A Detailed Survey on Federated Learning Attacks and Defenses

Sikandar, Hira Shahzadi; Waheed, Huda; Tahir, Sibgha; Malik, Saif Ur Rehman; Rafique, Waqas

doi:10.3390/electronics12020260

Cited by 16 publications

(4 citation statements)

References 63 publications

(98 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the depth of their survey is significantly limited and did not discuss VFL, which is one of the promising research directions in FL. Sikandar et al [24] briefly discussed different types of FL systems and presented some general attacks and their defenses in FL. However, they did not discuss attacks and defenses specific to a particular type of FL, such as VFL.…”

Section: ) Existing Surveys In Federated Learningmentioning

confidence: 99%

A Survey on Attacks and Their Countermeasures in Deep Learning: Applications in Deep Neural Networks, Federated, Transfer, and Deep Reinforcement Learning

Ali,

Chen,

Harrington

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Deep Learning (DL) techniques are being used in various critical applications like selfdriving cars. DL techniques such as Deep Neural Networks (DNN), Deep Reinforcement Learning (DRL), Federated Learning (FL), and Transfer Learning (TL) are prone to adversarial attacks, which can make the DL techniques perform poorly.Developing such attacks and their countermeasures is the prerequisite for making artificial intelligence techniques robust, secure, and deployable. Previous survey papers only focused on one or two techniques and are outdated. They do not discuss application domains, datasets, and testbeds in detail. There is also a need to discuss the commonalities and differences among DL techniques. In this paper, we comprehensively discussed the attacks and defenses in four popular DL models, including DNN, DRL, FL, and TL. We also highlighted the application domains, datasets, metrics, and testbeds in these fields. One of our key contributions is to discuss the commonalities and differences among these DL techniques. Insights, lessons, and future research directions are also highlighted in detail.INDEX TERMS Attacks, defenses, deep neural networks, federated learning, transfer learning, and deep reinforcement learning.

show abstract

Section: ) Existing Surveys In Federated Learningmentioning

confidence: 99%

A Survey on Attacks and Their Countermeasures in Deep Learning: Applications in Deep Neural Networks, Federated, Transfer, and Deep Reinforcement Learning

Ali,

Chen,

Harrington

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The institution that has more data labels reduces the score loss for conversion. Thus, the equation is calculated using Equation (5).…”

Section: Balanced Csmmentioning

confidence: 99%

“…Sharing data between medical institutions is a sensitive matter, especially when the data contain private patient information. During the transmission process, the data may be vulnerable to network attacks or leaks [5]. Therefore, regulations such as General Data Protection Regulation (GDPR) [6] have been enacted to protect the personal data of European citizens.…”

Section: Introductionmentioning

confidence: 99%

FedISM: Enhancing Data Imbalance via Shared Model in Federated Learning

Chung

Lin

2023

Mathematics

View full text Add to dashboard Cite

Considering the sensitivity of data in medical scenarios, federated learning (FL) is suitable for applications that require data privacy. Medical personnel can use the FL framework for machine learning to assist in analyzing large-scale data that are protected within the institution. However, not all clients have the same distribution of datasets, so data imbalance problems occur among clients. The main challenge is to overcome the performance degradation caused by low accuracy and the inability to converge the model. This paper proposes a FedISM method to enhance performance in the case of Non-Independent Identically Distribution (Non-IID). FedISM exploits a shared model trained on a candidate dataset before performing FL among clients. The Candidate Selection Mechanism (CSM) was proposed to effectively select the most suitable candidate among clients for training the shared model. Based on the proposed approaches, FedISM not only trains the shared model without sharing any raw data, but it also provides an optimal solution through the selection of the best shared model. To evaluate performance, the proposed FedISM was applied to classify coronavirus disease (COVID), pneumonia, normal, and viral pneumonia in the experiments. The Dirichlet process was also used to simulate a variety of imbalanced data distributions. Experimental results show that FedISM improves accuracy by up to 25% when privacy concerns regarding patient data are rising among medical institutions.

show abstract

“…The comparison of this survey with the existing literature is summarized in Table I. It can be seen that some existing surveys, e.g., [44], [45], [46], and [47] considered backdoor attacks and backdoor defenses as a part of robustness threat on WFL, however, the limitations of the existing backdoor attack and defense methods were not highlighted. On the other hand, in [48], [49], [50], and [51], WFL was considered as one of the deep learning applications when discussing the impact of backdoor attacks, but no detailed analysis of vulnerabilities of backdoor attacks on WFL was provided.…”

Section: B Review Of Existing Surveys and Gap Analysismentioning

confidence: 99%

Defense Strategies Toward Model Poisoning Attacks in Federated Learning: A Survey

Wang

Qiao

Zhang

et al. 2022

2022 IEEE Wireless Communications and Networking Conference (WCNC)

View full text Add to dashboard Cite

Due to the greatly improved capabilities of devices, massive data, and increasing concern about data privacy, Federated Learning (FL) has been increasingly considered for applications to wireless communication networks (WCNs). Wireless FL (WFL) is a distributed method of training a global deep learning model in which a large number of participants each train a local model on their training datasets and then upload the local model updates to a central server. However, in general, nonindependent and identically distributed (non-IID) data of WCNs raises concerns about robustness, as a malicious participant could potentially inject a "backdoor" into the global model by uploading poisoned data or models over WCN. This could cause the model to misclassify malicious inputs as a specific target class while behaving normally with benign inputs. This survey provides a comprehensive review of the latest backdoor attacks and defense mechanisms. It classifies them according to their targets (data poisoning or model poisoning), the attack phase (local data collection, training, or aggregation), and defense stage (local training, before aggregation, during aggregation, or after aggregation). The strengths and limitations of existing attack strategies and defense mechanisms are analyzed in detail. Comparisons of existing attack methods and defense designs are carried out, pointing to noteworthy findings, open challenges, and potential future research directions related to security and privacy of WFL.

show abstract

A Detailed Survey on Federated Learning Attacks and Defenses

Cited by 16 publications

References 63 publications

A Survey on Attacks and Their Countermeasures in Deep Learning: Applications in Deep Neural Networks, Federated, Transfer, and Deep Reinforcement Learning

A Survey on Attacks and Their Countermeasures in Deep Learning: Applications in Deep Neural Networks, Federated, Transfer, and Deep Reinforcement Learning

FedISM: Enhancing Data Imbalance via Shared Model in Federated Learning

Defense Strategies Toward Model Poisoning Attacks in Federated Learning: A Survey

Contact Info

Product

Resources

About