Recent advancements in machine learning have improved performance while also increasing computational demands. While federated and distributed setups address these issues, their structures remain vulnerable to malicious influences. In this paper, we address a specific threat: Byzantine attacks, wherein compromised clients inject adversarial updates to derail global convergence. We combine the concept of trust scores with trial function methodology to dynamically filter outliers. Our methods address the critical limitations of previous approaches, allowing operation even when Byzantine nodes are in the majority. Moreover, our algorithms adapt to widely used scaled methods such as Adam and RMSProp, as well as practical scenarios, including local training and partial participation. We validate the robustness of our methods by conducting extensive experiments on both public datasets and private ECG data collected from medical institutions. Furthermore, we provide a broad theoretical analysis of our algorithms and their extensions to the aforementioned practical setups. The convergence guaranties of our methods are comparable to those of classical algorithms developed without Byzantine interference.

翻译：机器学习领域的最新进展在提升模型性能的同时，也显著增加了计算需求。尽管联邦学习与分布式架构能够缓解此类问题，但其系统结构仍易受恶意攻击的影响。本文针对一种特定威胁——拜占庭攻击展开研究，该攻击通过被控制的客户端注入对抗性更新以破坏全局收敛过程。我们将信任分数概念与试验函数方法相结合，实现了对异常值的动态过滤。所提出的方法克服了现有方案的关键局限，即使在拜占庭节点占多数的情况下仍能保持运行。此外，我们的算法可适配广泛使用的优化方法（如Adam和RMSProp）以及实际场景（包括本地训练与部分参与）。通过在公开数据集和医疗机构采集的私有心电数据上进行大量实验，我们验证了方法的鲁棒性。进一步地，我们对算法及其在上述实际场景中的扩展形式进行了全面的理论分析。实验表明，本方法在收敛性保障方面与未受拜占庭干扰的经典算法具有可比性。