TDFL: Truth Discovery Based Byzantine Robust Federated Learning
Federated learning (FL) enables data owners to train a joint global model without sharing private data. However, it is vulnerable to Byzantine attackers that can launch poisoning attacks to destroy model training. Existing defense strategies rely on the additional datasets to train trustable server...
Saved in:
| Published in | IEEE transactions on parallel and distributed systems Vol. 33; no. 12; pp. 1 - 14 |
|---|---|
| Main Authors | , , , , , |
| Format | Journal Article |
| Language | English |
| Published |
New York
IEEE
01.12.2022
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Federated learning (FL) enables data owners to train a joint global model without sharing private data. However, it is vulnerable to Byzantine attackers that can launch poisoning attacks to destroy model training. Existing defense strategies rely on the additional datasets to train trustable server models or trusted execution environments to mitigate attacks. Besides, these strategies can only tolerate a small number of malicious users or resist a few types of poisoning attacks. To address these challenges, we design a novel federated learning method TDFL , T ruth D iscovery based F ederated L earning, which can defend against multiple poisoning attacks without additional datasets even when the Byzantine users are <inline-formula><tex-math notation="LaTeX">\geq 50\%</tex-math></inline-formula>. Specifically, the TDFL considers different scenarios with different malicious proportions. For Honest-majority setting (Byzantine <inline-formula><tex-math notation="LaTeX">< 50\%</tex-math></inline-formula>), we design a special robust truth discovery aggregation scheme to remove malicious model updates, which can assign weights according to users' contribution; for Byzantine-majority setting (Byzantine <inline-formula><tex-math notation="LaTeX">\geq 50\%</tex-math></inline-formula>), we use maximum clique-based filter to guarantee global model quality. To the best of our knowledge, this is the first study that uses truth discovery to defend against poisoning attacks. It is also the first scheme which can achieve strong robustness under multiple kinds of attacks launched by high proportion attackers without root datasets. Extensive comparative experiments are designed with five state-of-the-art aggregation rules under five types of classical poisoning attacks on different datasets. The experimental results demonstrate that TDFL is practical and achieves reasonable Byzantine-robustness. |
|---|---|
| AbstractList | Federated learning (FL) enables data owners to train a joint global model without sharing private data. However, it is vulnerable to Byzantine attackers that can launch poisoning attacks to destroy model training. Existing defense strategies rely on the additional datasets to train trustable server models or trusted execution environments to mitigate attacks. Besides, these strategies can only tolerate a small number of malicious users or resist a few types of poisoning attacks. To address these challenges, we design a novel federated learning method TDFL , T ruth D iscovery based F ederated L earning, which can defend against multiple poisoning attacks without additional datasets even when the Byzantine users are <inline-formula><tex-math notation="LaTeX">\geq 50\%</tex-math></inline-formula>. Specifically, the TDFL considers different scenarios with different malicious proportions. For Honest-majority setting (Byzantine <inline-formula><tex-math notation="LaTeX">< 50\%</tex-math></inline-formula>), we design a special robust truth discovery aggregation scheme to remove malicious model updates, which can assign weights according to users' contribution; for Byzantine-majority setting (Byzantine <inline-formula><tex-math notation="LaTeX">\geq 50\%</tex-math></inline-formula>), we use maximum clique-based filter to guarantee global model quality. To the best of our knowledge, this is the first study that uses truth discovery to defend against poisoning attacks. It is also the first scheme which can achieve strong robustness under multiple kinds of attacks launched by high proportion attackers without root datasets. Extensive comparative experiments are designed with five state-of-the-art aggregation rules under five types of classical poisoning attacks on different datasets. The experimental results demonstrate that TDFL is practical and achieves reasonable Byzantine-robustness. Federated learning (FL) enables data owners to train a joint global model without sharing private data. However, it is vulnerable to Byzantine attackers that can launch poisoning attacks to destroy model training. Existing defense strategies rely on the additional datasets to train trustable server models or trusted execution environments to mitigate attacks. Besides, these strategies can only tolerate a small number of malicious users or resist a few types of poisoning attacks. To address these challenges, we design a novel federated learning method TDFL , T ruth D iscovery based F ederated L earning, which can defend against multiple poisoning attacks without additional datasets even when the Byzantine users are [Formula Omitted]. Specifically, the TDFL considers different scenarios with different malicious proportions. For Honest-majority setting (Byzantine [Formula Omitted]), we design a special robust truth discovery aggregation scheme to remove malicious model updates, which can assign weights according to users’ contribution; for Byzantine-majority setting (Byzantine [Formula Omitted]), we use maximum clique-based filter to guarantee global model quality. To the best of our knowledge, this is the first study that uses truth discovery to defend against poisoning attacks. It is also the first scheme which can achieve strong robustness under multiple kinds of attacks launched by high proportion attackers without root datasets. Extensive comparative experiments are designed with five state-of-the-art aggregation rules under five types of classical poisoning attacks on different datasets. The experimental results demonstrate that TDFL is practical and achieves reasonable Byzantine-robustness. |
| Author | Xu, Chang Zhang, Chuan Jin, Guoxie Sharif, Kashif Jia, Yu Zhu, Liehuang |
| Author_xml | – sequence: 1 givenname: Chang orcidid: 0000-0002-9726-7232 surname: Xu fullname: Xu, Chang organization: School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing, China – sequence: 2 givenname: Yu orcidid: 0000-0001-7115-403X surname: Jia fullname: Jia, Yu organization: School of Computer Science and Technology, Beijing Institute of Technology, Beijing, China – sequence: 3 givenname: Liehuang orcidid: 0000-0003-3277-3887 surname: Zhu fullname: Zhu, Liehuang organization: School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing, China – sequence: 4 givenname: Chuan orcidid: 0000-0001-7684-8540 surname: Zhang fullname: Zhang, Chuan organization: School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing, China – sequence: 5 givenname: Guoxie surname: Jin fullname: Jin, Guoxie organization: School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing, China – sequence: 6 givenname: Kashif orcidid: 0000-0001-7214-6568 surname: Sharif fullname: Sharif, Kashif organization: School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing, China |
| BookMark | eNp9kE1LAzEQhoMo2FZ_gHhZ8Lw1H5tN4kVsa1VYUHQ9h-xmqil1tyZZof56t7R48OBpXpj3mYFniA6btgGEzggeE4LVZfk0exlTTOmYUcwFyQ7QgHAuU0okO-wzzniqKFHHaBjCEmOScZwN0HU5mxdXSem7-J7MXKjbL_CbZGIC2GSy-TZNdA0kz23VhZjMwYI3sV8VYHzjmrcTdLQwqwCn-zlCr_PbcnqfFo93D9ObIq0ZVzGtraykoDi3lWU2F0oRaYzluRUShKDSEgoil7msGZbALAYFmC8qUJJUC8JG6GJ3d-3bzw5C1Mu2803_UlNBFOdCUta3xK5V-zYEDwtdu2iia5vojVtpgvXWlt7a0ltbem-rJ8kfcu3dh_Gbf5nzHeMA4LevpBQKK_YDz3B2Cw |
| CODEN | ITDSEO |
| CitedBy_id | crossref_primary_10_14778_3665844_3665860 crossref_primary_10_3390_wevj15010018 crossref_primary_10_1109_JSTARS_2023_3276781 crossref_primary_10_1109_JIOT_2024_3370938 crossref_primary_10_1109_JIOT_2024_3409610 crossref_primary_10_1109_TDSC_2024_3354736 crossref_primary_10_1109_TNET_2024_3379439 crossref_primary_10_1016_j_future_2025_107780 crossref_primary_10_1016_j_sysarc_2024_103304 crossref_primary_10_1109_OJCOMS_2024_3438264 crossref_primary_10_1016_j_cose_2024_104161 crossref_primary_10_1109_TCSS_2023_3296885 crossref_primary_10_1007_s00607_024_01356_0 crossref_primary_10_1109_TIFS_2024_3461449 crossref_primary_10_1109_ACCESS_2024_3353131 crossref_primary_10_1016_j_comnet_2024_110730 crossref_primary_10_1109_JIOT_2024_3399259 |
| Cites_doi | 10.1109/5.726791 10.1145/362342.362367 10.1561/9781680837896 10.1145/2588555.2610509 10.3934/mbe.2022078 10.1109/NaNA51271.2020.00066 10.1109/GLOBECOM38437.2019.9013890 10.1109/TIFS.2021.3108434 10.1109/ICASSP40776.2020.9054676 10.1109/ICDE53745.2022.00077 10.14722/ndss.2021.24498 10.1145/3128572.3140451 10.1145/3442381.3450066 10.1109/JSAC.2020.3041404 10.1145/2991079.2991125 10.14722/ndss.2021.24434 10.1609/aaai.v35i8.16849 10.1007/978-3-030-88418-5_24 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022 |
| DBID | 97E RIA RIE AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| DOI | 10.1109/TPDS.2022.3205714 |
| DatabaseName | IEEE Xplore (IEEE) IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Technology Research Database |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Computer Science |
| EISSN | 1558-2183 |
| EndPage | 14 |
| ExternalDocumentID | 10_1109_TPDS_2022_3205714 9887909 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Natural Science Foundation of China grantid: 61972037; 61872041; U1804263 – fundername: China Postdoctoral Science Foundation grantid: 2021M700435; 2021TQ0042 – fundername: National Cryptography Development Fund grantid: MMJJ20180412 |
| GroupedDBID | --Z -~X .DC 0R~ 29I 4.4 5GY 5VS 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABFSI ABQJQ ABVLG ACGFO ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AI. AIBXA AKJIK AKQYR ALLEH ALMA_UNASSIGNED_HOLDINGS ASUFR ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 E.L EBS EJD HZ~ H~9 ICLAB IEDLZ IFIPE IFJZH IPLJI JAVBF LAI M43 MS~ O9- OCL P2P PQQKQ RIA RIE RNI RNS RZB TN5 TWZ UHB VH1 AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c359t-cd8b87206dbd3d679918aad56d78e7728d12e76868c308e3d0e9e05fbe981bf13 |
| IEDL.DBID | RIE |
| ISSN | 1045-9219 |
| IngestDate | Mon Jun 30 04:21:21 EDT 2025 Thu Apr 24 23:05:32 EDT 2025 Tue Jul 01 03:58:40 EDT 2025 Wed Aug 27 02:18:17 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 12 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html https://doi.org/10.15223/policy-029 https://doi.org/10.15223/policy-037 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c359t-cd8b87206dbd3d679918aad56d78e7728d12e76868c308e3d0e9e05fbe981bf13 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0003-3277-3887 0000-0001-7684-8540 0000-0002-9726-7232 0000-0001-7115-403X 0000-0001-7214-6568 |
| PQID | 2719557823 |
| PQPubID | 85437 |
| PageCount | 14 |
| ParticipantIDs | proquest_journals_2719557823 crossref_citationtrail_10_1109_TPDS_2022_3205714 ieee_primary_9887909 crossref_primary_10_1109_TPDS_2022_3205714 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2022-12-01 |
| PublicationDateYYYYMMDD | 2022-12-01 |
| PublicationDate_xml | – month: 12 year: 2022 text: 2022-12-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York |
| PublicationTitle | IEEE transactions on parallel and distributed systems |
| PublicationTitleAbbrev | TPDS |
| PublicationYear | 2022 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref35 muñoz-gonzález (ref10) 2019 ref12 yin (ref9) 2018 ref14 bonawitz (ref18) 2019; 1 ref30 ref11 pan (ref28) 2020 xie (ref33) 2020 ref17 ref16 ref19 blanchard (ref5) 2017 bo (ref22) 0 xiao (ref31) 2017 mcmahan (ref20) 2017 zhao (ref34) 2018 ref24 zhao (ref13) 2021 ref23 ref26 ref25 fang (ref2) 2020 ref21 krizhevsky (ref32) 2009 ref27 ref29 li (ref15) 2020 ref8 ref7 bagdasaryan (ref4) 2020 ref3 bhagoji (ref1) 2019 mhamdi (ref6) 2018 |
| References_xml | – ident: ref30 doi: 10.1109/5.726791 – ident: ref29 doi: 10.1145/362342.362367 – ident: ref19 doi: 10.1561/9781680837896 – ident: ref21 doi: 10.1145/2588555.2610509 – ident: ref25 doi: 10.3934/mbe.2022078 – ident: ref17 doi: 10.1109/NaNA51271.2020.00066 – ident: ref27 doi: 10.1109/GLOBECOM38437.2019.9013890 – start-page: 119 year: 2017 ident: ref5 article-title: Machine learning with adversaries: Byzantine tolerant gradient descent publication-title: Proc Adv Neural Inf Process Syst – start-page: 634 year: 2019 ident: ref1 article-title: Analyzing federated learning through an adversarial lens publication-title: Proc 36th Int Conf Mach Learn – start-page: 1273 year: 2017 ident: ref20 article-title: Communication-efficient learning of deep networks from decentralized data publication-title: Proc 20th Int Conf Artif Intell Statist – ident: ref26 doi: 10.1109/TIFS.2021.3108434 – ident: ref7 doi: 10.1109/ICASSP40776.2020.9054676 – year: 2009 ident: ref32 article-title: Learning multiple layers of features from tiny images publication-title: Dept Comp Sci – start-page: 1641 year: 2020 ident: ref28 article-title: Justinian's gaavernor: Robust distributed learning with gradient aggregation agent publication-title: Proc 29th USENIX Secur Symp – volume: 1 start-page: 374 year: 2019 ident: ref18 article-title: Towards federated learning at scale: System design publication-title: Proc Mach Learn Syst – year: 2018 ident: ref34 article-title: Federated learning with non-iid data – start-page: 5636 year: 2018 ident: ref9 article-title: Byzantine-robust distributed learning: Towards optimal statistical rates publication-title: Proc 35th Int Conf Mach Learn – start-page: 1605 year: 2020 ident: ref2 article-title: Local model poisoning attacks to byzantine-robust federated learning publication-title: Proc 29th USENIX Secur Symp – ident: ref35 doi: 10.1109/ICDE53745.2022.00077 – year: 2017 ident: ref31 article-title: Fashion-MNIST: A novel image dataset for benchmarking machine learning algorithms – start-page: 1 year: 2020 ident: ref33 article-title: DBA: Distributed backdoor attacks against federated learning publication-title: Proc 8th Int Conf Learn Representations – year: 2020 ident: ref15 article-title: Learning to detect malicious clients for robust federated learning – ident: ref12 doi: 10.14722/ndss.2021.24498 – start-page: 2938 year: 2020 ident: ref4 article-title: How to backdoor federated learning publication-title: Proc 23rd Int Conf Artif Intell Statist – start-page: 3518 year: 2018 ident: ref6 article-title: The hidden vulnerability of distributed learning in byzantium publication-title: Proc 35th Int Conf Mach Learn – ident: ref3 doi: 10.1145/3128572.3140451 – ident: ref23 doi: 10.1145/3442381.3450066 – ident: ref24 doi: 10.1109/JSAC.2020.3041404 – year: 2021 ident: ref13 article-title: FedCom: A byzantine-robust local model aggregation rule using data commitment for federated learning – year: 0 ident: ref22 article-title: A probabilistic model for estimating real-valued truth from conflicting sources publication-title: Proc Int Workshop Qual Databases – year: 2019 ident: ref10 article-title: Byzantine-robust federated machine learning through adaptive model averaging – ident: ref8 doi: 10.1145/2991079.2991125 – ident: ref11 doi: 10.14722/ndss.2021.24434 – ident: ref14 doi: 10.1609/aaai.v35i8.16849 – ident: ref16 doi: 10.1007/978-3-030-88418-5_24 |
| SSID | ssj0014504 |
| Score | 2.5260494 |
| Snippet | Federated learning (FL) enables data owners to train a joint global model without sharing private data. However, it is vulnerable to Byzantine attackers that... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 1 |
| SubjectTerms | Agglomeration Collaborative work Data models Data privacy Datasets Environment models Federated learning Poisoning poisoning attack Robustness Servers Soft sensors Training truth discovery |
| Title | TDFL: Truth Discovery Based Byzantine Robust Federated Learning |
| URI | https://ieeexplore.ieee.org/document/9887909 https://www.proquest.com/docview/2719557823 |
| Volume | 33 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1RT9swED51PLGHMWDTCgz5YU-IFCeu7XgviK5UCAFCrEi8RYl9AbSpRTR5gF_POXErYAjtLQ-2Zfl8vu9yd98B_NDKKjJUcSQQc3JQnIxyXeqI81Jq4YTSiS9wPj1TR5f94yt51YHdRS0MIjbJZ9jzn00s301t7X-V7RnSCOOr9T6Q49bWai0iBn3ZtAok70JGhtQwRDBjbvbG58Pf5AkmSU8kBE_i_gsb1DRV-eclbszLaAVO5xtrs0r-9Oqq6NnHV5yN_7vzz_Ap4Ex20F6MVejgZA1W5j0cWFDpNfj4jJBwHfbHw9HJTza-r6sbNrydWZ_g-cAGZOocGzw85r6vBLKLaVHPKjbyRBSEVR0LLK3XX-BydDj-dRSFFguRFdJUkXVpkeqEK1c44ZQmtJjmuZPK6RQJeKcuTpA8EpVawVMUjqNBLssCDeHdMhZfYWkyneA3YNJaeliFw1Jhn2BC4YO6igCHEznaMukCnx96ZgP_uG-D8Tdr_BBuMi-nzMspC3Lqws5iyl1LvvHe4HV_7ouB4ci7sDWXbBbUc5YlOjbSE_mLjbdnbcKyX7vNW9mCpeq-xu-EPqpiu7l2TysZ0_s |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NT9wwEB0hONAeSoFWbKHgQ09Vszjx2o57qQrLatvuoqoNErcosSdQtdqt2OQAv77jxLvqlxC3HGzZ8ng8bzIzbwBeaWUVGao4EogFOShORoWudMR5JbVwQunEFzhPz9X4YvDxUl6uwZtVLQwitsln2PefbSzfzW3jf5UdG9II46v1Nsjuy7ir1lrFDAaybRZI_oWMDCliiGHG3Bxnn4dfyRdMkr5ICKDEgz-sUNtW5Z-3uDUwoy2YLrfW5ZV87zd12bd3f7E2PnTvT-FJQJrsfXc1tmENZzuwteziwIJS78Dj3ygJd-FdNhxN3rLspqmv2fDbwvoUz1t2QsbOsZPbu8J3lkD2ZV42i5qNPBUFoVXHAk_r1TO4GJ1lp-MoNFmIrJCmjqxLy1QnXLnSCac04cW0KJxUTqdI0Dt1cYLkk6jUCp6icBwNclmVaAjxVrF4Duuz-Qz3gElr6WkVDiuFAwIKpQ_rKoIcThRoq6QHfHnouQ0M5L4Rxo-89US4yb2cci-nPMipB69XU3529Bv3Dd71574aGI68BwdLyeZBQRd5omMjPZW_ePH_WUewOc6mk3zy4fzTPjzy63RZLAewXt80-JKwSF0etlfwF2af10Q |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=TDFL%3A+Truth+Discovery+Based+Byzantine+Robust+Federated+Learning&rft.jtitle=IEEE+transactions+on+parallel+and+distributed+systems&rft.au=Xu%2C+Chang&rft.au=Jia%2C+Yu&rft.au=Zhu%2C+Liehuang&rft.au=Zhang%2C+Chuan&rft.date=2022-12-01&rft.issn=1045-9219&rft.eissn=1558-2183&rft.volume=33&rft.issue=12&rft.spage=4835&rft.epage=4848&rft_id=info:doi/10.1109%2FTPDS.2022.3205714&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TPDS_2022_3205714 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1045-9219&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1045-9219&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1045-9219&client=summon |