Achieving Security and Privacy in Federated Learning Systems: Survey, Research Challenges and Future Directions

TL;DR

This survey reviews security and privacy challenges in federated learning, analyzing existing solutions, discussing the difficulty of achieving both simultaneously, and proposing future research directions to address these issues.

Contribution

It provides a comprehensive overview of security and privacy attacks in federated learning and critically surveys mitigation strategies, highlighting open problems and future directions.

Findings

Security and privacy attacks threaten federated learning systems.

Existing solutions partially mitigate attacks but cannot fully ensure both security and privacy.

Achieving both security and privacy simultaneously remains an open challenge.

Abstract

Federated learning (FL) allows a server to learn a machine learning (ML) model across multiple decentralized clients that privately store their own training data. In contrast with centralized ML approaches, FL saves computation to the server and does not require the clients to outsource their private data to the server. However, FL is not free of issues. On the one hand, the model updates sent by the clients at each training epoch might leak information on the clients' private data. On the other hand, the model learnt by the server may be subjected to attacks by malicious clients; these security attacks might poison the model or prevent it from converging. In this paper, we first examine security and privacy attacks to FL and critically survey solutions proposed in the literature to mitigate each attack. Afterwards, we discuss the difficulty of simultaneously achieving security and privacy protection. Finally, we sketch ways to tackle this open problem and attain both security and privacy.