Fed-Safe: Securing Federated Learning in Healthcare Against Adversarial Attacks

TL;DR

This paper proposes a federated learning approach with distributed noise to enhance privacy and robustness in medical image analysis, effectively defending against adversarial attacks while preserving data privacy.

Contribution

It introduces a novel method combining distributed noise with federated learning to achieve adversarial robustness without compromising privacy in healthcare applications.

Findings

Distributed noise enables robust models with fewer retraining samples.

The method maintains privacy standards comparable to secure aggregation.

Effective against diverse adversarial attack scenarios in medical imaging.

Abstract

This paper explores the security aspects of federated learning applications in medical image analysis. Current robustness-oriented methods like adversarial training, secure aggregation, and homomorphic encryption often risk privacy compromises. The central aim is to defend the network against potential privacy breaches while maintaining model robustness against adversarial manipulations. We show that incorporating distributed noise, grounded in the privacy guarantees in federated settings, enables the development of a adversarially robust model that also meets federated privacy standards. We conducted comprehensive evaluations across diverse attack scenarios, parameters, and use cases in cancer imaging, concentrating on pathology, meningioma, and glioma. The results reveal that the incorporation of distributed noise allows for the attainment of security levels comparable to those of conventional adversarial training while requiring fewer retraining samples to establish a robust model.