Open Access iconOpen Access

ARTICLE

crossmark

FREPD: A Robust Federated Learning Framework on Variational Autoencoder

Zhipin Gu1, Liangzhong He2, Peiyan Li1, Peng Sun3, Jiangyong Shi1, Yuexiang Yang1,*

1 National University of Defense Technology, Changsha, 410000, China
2 China Mobile (Suzhou) Software Technology Co. Ltd., Suzhou, 215000, China
3 Eindhoven University of Technology, Eindhoven, 5641BZ, Netherlands

* Corresponding Author: Yuexiang Yang. Email: email

Computer Systems Science and Engineering 2021, 39(3), 307-320. https://doi.org/10.32604/csse.2021.017969

Abstract

Federated learning is an ideal solution to the limitation of not preserving the users’ privacy information in edge computing. In federated learning, the cloud aggregates local model updates from the devices to generate a global model. To protect devices’ privacy, the cloud is designed to have no visibility into how these updates are generated, making detecting and defending malicious model updates a challenging task. Unlike existing works that struggle to tolerate adversarial attacks, the paper manages to exclude malicious updates from the global model’s aggregation. This paper focuses on Byzantine attack and backdoor attack in the federated learning setting. We propose a federated learning framework, which we call Federated Reconstruction Error Probability Distribution (FREPD). FREPD uses a VAE model to compute updates’ reconstruction errors. Updates with higher reconstruction errors than the average reconstruction error are deemed as malicious updates and removed. Meanwhile, we apply the Kolmogorov-Smirnov test to choose a proper probability distribution function and tune its parameters to fit the distribution of reconstruction errors from observed benign updates. We then use the distribution function to estimate the probability that an unseen reconstruction error belongs to the benign reconstruction error distribution. Based on the probability, we classify the model updates as benign or malicious. Only benign updates are used to aggregate the global model. FREPD is tested with extensive experiments on independent and identically distributed (IID) and non-IID federated benchmarks, showing a competitive performance over existing aggregation methods under Byzantine attack and backdoor attack.

Keywords


Cite This Article

Z. Gu, L. He, P. Li, P. Sun, J. Shi et al., "Frepd: a robust federated learning framework on variational autoencoder," Computer Systems Science and Engineering, vol. 39, no.3, pp. 307–320, 2021.



cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 2575

    View

  • 1268

    Download

  • 1

    Like

Share Link