Abstract
Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.
Original language | English (US) |
---|---|
State | Published - 2019 |
Event | 35th Conference on Uncertainty in Artificial Intelligence, UAI 2019 - Tel Aviv, Israel Duration: Jul 22 2019 → Jul 25 2019 |
Conference
Conference | 35th Conference on Uncertainty in Artificial Intelligence, UAI 2019 |
---|---|
Country/Territory | Israel |
City | Tel Aviv |
Period | 7/22/19 → 7/25/19 |
ASJC Scopus subject areas
- Artificial Intelligence