AWFC: Preventing Label Flipping Attacks Towards Federated Learning for Intelligent IoT

Centralized machine learning methods require the aggregation of data collected from clients. Due to the awareness of data privacy, however, the aggregation of raw data collected by Internet of Things (IoT) devices is not feasible in many scenarios. Federated learning (FL), a kind of distributed learning framework, can be running on multiple IoT devices. It aims to resolve the issues of privacy leakage by training a model locally on the client-side, other than on the server-side that aggregates all the raw data. However, there are still threats of poisoning attacks in FL. Label flipping attacks, typical data poisoning attacks in FL, aim to poison the global model by sending model updates trained by the data with mismatched labels. The central parameter aggregation server is hard to detect the label flipping attacks due to its inaccessibility to the client in a typical FL system. In this work, we are motivated to prevent label flipping poisoning attacks by observing the changes in model parameters that were trained by different single labels. We propose a novel detection method called average weight of each class in its associated fully connected layer. In this method, we detect label flipping attacks by identifying the differences of classes in the data based on the weight assignments in a fully connected layer of the neural network model and use the statistical algorithm to recognize the malicious clients. We conduct extensive experiments on benchmark data like Fashion-MNIST and Intrusion Detection Evaluation Dataset (CIC-IDS2017). Comprehensive experimental results demonstrated that our method has the detection accuracy over 90% for the identification of the attackers flipping labels.