FedPGT: Prototype-based Federated Global Adversarial Training against Adversarial Attack

Federated learning, an innovative distributed machine learning paradigm, is designed to address critical concerns related to data silos and user data privacy breaches. However, it faces a significant challenge in the form of adversarial attacks. Recent research has attempted to mitigate this issue through techniques such as local adversarial training and model distillation. Nevertheless, these approaches are susceptible to realworld variations, ultimately leading to compromised adversarial robustness. In this paper, we propose FedPGT, an innovative approach that employs clustering techniques to assess the convergence of the model. By leveraging a prototype-based method, it guides high-quality adversarial training. FedPGT alleviates the issue of data heterogeneity in federated learning and enhances the model's adversarial robustness. Our experimental results, conducted across three distinct datasets (MNIST, FMNIST, and EMNIST-Digits), demonstrate the efficacy of FedPGT.