Byzantine-Resilient Federated Learning via QUBO-Based Client Selection on Quantum Annealers
Summary
A novel Byzantine-resilient federated learning (FL) approach, leveraging quantum annealing (QA) for client selection, significantly enhances defense against sophisticated attacks. The method reformulates client selection as a Quadratic Unconstrained Binary Optimization (QUBO) problem, allowing for joint optimization over client subsets, unlike classical MultiKrum's greedy per-client scoring. Initial experiments with 15 clients showed the QUBO method achieved 95.11% detection accuracy against Advanced LIE attacks on MNIST, outperforming MultiKrum's 81.33%. To address scalability and limitations against simpler attacks, a MultiSignal ensemble was introduced. This ensemble uses a dual-feature routing gate to classify attacks and routes evasion attacks to a suspicion-penalized QUBO with agreement voting. The MultiSignal ensemble achieved 95.3% average detection accuracy at 100 clients on MNIST, a 4.7 percentage-point improvement over classical MultiKrum, with notable gains of 23.2 percentage points on Sparse Lie and 4.8 percentage points on Advanced Lie.
Key takeaway
Research scientists developing robust federated learning systems should integrate quantum annealing-based QUBO methods, particularly the MultiSignal ensemble, to enhance defenses against advanced Byzantine attacks. This approach offers superior detection accuracy for evasion attacks like Advanced LIE and Sparse Lie, which classical methods often miss. You should consider hybrid quantum-classical solutions to leverage the complementary strengths of both paradigms, ensuring comprehensive protection across a wider range of attack types.
Key insights
Quantum annealing-based QUBO client selection, combined with a MultiSignal ensemble, improves Byzantine attack detection in FL.
Principles
- Joint optimization detects subtle attacks.
- Classical and quantum methods offer complementary strengths.
- Attack classification improves defense routing.
Method
The MultiSignal ensemble uses Euclidean and cosine Krum score gaps to classify attacks into four regimes, routing evasion attacks to a suspicion-penalized QUBO with agreement voting for robust client selection.
In practice
- Use QUBO for evasion attacks like ALIE.
- Combine classical MultiKrum with QUBO for comprehensive defense.
- Employ dual-feature routing for attack-specific handling.
Topics
- Federated Learning
- Quantum Annealing
- QUBO Formulation
- Byzantine Attack Detection
- MultiSignal Ensemble
Best for: Research Scientist, AI Scientist, Machine Learning Engineer, AI Hardware Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by cs.LG updates on arXiv.org.