Byzantine-Resilient Federated Learning via QUBO-Based Client Selection on Quantum Annealers

· Source: cs.LG updates on arXiv.org · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Emerging Technologies & Innovation · Depth: Expert, extended

Summary

A novel Byzantine-resilient federated learning (FL) approach, leveraging quantum annealing (QA) for client selection, significantly enhances defense against sophisticated attacks. The method reformulates client selection as a Quadratic Unconstrained Binary Optimization (QUBO) problem, allowing for joint optimization over client subsets, unlike classical MultiKrum's greedy per-client scoring. Initial experiments with 15 clients showed the QUBO method achieved 95.11% detection accuracy against Advanced LIE attacks on MNIST, outperforming MultiKrum's 81.33%. To address scalability and limitations against simpler attacks, a MultiSignal ensemble was introduced. This ensemble uses a dual-feature routing gate to classify attacks and routes evasion attacks to a suspicion-penalized QUBO with agreement voting. The MultiSignal ensemble achieved 95.3% average detection accuracy at 100 clients on MNIST, a 4.7 percentage-point improvement over classical MultiKrum, with notable gains of 23.2 percentage points on Sparse Lie and 4.8 percentage points on Advanced Lie.

Key takeaway

Research scientists developing robust federated learning systems should integrate quantum annealing-based QUBO methods, particularly the MultiSignal ensemble, to enhance defenses against advanced Byzantine attacks. This approach offers superior detection accuracy for evasion attacks like Advanced LIE and Sparse Lie, which classical methods often miss. You should consider hybrid quantum-classical solutions to leverage the complementary strengths of both paradigms, ensuring comprehensive protection across a wider range of attack types.

Key insights

Quantum annealing-based QUBO client selection, combined with a MultiSignal ensemble, improves Byzantine attack detection in FL.

Principles

Method

The MultiSignal ensemble uses Euclidean and cosine Krum score gaps to classify attacks into four regimes, routing evasion attacks to a suspicion-penalized QUBO with agreement voting for robust client selection.

In practice

Topics

Best for: Research Scientist, AI Scientist, Machine Learning Engineer, AI Hardware Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.LG updates on arXiv.org.