1: \begin{abstract}

2: %-------------------------------------------------------------------------------

3: Federated Learning (FL) is a paradigm in Machine Learning (ML) that addresses data privacy, security, access rights and access to heterogeneous information issues by training a global model using distributed nodes. Despite its advantages, there is an increased potential for cyberattacks on FL-based ML techniques that can undermine the benefits. Model-poisoning attacks on FL target the availability of the model. The adversarial objective is to disrupt the training. We propose attestedFL, a defense mechanism that monitors the training of individual nodes through state persistence in order to detect a malicious \textit{worker}. A fine-grained assessment of the history of the \textit{worker} permits the evaluation of its behavior in time and results in innovative detection strategies. We present three lines of defense that aim at assessing if the \textit{worker} is reliable by observing if the node is truly training, while advancing towards a goal. Our defense exposes an attacker's malicious behavior and removes unreliable nodes from the aggregation process so that the FL process converge faster. 

4: %We present promising results on the impact of our defense on the accuracy the model reaches under the adversarial setting. 

5: attestedFL increased the accuracy of the model in different FL settings, under different attacking patterns, and scenarios e.g., attacks performed at different stages of the convergence, colluding attackers, and continuous attacks.

6: \end{abstract}

7: