RoFL: A Robust Federated Learning Scheme Against Malicious Attacks

Privacy protection is increasingly important in contemporary machine learning-based applications. While federated learning can provide privacy protection to some extent, it assumes that clients (and their updates) are trusted. However, we also need to consider the potential of malicious or compromised clients. In this paper, we propose a robust federated learning (RoFL) scheme, designed to detect multiple attacks and block malicious updates from being passed to the central model. To validate our scheme, we train a CNN classification model based on the MNIST dataset. We then conduct experiments focusing on the impacts of model parameters (e.g., malicious amplification factors, fractions of training clients, fractions of malicious clients, and data distribution characteristics (i.e., IID or Non-IID)) on the proposed (RoFL) scheme. The findings demonstrate that the proposed (RoFL) scheme can effectively protect federated learning models from malicious attacks.