TY - JOUR
T1 - Robust and Secure Aggregation Scheme for Federated Learning
AU - Tang, Wei
AU - Li, Jiliang
AU - Dong, Chengyi
AU - Miao, Yinbin
AU - Li, Qingming
AU - Li, Na
AU - Deng, Shuiguang
AU - Ji, Shouling
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2025
Y1 - 2025
N2 - Federated learning (FL) with a distributed trust framework effectively mitigates centralized security risks. However, it remains vulnerable to in-protocol Denial-of-Service attacks, resulting in the malicious server refusing to aggregate the valid gradients or terminating the protocol. Additionally, it is susceptible to collaborative attacks, where compromised servers and clients can bypass gradient verification to inject backdoors. To address those issues, we propose a robust and secure aggregation scheme for FL, which extends the efficient 2-party computation (2PC) to a 3-party computation (3PC) with at most one malicious party, resisting abnormal termination and colluding poisoning attacks. In particular, we skillfully combine the replicated secret sharing with L2 and L∞ defense, ensuring the malformed gradients filtering with a noninteractive setup. Moreover, we integrate the player elimination framework to detect misbehavior and guarantee output delivery. The formal security analysis proves that our scheme maintains malicious security even under the colluding model. Extensive experiments demonstrate that robust and secure aggregation scheme for federated learning is more client-friendly and significantly enhances client efficiency by approximately 4 orders of magnitude compared to state-of-the-art methods.
AB - Federated learning (FL) with a distributed trust framework effectively mitigates centralized security risks. However, it remains vulnerable to in-protocol Denial-of-Service attacks, resulting in the malicious server refusing to aggregate the valid gradients or terminating the protocol. Additionally, it is susceptible to collaborative attacks, where compromised servers and clients can bypass gradient verification to inject backdoors. To address those issues, we propose a robust and secure aggregation scheme for FL, which extends the efficient 2-party computation (2PC) to a 3-party computation (3PC) with at most one malicious party, resisting abnormal termination and colluding poisoning attacks. In particular, we skillfully combine the replicated secret sharing with L2 and L∞ defense, ensuring the malformed gradients filtering with a noninteractive setup. Moreover, we integrate the player elimination framework to detect misbehavior and guarantee output delivery. The formal security analysis proves that our scheme maintains malicious security even under the colluding model. Extensive experiments demonstrate that robust and secure aggregation scheme for federated learning is more client-friendly and significantly enhances client efficiency by approximately 4 orders of magnitude compared to state-of-the-art methods.
KW - Client-friendly
KW - federated learning (FL)
KW - player elimination
KW - replicated secret sharing (RSS)
KW - robust
UR - https://www.scopus.com/pages/publications/105002487099
U2 - 10.1109/JIOT.2024.3509222
DO - 10.1109/JIOT.2024.3509222
M3 - 文章
AN - SCOPUS:105002487099
SN - 2327-4662
VL - 12
SP - 9701
EP - 9715
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
IS - 8
ER -