Abstract: Federated learning allows participating clients to collaborate in training machine learning models without sharing their private data. Since the central server cannot control the behavior of clients, malicious clients may corrupt the global model by sending manipulated local gradient updates, and there may also be unreliable clients with low data quality but some value. To address the above problems, this paper proposes FedMDD,a defense approach for malicious client detection and defense for federated learning, to process detected malicious and unreliable clients in different ways based on local gradient updates, while defending against symbol flipping, additive noise, single label flipping, multilabel flipping, and backdoor attacks. Four baseline algorithms are compared for two datasets, and the experimental results show that FedMDD can successfully defend against various types of attacks in a training environment containing 50% malicious clients and 10% unreliable clients, with better results in both improving model testing accuracy and reducing backdoor accuracy.

Key words: federated learning, anomaly detection, robustness, privacy protection, Defense

摘要： 联邦学习允许参与的客户端在不共享其私有数据的前提下协作训练机器学习模型.由于中央服务器无法控制客户端的行为，恶意客户端可能会通过发送被操纵的局部梯度更新破坏全局模型，同时也可能存在数据质量低下但有一定价值的不可靠客户端.针对上述问题，提出了一种针对联邦学习的恶意客户端检测及防御方法FedMDD，以局部梯度更新为依据，通过不同的方式处理检测到的恶意和不可靠客户端，同时防御符号翻转、附加噪声、单标签翻转、多标签翻转和后门攻击.针对2个数据集对比了4种基线算法，实验结果表明，在包含50%恶意客户端和10%不可靠客户端的训练环境中，FedMDD可成功防御各类攻击，在提升模型测试精度和降低后门精度方面都有更好的效果.

关键词: 联邦学习, 异常检测, 鲁棒, 隐私保护, 防御