Research On Resisting Malicious Node Attacks In Federated Learning Scenarios

With the advent of the era of big data and artificial intelligence,machine learning algorithms for large-scale data are successfully applied to a wider range of practical scenarios.However,in these learning algorithms,the server usually needs a large amount of personal behavioral data from users for training.This has raised concerns among users about the privacy and security of their data.To solve this problem,Google proposed the concept of federated learning in 2016.In this learning framework,instead of transferring private user data to the central server for centralized modeling,the model is trained directly on the user's local mobile device using local computing resources,and the central server only undertakes the collection and aggregation of key model information.However,in the study of federated learning,it is usually assumed that each compute node can be trusted,but the assumption may not be ensured in real-world scenarios.For example,after some computational nodes are maliciously hijacked or suffer from internal computational failures,these nodes start transmitting error messages to the central node,which leads to a serious impact on model training.Such computational nodes that transmit error messages to the central node are called Byzantine nodes.This dissertation focuses on the optimization of algorithms for aggregating information from computational nodes when the central server is attacked by Byzantine nodes in a federation learning scenario.To address this problem,this dissertation proposes a robust aggregation algorithm called GDBRA-FL that can resist Byzantine attacks in a federated learning scenario.The algorithm is based on the assumption that the gradient descent direction of the central server and the normal computing nodes are more convergent than that of the Byzantine nodes.The probability of a node being a potential Byzantine node is determined by calculating the distance between the gradient descent of each computational node and the central node,and then the gradient aggregation is performed by assigning it as a weight to the gradient of each node.Also,in order to adapt to the distribution of Byzantine nodes in realistic scenarios,this dissertation is inspired by the momentum gradient descent and further introduces the momentum coefficient and design a new algorithm called FBRA-FL,so that the model can remember the past Byzantine states of the nodes and identify and process the abnormal node information early,thus achieving the purpose of accelerating the convergence of the model.Compared with most current Byzantine robust algorithms,when the data in the computational nodes are stored either as independent homogeneous distributions or as non-independent homogeneous distributions,the algorithm can effectively resist Byzantine attacks Moreover,this algorithm can accelerate the convergence of the model,reduce the number of training rounds and communication overhead,and make the communication during the learning process more efficient.Therefore,the algorithm can be applied more flexibly in real-world scenarios,especially in federal learning scenarios.By simulating various Byzantine attacks on a real dataset MNIST,it can be verified that GDBRA-FL can effectively resist Byzantine attacks in federal learning scenarios,regardless of whether the data in computational nodes are stored in i.i.d.scenario or in noni.i.d.scenario,compared with the mainstream Byzantine robust algorithms.Moreover,FBRA-FL can further effectively cope with dynamic Byzantine attack scenarios in federal learning,reduce the number of model training rounds,and thus accelerate the convergence speed of the model,which is also better than the mainstream classical Byzantine robust optimization algorithms.