Pedro Miguel Sanchez Sanchez, Alberto Huertas Celdran, Enrique Tomas Martinez Beltran, Daniel Demeter, Gerome Bovet, Gregorio Martinez Perez, Burkhard Stiller
Publication year: 2022


Federated learning (FL) allows participants to collaboratively train machine and deep learning models while protecting data privacy. However, the FL paradigm still presents drawbacks affecting its trustworthiness since malicious participants could launch adversarial attacks against the training process. Related work has studied the robustness of horizontal FL scenarios under different attacks. However, there is a lack of work evaluating the robustness of decentralized vertical FL and comparing it with horizontal FL architectures affected by adversarial attacks. Thus, this work proposes three decentralized FL architectures, one for horizontal and two for vertical scenarios, namely HoriChain, VertiChain, and VertiComb. These architectures present different neural networks and training protocols suitable for horizontal and vertical scenarios. Then, a decentralized, privacy-preserving, and federated use case with non-IID data to classify handwritten digits is deployed to evaluate the performance of the three architectures. Finally, a set of experiments computes and compares the robustness of the proposed architectures when they are affected by different data poisoning based on image watermarks and gradient poisoning adversarial attacks. The experiments show that even though particular configurations of both attacks can destroy the classification performance of the architectures, HoriChain is the most robust one.

Related Publications

COnVIDa: COVID19 multidisciplinary data collection and dashboard

Enrique Tomás Martínez Beltrán, Mario Quiles Pérez, Javier Pastor Galindo, Pantaleone Nespoli, Félix J. García Clemente, Félix Gómez Mármol
Special Issue on Novel Informatics Approaches to COVID-19 Research, Journal of Biomedical Informatics, vol. 117, pp. 1-13
Publication year: 2021