OpenNovelty.org

Robust Federated Inference

ICLR 2026 Conference SubmissionAnonymous Authors
OpenReview Score: 5.6Download Report PDF
Collaborative InferenceRobust EnsemblesFederated Ensembles
Abstract:

Federated inference, in the form of one-shot federated learning, edge ensembles, or federated ensembles, has emerged as an attractive solution to combine predictions from multiple models. This paradigm enables each model to remain local and proprietary while a central server queries them and aggregates predictions. Yet, the robustness of federated inference has been largely neglected, leaving them vulnerable to even simple attacks. To address this critical gap, we formalize the problem of robust federated inference and provide the first robustness analysis of this class of methods. Our analysis of averaging-based aggregators shows that the error of the aggregator is small either when the dissimilarity between honest responses is small or the margin between the two most probable classes is large. Moving beyond linear averaging, we show that problem of robust federated inference with non-linear aggregators can be cast as an adversarial machine learning problem. We then introduce an advanced technique using the DeepSet aggregation model, proposing a novel composition of adversarial training and test-time robust aggregation to robustify non-linear aggregators. Our composition yields significant improvements, surpassing existing robust aggregation methods by 4.7 - 22.2% in accuracy points across diverse benchmarks.

Disclaimer
This report is AI-GENERATED using Large Language Models and WisPaper (A scholar search engine). It analyzes academic papers' tasks and contributions against retrieved prior work. While this system identifies POTENTIAL overlaps and novel directions, ITS COVERAGE IS NOT EXHAUSTIVE AND JUDGMENTS ARE APPROXIMATE. These results are intended to assist human reviewers and SHOULD NOT be relied upon as a definitive verdict on novelty.
NOTE that some papers exist in multiple, slightly different versions (e.g., with different titles or URLs). The system may retrieve several versions of the same underlying work. The current automated pipeline does not reliably align or distinguish these cases, so human reviewers will need to disambiguate them manually.
If you have any questions, please contact: mingzhang23@m.fudan.edu.cn

Overview

Overall Novelty Assessment

The paper formalizes robust federated inference, where a central server aggregates predictions from distributed models without accessing local data or model parameters. It sits in the 'Robust Forecast Aggregation' leaf under 'Robust Statistical Aggregation for Distributed Data', which contains only two papers total. This is a notably sparse research direction compared to the densely populated 'Byzantine-Robust Aggregation in Federated Learning' branch (over 20 papers across six leaves). The work's focus on inference rather than training distinguishes it from most federated learning literature, positioning it at the intersection of statistical aggregation and adversarial robustness.

The taxonomy reveals that neighboring branches address related but distinct problems. The 'Byzantine-Robust Aggregation in Federated Learning' subtree emphasizes defending iterative training against malicious updates using geometric median or trimmed mean rules, while 'Multi-Agent and Cyber-Physical Systems' focuses on consensus and control under attacks. The paper's sibling work on forecast aggregation (one other paper in the same leaf) addresses algorithmic frameworks for combining forecasts with minimal regret. The scope note for this leaf explicitly excludes federated learning prediction aggregation, suggesting the paper bridges a gap between statistical forecast combination and adversarial federated settings.

Among 30 candidates examined, none clearly refute the three main contributions. The formalization and robustness analysis of federated inference examined 10 candidates with no refutable overlaps. Casting robust federated inference as adversarial machine learning also examined 10 candidates without clear prior work. The DeepSet aggregator composition similarly found no refutable candidates among 10 examined. This suggests that within the limited search scope, the specific combination of federated inference formalization, adversarial framing, and DeepSet-based robust aggregation appears relatively unexplored, though the search scale (30 papers) leaves open the possibility of relevant work outside the top semantic matches.

The analysis indicates the paper occupies a sparse research niche, bridging statistical aggregation and adversarial federated learning. However, the limited search scope (30 candidates from semantic search) means this assessment reflects only the most semantically similar work, not an exhaustive field survey. The absence of refutable candidates may reflect genuine novelty in combining these specific elements, or may indicate that relevant prior work uses different terminology or appears in adjacent research communities not captured by the search strategy.

Taxonomy

Core-task Taxonomy Papers
50
3
Claimed Contributions
30
Contribution Candidate Papers Compared
0
Refutable Paper

Research Landscape Overview

Core task: Robust aggregation of predictions from multiple distributed models. The field addresses how to combine outputs from geographically or organizationally separated predictors while maintaining reliability despite adversarial behavior, communication failures, or statistical heterogeneity. The taxonomy reveals four main branches: Byzantine-Robust Aggregation in Federated Learning focuses on defending collaborative machine learning against malicious participants through techniques like trimmed means and geometric median approaches (e.g., Robust Aggregation[1], PriRoAgg[3]); Robust Aggregation in Multi-Agent and Cyber-Physical Systems emphasizes consensus and coordination under attacks in networked control settings (e.g., Resilient Cooperative Regulation[4]); Robust Statistical Aggregation for Distributed Data develops principled methods for combining forecasts and estimates when data sources are unreliable or heterogeneous; and Domain-Specific Robust Aggregation Applications tailors these ideas to energy systems, smart cities, and healthcare contexts (e.g., Energy Forecasting Platform[13], Food Waste Fusion[15]). Several active lines explore trade-offs between robustness guarantees and computational efficiency, particularly in federated learning where Byzantine-robust rules must scale to many clients, and in forecast aggregation where statistical optimality must be balanced against outlier resistance. Robust Federated Inference[0] sits within the Robust Statistical Aggregation branch, specifically targeting robust forecast aggregation—a relatively focused cluster compared to the dense Byzantine federated learning literature. Its emphasis on inference rather than training distinguishes it from many federated works, aligning more closely with statistical aggregation methods like Forecast Aggregation[34] that prioritize prediction quality under model diversity. This contrasts with Byzantine-focused papers such as RaSA[5] or PnA[6], which center on adversarial resilience during iterative learning, highlighting an ongoing question of whether robustness mechanisms designed for training transfer effectively to pure inference scenarios.

Claimed Contributions

Formalization and robustness analysis of federated inference

The authors formally define the robust federated inference problem where up to f clients can return arbitrarily corrupted probits, and provide theoretical analysis showing that the aggregator error depends on the fraction of corruptions, margin between top classes, and dissimilarity between honest responses.

10 retrieved papers
Casting robust federated inference as adversarial machine learning

The authors reformulate robust federated inference with non-linear aggregators as an adversarial learning problem over probit-vectors, enabling the application of adversarial training techniques to improve robustness.

10 retrieved papers
Robust DeepSet aggregator with novel composition

The authors propose a DeepSet-based aggregator that combines adversarial training with test-time robust averaging (CWTM). This composition leverages permutation invariance to reduce computational complexity and achieves significant accuracy improvements over existing methods.

10 retrieved papers

Core Task Comparisons

Comparisons with papers in the same taxonomy category

Contribution Analysis

Detailed comparisons for each claimed contribution

Contribution

Formalization and robustness analysis of federated inference

The authors formally define the robust federated inference problem where up to f clients can return arbitrarily corrupted probits, and provide theoretical analysis showing that the aggregator error depends on the fraction of corruptions, margin between top classes, and dissimilarity between honest responses.

Contribution

Casting robust federated inference as adversarial machine learning

The authors reformulate robust federated inference with non-linear aggregators as an adversarial learning problem over probit-vectors, enabling the application of adversarial training techniques to improve robustness.

Contribution

Robust DeepSet aggregator with novel composition

The authors propose a DeepSet-based aggregator that combines adversarial training with test-time robust averaging (CWTM). This composition leverages permutation invariance to reduce computational complexity and achieves significant accuracy improvements over existing methods.

Table of Contents