Abstract: Federated learning is a technology that addresses the challenges  of data sharing and privacy protection in machine learning. However, federated learning systems face security risks in two aspects: those targeting model availability and those targeting model privacy. Moreover, the current defense methods against these two types of security risks are not mutually compatible. To tackle these problems, from the perspective of balancing model availability and model privacy, a defense method named MinRS is proposed. This method consists of a secure access scheme and a selection algorithm, which can defend against malicious model attacks without compromising model privacy, thereby achieving secure model aggregation. Experimental results show that, on the premise of protecting model privacy, MinRS successfully defends against malicious models generated by three different attack strategies, and has almost no negative impact on the performance of the models.

Key words: federated learning, malicious model, model availability, model privacy, defense method