Byzantine Resilient Federated Learning in Sporadically Connected Wireless Networks

The objective of the proposed project is to establish the theory and system foundation to address security challenges in federated learning (FL) in resource-constrained and sporadically connected military networks, particularly in hostile environments. The primary threat considered here is Byzantine attacks, where Byzantine nodes (i.e., compromised participants in an FL system) exhibit arbitrary and malicious behaviors. Such behaviors can include refusing to cooperate, sending incorrect information, or trying to deceive other participants in the system. To achieve their malicious goals, Byzantine nodes may send conflicting information to different recipients. Byzantine attacks can lead to significant consequences on FL systems. Byzantine nodes can inject malicious input into the learning process, leading to model poisoning and slower convergence or convergence to suboptimal models. The sporadic connectivity in the network makes the situation more challenging. In extreme cases, while losing connectivity to the FL server, Byzantine nodes can disrupt the consensus process, resulting in erroneous actions taken in critical decision-making. To mitigate such Byzantine attacks in mission-critical military FL systems, we propose a comprehensive research plan to build Byzantine resiliency into FL systems, particularly for resource-constrained and sporadically connected networks. The proposed research activities include four synergistic thrusts. Thrust I takes a systems approach to derive a principled method to assess the trustworthiness of information from FL nodes. We will develop new remote attestation primitives that will allow contributing nodes to demonstrate cryptographically that their submitted information follows specific security policies. Thrust II then takes a data-centric approach, aiming to develop robust and efficient learning algorithms that keep adversarial influence on the minimum, ensuring robust FL output even in the face of Byzantine inputs. Thrust III considers the most challenging scenario where a group of FL nodes must work in a self-organized fashion to make critical learning or inference decisions collectively when losing connectivity to the FL server. We will develop a new consensus-based Byzantine-resilient decentralized FL approach to enable trustworthy training and inference decision-making in this challenging scenario. Thrust IV will thoroughly analyze the system resource requirements of various defense mechanisms, and their impacts on model performance.