Can collaborative learning be private, robust and scalable?

TL;DR

This paper introduces an open-source framework that combines differential privacy, model compression, and adversarial training to enhance the privacy, robustness, and scalability of federated learning models in medical image analysis.

Contribution

It presents a practical framework that effectively integrates privacy and robustness techniques, tailored for federated learning in sensitive medical imaging applications.

Findings

Achieves competitive model performance

Reduces model size significantly

Improves empirical adversarial robustness

Abstract

In federated learning for medical image analysis, the safety of the learning protocol is paramount. Such settings can often be compromised by adversaries that target either the private data used by the federation or the integrity of the model itself. This requires the medical imaging community to develop mechanisms to train collaborative models that are private and robust against adversarial data. In response to these challenges, we propose a practical open-source framework to study the effectiveness of combining differential privacy, model compression and adversarial training to improve the robustness of models against adversarial samples under train- and inference-time attacks. Using our framework, we achieve competitive model performance, a significant reduction in model's size and an improved empirical adversarial robustness without a severe performance degradation, critical in medical image analysis.