Privacy-preserving federated learning compatible with robust aggregators

Federated learning has emerged as a promising paradigm for collaborative machine learning across decentralized devices, offering the benefit of model training without centralized data aggregation. However, it also brings unique challenges related to security and privacy. Ensuring security and privacy is a critical challenge in federated learning. On one hand, sharing gradients or parameters of user models poses privacy risks; on the other hand, malicious users sending incorrect parameters can disrupt the global model on the server. Robust aggregators play a crucial role in handling such malicious users by scrutinizing transmitted vectors for anomalies. However, privacy-preserving methods often add noise or encryption to user vectors, which potentially affects the effectiveness of robust aggregators. In this paper, we have proposed a privacy-preserving method that maintains compatibility with robust aggregators by not directly altering the vectors of user parameters. Instead, noise is introduced to the training data or during model training. Our findings demonstrate that the proposed method not only reduces the accuracy of the membership inference attack to random levels but also maintains compatibility with robust aggregators without compromising the model's accuracy, thereby maintaining a balance between privacy, security, and efficiency.