Rethinking the defense against free-rider attack from the perspective of model weight evolving frequency

Federated learning (FL) is a distributed machine learning approach where multiple clients collaboratively train a joint model without exchanging their own data. Despite FL's unprecedented success in data privacy -preserving, its vulnerability towards free -rider attacks. Numerous defense methods have been proposed, however, they fail to resist highly camouflaged free -riders. To address these challenges, we reconsider the defense from a novel perspective, i.e., model weight evolving frequency. Empirically, we gain a novel insight that during the FL's training, the model weight evolving frequency of free -riders and that of benign clients are significantly different. Inspired by this insight, we propose a novel defense method based on the model Weight Evolving Frequency , referred to as WEF-Defense. Specifically, we first collect the weight evolving frequency (defined as WEF-Matrix) during local training. Each client uploads the WEF-Matrix of the local model as well as the model weights to the server. The server then separates free -riders from benign clients based on the difference in the WEF-Matrix. At last, the server provides different global models for the corresponding clients using a personalization algorithm, which prevents free -riders from gaining high -quality models. Comprehensive experiments conducted on five datasets and five models demonstrate that WEF-Defense achieves better defense effectiveness (similar to x1 .4) than the state-of-the-art baselines and identifies free -riders at an earlier stage of training. Besides, we verify the effectiveness of WEF-Defense against an adaptive attack and visualize the WEF-Matrix during the training to interpret its effectiveness. The data and code of WEF-Defense are available at: https://github .com /research -limingjun /WEF -Defense .git.