Membership Inference Attacks and Defenses in Federated Learning: A Survey

TL;DR

This survey reviews membership inference attacks in federated learning, categorizing existing methods and defenses, analyzing their strengths and weaknesses, and outlining future research directions to enhance privacy protections.

Contribution

It provides the first comprehensive taxonomy and systematic overview of attacks and defenses specific to federated learning privacy vulnerabilities.

Findings

Categorized and summarized existing membership inference attacks.

Analyzed strengths and weaknesses of defense strategies.

Outlined key future research directions.

Abstract

Federated learning is a decentralized machine learning approach where clients train models locally and share model updates to develop a global model. This enables low-resource devices to collaboratively build a high-quality model without requiring direct access to the raw training data. However, despite only sharing model updates, federated learning still faces several privacy vulnerabilities. One of the key threats is membership inference attacks, which target clients' privacy by determining whether a specific example is part of the training set. These attacks can compromise sensitive information in real-world applications, such as medical diagnoses within a healthcare system. Although there has been extensive research on membership inference attacks, a comprehensive and up-to-date survey specifically focused on it within federated learning is still absent. To fill this gap, we categorize and summarize membership inference attacks and their corresponding defense strategies based on their characteristics in this setting. We introduce a unique taxonomy of existing attack research and provide a systematic overview of various countermeasures. For these studies, we thoroughly analyze the strengths and weaknesses of different approaches. Finally, we identify and discuss key future research directions for readers interested in advancing the field.