Skip to main content
Nubint
QUICK REVIEW

[论文解读] Resilient Federated Chain: Transforming Blockchain Consensus into an Active Defense Layer for Federated Learning

Mario García-Márquez, Nuria Rodríguez-Barroso|arXiv (Cornell University)|Feb 25, 2026
Adversarial Robustness in Machine Learning被引用 0
一句话总结

RFC 将 federated learning 的挖矿冗余作为对抗联邦学习中对手攻击的主动防御,能够实现灵活、不可微分的评估指标与鲁棒的池内聚合。

ABSTRACT

Federated Learning (FL) has emerged as a key paradigm for building Trustworthy AI systems by enabling privacy-preserving, decentralized model training. However, FL is highly susceptible to adversarial attacks that compromise model integrity and data confidentiality, a vulnerability exacerbated by the fact that conventional data inspection methods are incompatible with its decentralized design. While integrating FL with Blockchain technology has been proposed to address some limitations, its potential for mitigating adversarial attacks remains largely unexplored. This paper introduces Resilient Federated Chain (RFC), a novel blockchain-enabled FL framework designed specifically to enhance resilience against such threats. RFC builds upon the existing Proof of Federated Learning architecture by repurposing the redundancy of its Pooled Mining mechanism as an active defense layer that can be combined with robust aggregation rules. Furthermore, the framework introduces a flexible evaluation function in its consensus mechanism, allowing for adaptive defense against different attack strategies. Extensive experimental evaluation on image classification tasks under various adversarial scenarios, demonstrates that RFC significantly improves robustness compared to baseline methods, providing a viable solution for securing decentralized learning environments.

研究动机与目标

  • 通过提升 FL 对对手更新和数据篡改的鲁棒性来推动去中心化学习中的可信AI。
  • 在 PoFL 中利用集中挖矿冗余作为区块链支持的 FL 框架中的主动防御层。
  • 引入模块化、可调节的聚合与评估组件,以应对多样化的攻击策略。
  • 在多种图像分类任务中展示对 Byzantime 攻击和后门攻击的鲁棒性改进。

提出的方法

  • 在 PoFL 的基础上,通过不同矿池来创建冗余和故障隔离。
  • 通过将共识度量视为可调超参数(E)来推广模型评估,超越简单的准确性。
  • 引入健壮的池内聚合器(如 Krum)以对抗源头的恶意更新。
  • 将聚合规则(R)与评估度量(E)与固定实现解耦,以实现灵活的防御配置。
  • 基于 E 选择表现最佳的池模型并将其作为新的全局状态提交到区块链。
  • 提供包含多数据集、攻击( Byzantime 和后门)与基线(FedAvg、Krum、Bulyan、GeoMed)的实验框架。
Figure 1: Descriptive diagram showing the architecture of a FL system. Source: [ 26 ] .
Figure 1: Descriptive diagram showing the architecture of a FL system. Source: [ 26 ] .

实验结果

研究问题

  • RQ1如何将 PoFL 的池化挖矿冗余重新用于积极防御 FL 以对抗对手客户端?
  • RQ2与标准聚合规则相比,RFC 是否能提高对 Byzantime 和后门攻击的鲁棒性?
  • RQ3将聚合规则和评估指标设为模块化超参数对 FL 鲁棒性有何影响?
  • RQ4池内健壮聚合器能否与池间冗余互补,以减轻普遍性攻击?
  • RQ5RFC 的防御在不同数据集和模型架构下的表现如何?

主要发现

  • 在实验中,RFC 相比基线方法显著提高了对对手攻击的鲁棒性。
  • 该框架使得可以使用非微分且与任务相关的评估指标进行模型选择,使防御与多元目标相匹配。
  • 池内健壮聚合器(如 Krum)在池间冗余不足以单独防御时提供了额外防御层。
  • 将共识逻辑从固定实现解耦,实现了适用于不同威胁模型的灵活防御。
  • 实验覆盖 CIFAR-10、Fashion-MNIST、EMNIST 和 CelebA-S 等数据集,且包含 Byzantime 和后门攻击,验证了 RFC 的鲁棒性提升。
Figure 2: Schematic of the pooled mining architecture. By clustering clients into independent pools, this framework enhances system scalability and reduces blockchain communication overhead. Furthermore, the accuracy-based selection mechanism incentivizes the contribution of high quality model updat
Figure 2: Schematic of the pooled mining architecture. By clustering clients into independent pools, this framework enhances system scalability and reduces blockchain communication overhead. Furthermore, the accuracy-based selection mechanism incentivizes the contribution of high quality model updat

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。