A survey on security and privacy threats to federated learning

Zhang, Junpeng; Li, Mengqian; Zeng, Shuiguang; Xie, Bin; Zhao, Dongmei

doi:10.1109/nana53684.2021.00062

Cited by 14 publications

(4 citation statements)

References 213 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FL can be categorized into horizontal FL, vertical FL, and federated transfer learning, based on how the training data is organized [27]. Since the majority of research on FL vulnerabilities focuses on the horizontal FL setting, therefore, we also focus on horizontal FL as [37] ✓ ✓ ✓ ✓ ✓ ✓ Zhang et al [38] • [39] • • • ✓ Yin et al [40] ✓ ✓ Zhang et al [41] •…”

Section: Preliminaries Of Federated Learningmentioning

confidence: 99%

A Survey on Vulnerability of Federated Learning: A Learning Algorithm Perspective

XIE,

Hu,

Ren

et al. 2023

Preprint

View full text Add to dashboard Cite

Section: Preliminaries Of Federated Learningmentioning

confidence: 99%

A Survey on Vulnerability of Federated Learning: A Learning Algorithm Perspective

XIE,

Hu,

Ren

et al. 2023

Preprint

View full text Add to dashboard Cite

“…Specifically, the adversary participant steals other participants' sensitive information from shared parameters since the transmitted gradient value is transformed from the original training data. Recently, security and privacy issues have become critical concerns due to potential security attacks and internal theft [16].…”

Section: Decreased Energy Consumptionmentioning

confidence: 99%

Security and Privacy Threats to Federated Learning: Issues, Methods, and Challenges

Zhang

Zhu

Wang

et al. 2022

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Federated learning (FL) has nourished a promising method for data silos, which enables multiple participants to construct a joint model collaboratively without centralizing data. The security and privacy considerations of FL are focused on ensuring the robustness of the global model and the privacy of participants’ information. However, the FL paradigm is under various security threats from the adversary aggregator and participants. Therefore, it is necessary to comprehensively identify and classify potential threats to provide a theoretical basis for FL with security guarantees. In this paper, a unique classification of attacks, which reviews state-of-the-art research on security and privacy issues for FL, is constructed from the perspective of malicious threats based on different computing parties. Specifically, we categorize attacks with respect to performed by aggregator and participant, highlighting the Deep Gradients Leakage attacks and Generative Adversarial Networks attacks. Following an overview of attack methods, we discuss the primary mitigation techniques against security risks and privacy breaches, especially the application of blockchain and Trusted Execution Environments. Finally, several promising directions for future research are discussed.

show abstract

“…They also failed to review security issues arising from poisoning attacks. In contrast, reviews 15–17 summarized privacy and security protection schemes in FL. However, they all exhibited some degree of deficiency in summarizing certain techniques.…”

Section: Introductionmentioning

confidence: 99%

“…However, they all exhibited some degree of deficiency in summarizing certain techniques. For instance, References 15 and 17 lacked a summary of techniques based on statistical information to bypass malicious model updates, whereas References 15 and 16 lacked a summary of the security protection of FL based on blockchain technology. Meanwhile, a critical observation is that none of these studies have fully considered schemes that effectively balance both privacy and security requirements in FL, as shown in Table 1.…”

Section: Introductionmentioning

confidence: 99%

Privacy preserving and secure robust federated learning: A survey

Han,

Lu,

Wang

et al. 2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryFederated learning (FL) has emerged as a promising solution to address the challenges posed by data silos and the need for global data fusion. It offers a distributed machine learning framework with privacy‐preserving features, allowing model training without the need to collect user data. However, FL also presents significant security and privacy threats that hinder its widespread adoption. The requirements of privacy and security in FL are inherently conflicting. Privacy necessitates the concealment of individual client updates, while security requires the disclosure of client updates to detect anomalies. While most existing research focused on the privacy and security aspects of FL, very few studies have addressed the compatibility of these two demands. In this work, we aim to bridge this gap by proposing a comprehensive defense scheme that ensures privacy, security, and compatibility in FL. We categorize the existing literature into two key directions: privacy defense and security defense. Privacy defense includes methods based on additive masks, differential privacy, homomorphic encryption, and trusted execution environment, whereas security defense encompasses distance‐, performance‐, clustering‐, and similarity‐based anomaly detection techniques and statistical information‐based anomaly update bypassing techniques when the server is trusted and privacy‐compatible anomaly update detection techniques when the server is not trusted. In addition, this article presents decentralized FL solutions based on blockchain. For each direction, we discuss specific technical solutions, their advantages, and disadvantages. By evaluating various defense methods, we identify the most suitable approach to address the primary challenge of “achieving a secure and robust FL system against malicious adversaries while protecting users' privacy.” We then propose a theoretical reference framework for end‐to‐end protection of privacy and security in FL for the key problem, which summarizes the attack surface of FL systems from the client to the server under the security model where the client and server are malicious. Leveraging the strengths and characteristics of existing schemes, our proposed framework integrates multiple techniques to strike a balance between privacy, usability, and efficiency. This framework serves as a valuable reference and provides insights for future work in the field. Finally, we also provide recommendations for future research directions in this field.

show abstract

A survey on security and privacy threats to federated learning

Cited by 14 publications

References 213 publications

A Survey on Vulnerability of Federated Learning: A Learning Algorithm Perspective

A Survey on Vulnerability of Federated Learning: A Learning Algorithm Perspective

Security and Privacy Threats to Federated Learning: Issues, Methods, and Challenges

Privacy preserving and secure robust federated learning: A survey

Contact Info

Product

Resources

About