Byzantine-Robust Federated Learning through Dynamic Clustering.

Federated learning enables distributed and collaborative learning among multiple participants while protecting their privacy. However, due to its distributed nature, federated learning is vulnerable to Byzantine attacks. These attacks can poison the data or directly modify the model parameters, making the global model performance degrade or even leaving a backdoor. Existing strategies for mitigating Byzantine attacks require a priori information about the number of attackers or require additional validation datasets. However, prior knowledge of the number of Byzantine clients or the collection of representative validation datasets is not always feasible in practice. Moreover, recent research has shown that well-designed attacks can make malicious updates indistinguishable from benign ones by making them highly similar, thus bypassing existing defense methods that rely on these metrics.To tackle these problems, we propose Dynamic Clustering based Federated Learning (DCFL), a novel Byzantine robust FL approach without any additional validation datasets. The main idea behind DCFL is to rigorously constrain the magnitude and direction of local updates through norms and signs. To achieve this, we propose a novel metric that can effectively distinguish malicious updates from benign updates in terms of direction, which can help the server eliminate malicious updates before final aggregation. Our experiments on three datasets demonstrate the effectiveness of DCFL in mitigating various popular Byzantine attacks. Remarkably, the accuracy of the global model learned in the adversarial setting is even close to that of FedAVG under no attack.