	US 12,248,617 B2
	Defending against adversarial attacks in federated learning
Yi Zhou, San Jose, CA (US); Kamala Micaela Noelle Varma, Minneapolis, MN (US); and Nathalie Baracaldo Angel, San Jose, CA (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Jul. 7, 2022, as Appl. No. 17/811,166.
Prior Publication US 2024/0012942 A1, Jan. 11, 2024
Int. Cl. G06F 21/64 (2013.01); G06N 20/20 (2019.01)

CPC G06F 21/64 (2013.01) [G06N 20/20 (2019.01)]

25 Claims

1. A computer-implemented method for defending against adversarial attacks in federated learning, the method comprising:

receiving, by an aggregator in the federated learning, weights sent from respective parties in the federated learning;

computing, by the aggregator, values of a performance metric for weight arrays obtained by the respective parties, using a validation dataset;

ranking, by the aggregator, the values of the performance metric in a list;

recursively splitting, by the aggregator, the list in half, and respective bottom halves thereafter, until one or more adversary updates of the weights are isolated by identifying two halves that are not statistically different and do have a difference in performance;

performing recursive splitting on a top half with higher performance of the two halves that are not statistically different until an honest update in the top half is isolated; and

excluding, by the aggregator, one or more parties that send the one or more adversary updates from participating in a current round of training in the federated learning, wherein the one or more adversary updates are a bottom half of the two halves that are not statistically different and the top half with the honest update excluded.