FedMC: Federated Learning with Mode Connectivity Against Distributed Backdoor Attacks

Federated learning (FL) has become a hot research domain due to its privacy protection for model collaboratively training in edge computing systems. However, recent studies indicated that most FL algorithms have desperately suffered from backdoor attacks. Although many backdoor defence FL algorithms were proposed, their effects were highly related to the ratio of malicious clients (RMC) of all participated edge nodes. To be more specific, most of them only set RMC around 10% to 30% in their experiments, and their results also showed that the rate of successful backdoor defence seriously drops when RMC increases. In the paper, we propose a novel federated learning scheme with mode connectivity (FedMC) to defend against backdoor attacks, mitigating the sharp defence effect degradation as RMC increases. Conventional mode connectivity mainly focuses on training a connecting curve between two end models, which is inapplicable in distributed multiple clients FL situations. We extend the two-ends mode connectivity to multi-ends by introducing a scalable regularization term consisting of the edge clients' models to involve their knowledge in the connective model training. In each communication round, the FL-Server aggregates and absorbs the contribution of clients by training a connective model based on a small set of clean samples, which builds a pathway to accurately connect all edge clients' models and mitigates the backdoor triggers of models. Extensive experiments and results demonstrate that FedMC can effectively defend against backdoor attacks while maintaining the accuracy on untampered test data.