Wireless ad hoc federated learning (WAFL) is a fully decentralized
collaborative machine learning framework organized by opportunistically
encountered mobile nodes. Compared to conventional federated learning, WAFL
performs model training by weakly synchronizing the model parameters with
others, and this shows great resilience to a poisoned model injected by an
attacker. In this paper, we provide our theoretical analysis of the WAFL's
resilience against model poisoning attacks, by formulating the force balance
between the poisoned model and the legitimate model. According to our
experiments, we confirmed that the nodes directly encountered the attacker has
been somehow compromised to the poisoned model but other nodes have shown great
resilience. More importantly, after the attacker has left the network, all the
nodes have finally found stronger model parameters combined with the poisoned
model. Most of the attack-experienced cases achieved higher accuracy than the
no-attack-experienced cases.Comment: 10 pages, 7 figures, to be published in IEEE International Conference
on Trust, Privacy and Security in Intelligent Systems, and Applications 202