Tackling Non-IID Data and Data Poisoning in Federated Learning using Adversarial Synthetic Data
Authors
Abstract
Federated learning (FL) involves joint model training by various devices while preserving the privacy of their data. However, it presents a challenge of dealing with heterogeneous data located on participating devices. This issue can further be complicated by the appearance of malicious clients, aiming to sabotage the training process by poisoning local data. In this context, a problem of differentiating between poisoned and non-IID data appears. To address it, a technique utilizing data-free synthetic data generation is proposed, using a reverse concept of adversarial attack. Adversarial inputs allow for improving the training process by measuring clients' coherence, favoring trustworthy participants. Experimental results, obtained from the image classification tasks for MNIST, EMNIST, and CIFAR-10 datasets are reported and analyzed.
Downloads
How to Cite
Copyright (c) 2024 Journal of Automation, Mobile Robotics and Intelligent Systems
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
The authors wishing to publish in JAMRIS journal must sign the license to publish upon paper acceptance. The license governs in detail the commercial and non-commercial use of papers published by our journal and determines user and author rights.
