• español
    • English
  • Login
  • español 
    • español
    • English
  • Tipos de Publicaciones
    • bookbook partconference objectdoctoral thesisjournal articlemagazinemaster thesispatenttechnical documentationtechnical report
Ver ítem 
  •   IMDEA Networks Principal
  • Ver ítem
  •   IMDEA Networks Principal
  • Ver ítem
JavaScript is disabled for your browser. Some features of this site may not work without it.

MUDGUARD: Taming Malicious Majorities in Federated Learning using Privacy-Preserving Byzantine-Robust Clustering

Compartir
Ficheros
2208.10161v2.pdf (15.67Mb)
Identificadores
URI: https://hdl.handle.net/20.500.12761/1865
Metadatos
Mostrar el registro completo del ítem
Autor(es)
Wang, Rui; Wang, Xingkai; Chen, Huanhuan; Decouchant, Jérémie; Picek, Stjepan; Laoutaris, Nikolaos; Liang, Kaitai
Fecha
2025-06-09
Resumen
Byzantine-robust Federated Learning (FL) aims to counter malicious clients and train an accurate global model while maintaining an extremely low attack success rate. Most existing systems, however, are only robust when most of the clients are honest. \texttt{FLTrust} (NDSS '21) and \texttt{Zeno++} (ICML '20) do not make such an honest majority assumption but can only be applied to scenarios where the server is provided with an auxiliary dataset used to filter malicious updates. \texttt{FLAME} (USENIX '22) and \texttt{EIFFeL} (CCS '22) maintain the semi-honest majority assumption to guarantee robustness and the confidentiality of updates. It is, therefore, currently impossible to ensure Byzantine robustness and confidentiality of updates without assuming a semi-honest majority. To tackle this problem, we propose a novel Byzantine-robust and privacy-preserving FL system, called \texttt{MUDGUARD}, to capture malicious minority and majority for server and client sides, respectively. Our experimental results demonstrate that the accuracy of \texttt{MUDGUARD} is practically close to the FL baseline using FedAvg without attacks ($\approx$0.8\% gap on average). Meanwhile, the attack success rate is around 0\%-5\% even under an adaptive attack tailored to \texttt{MUDGUARD}. We further optimize our design by using binary secret sharing and polynomial transformation, leading to communication overhead and runtime decreases of 67\%-89.17\% and 66.05\%-68.75\%, respectively.
Compartir
Ficheros
2208.10161v2.pdf (15.67Mb)
Identificadores
URI: https://hdl.handle.net/20.500.12761/1865
Metadatos
Mostrar el registro completo del ítem

Listar

Todo IMDEA NetworksPor fecha de publicaciónAutoresTítulosPalabras claveTipos de contenido

Mi cuenta

Acceder

Estadísticas

Ver Estadísticas de uso

Difusión

emailContacto person Directorio wifi Eduroam rss_feed Noticias
Iniciativa IMDEA Sobre IMDEA Networks Organización Memorias anuales Transparencia
Síguenos en:
Comunidad de Madrid

UNIÓN EUROPEA

Fondo Social Europeo

UNIÓN EUROPEA

Fondo Europeo de Desarrollo Regional

UNIÓN EUROPEA

Fondos Estructurales y de Inversión Europeos

© 2021 IMDEA Networks. | Declaración de accesibilidad | Política de Privacidad | Aviso legal | Política de Cookies - Valoramos su privacidad: ¡este sitio no utiliza cookies!