Hardened Model Aggregation for Federated Learning backed by Distributed Trust Towards decentralizing Federated Learning using a Blockchain

Abstract: Federated learning enables the training of machine learning models on isolated data islands but also introduces new security challenges. Besides training-data-poisoning and model-update-poisoning, centralized federated learning systems are subject to a third type of poisoning attack: model-aggregation-poisoning. In this type of attack an adversary tampers with the model aggregation in order to bias the model. This can cause immense harm and severely weaken the trust a model-consumer puts into federatively trained models. This thesis proposes a hardened model aggregation scheme based on decentralization to close such attack vectors by design. It replaces the central aggregation server with a combination of decentralized computing and decentralized storage. A reference implementation based on the Ethereum platform and the Interplanetary File System (IPFS) is compared to a classic centralized federated learning system in terms of model performance, communication cost and resilience against said attacks. This thesis shows that such a decentralized federated learning system effectively eliminates model-aggregation-poisoning andtraining-disruption attacks at the cost of increased network traffic while achieving identical model performance.