Search papers, labs, and topics across Lattice.
This paper introduces FedIDM, a Byzantine-robust federated learning algorithm that uses distribution matching to create condensed datasets for identifying and filtering malicious client updates. FedIDM leverages attack-tolerant condensed data generation and robust aggregation with negative contribution-based rejection to exclude updates that deviate from the condensed data's update direction or cause significant loss on it. Experiments on three datasets show FedIDM achieves faster and more stable convergence with acceptable model utility compared to existing methods, even with a high proportion of Byzantine clients.
Byzantine-robust federated learning no longer needs to trade off convergence speed and model utility, even with a large number of malicious clients.
Most existing Byzantine-robust federated learning (FL) methods suffer from slow and unstable convergence. Moreover, when handling a substantial proportion of colluded malicious clients, achieving robustness typically entails compromising model utility. To address these issues, this work introduces FedIDM, which employs distribution matching to construct trustworthy condensed data for identifying and filtering abnormal clients. FedIDM consists of two main components: (1) attack-tolerant condensed data generation, and (2) robust aggregation with negative contribution-based rejection. These components exclude local updates that (1) deviate from the update direction derived from condensed data, or (2) cause a significant loss on the condensed dataset. Comprehensive evaluations on three benchmark datasets demonstrate that FedIDM achieves fast and stable convergence while maintaining acceptable model utility, under multiple state-of-the-art Byzantine attacks involving a large number of malicious clients.
