Distributed Learning and Estimation with Enhanced Privacy and Security

Abstract

This thesis focuses on threat analysis and management in distributed learning scenarios intending to develop algorithms to mitigate the impact of adversaries in the network. The thesis begins with a threat analysis that includes investigating possible adversaries and their attack strategies. It examines the worst-case scenario of an adversarial attack to identify critical agents/links or potential loopholes. Further, the thesis investigates threat management and security algorithms to provide resilience against malicious behaviors in the network, as well as strategies to protect the privacy of network agents. In the scope of the threat analysis, we mainly focus on distributed learning algorithms that are essentially vulnerable to adversarial attacks. By investigating the network dynamics from an adversarial perspective, we design the optimal coordinated data falsification attack that maximizes the network steady-state mean squared error (MSE). The adversary simultaneously optimizes the subset of Byzantine agents and their attack sequences to maximize the network MSE. The Byzantine agent is a legitimate network agent that injects false data into the system to disrupt the overall performance of the network. Moreover, we propose a distributed filtering algorithm that provides robustness to Byzantine attacks. The proposed Byzantine-resilient consensus-based distributed filter (BR-CDF) also offers communication efficiency by allowing agents to exchange only a fraction of their information at each instant. In addition, we redesign the optimal attack strategy by solving an optimization problem where Byzantine agents cooperate on designing their attack covariances or the sequence of the information fractions they share. Agents in distributed learning scenarios improve local estimates by exchanging information with neighbors. These local interactions, however, expose private information to adversaries. As an approach to threat management, we propose a privacy-preserving distributed Kalman filter (PP-DKF) that protects local information from being inferred by adversaries. The proposed PP-DKF protects local information by randomly decomposing the state estimates into public and private substates and only sharing a perturbed version of the public substate with neighbors. Moreover, we derive privacy bounds for all agents in the presence of an external eavesdropper (EE) and an honest-but-curious (HBC) adversary. Additionally, we propose partial sharing and privacy-preserving distributed learning (PPDL) algorithms that offer communication efficiency while preserving privacy. The proposed PPDL algorithms utilize noise injection and state decomposition techniques to induce privacy and provide communication efficiency by only sharing a fraction of information at any given instant. The final part of the thesis aims to further enhance the robustness of the distributed filtering algorithm to coordinated data falsification attacks. To this end, we model a distributed Kalman filtering process as a distributed optimization problem with consensus constraints. We derive a suboptimal solution to the filtering algorithm that provides robustness to Byzantine attacks using a total variation (TV) penalty term for the objective function. The proposed Byzantine-resilient distributed Kalman filter (BR-DKF) restricts the impact of Byzantine perturbations completely, and only the number of Byzantine agents influences the filtering error bound.