Towards Secure Federated Learning: Understanding Vulnerabilities and Defense Mechanisms
摘要
Federated Learning (FL) is a decentralized machine learning approach that enables collaborative model training without sharing raw data, ensuring privacy preservation. Despite its benefits, FL is vulnerable to adversarial threats such as Byzantine attacks, where malicious clients send corrupted updates to disrupt the global model’s performance. This study introduces a simulation framework designed to evaluate the impact of such adversarial behaviors and assess the resilience of various aggregation techniques. The proposed methodology incorporates a mix of honest and malicious clients, simulating their interactions across multiple training rounds. The results highlight significant fluctuations in the global model’s performance caused by malicious updates, exposing the limitations of standard aggregation methods like the simple mean. The visualized outputs emphasize the destabilizing effects of Byzantine attacks and underscore the necessity of implementing robust aggregation and anomaly detection strategies. This work provides a systematic foundation for understanding vulnerabilities in FL and guides the development of more secure, reliable aggregation mechanisms.