Abstract:

Federated Learning (FL) enables a decentralized approach of training machine learning, deep learning models without gathering data in a central repository, thereby preserving data privacy. However, FL remains vulnerable to data poisoning attacks, where poisonous clients hold corrupted data and transmit malicious updates. The contribution of these malicious updates during server-side aggregation not only degrade the accuracy of the global model but also slow down its convergence and cause significant fluctuations in accuracy across communication rounds. In this work, we propose a server-side adaptive trimming (SSAT) policy to defend against data poisoning attacks. Experimental results on the MNIST dataset with a simulated label-flipping attack demonstrate that our proposed method outperforms a baseline approach against data poisoning attacks, i.e., trimmed mean, by reducing accuracy fluctuations across communication rounds and effectively detecting malicious updates in each round.