Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
ARFED: Attack-Resistant Federated averaging based on outlier elimination
Date
2023-04-01
Author
Işık Polat, Ece
Polat, Gorkem
Koçyiğit, Altan
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
166
views
0
downloads
Cite This
In federated learning, each participant trains its local model with its own data and a global model is formed at a trusted server by aggregating model updates coming from these participants. Since the server has no effect and visibility on the training procedure of the participants to ensure privacy, the global model becomes vulnerable to attacks such as data poisoning and model poisoning. Although many defense algorithms have recently been proposed to address these attacks, they often make strong assumptions that do not agree with the nature of federated learning, such as assuming Non-IID datasets. Moreover, they mostly lack comprehensive experimental analyses. In this work, we propose a defense algorithm called ARFED that does not make any assumptions about data distribution, update similarity of participants, or the ratio of the malicious participants. ARFED mainly considers the outlier status of participant updates for each layer of the model architecture based on the distance to the global model. Hence, the participants that do not have any outlier layer are involved in model aggregation. We have performed extensive experiments on diverse scenarios and shown that the proposed approach provides a robust defense against different attacks. To test the defense capability of the ARFED in different conditions, we considered label flipping, Byzantine, and partial knowledge attacks for both IID and Non-IID settings in our experimental evaluations. Moreover, we proposed a new attack, called organized partial knowledge attack, where malicious participants use their training statistics collaboratively to define a common poisoned model. We have shown that organized partial knowledge attacks are more effective than independent attacks.
Subject Keywords
Adaptive attacks
,
Byzantine attacks
,
Data poisoning
,
Federated learning
,
Label flipping attacks
,
Model poisoning
URI
https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85144570683&origin=inward
https://hdl.handle.net/11511/101683
Journal
Future Generation Computer Systems
DOI
https://doi.org/10.1016/j.future.2022.12.003
Collections
Graduate School of Informatics, Article
Suggestions
OpenMETU
Core
BYZANTINE ATTACK ROBUST FEDERATED LEARNING
Işık Polat, Ece; Koçyiğit, Altan; Department of Bioinformatics (2021-9-09)
In federated learning (FL), collaborators train a global model collectively without sharing their local data. The local model parameters of the collaborators obtained from their local training process are collected on a trusted server to form the global model. In order to preserve privacy, the server has no authority over the local training procedure. Therefore, the global model is vulnerable to attacks such as data poisoning and model poisoning. Even though many defense strategies have been proposed agains...
UNCERTAINTY CALCULATION-AS-A-SERVICE: AN IIOT APPLICATION FOR AUTOMATED RF POWER SENSOR CALIBRATION
Çetinkaya, Anıl; Kaya, Muhammed Çağrı; Danaci, Erkan; Oğuztüzün, Mehmet Halit S. (2022-01-01)
Providing automated and networked solutions on the cloud will remarkably facilitate ongoing digitalization efforts in Metrology and the calibration industry. The AutoRFPower application was developed to automate the RF power measurement process and uncertainty calculations. This study presents our ongoing research on moving this application to a cloud environment and adapting it to perform power sensor calibrations. The cloud-based application initiates communication with calibration equipment, transfers te...
BOFRF: A Novel Boosting-Based Federated Random Forest Algorithm on Horizontally Partitioned Data
Gencturk, Mert; Sınacı, Ali Anıl; Cicekli, Nihan Kesim (2014-1-01)
The application of federated learning on ensemble methods is a common practice with the goal of increasing the predictive power of local models. However, although existing federated solutions utilizing ensemble methods can achieve this when the datasets of sites are balanced and of good quality, i.e., the local models are already above a certain accuracy threshold, they usually fail to provide the same level of improvement to the models of sites that have an unsuccessful classifier because of their poor qua...
End User Evaluation of the FAIR4Health Data Curation Tool
Gencturk, Mert; Teoman, Alper; Alvarez-Romero, Celia; Martinez-Garcia, Alicia; Parra-Calderon, Carlos Luis; Poblador-Plou, Beatriz; Löbe, Matthias; Sinaci, A Anil (2021-05-27)
The aim of this study is to build an evaluation framework for the user-centric testing of the Data Curation Tool. The tool was developed in the scope of the FAIR4Health project to make health data FAIR by transforming them from legacy formats into a Common Data Model based on HL7 FHIR. The end user evaluation framework was built by following a methodology inspired from the Delphi method. We applied a series of questionnaires to a group of experts not only in different roles and skills, but also from various...
BB-graph: a new subgraph isomorphism algorithm for querying big graph databases
Asiler, Merve; Yazıcı, Adnan; Department of Computer Engineering (2016)
With the emergence of the big data concept, the big graph database model has become very popular since it provides very flexible and quick querying for the cases that require costly join operations in RDBMs. However, it is a big challenge to find all exact matches of a query graph in a big database graph, which is known as the subgraph isomorphism problem. Although many related studies exist in literature, there is not a perfect algorithm that works for all types of queries efficiently since it is an NP-har...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
E. Işık Polat, G. Polat, and A. Koçyiğit, “ARFED: Attack-Resistant Federated averaging based on outlier elimination,”
Future Generation Computer Systems
, vol. 141, pp. 626–650, 2023, Accessed: 00, 2023. [Online]. Available: https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85144570683&origin=inward.
