Fall of Empires: Breaking Byzantine-tolerant SGD by Inner Product Manipulation
Proceedings of The 35th Uncertainty in Artificial Intelligence Conference, PMLR 115:261-270, 2020.
Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.