US 12,425,419 B2
Lightweight attacker identification method for federated learning with secure byzantine-robust aggregation via clustering
Paulo Abelha Ferreira, Rio de Janeiro (BR); Pablo Nascimento da Silva, Niterói (BR); and Maira Beatriz Hernandez Moran, Rio de Janeiro (BR)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Dec. 13, 2022, as Appl. No. 18/065,064.
Prior Publication US 2024/0195816 A1, Jun. 13, 2024
Int. Cl. H04L 9/40 (2022.01); G06N 20/00 (2019.01)
CPC H04L 63/1416 (2013.01) [G06N 20/00 (2019.01); H04L 63/20 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method, comprising:
performing a federated learning process comprising:
receiving, at a central node, a respective gradient from each node of a cluster, and each of the gradients comprises a respective update to a global machine learning model maintained at the central node;
aggregating, by the central node, the gradients to obtain an aggregated gradient for the cluster, and the aggregated gradient is part of a list of aggregated gradients;
running, by the central node, a robust aggregation operation on the aggregated gradients in the list to obtain an outlier score for the cluster;
when the outlier score equals or exceeds a specified value, or falls within a specified range of values, identifying the cluster as an outlier, and identifying nodes within the cluster as suspicious;
identifying one of the suspicious nodes as a Byzantine node; and
determining that the Byzantine node is carrying out a Byzantine attack on the central model, wherein the federated learning process is allowed to continue [1] notwithstanding the determination that the Byzantine attack is being carried out, and [2] without modifying an ongoing re-clustering operation that does not involve the Byzantine node.