Federated learning (FL) is an emerging framework that enables massive clients (e.g., mobile devices or enterprises) to collaboratively construct a global model without sharing their local data. However, due to the lack of direct access to clients’ data, the global model is vulnerable to be attacked by malicious clients with their poisoned data. Many strategies have been proposed to mitigate the threat of label flipping attacks, but they either require considerable computational overhead, or lack robustness, and some even cause privacy concerns. In this paper, we propose Malicious Clients Detection Federated Learning (MCDFL) to defense against the label flipping attack. It can identify malicious clients by recovering a distribution over a latent feature space to detect the data quality of each client. We demonstrate the effectiveness of our proposed strategy on two benchmark datasets, i.e., CIFAR-10 and Fashion-MNIST, by considering different neural network models and different attack scenarios. The results show that, our solution is robust to detect malicious clients without excessive costs under various conditions, where the proportion of malicious clients is in the range of 5% and 40%.

中文翻译：

---

联邦学习中针对标签翻转攻击的数据质量检测机制


联邦学习（FL）是一种新兴框架，它使大量客户（例如移动设备或企业）能够协作构建全局模型，而无需共享本地数据。然而，由于缺乏对客户端数据的直接访问，全局模型很容易受到恶意客户端利用中毒数据的攻击。人们提出了许多策略来减轻标签翻转攻击的威胁，但它们要么需要相当大的计算开销，要么缺乏鲁棒性，有些甚至会引起隐私问题。在本文中，我们提出恶意客户端检测联合学习（MCDFL）来防御标签翻转攻击。它可以通过恢复潜在特征空间上的分布来识别恶意客户端，以检测每个客户端的数据质量。通过考虑不同的神经网络模型和不同的攻击场景，我们在两个基准数据集（CIFAR-10 和 Fashion-MNIST）上证明了我们提出的策略的有效性。结果表明，我们的解决方案在恶意客户端比例在 5% 到 40% 范围内的各种条件下都能稳健地检测恶意客户端，且无需过多成本。