1: \begin{abstract}

2: Implementations of SGD on distributed systems create new vulnerabilities, which can be identified and misused by one or more adversarial agents. Recently, it has been shown that well-known Byzantine-resilient gradient aggregation schemes are indeed vulnerable to informed attackers that can tailor the attacks \citep{Fang20,Xie20}. We introduce MixTailor, a scheme based on randomization of the aggregation strategies that makes it impossible for the attacker to be fully informed. Deterministic schemes can be integrated into MixTailor on the fly without introducing any additional hyperparameters. Randomization decreases the capability of a powerful adversary to tailor its attacks, while the resulting randomized aggregation scheme is still competitive in terms of performance. For both iid and non-iid settings, we establish almost sure convergence guarantees that are both stronger and more general than those available in the literature. Our empirical studies across various datasets, attacks, and settings, validate our hypothesis and show that MixTailor successfully defends when well-known Byzantine-tolerant schemes fail.  %Compared with an omniscient aggregator, which knows all the honest nodes a priori, MixTailor incurs at most 2\% validation accuracy loss on MNIST. This is the price for the obtained robustness, expressed as an immunity to an attack for which an algorithm has not been tailored in advance. MixTailor always outperforms the worst aggregator.

3: \end{abstract}

4: