Byzantine-robust federated learning with ensemble incentive mechanism

Federated learning (FL) is vulnerable to Byzantine attacks due to its distributed nature. Existing defenses, which typically rely on server-based or trust-bootstrapped aggregation rules, often struggle to mitigate the impact when a large proportion of participants are malicious. Additionally, the absence of an effective incentive mechanism in current defenses may lead rational clients to submit meaningless or malicious updates, compromising the global model's effectiveness in federated learning. To tackle these issues, we propose a Byzantine-robust Ensemble Incentive Mechanism (BEIM) that not only leverages ensemble learning to train multiple global models, enhancing the robustness against such attacks, but also establishes a novel incentive mechanism to promote honest participation. Specifically, Byzantine robustness of BEIM can be initially enhanced by motivating high-quality clients to participate in FL. A distance-based aggregation rule is then employed to diminish the influence of malicious clients. Subsequently, the integration of a majority voting scheme across the ensemble models further isolates and dilutes the impact of malicious updates. The properties of truthfulness, individual rationality, and budget feasibility of the incentive mechanism in BEIM are proved theoretically. Empirical results demonstrate that BEIM not only effectively counters the impact of malicious clients, enhancing test accuracy by up to 77.3% compared to existing baselines when over 50% of the clients are malicious, but also fairly rewards clients based on the quality of their contributions.