Achieving security and privacy in federated learning systems: Survey, research challenges and future directions

Federated learning (FL) allows a server to learn a machine learning (ML) model across multiple decentralized clients that privately store their own training data. In contrast with centralized ML approaches, FL saves computation to the server and does not require the clients to outsource their privat...

Descripción completa

Detalles Bibliográficos
Autores: Blanco-Justicia, Alberto, Domingo-Ferrer, Josep, Martínez Lluís, Sergio, Sánchez Ruenes, David, Flanagan, Adrian, Tan, Kuan Eik
Tipo de recurso: artículo
Estado:Versión publicada
Fecha de publicación:2021
País:España
Institución:Universitat Oberta de Catalunya (UOC)
Repositorio:O2, repositorio institucional de la UOC
OAI Identifier:oai:openaccess.uoc.edu:10609/136566
Acceso en línea:https://hdl.handle.net/10609/136566
Access Level:acceso abierto
Palabra clave:federated learning
machine learning
privacy
security
aprendizaje automático
privacidad
seguridad
aprendizaje federado
aprenentatge automàtic
privacitat
seguretat
aprenentatge federat
Machine learning
Aprenentatge automàtic
Aprendizaje automático
Descripción
Sumario:Federated learning (FL) allows a server to learn a machine learning (ML) model across multiple decentralized clients that privately store their own training data. In contrast with centralized ML approaches, FL saves computation to the server and does not require the clients to outsource their private data to the server. However, FL is not free of issues. On the one hand, the model updates sent by the clients at each training epoch might leak information on the clients' private data. On the other hand, the model learnt by the server may be subjected to attacks by malicious clients; these security attacks might poison the model or prevent it from converging. In this paper, we first examine security and privacy attacks to FL and critically survey solutions proposed in the literature to mitigate each attack. Afterwards, we discuss the difficulty of simultaneously achieving security and privacy protection. Finally, we sketch ways to tackle this open problem and attain both security and privacy.