Defending local poisoning attacks in multi-party learning via immune system

摘要

Multi-party learning provides effective solutions for building a jointly-trained model with scattered data while meeting user privacy, data security and government regulations. Nevertheless, since the knowledge sharing process among multiple participants is conducted by uploading model parameters instead of individual private data, local poisoning attacks in the multi-party setting could be more covert and destructive. In this paper, we propose a novel immune system deployed in the multi-party learning scenario (MPIS) to defend against local poisoning attacks. We investigate the commonality between the biological immunity and the defense against poisoning attacks, and analogize the secure defense framework as an immune system. The approach achieves antigen recognition, immune response and immunological memory with an adversarial pipeline, which is not limited by the number of compromised clients or the duration of their involvement, and it is capable of adaptively determine the aggregation weight of different local models. Extensive experimental results on image and text datasets with different neural networks demonstrate the superiority of the MPIS framework in both model performance and robustness against poisoning attacks.