Robust and Secure Federated Learning Against Hybrid Attacks: A Generic Architecture

Federated Learning (FL) enables multiple clients to collaboratively train a model without sharing their private data. However, the deployment of FL in real-world applications is vulnerable to various attacks from both malicious servers and clients. While cryptographic methods are effective in resisting server-side attacks, they undermine the capability of client-side defenses that rely on plaintext updates. Several valuable defenses targeting hybrid attacks have been devised to address this challenge, concentrating on specific client-side threats. To improve scalability, we continue this research line to introduce a generic architecture covering more client-side attacks. In this paper, we propose a general architecture to enhance client-side defenses from plaintext to ciphertext domains. This architecture not only supports the server-side defenses, but also accommodates a broader range of client-side defenses, including Norm-based, Krum-based, and Cosine-based strategies. The core of our architecture is generic detection under ciphertext, which tackles the following conflict of integrating server-side and client-side defenses. That is, the former aims to protect parameters from exposure while the latter demands plaintext updates. We prove the security of our architecture through the Universal Composability framework. Additionally, we provide a comprehensive instantiation and extensive evaluations to demonstrate the effectiveness and robustness of our approach. Our experiments show that our architecture can maintain the effectiveness of current client-side defenses when parameters are encrypted, thus effectively resisting hybrid attacks.