FLGQM: Robust Federated Learning Based on Geometric and Qualitative Metrics
Federated learning is a distributed learning method that seeks to train a shared global model by aggregating contributions from multiple clients. This method ensures that each client’s local data are not shared with others. However, research has revealed that federated learning is vulnerable to pois...
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-12-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/14/1/351 |
| _version_ | 1797359078553419776 |
|---|---|
| author | Shangdong Liu Xi Xu Musen Wang Fei Wu Yimu Ji Chenxi Zhu Qurui Zhang |
| author_facet | Shangdong Liu Xi Xu Musen Wang Fei Wu Yimu Ji Chenxi Zhu Qurui Zhang |
| author_sort | Shangdong Liu |
| collection | DOAJ |
| description | Federated learning is a distributed learning method that seeks to train a shared global model by aggregating contributions from multiple clients. This method ensures that each client’s local data are not shared with others. However, research has revealed that federated learning is vulnerable to poisoning attacks launched by compromised or malicious clients. Many defense mechanisms have been proposed to mitigate the impact of poisoning attacks, but there are still some limitations and challenges. The defense methods are either performing malicious model removal from the geometric perspective to measure the geometric direction of the model or adding an additional dataset to the server for verifying local models. The former is prone to failure when facing advanced poisoning attacks, while the latter goes against the original intention of federated learning as it requires an independent dataset; thus, both of these defense methods have some limitations. To solve the above problems, we propose a robust federated learning method based on geometric and qualitative metrics (FLGQM). Specifically, FLGQM aims to metricize local models in both geometric and qualitative aspects for comprehensive defense. Firstly, FLGQM evaluates all local models from both direction and size aspects based on similarity calculated by cosine and the Euclidean distance, which we refer to as geometric metrics. Next, we introduce a union client set to assess the quality of all local models by utilizing the union client’s local dataset, referred to as quality metrics. By combining the results of these two metrics, FLGQM is able to use information from multiple views for accurate poisoning attack identification. We conducted experimental evaluations of FLGQM using the MNIST and CIFAR-10 datasets. The experimental results demonstrate that, under different kinds of poisoning attacks, FLGQM can achieve similar performance to FedAvg in non-adversarial environments. Therefore, FLGQM has better robustness and poisoning attack defense performance. |
| first_indexed | 2024-03-08T15:11:40Z |
| format | Article |
| id | doaj.art-71ae5b2060674678a7a92aca8b1a72a0 |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-08T15:11:40Z |
| publishDate | 2023-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-71ae5b2060674678a7a92aca8b1a72a02024-01-10T14:51:52ZengMDPI AGApplied Sciences2076-34172023-12-0114135110.3390/app14010351FLGQM: Robust Federated Learning Based on Geometric and Qualitative MetricsShangdong Liu0Xi Xu1Musen Wang2Fei Wu3Yimu Ji4Chenxi Zhu5Qurui Zhang6School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, ChinaSchool of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, ChinaSchool of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, ChinaCollege of Automation, Nanjing University of Posts and Telecommunications, Nanjing 210023, ChinaSchool of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, ChinaSchool of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, ChinaSchool of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, ChinaFederated learning is a distributed learning method that seeks to train a shared global model by aggregating contributions from multiple clients. This method ensures that each client’s local data are not shared with others. However, research has revealed that federated learning is vulnerable to poisoning attacks launched by compromised or malicious clients. Many defense mechanisms have been proposed to mitigate the impact of poisoning attacks, but there are still some limitations and challenges. The defense methods are either performing malicious model removal from the geometric perspective to measure the geometric direction of the model or adding an additional dataset to the server for verifying local models. The former is prone to failure when facing advanced poisoning attacks, while the latter goes against the original intention of federated learning as it requires an independent dataset; thus, both of these defense methods have some limitations. To solve the above problems, we propose a robust federated learning method based on geometric and qualitative metrics (FLGQM). Specifically, FLGQM aims to metricize local models in both geometric and qualitative aspects for comprehensive defense. Firstly, FLGQM evaluates all local models from both direction and size aspects based on similarity calculated by cosine and the Euclidean distance, which we refer to as geometric metrics. Next, we introduce a union client set to assess the quality of all local models by utilizing the union client’s local dataset, referred to as quality metrics. By combining the results of these two metrics, FLGQM is able to use information from multiple views for accurate poisoning attack identification. We conducted experimental evaluations of FLGQM using the MNIST and CIFAR-10 datasets. The experimental results demonstrate that, under different kinds of poisoning attacks, FLGQM can achieve similar performance to FedAvg in non-adversarial environments. Therefore, FLGQM has better robustness and poisoning attack defense performance.https://www.mdpi.com/2076-3417/14/1/351federated learningpoisoning attackrobust defense |
| spellingShingle | Shangdong Liu Xi Xu Musen Wang Fei Wu Yimu Ji Chenxi Zhu Qurui Zhang FLGQM: Robust Federated Learning Based on Geometric and Qualitative Metrics Applied Sciences federated learning poisoning attack robust defense |
| title | FLGQM: Robust Federated Learning Based on Geometric and Qualitative Metrics |
| title_full | FLGQM: Robust Federated Learning Based on Geometric and Qualitative Metrics |
| title_fullStr | FLGQM: Robust Federated Learning Based on Geometric and Qualitative Metrics |
| title_full_unstemmed | FLGQM: Robust Federated Learning Based on Geometric and Qualitative Metrics |
| title_short | FLGQM: Robust Federated Learning Based on Geometric and Qualitative Metrics |
| title_sort | flgqm robust federated learning based on geometric and qualitative metrics |
| topic | federated learning poisoning attack robust defense |
| url | https://www.mdpi.com/2076-3417/14/1/351 |
| work_keys_str_mv | AT shangdongliu flgqmrobustfederatedlearningbasedongeometricandqualitativemetrics AT xixu flgqmrobustfederatedlearningbasedongeometricandqualitativemetrics AT musenwang flgqmrobustfederatedlearningbasedongeometricandqualitativemetrics AT feiwu flgqmrobustfederatedlearningbasedongeometricandqualitativemetrics AT yimuji flgqmrobustfederatedlearningbasedongeometricandqualitativemetrics AT chenxizhu flgqmrobustfederatedlearningbasedongeometricandqualitativemetrics AT quruizhang flgqmrobustfederatedlearningbasedongeometricandqualitativemetrics |