Abstract
As an emerging technology of artificial intelligence, federated learning takes into account the issues of "isolated data islands" and data privacy protection. Federated learning can assist data fusion processing for data-sensitive applications by allowing distributed data participants to train a global model while keeping each participant's data locally. However, Federated learning encounters data privacy leak risks and various attacks. In order to explore the current research status on privacy protection and security attacks in federated learning, this paper makes a clear classification of the state-of-the-art methods. In this paper, we first introduce the threats to privacy and security in federated learning from many aspects. For privacy protection, we analyze the root causes of privacy threats from multiple scenarios, including single malicious participant attacks, central server attacks, and multiple participants malicious collusion attacks to leak privacy. At the same time, we describe the specific attack process and the attack effect of these privacy stealing methods in detail. Moreover, we show the current defense methods as how to enhance privacy protection, including differential privacy, homomorphic encryption, secure multi-party computation, verification network frameworks and collaborative training schemes. These methods are widely used in privacy protection and have shown good effectiveness. The protection effect of the system needs to be balanced on some performance issues such as model accuracy and calculation efficiency. For security issues, we focus on analyzing a variety of malicious attack methods that affect the performance of the global federated learning model, including independent attacks where malicious participants use multiple methods to poison data or models, and malicious participants colluding to launch the attack. Meanwhile, we introduce the attack process and attack threat in detail. Subsequently, we systematically elaborate and summarize the advanced security defense solutions, which can better maintain the security of the model in solving attacks from single or multiple malicious adversaries, while also alleviating communication bottlenecks and helping the model to converge faster. Compared with the existing related state-of-the-art surveys, our work summarizes the recent progress on the multiple participants malicious collusion problem in federated learning, including multiple participants malicious parameter collusion and multiple participants malicious ownership collusion. The two methods both have strong attack destructiveness while maintaining high attack concealment. This is a novel research direction, and there is not much current research work. In addition, we also carefully analyze the existing federated learning secure aggregation algorithms and secure open-source frameworks. For federated learning secure aggregation algorithms, we list the vulnerabilities of traditional methods on privacy and security issues, and explain the advantages of the technology proposed by the existing reliable security aggregation method. For secure open-source frameworks, we analyze the work done by several mainstream security frameworks in privacy protection and security defense. We compare their applicable federated modes, federated scenarios, and defects that need to be improved, providing researchers with a clear vision for privacy and security design. Finally, we discuss the challenges and future research directions on the privacy protection and security defense of federated learning, which aims to improve the design of privacy protection and security defense methods in future research work. We expect to promote further that federated learning can be safely applied in artificial intelligence scenarios.
Translated title of the contribution | A Survey on Privacy and Security Issues in Federated Learning |
---|---|
Original language | Chinese (Simplified) |
Pages (from-to) | 1019-1044 |
Number of pages | 26 |
Journal | Jisuanji Xuebao/Chinese Journal of Computers |
Volume | 46 |
Issue number | 5 |
DOIs | |
Publication status | Published - May 2023 |
Keywords
- artificial intelligence
- data privacy
- data security
- federated learning
- large-scale distributed learning
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Computer Networks and Communications
- Computer Graphics and Computer-Aided Design