Tackling Non-IID Data and Data Poisoning in Federated Learning using Adversarial Synthetic Data
DOI:
https://doi.org/10.14313/JAMRIS/3-2024/17Keywords:
Federated Learning, non-IID data, label skew, data poisoning, label flippingAbstract
Federated learning (FL) involves joint model training by various devices while preserving the privacy of their data. However, it presents a challenge of dealing with heterogeneous data located on participating devices. This issue can further be complicated by the appearance of malicious clients, aiming to sabotage the training process by poisoning local data. In this context, a problem of differentiating between poisoned and non-IID data appears. To address it, a technique utilizing data-free synthetic data generation is proposed, using a reverse concept of adversarial attack. Adversarial inputs allow for improving the training process by measuring clients' coherence, favoring trustworthy participants. Experimental results, obtained from the image classification tasks for MNIST, EMNIST, and CIFAR-10 datasets are reported and analyzed.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Journal of Automation, Mobile Robotics and Intelligent Systems
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors retain copyright. Authors grant the journal a non-exclusive right to publish the article. Articles are published under the CC BY-NC-ND 4.0 licence.
