基于历史模型更新的自适应防御机制FedAud  

作　　者：任志强 陈学斌 REN Zhiqiang;CHEN Xuebin(College of Science,North China University of Science and Technology,Tangshan Hebei 063210,China;Hebei Key Laboratory of Data Science and Application(North China University of Science and Technology),Tangshan Hebei 063010,China;Tangshan Key Laboratory of Data Science(North China University of Science and Technology),Tangshan Hebei 063210,China)

机构地区：[1]华北理工大学理学院,河北唐山063210 [2]河北省数据科学与应用重点实验室(华北理工大学),河北唐山063010 [3]唐山市数据科学重点实验室(华北理工大学),河北唐山063210

出　　处：《计算机应用》2025年第2期490-496,共7页journal of Computer Applications

基　　金：国家自然科学基金资助项目(U20A20179)。

摘　　要：联邦学习(FL)已成为一种在分散的边缘设备上训练机器学习模型并保护数据隐私的有前景的方法。然而,FL系统容易受到拜占庭攻击的影响,即恶意客户端可能会破坏全局模型的完整性。此外,现有的部分防御方法存在较大的计算开销。针对上述问题,提出一种自适应防御机制FedAud,该机制旨在减小服务端的计算开销,同时确保FL系统对拜占庭攻击的鲁棒性。FedAud结合异常检测模块和信誉机制,并基于历史模型更新动态调整防御策略。使用MNIST和CIFAR-10数据集在不同的攻击场景和防御方法下进行评估的实验结果表明,FedAud能有效降低防御方法的执行频率,从而减轻服务器的计算负担,并提高FL的效率,特别是在防御方法计算开销大或训练周期较长的情况下。此外,FedAud能保持模型的准确性,并在某些情况下提升模型的性能,验证了它在实际FL部署中的有效性。Federated Learning(FL) has emerged as a promising method for training machine learning models on decentralized edge devices while protecting data privacy.However,FL systems are susceptible to Byzantine attacks,which means that a malicious client compromises the integrity of the global model.Moreover,some existing defense methods have large computational overheads.To address the above problems,an adaptive defense mechanism,namely FedAud,was proposed,which aims to reduce computational overhead of the server while ensuring robustness of the FL system against Byzantine attacks.An anomaly detection module and a reputation mechanism were integrated by FedAud to adjust the defense strategy dynamically based on historical model updates.Experimental results of FedAud evaluated using MNIST and CIFAR-10 datasets under various attack scenarios and defense methods demonstrate that FedAud reduces the execution frequency of defense methods effectively,thereby alleviating the computational burden of the server and enhancing FL efficiency,particularly in scenarios of defense methods with high computational overheads or long training cycles.Furthermore,FedAud maintains model accuracy and even improves model performance in certain cases,verifying its effectiveness in real FL deployments.

关 键 词：联邦学习 拜占庭攻击 异常检测 计算开销 通信效率 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]