Towards the Robustness of Differentially Private Federated Learning
Authors: Tao Qi, Huili Wang, Yongfeng Huang
AAAI 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experiments on three benchmark datasets demonstrate that baseline methods cannot ensure task accuracy, data privacy, and robustness simultaneously, while Robust-DPFL can effectively enhance the privacy protection and robustness of federated learning meanwhile maintain the task performance. |
| Researcher Affiliation | Academia | 1Department of Electronic Engineering, Tsinghua University, Beijing 100084, China 2Zhongguancun Laboratory, Beijing 100094, China |
| Pseudocode | No | The paper describes its methods and algorithms using prose and mathematical equations but does not include any formal pseudocode blocks or algorithm listings. |
| Open Source Code | Yes | The code is available in https://github.com/taoqi98/Robust-DPFL. |
| Open Datasets | Yes | We conduct experiments on three benchmark datasets for federated learning, including MNIST (Deng 2012), FEMNIST (Caldas et al. 2018), and CIFAR-10 (Krizhevsky, Hinton et al. 2009). |
| Dataset Splits | No | The paper describes how training data is partitioned among clients ('The training data is randomly partitioned into 100 clients based on a non-IID data partition strategy'), but it does not specify a distinct validation set split or its size for hyperparameter tuning or early stopping. |
| Hardware Specification | No | The paper does not specify the hardware used for experiments, such as CPU or GPU models, or memory specifications. |
| Software Dependencies | No | The paper mentions that models are implemented by ResNet-18, but does not list specific software versions (e.g., Python, PyTorch, TensorFlow) or library dependencies with version numbers. |
| Experiment Setup | Yes | We conduct experiments on three benchmark datasets for federated learning, including MNIST (...), FEMNIST (...), and CIFAR-10 (...). The training data is randomly partitioned into 100 clients based on a non-IID data partition strategy (...). The basic machine learning models trained on these three datasets are implemented by ResNet-18 (...). The proportion of malicious clients controlled by the adversary is set to 15%. ... The level of DP guarantee is set to (1.2, 5). ... For a malicious client u, Attack DPFL first learns the poisoned gradient Gu from its local poisoned data. Then Attack-DPFL simulates the distribution of the perturbed poisoned gradient and aligns their norms to learn an amplified unperturbed poisoned gradient Au: Au = AGu, A = ||Su||/||Gu|| Su = h(Gu; l) + N(0, σ2), (4) where A is the amplification coefficient. ... In each training round of Robust-DPFL, the server first models the detection score of each uploaded gradient {Z(Su)|u Ut}. Then the server clusters the detection scores into two groups based on the K-means algorithm to detect the suspicious gradients. |