Robust Aggregation for Adaptive Privacy Preserving Federated Learning in Healthcare
This work addresses privacy and security challenges in federated learning for healthcare, but it is incremental as it applies existing robust aggregation techniques to this domain.
The paper tackled the problem of making federated learning robust to poisoning attacks in healthcare by evaluating robust aggregation methods, showing that differential privacy did not significantly impact convergence in experiments on two real-world datasets.
Federated learning (FL) has enabled training models collaboratively from multiple data owning parties without sharing their data. Given the privacy regulations of patient's healthcare data, learning-based systems in healthcare can greatly benefit from privacy-preserving FL approaches. However, typical model aggregation methods in FL are sensitive to local model updates, which may lead to failure in learning a robust and accurate global model. In this work, we implement and evaluate different robust aggregation methods in FL applied to healthcare data. Furthermore, we show that such methods can detect and discard faulty or malicious local clients during training. We run two sets of experiments using two real-world healthcare datasets for training medical diagnosis classification tasks. Each dataset is used to simulate the performance of three different robust FL aggregation strategies when facing different poisoning attacks. The results show that privacy preserving methods can be successfully applied alongside Byzantine-robust aggregation techniques. We observed in particular how using differential privacy (DP) did not significantly impact the final learning convergence of the different aggregation strategies.