Achieving Security and Privacy in Federated Learning Systems: Survey, Research Challenges and Future Directions
This survey identifies the challenges of simultaneously achieving security and privacy in federated learning for researchers and practitioners working on secure and private machine learning.
This paper surveys security and privacy attacks in federated learning (FL) systems, where a server learns an ML model from decentralized clients without direct access to their private data. It examines how model updates can leak client data and how malicious clients can attack the learned model, and then surveys existing mitigation solutions.
Federated learning (FL) allows a server to learn a machine learning (ML) model across multiple decentralized clients that privately store their own training data. In contrast with centralized ML approaches, FL saves computation to the server and does not require the clients to outsource their private data to the server. However, FL is not free of issues. On the one hand, the model updates sent by the clients at each training epoch might leak information on the clients' private data. On the other hand, the model learnt by the server may be subjected to attacks by malicious clients; these security attacks might poison the model or prevent it from converging. In this paper, we first examine security and privacy attacks to FL and critically survey solutions proposed in the literature to mitigate each attack. Afterwards, we discuss the difficulty of simultaneously achieving security and privacy protection. Finally, we sketch ways to tackle this open problem and attain both security and privacy.