Tolerating Outliers: Gradient-Based Penalties for Byzantine Robustness and Inclusion

Tolerating Outliers: Gradient-Based Penalties for Byzantine Robustness and Inclusion

Latifa Errami, El Houcine Bergou

Proceedings of the Thirty-Third International Joint Conference on Artificial Intelligence
Main Track. Pages 3935-3943. https://doi.org/10.24963/ijcai.2024/435

This work investigates the interplay between Robustness and Inclusion in the context of poisoning attacks targeting the convergence of Stochastic Gradient Descent (SGD). While robustness has received significant attention, the standard Byzantine defenses rely on the Independent and Identically Distributed (IID) assumption causing their performance to deteriorate on non-IID data distributions, even without any attack. This is largely due to these defenses being excessively cautious and discarding benign outliers. We introduce a penalty-based aggregation that accounts for the discrepancy between trusted clients and outliers. We propose the use of Linear Scalarization (LS) as an enhancing method to enable current defenses to simultaneously circumvent Byzantine attacks while also granting inclusion of outliers. This empowers existing defenses to not only counteract malicious adversaries effectively but also to incorporate outliers into the learning process. We conduct a theoretical analysis to demonstrate the convergence of our approach. Specifically, we establish the robustness and resilience of our method under standard assumptions. Empirical analysis further validates the viability of the proposed approach. Across mild to strong non-IID data splits, our method consistently either matches or surpasses the performance of current approaches in the literature, under state-of-the-art Byzantine attack scenarios.
Keywords:
Machine Learning: ML: Robustness
AI Ethics, Trust, Fairness: ETF: Fairness and diversity
Machine Learning: ML: Trustworthy machine learning