References
- H. B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas. “Communication-efficient learning of deep networks from decentralized data”, 2017.
- X. Li, K. Huang, W. Yang, S. Wang, and Z. Zhang. “On the convergence of fedavg on non-iid data”, 2020.
- T.-M. H. Hsu, H. Qi, and M. Brown. “Measuring the effects of non-identical data distribution for federated visual classification”, 2019.
- X. Ma, J. Zhu, Z. Lin, S. Chen, and Y. Qin, “A state-of-the-art survey on solving non-iid data in federated learning”, Future Generation Computer Systems, vol. 135, 2022, 244–258, https://doi.org/10.1016/j.future.2022.05.003.
- R. Gosselin, L. Vieu, F. Loukil, and A. Benoit, “Privacy and security in federated learning: A survey”, Applied Sciences, vol. 12, no. 19, 2022.
- P. Erbil and M. E. Gursoy, “Detection and mitigation of targeted data poisoning attacks in federated learning”. In: 2022 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), 2022, 1–8, 10.1109/DASC/PiCom/CBDCom/Cy55231. 2022.9927914.
- A. Danilenka, “Mitigating the effects of non-iid data in federated learning with a self-adversarial balancing method”, 2023 18th Conference on Computer Science and Intelligence Systems (Fed- CSIS), 2023, 925–930.
- Y. LeCun and C. Cortes, “MNIST handwritten digit database”, 2010.
- G. Cohen, S. Afshar, J. Tapson, and A. van Schaik. “Emnist: an extension of mnist to handwritten letters”, 2017.
- A. Krizhevsky. “Learning multiple layers of features from tiny images”, 2009.
- Z. Zhang, X. Cao, J. Jia, and N. Z. Gong, “Fldetector: Defending federated learning against model poisoning attacks via detecting malicious clients”. In: Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, New York, NY, USA, 2022, 2545–2555, 10.1145/3534678.3539231.
- D. Li, W. E. Wong, W. Wang, Y. Yao, and M. Chau, “Detection and mitigation of label-flipping attacks in federated learning systems with kpca and k-means”. In: 2021 8th International Conference on Dependable Systems and Their Applications (DSA), 2021, 551–559, 10.1109/DSA52907.2021.00081.
- P. Blanchard, E. M. El Mhamdi, R. Guerraoui, and J. Stainer, “Machine learning with adversaries: Byzantine tolerant gradient descent”. In: I. Guyon, U. V. Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett, eds., Advances in Neural Information Processing Systems, vol. 30, 2017.
- D. Cao, S. Chang, Z. Lin, G. Liu, and D. Sun, “Understanding distributed poisoning attack in federated learning”. In: 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS), 2019, 233–239, 10.1109/ICPADS47876.2019.00042.
- X. Cao, M. Fang, J. Liu, and N. Z. Gong. “Fltrust: Byzantine-robust federated learning via trust bootstrapping”, 2022.
- D. Yin, Y. Chen, K. Ramchandran, and P. Bartlett. “Byzantine-robust distributed learning: Towards optimal statistical rates”, 2021.
- C. Xie, O. Koyejo, and I. Gupta. “Generalized byzantine-tolerant sgd”, 2018.
- C. Fung, C. J. M. Yoon, and I. Beschastnikh, “The limitations of federated learning in sybil settings”. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), San Sebastian, 2020, 301–316.
- Y. Xie, W. Zhang, R. Pi, F. Wu, Q. Chen, X. Xie, and S. Kim. “Robust federated learning against both data heterogeneity and poisoning attack via aggregation optimization”, 2022.
- S. Han, S. Park, F. Wu, S. Kim, B. Zhu, X. Xie, and M. Cha, “Towards attack-tolerant federated learning via critical parameter analysis”. In: Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), 2023, 4999–5008.
- S. Park, S. Han, F. Wu, S. Kim, B. Zhu, X. Xie, and M. Cha, “Feddefender: Client-side attack-tolerant federated learning”. In: Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, New York, NY, USA, 2023, 1850–1861, 10.1145/3580305.3599346.
- C. Chen, Y. Liu, X. Ma, and L. Lyu. “Calfat: Calibrated federated adversarial training with label skewness”, 2023.
- G. Zizzo, A. Rawat, M. Sinn, and B. Buesser. “Fat: Federated adversarial training”, 2020.
- Z. Li, J. Shao, Y. Mao, J. H. Wang, and J. Zhang. “Federated learning with gan-based data synthesis for non-iid clients”, 2022.
- Y. Lu, P. Qian, G. Huang, and H. Wang. “Personalized federated learning on long-tailed data via adversarial feature augmentation”, 2023.
- X. Li, Z. Song, and J. Yang. “Federated adversarial learning: A framework with convergence analysis”, 2022.
- C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus. “Intriguing properties of neural networks”, 2014.
- O. Suciu, R. Marginean, Y. Kaya, H. D. III, and T. Dumitras, “When does machine learning FAIL? generalized transferability for evasion and poisoning attacks”. In: 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, 2018, 1299–1316.
- I. J. Goodfellow, J. Shlens, and C. Szegedy. “Explaining and harnessing adversarial examples”, 2015.
- A. Kurakin, I. Goodfellow, and S. Bengio. “Adversarial examples in the physical world”, 2017.
- Y. Dong, F. Liao, T. Pang, H. Su, J. Zhu, X. Hu, and J. Li. “Boosting adversarial attacks with momentum”, 2018.
- G. Xia, J. Chen, C. Yu, and J. Ma, “Poisoning attacks in federated learning: A survey”, IEEE Access, vol. 11, 2023, 10708–10722, 10.1109/ACCESS.2023.3238823.
- A. Shafahi, W. R. Huang, M. Najibi, O. Suciu, C. Studer, T. Dumitras, and T. Goldstein, “Poison frogs! targeted clean-label poisoning attacks on neural networks”. In: Neural Information Processing Systems, 2018.
- V. Shejwalkar, A. Houmansadr, P. Kairouz, and D. Ramage, “Back to the drawing board: A critical evaluation of poisoning attacks on federated learning”, ArXiv, vol. abs/2108.10241, 2021.
- H. Xiao, H. Xiao, and C. Eckert, “Adversarial label flips attack on support vector machines”. In: Proceedings of the 20th European Conference on Artificial Intelligence, NLD, 2012, 870–875.
- V. Tolpegin, S. Truex, M. E. Gursoy, and L. Liu. “Data poisoning attacks against federated learning systems”, 2020.
- A. Paszke, S. Gross, F. Massa, A. Lerer, J. Bradbury, G. Chanan, T. Killeen, Z. Lin, N. Gimelshein, L. Antiga, A. Desmaison, A. Kopf, E. Yang, Z. DeVito, M. Raison, A. Tejani, S. Chilamkurthy, B. Steiner, L. Fang, J. Bai, and S. Chintala. “Pytorch: An imperative style, high-performance deep learning library”. In: Advances in Neural Information Processing Systems 32, 8024–8035. Curran Associates, Inc., 2019.
- S. Marcel and Y. Rodriguez, “Torchvision the machine-vision package of torch”. In: Proceedings of the 18th ACM International Conference on Multimedia, New York, NY, USA, 2010, 1485–1488, 10.1145/1873951.1874254.
- Y. Lecun, L. Bottou, Y. Bengio, and P. Haffner, “Gradient-based learning applied to document recognition”, Proceedings of the IEEE, vol. 86, no. 11, 1998, 2278–2324, 10.1109/5.726791.
- M. Sandler, A. Howard, M. Zhu, A. Zhmoginov, and L.-C. Chen. “Mobilenetv2: Inverted residuals and linear bottlenecks”, 2019.
- J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei- Fei, “Imagenet: A large-scale hierarchical image database”. In: 2009 IEEE conference on computer vision and pattern recognition, 2009, 248–255.
- L. Lyu, H. Yu, X. Ma, C. Chen, L. Sun, J. Zhao, Q. Yang, and P. S. Yu, “Privacy and robustness in federated learning: Attacks and defenses”, IEEE Transactions on Neural Networks and Learning Systems, 2022, 1–21, 10.1109/TNNLS.2022.3216981.
- F. Wilcoxon. Individual comparisons by ranking methods, 196–202. Springer, 1992.