Protection of AI/ML federated learning systems from poisoning attacks

Federated artificial intelligence learning systems are susceptible to attacks that allow an attacker to change their behavior, just like conventional AI/ML solutions. The most effective of such attacks today is the poisoning attack. At the same time, the protection of federated learning systems is complicated by the possibility of collusion between the participants. In such circumstances, it becomes especially difficult to detect and prevent attacks. The solution of this problem is the purpose of the presented work. The study suggests a method to ensure the protection of federated learning systems from poisoning attacks using collusion, based on a combination of known and proven protection methods. The selected methods of filtering and reliable aggregation have been modified to take into account possible collusion of the training participants. The correctness and effectiveness of the proposed method is confirmed by practical experiments, which make it possible not only to prove its effectiveness, but also to identify the limitations of the developed solution.