Robust Aggregation for Adaptive Privacy Preserving Federated Learning in Healthcare

TL;DR

This paper evaluates robust aggregation methods in federated learning for healthcare, demonstrating their effectiveness in maintaining model accuracy and detecting malicious clients without compromising privacy.

Contribution

It introduces and assesses robust aggregation techniques in privacy-preserving federated learning for healthcare, highlighting their ability to detect faulty clients and withstand poisoning attacks.

Findings

Robust aggregation methods improve model robustness against attacks.

Differential privacy does not significantly affect convergence.

Methods successfully detect malicious clients during training.

Abstract

Federated learning (FL) has enabled training models collaboratively from multiple data owning parties without sharing their data. Given the privacy regulations of patient's healthcare data, learning-based systems in healthcare can greatly benefit from privacy-preserving FL approaches. However, typical model aggregation methods in FL are sensitive to local model updates, which may lead to failure in learning a robust and accurate global model. In this work, we implement and evaluate different robust aggregation methods in FL applied to healthcare data. Furthermore, we show that such methods can detect and discard faulty or malicious local clients during training. We run two sets of experiments using two real-world healthcare datasets for training medical diagnosis classification tasks. Each dataset is used to simulate the performance of three different robust FL aggregation strategies when facing different poisoning attacks. The results show that privacy preserving methods can be successfully applied alongside Byzantine-robust aggregation techniques. We observed in particular how using differential privacy (DP) did not significantly impact the final learning convergence of the different aggregation strategies.