Security of federated machine learning

About this project

Project description

Federated learning is a branch of machine learning where a collection of agent nodes collaboratively train a model, by using a large data set partitioned among the nodes. It has widespread applications ranging from signal detection, channel estimation and collaborative beamforming in wireless communications, content caching in wireless networks, augmented and virtual reality, image and video processing, etc. The nodes locally compute a part of the model by using the locally available data set, and these local computation results are shared globally over a network. This ensures limited data exchange in the process of learning the global model.

However, in many applications, some of the nodes can become malicious and send false results for their local computation. For example, in a cyber-physical system, packet encryption is often avoided since it increases the packet length and hence latency in communication, but short unencrypted data packets are vulnerable to false data injection attack. In a federated learning setup, this might result in learning a model which is far from optimal. Alternatively, the training data collected at some nodes might also be adversarial in nature. However, since all nodes are not under attack, information from safe nodes can be used intelligently to detect such attacks and securely learn the global model. On the other hand, it is also important to design attack schemes that can inflict severe harm to the learning system, while fooling any statistical detector. Also, the outcome of the global training model is often fed to a control system such as an autonomous vehicle navigating along with other vehicles. Hence, it is also important to study the effect of such attacks on distributed control systems equipped with federated learning. This project seeks to carry out an in-depth theoretical study of these problems, and apply the results to potential use cases.


  1. Algorithms for attack design and mitigation in federated learning
  2. Publications in reputed journals and conferences
  3. Patents, if applicable
  4. Tentative: application for external grants

Information for applicants

Essential capabilities

Probability and Statistics, Linear Algebra and Matrix Analysis

Desireable capabilities

Machine Learning, Optimization, Game Theory, Real Analysis, Randomized Algorithms

Expected qualifications (Course/Degrees etc.)

B.Tech/BSc/M.Tech/MSc or equivalent in EE/ECE/CS/Mathematics/Statistics from a top institute, with good academic record. Prior research experience/publications will be added advantage.

Project supervisors

Principal supervisors

UQ Supervisor

Dr Fred Roosta

School of Mathematics and Physics
IITD Supervisor

Assistant professor Arpan Chattopadhyay

Department of Electrical Engineering