Date of Award

5-2-2024

Publication Type

Thesis

Degree Name

M.Sc.

Department

Computer Science

Keywords

Clustering;Federated Learning;Machine Learning;Model Poisoning Attack;Privacy and Security

Supervisor

Saeed Samet

Abstract

Federated Learning (FL) is a machine learning framework that allows multiple clients to contribute their data to a single machine learning model without sacrificing their privacy. Although FL addresses some security issues, it is still susceptible to model poisoning attacks where malicious clients aim to corrupt the main learning model by sending poisoned updates. Byzantine-robust methods are defenses that aim to prevent corruption of the main learning model by tolerating a certain number of malicious clients. However, they can only resist a small number of malicious clients. FLDetector is a defense to address this issue by detecting majority of the malicious clients and removing them from the FL setting. The main idea behind it is that corrupted updates are inconsistent compared to honest updates. FLDetector leverages this and detects malicious clients based on their update consistency. One issue with this method is that FLDetector always clusters clients into two clusters when it can even when it’s not the optimal number of clusters. This causes it to misclassify a fraction of honest clients as malicious and removes them from the FL setting. This prevents the machine learning model from learning useful data. The proposed method resolves this by using Gap statistics to determine the optimal number of clusters to cluster the clients. The clients are then clustered and the cluster with the lowest average malicious score is classified as the honest clients while the rest of the clusters are classified as malicious. This will allow FLDetector to remove majority of malicious clients while keeping all honest clients.

Download

Share

COinS