FedXPro: Bayesian Inference for Mitigating Poisoning Attacks in IoT Federated Learning

Federated learning (FL) has been envisioned to enable many Internet of Things (IoT) devices to perform large-scale machine learning without sharing raw data, resulting in significant privacy improvements. In a wireless IoT system, FL helps clients to secure their confidential information and achieve improved learning performance. However, the conventional FL architecture is vulnerable to Byzantine workers, possessing the potential to send malicious updates that compromise the accuracy of the global model. Previous studies have proposed various secure aggregation rules and attacker detection techniques to address this issue. However, these techniques exhibit limited effectiveness and may lead to a decrease in accuracy. To overcome these limitations, we propose a Byzantine client detection algorithm called FedXPro by combining the predictive coding/biased competition-divisive input modulation (PC/BC-DIM) neural network and geometric median (GM). Predictive coding (PC) is the core of the PC/BC-DIM architecture, which can perform Bayesian inference by fusing priors and likelihoods to determine posterior distributions. The GM is employed to determine the prior knowledge of legitimate clients to execute the PC/BC-DIM algorithm. During training, the framework calculates the probability distribution for a set of valid clients chosen from the GM. In testing, it attempts to reconstruct the same distribution from other clients concerning prior knowledge, and ultimately, the reconstruction power is utilized to filter the malicious clients. Our extensive simulations demonstrate the superiority of our FedXPro approach over other state-of-the-art methods in terms of accuracy, a guaranteed faster convergence rate, and attack detection under different network settings.