A Centralized Federated Learning Framework with Security Aspects Against Byzantine and Sybil Attacks
摘要
This paper presents a federated learning (FL) framework designed to counter Byzantine and Sybil-type attacks, which are major security threats in distributed systems. One of the key elements in such systems is business continuity. By combining the Multi-Krum client selection mechanism with the FoolsGold aggregation approach, the framework offers resilience against these two attack types. Byzantine attacks, characterized by clients sending arbitrary or misleading updates, can disrupt model convergence. In contrast, Sybil attacks, in which attackers overwhelm the network with multiple malicious clients forming a majority, can significantly disrupt the aggregation. These attack types may decrease performance, increase communication load, and result in incorrect predictions. By leveraging a statistical method based on Chernoff bounds, the system determines the optimal number of clients selected via the Multi-Krum method, removing the outlier weights from the malicious clients. The FoolsGold aggregation method utilizes cosine similarity and clients’ gradient history and assigns weights to each selected client, reducing the risk of the aggregation process being overwhelmed by Sybil’s attackers. Experiments with attention-augmented CNNs on the MNIST and Covid-19 Radiology datasets confirmed the system’s effectiveness under various adversarial conditions, achieving 97% and 77% accuracy, respectively, comparable to results without attacks. The results indicate the effectiveness and robustness of the proposed strategy as a defense mechanism against FL poisoning attacks and provide a basis for further development of techniques for detecting non-metric-based attacks.