the FAIR4Health project to make health data FAIR by transforming them from legacy formats into a Common Data Model based on HL7 FHIR. The end user evaluation framework was built by following a methodology inspired from the Delphi method. We applied a series of questionnaires to a group of experts not only in different roles and skills, but also from various...
Multi-objective decision making using fuzzy discrete event systems: A mobile robot example
Boutalis, Yiannis; Schmidt, Klaus Verner (2010-09-29)
In this paper, we propose an approach for the multi-objective control of sampled data systems that can be modeled as fuzzy discrete event systems (FDES). In our work, the choice of a fuzzy system representation is justified by the assumption of a controller realization that depends on various potentially imprecise sensor measurements. Our approach consists of three basic steps that are performed in each sampling instant. First, the current fuzzy state of the system is determined by a sensor evaluation. Seco...
Multimedia data modeling and semantic analysis by multimodal decision fusion
Güder, Mennan; Çiçekli, Fehime Nihan; Department of Computer Engineering (2015)
In this thesis, we propose a multi-modal event recognition framework based on the integration of event modeling, fusion, deep learning and, association rule mining. Event modeling is achieved through visual concept learning, scene segmentation and association rule mining. Visual concept learning is employed to reveal the semantic gap between the visual content and the textual descriptors of the events. Association rules are discovered by a specialized association rule mining algorithm where the proposed str...
GPU algorithms for Efficient Exascale Discretizations
Abdelfattah, Ahmad; et. al. (2021-12-01)
In this paper we describe the research and development activities in the Center for Efficient Exascale Discretization within the US Exascale Computing Project, targeting state-of-the-art high-order finite-element algorithms for high-order applications on GPU-accelerated platforms. We discuss the GPU developments in several components of the CEED software stack, including the libCEED, MAGMA, MFEM, libParanumal, and Nek projects. We report performance and capability improvements in several CEED-enabled applic...
Citation Formats
E. Işık Polat, G. Polat, and A. Koçyiğit, “ARFED: Attack-Resistant Federated averaging based on outlier elimination,” Future Generation Computer Systems, vol. 141, pp. 626–650, 2023, Accessed: 00, 2023. [Online]. Available: