JADE-FL: Joint Adaptive Defense and Encryption for Federated Learning

Abstract

Federated Learning (FL) empowers the collaborative development of sophisticated machine learning models across a network of distributed devices without the exchange of raw data, all while ensuring the utmost protection of sensitive data. By enabling this decentralised approach, FL not only fosters innovation and efficiency but also enables the joint training of models across distributed devices without exchange of data, thereby addressing privacy concerns in decentralised machine learning. Therefore, it significantly mitigates privacy concerns, establishing a secure framework for advancing machine learning in a privacy-conscious landscape. This type of approach is particularly important in the agricultural sector where sensitive information such as crop yields and soil composition is gathered from multiple farms. However, FL is susceptible to poisoning attacks, such as Label Flipping Attacks (LFA) and Model Poisoning Attacks (MPA) in which malicious clients can reduce the performance of the models. Moreover, simultaneously achieving robust privacy guarantees against inference attacks and ensuring secure aggregation of model updates presents a significant challenge. To address these dual challenges, we propose JADE-FL: Joint Adaptive Defense and Encryption for Federated Learning, a novel FL framework which combines differential privacy (Gaussian noise) and homomorphic encryption (CKKS scheme) for secure parameter aggregation, and an adaptive weighting mechanism with cosine similarity of noised parameters for joint robustness. JADE-FL selectively aggregates the contribution of clients with high similarity to mitigate the attacks and preserve the personalization in heterogeneous data distributions. Comprehensive experiments on the PlantVillage agriculture dataset show that JADE-FL achieves accuracy comparable to standard FedAvg in benign settings and significantly outperforms baselines under strong Model Poisoning Attacks (MPA). Our approach is balanced between security, robustness and efficiency to make it applicable to real-world FL deployments.