Fall of Empires: Breaking Byzantine-tolerant SGD by Inner Product Manipulation

Cong Xie, Oluwasanmi Koyejo, Indranil Gupta
Proceedings of The 35th Uncertainty in Artificial Intelligence Conference, PMLR 115:261-270, 2020.

Abstract

Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.

Cite this Paper


BibTeX
@InProceedings{pmlr-v115-xie20a, title = {Fall of Empires: Breaking Byzantine-tolerant SGD by Inner Product Manipulation}, author = {Xie, Cong and Koyejo, Oluwasanmi and Gupta, Indranil}, booktitle = {Proceedings of The 35th Uncertainty in Artificial Intelligence Conference}, pages = {261--270}, year = {2020}, editor = {Adams, Ryan P. and Gogate, Vibhav}, volume = {115}, series = {Proceedings of Machine Learning Research}, month = {22--25 Jul}, publisher = {PMLR}, pdf = {http://proceedings.mlr.press/v115/xie20a/xie20a.pdf}, url = {https://proceedings.mlr.press/v115/xie20a.html}, abstract = {Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation. } }
Endnote
%0 Conference Paper %T Fall of Empires: Breaking Byzantine-tolerant SGD by Inner Product Manipulation %A Cong Xie %A Oluwasanmi Koyejo %A Indranil Gupta %B Proceedings of The 35th Uncertainty in Artificial Intelligence Conference %C Proceedings of Machine Learning Research %D 2020 %E Ryan P. Adams %E Vibhav Gogate %F pmlr-v115-xie20a %I PMLR %P 261--270 %U https://proceedings.mlr.press/v115/xie20a.html %V 115 %X Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.
APA
Xie, C., Koyejo, O. & Gupta, I.. (2020). Fall of Empires: Breaking Byzantine-tolerant SGD by Inner Product Manipulation. Proceedings of The 35th Uncertainty in Artificial Intelligence Conference, in Proceedings of Machine Learning Research 115:261-270 Available from https://proceedings.mlr.press/v115/xie20a.html.

Related Material