Logo: to the web site of Uppsala University

uu.sePublications from Uppsala University
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Auto-weighted Robust Federated Learning with Corrupted Data Sources
Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology, Computer Systems. Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology, Division of Computer Systems.ORCID iD: 0000-0003-0145-3127
The University of Hong Kong, China.ORCID iD: 0000-0002-3454-8731
University College London, UK.ORCID iD: 0000-0002-1063-6534
Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology, Computer Architecture and Computer Communication. Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology, Division of Computer Systems. Research Institutes of Sweden (RISE), Sweden.ORCID iD: 0000-0002-2586-8573
2022 (English)In: ACM Transactions on Intelligent Systems and Technology, ISSN 2157-6904, E-ISSN 2157-6912, Vol. 13, no 5, p. 1-20Article in journal (Refereed) Published
Abstract [en]

Federated learning provides a communication-efficient and privacy-preserving training process by enabling learning statistical models with massive participants without accessing their local data. Standard federated learning techniques that naively minimize an average loss function are vulnerable to data corruptions from outliers, systematic mislabeling, or even adversaries. In this paper, we address this challenge by proposing Auto-weighted Robust Federated Learning (ARFL), a novel approach that jointly learns the global model and the weights of local updates to provide robustness against corrupted data sources. We prove a learning bound on the expected loss with respect to the predictor and the weights of clients, which guides the definition of the objective for robust federated learning. We present an objective that minimizes the weighted sum of empirical risk of clients with a regularization term, where the weights can be allocated by comparing the empirical risk of each client with the average empirical risk of the best p clients. This method can downweight the clients with significantly higher losses, thereby lowering their contributions to the global model. We show that this approach achieves robustness when the data of corrupted clients is distributed differently from the benign ones. To optimize the objective function, we propose a communication-efficient algorithm based on the blockwise minimization paradigm. We conduct extensive experiments on multiple benchmark datasets, including CIFAR-10, FEMNIST, and Shakespeare, considering different neural network models. The results show that our solution is robust against different scenarios including label shuffling, label flipping, and noisy features, and outperforms the state-of-the-art methods in most scenarios.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM) Association for Computing Machinery (ACM), 2022. Vol. 13, no 5, p. 1-20
Keywords [en]
Federated learning, robustness, auto-weighted, distributed learning, neural networks
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:uu:diva-468353DOI: 10.1145/3517821ISI: 000877952100005OAI: oai:DiVA.org:uu-468353DiVA, id: diva2:1640293
Funder
Swedish Research Council, 2017-0454EU, Horizon 2020, 101015922Available from: 2022-02-24 Created: 2022-02-24 Last updated: 2024-11-20Bibliographically approved
In thesis
1. Robust Federated Learning: Defending Against Byzantine and Jailbreak Attacks
Open this publication in new window or tab >>Robust Federated Learning: Defending Against Byzantine and Jailbreak Attacks
2024 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Federated Learning (FL) has emerged as a promising paradigm for training collaborative machine learning models across multiple participants while preserving data privacy. It is particularly valuable in privacy-sensitive domains like healthcare and finance. Recently, FL has been explored to harness the power of pre-trained Foundation Models (FMs) for downstream task adaptation, enabling customization and personalization while maintaining data locality and privacy. However, FL's distributed nature makes it inherently vulnerable to adversarial attacks. Notable threats include Byzantine attacks, which inject malicious updates to degrade model performance, and jailbreak attacks, which exploit the fine-tuning process to undermine safety alignments of FMs, leading to harmful outputs. This dissertation centers on robust FL, aiming to mitigate these threats and ensure global models remain accurate and safe even under adversarial conditions. To mitigate Byzantine attacks, we propose several Robust Aggregation Schemes (RASs) that decrease the influence of malicious updates. Additionally, we introduce Blades, an open-source benchmarking tool to systematically study the interplay between attacks and defenses in FL, offering insights into the effects of data heterogeneity, differential privacy, and momentum on RAS robustness. Exploring the synergy between FL and FMs, we present a taxonomy of research along with adaptivity, efficiency, and trustworthiness. We uncover a novel attack, “PEFT-as-an-Attack” (PaaA), where malicious FL participants jailbreak FMs through Parameter-Efficient-Fine-Tuning (PEFT) with harmful data. We evaluate defenses against PaaA and highlight critical gaps, emphasizing the need for advanced strategies balancing safety and utility in FL-FM systems. In summary, this dissertation advances FL robustness by proposing novel defenses, tools, and insights while exposing emerging attack vectors. These contributions pave the way for attack-resilient distributed machine learning systems capable of withstanding both current and emerging threats.

Place, publisher, year, edition, pages
Uppsala: Acta Universitatis Upsaliensis, 2024. p. 54
Series
Digital Comprehensive Summaries of Uppsala Dissertations from the Faculty of Science and Technology, ISSN 1651-6214 ; 2477
Keywords
Federated learning, Jailbreak attack, Parameter-Efficient Fine-Tuning, Pre-trained Language Model, Robustness
National Category
Computer Sciences
Identifiers
urn:nbn:se:uu:diva-540441 (URN)978-91-513-2312-1 (ISBN)
Public defence
2025-01-16, 101121, Sonja Lyttkens, Ångström, Regementsvägen 1, Uppsala, 09:00 (English)
Opponent
Supervisors
Available from: 2024-12-17 Created: 2024-11-20 Last updated: 2024-12-17

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Li, ShenghuiNgai, EdithVoigt, Thiemo

Search in DiVA

By author/editor
Li, ShenghuiNgai, EdithYe, FanghuaVoigt, Thiemo
By organisation
Computer SystemsDivision of Computer SystemsComputer Architecture and Computer Communication
In the same journal
ACM Transactions on Intelligent Systems and Technology
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 155 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf