Fighting Back Against Attacks in Federated Learning

Federated Learning (FL) faces significant security challenges from attackers who can poison data or model updates to degrade performance. A multi-node simulator was built on the FEDn framework to reproduce attacks like Label Flipping and test defensive aggregation strategies. Experiments reveal that common defenses such as Trimmed Mean and Multi-KRUM can fail, especially with non-IID data or late-joining malicious clients. These shortcomings led to the development of a new adaptive aggregation strategy called EE-Trimmed Mean. This novel method uses an epsilon-greedy policy to dynamically select clients, improving resilience against sophisticated attacks by balancing exploration and exploitation.