0x00 Abstract

The workers may perform unreliable updates intentionally, e.g., the data poisoning attack, or unintentionally, e.g., low-quality data caused by energy constraints or high-speed mobility.

Based on this metric, a reliable worker selection scheme is proposed for federated learning tasks. Consortium blockchain is leveraged as a decentralized approach for achieving efficient reputation management of the workers without repudiation and tampering.

Key Words:Federated learning, consortium blockchain, reputation management, mobile networks.


During a federated learning process, data owners may mislead a global model by intentional or unintentional behaviours. For intentional behaviors, an attacker can send malicious updates, i.e., the poisoning attack, to affect the global model parameters resulting in the failure of current collaborative learning. In addition, much more dynamic mobile networking environments indirectly result in some unintentional behaviors of data owners.

It is of paramount importance for federated learning to defend against such intentionally and unintentionally unreliable local model updates.

We propose that reputation can be used to provide solutions to select reliable and trusted workers for the federated learning tasks.

  • Existing studies show that reputation can reflect the rating of how reliable or trusted an entity is in certain activities according to its historical behaviors.
  • Each task publisher calculates reputation opinions of every interacting worker through a subjective logic model.
    • In the subjective logic model, the task publishers integrate their own opinions based on past interactions and recommended opinions from other task publishers .
  • All the reputation opinions of the task publishers for the workers should be recorded in a non-repudiation and tamper-resistance manner for reliable reputation calculation.
    • To realize reliable reputation calculation as well as reputation management in federated learning, we design a consortium blockchain acting as a trusted and decentralized ledger to record and manage the data owners’ reputation.

Main contributions:

  • To defend against unreliable model updates, reputation is introduced as a reliable metric to select trusted workers for reliable federated learning.
  • A multi-weight subjective logic model is applied to design an efficient reputation calculation scheme according to both task publishers’ interaction histories and recommended reputation opinions.
  • To achieve secure reputation management, the reputation is managed in a decentralized manner by employing the consortium blockchain deployed at edge nodes.


A. Mobile Applications

  • Google keyboard
  • Service recommendation
  • Traffic monitoring and prediction
  • Mobile healthcare

B. Security Challenges and Motivations

On the one hand, due to the openness and complexity of mobile network architectures, the data owners performing maliciously unreliable updates may result from:

  • sensing data from malicious intent or tampered devices may include deceptive information, which is similar to false data injection attacks in smart grids;
  • the data can be arbitrarily manipulated when being transmitted through insecure communication channels

If a malicious data owner is selected to be a worker, the malicious worker may intentionally launch or collude with other workers to launch attacks, such as poisoning attacks.

On the other hand, the data owners may inadvertently provide unreliable local update from low-quality raw data because of energy constraints or high-speed mobility.

Both the intentional and unintentional behaviors can degrade the quality of the global model managed by a central aggregator , hence affecting the final outputs of the global model.

The following challenges for the worker selection need to be addressed:

  • No reliable and fair metrics to evaluate workers:

    The existing schemes cannot measure the trustworthiness level of workers to remove unreliable or untrusted workers.

  • No efficient and universal worker selection schemes:

    It is difficult to design an efficient and universal worker selection scheme for identifying high-quality data contributors and malicious worker candidates.

  • No timely monitoring methods for workers:

    It is hard for the central aggregator/server (i.e., task publisher) to monitor the large-scale worker behaviors in real-time.


A. Overview of Reputation Management in Crowdsensing



PS:Crowdsensing 也是利用大量设备共同完成同一任务


为了避免中心化荣誉值计算的潜在风险,本文设计了一个去中心化的荣誉计算方式(Subjective logic model),并结合联盟链(consortium blockchain)实现荣誉机制的安全管理。

B. Reputation-based Worker Selection Scheme with Consortium Blockchain


  • Step 1:Task publishment



  • Step 2: Worker selection


    • 根据subjective logic model进行荣誉值的计算,超过任务荣誉阈值的节点才会被选中

    • 任务发布者可以根据任务需要的安全等级设置不同的荣誉阈值


  • Step 3: Reputation calculation

    荣誉值由 local reputation opinionsrecommended reputation opinions两部分共同决定:

    • recommended reputation opinions:以往的任务发布者对该节点的"服务质量评价",该评价被会存储在联盟链(reputation blockchain)上,供所有任务发布者参考。

    • local reputation opinions:当前任务发布者对该节点在此次任务中历史表现,直接观测该节点的好坏。此部分由三个参数组成!


    Q:local reputation opinion能否存在更合适的构成方式?

  • Step 4: Federated learning

    • 使用了 SGD的优化器。

    • 要求训练节点将本地计算时间上传,根据时间和数据量推断该节点是否在训练过程"偷懒"。为了保证该时间的真实性,可以考虑 Intel's SGX

    • 为了防止数据投毒,可以结合相应的方法:

      • Reject on Negative Influence (RONI) scheme for IID(本文考虑的情况)
      • FoolsGold scheme for non-IID
    • 训练节点完成任务可以获得奖励


    感觉使用 IID 的数据做实验,是一种残缺…

  • Step 5: Reputation updating





一个三元组表示 opinion:(belief,distrust,uncertainty)

Every task publisher selects workers by calculating composite reputation values according to its local reputation opinion and recommend reputation opinions.

A. Subjective Logic Model for Reputation Calculation

By using poisoning attack detection schemes and the proof of elapsed time scheme (Step 4 in Section III-B), the task publisher ii treats a training iteration as a positive interaction event if the publisher perceives that the local model update from a worker jj is reliable, and vice versa.

  • uncertainty degree: uiju_{i\rightarrow j}是个概率,表示i,ji,j之间链路的通信质量

  • belief degree: bij=(1uij)αjαj+βjb_{i\rightarrow j}=(1-u_{i\rightarrow j})\frac{\alpha_j}{\alpha_j+\beta_j}

  • distrust degree:dij=(1uij)βjαj+βjd_{i\rightarrow j}=(1-u_{i\rightarrow j})\frac{\beta_j}{\alpha_j+\beta_j}

    其中α,β\alpha,\beta分别表示 positive,negative的交互数量,u,b,du,b,d的总和是1。

From the local opinion vector, a local reputation value is generated to represent the task publisher’s expected belief that the worker provides high-quality local model updates during the federated learning.

Local reputation value: Tij=bij+γuijT_{i\rightarrow j}=b_{i\rightarrow j}+\gamma u_{i\rightarrow j},其中γ\gamma为给定的常数,表示不确定性对本地荣誉值的影响程度

B. Multi-weight Subjective Logic Model

本节的目的就是确定 local reputation value在合成最终的 reputation opinion时的权重!


  • Interaction Frequency: 一个时间窗口内,该节点与任务发布者的交互次数与其他节点和任务发布者交互次数的均值的比值。


  • Interaction Timelines: 一个时间线,时间线之前为过去交互,时间线以内为近期交互



  • Interaction Effects: 给交互体验打分,正数(α\alpha)越多,就会有越高的权重。

Taking the interaction timelines and interaction effects into consideration, the interaction frequency is upgraded to contain the above two weights. Therefore, the interaction frequency is determined by both the two weights and the average number of times of interactions with other workers during a time window. After that, the upgraded interaction frequency is used to generate an overall weight for local and recommended reputation opinion calculation.



These degrees are calculated by weighted arithmetic mean of the belief degrees, distrust degrees and uncertainty degrees from other task publishers, respectively.

When calculating the composite reputation value of a worker, the task publisher takes not only the overall recommended opinions, but also its own local reputation opinion into consideration to avoid collusion cheating from other task publishers.

至于 composite reputation value 具体的计算过程,在本文作者的其他论文中给出:


These high-reputation workers will train local model honestly and maintain good behaviors in the federated learning tasks for earning more profits from the system. Therefore, the reputation-based worker selection scheme can defend against unreliable local model update from intentional or unintentional data providers, hence ensuring reliable federated learning in mobile networks.



A. Simulation Setting

  • DataSet:MNIST

  • TensorFlow:1.12.0

  • Worker_Num: 10

    • malicious workers: 2
    • unreliable workers: 4
    • well-behaved workers: 4
  • Data Distribution:

    • For the malicious workers launching poisoning attacks, they randomly receive training data with 10 classes. However, the labels of some training examples are intentionally modified for misleading training. The percentage of the modified training examples is used to indicate the attack strength.
    • The training sets of the well-behaved workers are randomly assigned but follows a uniform distribution over 10 classes.
    • The data in each unreliable worker is only assigned a certain number of classes randomly.
  • We employ the Earth Mover’s Distance (EMD) as a metric to measure training data quality of the unreliable workers.

  • The workers use a batch of 32 randomly sampled training examples to produce a local SGD update, and every global model is trained with 5 synchronous iterations

  • We establish the reputation blockchain system on the Hyperledger Fabric v1.4.0 and use the practical and efficient PBFT algorithm with mild overhead and latency as the consensus algorithm.

  • reputation calculation:

    • the interaction frequency between task publishers and workers is from 20 to 40 federated learning tasks every week.
    • The weight parameters of negative, positive, recent, and past interactions, and the time scale in the proposed Multi-weight Subjective Logic (MSL) scheme are referred to this paper.
    • The unsuccessful transmission probability of data packets ranges from 0% to 40%, and the initial reputation of all the workers is 0.5 .

B. Performance Results


这个图就是展示了训练节点 叛变的情况!一开始荣誉值会增加,后面叛变了,所以荣誉值会下降。此时MSLMSL模式能迅速下降…

In summary, the MSL scheme can achieve a more accurate and fair reputation calculation, thereby leading to a more reliable worker selection in federated learning.