Privacy and Robustness in Federated Learning: Attacks and Defenses

TL;DR

This paper provides a comprehensive survey of federated learning, focusing on privacy and robustness challenges, threat models, and defenses, highlighting key techniques and future research directions.

Contribution

It is the first survey to systematically categorize threats and defenses in federated learning, offering a clear taxonomy and insightful analysis.

Findings

Identifies key attack and defense techniques in FL

Highlights the importance of privacy-preserving methods

Discusses future research directions in robust FL

Abstract

As data are increasingly being stored in different silos and societies becoming more aware of data privacy issues, the traditional centralized training of artificial intelligence (AI) models is facing efficiency and privacy challenges. Recently, federated learning (FL) has emerged as an alternative solution and continue to thrive in this new reality. Existing FL protocol design has been shown to be vulnerable to adversaries within or outside of the system, compromising data privacy and system robustness. Besides training powerful global models, it is of paramount importance to design FL systems that have privacy guarantees and are resistant to different types of adversaries. In this paper, we conduct the first comprehensive survey on this topic. Through a concise introduction to the concept of FL, and a unique taxonomy covering: 1) threat models; 2) poisoning attacks and defenses against robustness; 3) inference attacks and defenses against privacy, we provide an accessible review of this important topic. We highlight the intuitions, key techniques as well as fundamental assumptions adopted by various attacks and defenses. Finally, we discuss promising future research directions towards robust and privacy-preserving federated learning.