Fall of Empires: Breaking Byzantine-tolerant SGD by Inner Product Manipulation

Research output: Contribution to journalConference articlepeer-review


Recently, new defense techniques have been developed to tolerate Byzantine failures for distributed machine learning. The Byzantine model captures workers that behave arbitrarily, including malicious and compromised workers. In this paper, we break two prevailing Byzantine-tolerant techniques. Specifically we show that two robust aggregation methods for synchronous SGD–namely, coordinate-wise median and Krum–can be broken using new attack strategies based on inner product manipulation. We prove our results theoretically, as well as show empirical validation.

Original languageEnglish (US)
Pages (from-to)261-270
Number of pages10
JournalProceedings of Machine Learning Research
StatePublished - 2019
Externally publishedYes
Event35th Uncertainty in Artificial Intelligence Conference, UAI 2019 - Tel Aviv, Israel
Duration: Jul 22 2019Jul 25 2019

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Control and Systems Engineering
  • Statistics and Probability


Dive into the research topics of 'Fall of Empires: Breaking Byzantine-tolerant SGD by Inner Product Manipulation'. Together they form a unique fingerprint.

Cite this