hassan-digicatapult
commented
3 years ago Looks good to me - should be a very useful addition to the basic FedAvg implementation.
Open nathancoulson opened 3 years ago
hassan-digicatapult
commented
3 years ago Looks good to me - should be a very useful addition to the basic FedAvg implementation.
Summary
This feature request is to implement a mitigation against adversarial attack or local model corruption, explained in this paper as Reject On Negative Impact on RONI. RONI will act as a monitoring system that checks the impact of each individual update to see if there is a pattern of consistently negative impact from a particular set of local nodes.
Motivation
In any Federated Learning system there is a risk that the global model, that is being aggregated from a number of updates from local/member nodes, can be disproportionally corrupted by poisoned or low-quality updates from a small number of local/member nodes.
The RONI system can monitor for potential attack or corruption by local nodes. This system could be extended to automatically reject those updates to make the global model more robust to adversarial attack and model/data poisoning.
Describe alternatives you've considered
This feature request is within the scope of "new example aggregation algorithms" and simply re-implements the FedAvg aggregation algorithm example with RONI. There are several alternative means of increasing robustness in Federated Learning systems, RONI is one of many that could be suitable for a range of use cases. Each of those could be added as another example in a Federated Learning robustness "toolkit".
Additional context