Article

A survey on security and privacy of federated learning

Authors:
  • Kennesaw State University, Atlanta, USA
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Federated learning (FL) is a new breed of Artificial Intelligence (AI) that builds upon decentralized data and training that brings learning to the edge or directly on-device. FL is a new research area often referred to as a new dawn in AI, is in its infancy, and has not yet gained much trust in the community, mainly because of its (unknown) security and privacy implications. To advance the state of the research in this area and to realize extensive utilization of the FL approach and its mass adoption, its security and privacy concerns must be first identified, evaluated, and documented. FL is preferred in use-cases where security and privacy are the key concerns and having a clear view and understanding of risk factors enable an implementer/adopter of FL to successfully build a secure environment and gives researchers a clear vision on possible research areas. This paper aims to provide a comprehensive study concerning FL's security and privacy aspects that can help bridge the gap between the current state of federated AI and a future in which mass adoption is possible. We present an illustrative description of approaches and various implementation styles with an examination of the current challenges in FL and establish a detailed review of security and privacy concerns that need to be considered in a thorough and clear context. Findings from our study suggest that overall there are fewer privacy-specific threats associated with FL compared to security threats. The most specific security threats currently are communication bottlenecks, poisoning, and backdoor attacks while inference-based attacks are the most critical to the privacy of FL. We conclude the paper with much needed future research directions to make FL adaptable in realistic scenarios.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Despite its promising benefits, the adoption of FL faces critical hurdles. Challenges include safeguarding against adversarial attacks, accommodating the heterogene-ity of devices and datasets, ensuring robust privacy guarantees, and managing the trade-offs between privacy, performance, and system efficiency [2]. Additionally, FL systems remain vulnerable to sensitive data leakage through model updates and are constrained by communication overheads, computational bottlenecks, and uneven participant contributions [3]. ...
... Unlike traditional centralized training, where raw data is uploaded to a central server, FL aggregates locally trained models, thereby ensuring that sensitive data remains on devices [1]. This paradigm is especially beneficial for domains that handle private or sensitive data, such as healthcare, financial systems, and IoT applications [2]. ...
... Federated learning frameworks are categorized based on data distribution and collab-oration models. These variations enable tailored implementations depending on the data and use case requirements [1], [2]. ...
Article
Full-text available
This article provides an extensive review of the challenges and opportunities at the intersection of federated learning (FL) and data privacy. Federated learning is a distributed machine learning paradigm enabling collaborative model training across decentralized devices without transferring raw data to a central repository. This method reduces privacy risks and aligns with regulatory compliance while unlocking potential in sensitive domains such as healthcare, finance, and IoT. Despite these advantages, FL faces critical challenges, including susceptibility to adversarial attacks, communication bottlenecks, heterogeneity in devices and data distributions, and limited privacy guarantees. Promising research directions include the integration of differential privacy, secure multi-party computation, and blockchain for enhanced security. This paper underscores the importance of interdisciplinary efforts to overcome these challenges and explores potential applications across domains like personalized medicine, smart grid optimization, and decentralized AI in edge computing environments. It concludes by outlining pathways for future research, emphasizing the need for scalable, efficient, and privacy-preserving FL architectures.
... Brecko et al. [40] H M M L M M Survey on FL in edge computing, lacks focus on 6G-specific privacy challenges. Mothukuri et al. [41] H M H L M M Comprehensive security and privacy challenges in FL, but lacks detailed 6G implementations. Kumar et al. [42] M M L L M M Focuses on adversarial attacks in FL, with limited discussion on privacy in 6G contexts. ...
... Recent research on FL privacy shows that FL is vulnerable to numerous privacy attacks, including reconstruction, model inversion, membership inference, and property inference attacks [41], [146]. These attacks can be categorized into two [152]: training phase attacks and inference phase attacks. ...
... Privacy-enhancing mechanisms refer to a broad class of technologies designed to safeguard various dimensions of privacy, including data confidentiality, user anonymity, and data integrity. Several privacy-preserving mechanisms have been proposed in the recent literature, e.g., [17], [41], [106], [173], [174], to enhance the resilience of FL against privacy attacks. These solutions mainly include DP, SMC, model masking and cryptographic techniques such as HE. ...
Article
Full-text available
The upcoming 6G networks aim for fully automated, intelligent network functionalities and services. Therefore, ML is essential for these networks. Given stringent privacy regulations, future network architectures should use privacy-preserved ML for their applications and services. FL is expected to play an important role as a popular approach for distributed ML, as it protects privacy by design. However, many practical challenges exist before FL can be fully utilized as a key technology for these future networks. We consider the vision of a 6G layered architecture to evaluate the applicability of FL-based distributed intelligence. In this paper, we highlight the benefits of using FL for 6G and the main challenges and issues involved. We also discuss the existing solutions and the possible future directions that should be taken toward more robust and trustworthy FL for future networks.
... This method processes clients' sensitive data locally, making its core concept cooperative computation and integration of knowledge without compromising data privacy [4], [9]. By decentralizing ML and bringing computation to the network edge, FL offers a compelling set of advantages, including [3], [11]: ...
... By strategically altering vulnerable data points, attackers can introduce biased or erroneous classifications, potentially leading to catastrophic consequences. In diverse FL scenarios, the risk of such attacks originating from a single client's poisoned data is significant, emphasizing the need for robust defenses to safeguard the integrity of the entire FL model [11]. ...
Article
Full-text available
Federated Learning (FL) has emerged as a powerful paradigm, allowing multiple decentralized clients to collaboratively train a machine learning model without sharing their raw data. When combined with Multi-access Edge Computing (MEC), it enhances the utilization of computation and storage resources at the edge, enabling local data training on edge nodes. Such integration reduces latency and facilitates real-time processing and decision-making while ensuring data privacy. However, this decentralized approach introduces security and trust challenges, as models can be compromised through data poisoning attacks, such as label flipping attacks. The trustworthiness of these edge nodes and the integrity of their data are critical for performance and reliability of FL models. This paper introduces an adaptive zero trust framework that, by default, does not assume any edge node as trustworthy. It continuously validates edge data before each training round and checks its model to ensure that only reliable contributors are included in the global model aggregation. The results of the proposed framework reduce the impact of malicious nodes, maintaining the global model accuracy even in scenarios with high numbers of malicious edge nodes, showcasing its robustness and reliability.
... The global model is optimized by aggregating updates from millions of mobiles while keeping data localized on device. As shown in Figure 4, fully decentralized FL eliminates the central aggregation server [53]. Clients communicate with each other in a Peer-to-Peer (P2P) manner to improve their local models. ...
... Fully decentralized approaches have the advantage of not relying on any trusted central entity. However, they introduce challenges related to discovery, incentive alignment, and convergence guarantees [53]. Hybrid architectures that balance centralized and peer-based control may provide optimal solutions. ...
Article
Full-text available
Federated learning (FL) enables collaborative model training from decentralized data while preserving privacy. However, biases manifest due to sample selection, population drift, locally biased data, societal issues, algorithmic assumptions, and representation choices. These biases accumulate in FL models, causing unfairness. Tailored detection and mitigation methods are needed. This paper analyzes sources of bias unique to FL, their effects, and specialized mitigation strategies like robust aggregation, cryptographic protocols, and algorithmic debiasing. We categorize techniques and discuss open challenges around miscoordination, privacy constraints, decentralized evaluation, data poisoning attacks, systems heterogeneity, incentive misalignments, personalization tradeoffs, emerging governance needs, and participation. As FL expands into critical domains, ensuring equitable access without ingrained biases is imperative. This study provides a conceptual foundation for future research on developing accurate, robust and fair FL through tailored technical solutions and participatory approaches attuned to the decentralized environment. It aims to motivate further work toward trustworthy and inclusive FL.
... FL is a new AI element based on training and decentralized training that instigates learning in the device. Unlike conventional artificial intelligence systems that depend on centralized data gathering and analysis, federated learning utilizes a cooperative artificial intelligence mechanism [3]. Fundamentally, FL facilitates IoT systems by training them without sharing data, at the same time attaining user privacy and safety. ...
Conference Paper
Full-text available
As Internet of Things devices continue to be utilized today, with several to be utilized in the future, the development of IoT systems has resulted in the generation of significant data that also comprises the users' crucial information. Hence, this resulted in considerable network, storage, and communication expenses simultaneously, prompting diverse privacy issues. Studies show that the Internet of Things is currently in every facet of people's lives and is utilized across diverse sectors such as manufacturing, healthcare, and robotics, particularly with the existence of artificial intelligence. Nonetheless, artificial intelligence mandates centralized information to be gathered and analyzed, which is difficult because of limited resources and scalability problems. Therefore, federated learning (FL) was employed as an adaptive and disseminated artificial intelligence training mechanism to address this issue and provide better user privacy without requiring data sharing. Rather, in federated learning, it is attained by sending an element of untrained machine learning paradigms to users in a specific network. Federated Learning (FL) emerges as a promising paradigm for collaborative machine learning across decentralized devices while preserving data privacy. However, ensuring the security of FL systems remains a paramount concern, given the potential vulnerabilities associated with distributed training and communication. This literature survey comprehensively examines the security challenges inherent in FL, including privacy risks, adversarial attacks, authentication mechanisms, and secure communication protocols. By reviewing existing research and solutions, this survey aims to provide insights into mitigating security threats in FL and fostering its secure adoption in AI applications. Furthermore, the survey discusses future directions and emerging trends in FL security, offering a roadmap for advancing the state-of-the-art in secure federated learning.
... Privacy techniques such as differential privacy [9], homomorphic encryption [10], and gradient masking [11] come at a cost. Differential privacy often reduces data utility and model accuracy, the trade off is shown to be significant in critical applications [12], homomorphic encryption introduces significant computational overhead, and gradient masking is prone to privacy leakage [3]. Verifiability, on the other hand, is typically ensured through incentives or techniques that assess the quality of contributions. ...
Preprint
Full-text available
Blockchain-based Federated Learning (FL) is an emerging decentralized machine learning paradigm that enables model training without relying on a central server. Although some BFL frameworks are considered privacy-preserving, they are still vulnerable to various attacks, including inference and model poisoning. Additionally, most of these solutions employ strong trust assumptions among all participating entities or introduce incentive mechanisms to encourage collaboration, making them susceptible to multiple security flaws. This work presents VerifBFL, a trustless, privacy-preserving, and verifiable federated learning framework that integrates blockchain technology and cryptographic protocols. By employing zero-knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARKs) and incrementally verifiable computation (IVC), VerifBFL ensures the verifiability of both local training and aggregation processes. The proofs of training and aggregation are verified on-chain, guaranteeing the integrity and auditability of each participant's contributions. To protect training data from inference attacks, VerifBFL leverages differential privacy. Finally, to demonstrate the efficiency of the proposed protocols, we built a proof of concept using emerging tools. The results show that generating proofs for local training and aggregation in VerifBFL takes less than 81s and 2s, respectively, while verifying them on-chain takes less than 0.6s.
... However, federated learning also poses some challenges, such as communication overhead, model divergence, and vulnerability to malicious participants. Model compression, safe aggregation, and anomaly detection are just a few of the methods that researchers have suggested as solutions to these problems [15]. ...
Article
Full-text available
Centralised cloud computing paradigms are encountering difficulties with latency, bandwidth, privacy, and security due to the exponential growth of data volumes produced by sensors and Internet of Things (IoT) devices. One potential approach to these constraints is edge computing, which moves computers and storage closer to the data sources. With this paradigm change, data privacy is improved, network congestion is decreased, and real-time processing is made possible. Aiming to improve the efficiency and confidentiality of data analysis applications powered by artificial intelligence (AI) and machine learning (ML), this article investigated the possibility of edge computing. We provide a thorough analysis of the latest developments in edge computing frameworks, algorithms, and architectures that allow for safe and fast training and inference of AI/ML models at the edge. We also go over the main obstacles and where the field may go from here in terms of research. Our research lays the groundwork for future intelligent edge systems by demonstrating the substantial advantages of edge computing in facilitating low-latency, energy-efficient, and privacy-preserving AI/ML applications.
... For example, malicious attackers can distort the aggregated model by performing poisoning attacks such as "label flipping" [73] or uploading false model parameters [16]. In a Membership Inference Attack (MIA) [172], a malicious client tries to identify whether a certain data point (e.g., user) has participated in a training iteration. In a Property Inference Attack (PIA) [75] instead, a malicious attacker can derive statistical properties about other clients' training data, e.g., the demographic distribution of their users. ...
Preprint
Full-text available
Human Sensing, a field that leverages technology to monitor human activities, psycho-physiological states, and interactions with the environment, enhances our understanding of human behavior and drives the development of advanced services that improve overall quality of life. However, its reliance on detailed and often privacy-sensitive data as the basis for its machine learning (ML) models raises significant legal and ethical concerns. The recently proposed ML approach of Federated Learning (FL) promises to alleviate many of these concerns, as it is able to create accurate ML models without sending raw user data to a central server. While FL has demonstrated its usefulness across a variety of areas, such as text prediction and cyber security, its benefits in Human Sensing are under-explored, given the particular challenges in this domain. This survey conducts a comprehensive analysis of the current state-of-the-art studies on FL in Human Sensing, and proposes a taxonomy and an eight-dimensional assessment for FL approaches. Through the eight-dimensional assessment, we then evaluate whether the surveyed studies consider a specific FL-in-Human-Sensing challenge or not. Finally, based on the overall analysis, we discuss open challenges and highlight five research aspects related to FL in Human Sensing that require urgent research attention. Our work provides a comprehensive corpus of FL studies and aims to assist FL practitioners in developing and evaluating solutions that effectively address the real-world complexities of Human Sensing.
... Federated learning (FL) has emerged as a powerful technique for privacy-preserving machine learning, particularly in scenarios where data is distributed across multiple devices or locations. It enables collaborative learning without the need to centralize sensitive data, offering a promising solution to privacy and security challenges in network optimization [58]. In traditional centralized learning, raw data must be transferred to a central server for training, which raises privacy concerns and incurs significant data transmission costs. ...
Article
Full-text available
Artificial intelligence (AI) transforms communication networks by enabling more efficient data management, enhanced security, and optimized performance across diverse environments, from dense urban 5G/6G networks to expansive IoT and cloud-based systems. Motivated by the increasing need for reliable, high-speed, and secure connectivity, this study explores key AI applications, including traffic prediction, load balancing, intrusion detection, and self-organizing network capabilities. Through detailed case studies, I illustrate AI’s effectiveness in managing bandwidth in high-density urban networks, securing IoT devices and edge networks, and enhancing security in cloud-based communications through real-time intrusion and anomaly detection. The findings demonstrate AI’s substantial impact on creating adaptive, secure, and efficient communication networks, addressing current and future challenges. Key directions for future work include advancing AI-driven network resilience, refining predictive models, and exploring ethical considerations for AI deployment in network management.
... FLDTM Security: In underwater wireless IoT networks, ensuring the security of DT modeling through Federated Learning (FL) is crucial due to the network's susceptibility to malicious attacks during numerous rounds of local training and model aggregation. Similar to above-water scenarios, malicious entities might inject fake UWIDs or compromise existing ones to manipulate global models [17,18]. The underwater environment also introduces unique security threats to DTs, necessitating robust security measures to protect the integrity of data and models [19]. ...
Article
Full-text available
Digital Twin (DT) technology is pivotal in advancing smart underwater wireless IoT networks and effectively enhancing capabilities for monitoring and managing aquatic environments. For complex system-level DT models in these networks, assembling multiple unit-level DT models becomes crucial. Federated Learning (FL) presents a distributed machine learning paradigm that enables devices within underwater wireless IoT networks to collaboratively refine a DT model. Employing FL for DT modeling (FLDTM) is particularly valuable, as it allows for the enhancement of model accuracy without explicitly sharing local data, thereby preserving data privacy under challenging aquatic conditions. In this article, we propose a secure and efficient multi-server FL framework tailored for underwater wireless systems. We introduce a voting-based security prediction model to significantly bolster security in underwater wireless communication. Moreover, we introduce the network flow problem and employ a minimum-cost flow algorithm to enable FL servers’ cooperation. These strategies are integrated into a smart contract, namely, the UCB-based Smart Contract with a Security Prediction model and Minimum-Cost Flow (UCB-SCPF) policy. Experimental results show that the UCB-SCPF policy-based FLDTM framework achieves model accuracy comparable to ideal conditions while demonstrating excellent performance in terms of training efficiency and security. Additionally, the framework maintains stability as the network scale increases. These findings underscore the potential of the UCB-SCPF policy-based FLDTM framework in advancing DT technology for underwater wireless IoT networks.
... Under this scenario, federated learning methods suffer a global model with unsatisfactory performance due to the model divergence and client drift phenomenon (Li et al. 2019(Li et al. , 2022a. Meanwhile, frequent communication between heterogeneous and dispersed institutions would incur high communication costs, delays, and complex administrative procedures, with increasing privacy and safety risks (Zhu, Liu, and Han 2019;Mothukuri et al. 2021). A non-IID robust and communication-efficient federated learning method is desired. ...
Preprint
Federated learning has become a promising solution for collaboration among medical institutions. However, data owned by each institution would be highly heterogeneous and the distribution is always non-independent and identical distribution (non-IID), resulting in client drift and unsatisfactory performance. Despite existing federated learning methods attempting to solve the non-IID problems, they still show marginal advantages but rely on frequent communication which would incur high costs and privacy concerns. In this paper, we propose a novel federated learning method: \textbf{Fed}erated learning via \textbf{V}aluable \textbf{C}ondensed \textbf{K}nowledge (FedVCK). We enhance the quality of condensed knowledge and select the most necessary knowledge guided by models, to tackle the non-IID problem within limited communication budgets effectively. Specifically, on the client side, we condense the knowledge of each client into a small dataset and further enhance the condensation procedure with latent distribution constraints, facilitating the effective capture of high-quality knowledge. During each round, we specifically target and condense knowledge that has not been assimilated by the current model, thereby preventing unnecessary repetition of homogeneous knowledge and minimizing the frequency of communications required. On the server side, we propose relational supervised contrastive learning to provide more supervision signals to aid the global model updating. Comprehensive experiments across various medical tasks show that FedVCK can outperform state-of-the-art methods, demonstrating that it's non-IID robust and communication-efficient.
... The adjustments in weight and bias between the input and hidden layers are represented in Equation (11). [8,[19][20][21][22][23] achieved an accuracy of 81.5%, and Generative Adversarial Networks in [5] produced an accuracy of 86.5%. Our DELM with the CSIDS-FL system boasts an accuracy of 94.54%, exceeding previous models and showcasing its superior performance. ...
Article
With the rise in cyberattacks, Internet of Things (IoT) devices are increasingly vulnerable to malware, security threats, and suspicious activities. Traditional research has mainly focused on centralized intrusion detection systems in cyber security field. However, these centralized methods often struggle to keep pace with the rapid evolution of digital and mobile technologies and carry the risk of a single point of failure, jeopardizing data security and privacy. To enhance network protection, intrusion detection can benefit from the use of federated learning (FL). FL is a collaborative machine learning approach that allows for model testing without the need to share sensitive local data. Instead, computations are performed directly on distributed end devices, preserving data privacy and addressing concerns related to data ownership, confidentiality, computational efficiency, and storage limitations. Unlike traditional centralized machine learning, FL processes data where it resides, leading to improved security and efficiency. Previous studies on federated learning have examined the challenges posed by non-independent and non-identically distributed data. Implementing FL algorithms in intrusion detection focuses on monitoring routers, detecting intrusions, and analyzing user activity patterns. By incorporating federated learning into intrusion detection systems, network security can see significant enhancements. Experimental research utilizing network intrusion datasets indicates that the Deep Extreme Learning Machine (DELM), when paired with the CSIDS-FL system model, achieves an impressive accuracy rate of 94.23%, surpassing earlier models and demonstrating the effectiveness of this method.
... operations such as resource scheduling, offshore rescue, and route exploration but also heavily rely on the integrity and confidentiality of data due to their strategic and sensitive nature [1]- [3]. In this context, federated learning (FL) offers a promising solution to address data privacy issues, as it allows for the training of machine learning models directly on edge devices without transmitting raw data back to central servers, thereby reducing the risk of data leakage [4], [5]. ...
Article
Full-text available
Federated learning (FL) is crucial in edge computing for next-generation wireless networks because it enables collaborative learning among devices while protecting data privacy. However, marine edge networks encounter complex issues, including frequent network disruptions, highly dynamic network topologies, and stringent bandwidth limitations, compared to traditional FL environments. Additionally, the heterogeneity of devices and unconventional data distribution complicate model training further. Moreover, due to the broadcast nature and dynamic vulnerability of wireless medium, edge nodes are susceptible to interference or malicious attacks, such as information theft and poisoning attacks, leading to inaccurate or even failed learning outcomes. Many distributed learning algorithms assume stable node environments, overlooking security and communication bottlenecks, which reduces learning efficiency and model performance. Therefore, researching privacy protection and defenses against poisoning attacks in federated learning within edge computing networks is of significant importance and value. To address this, we propose the Differential Evolution Edge-Partially Federated Learning framework, which aims to secure gradient communication by leveraging the characteristics of heterogeneous devices and non-independent and identically distributed (Non-IID) data, thereby reducing the risk of information leakage during gradient communication and effectively mitigating the impact of data heterogeneity in edge environments. Additionally, we have designed a shared-layer mean detection method based on this framework to detect and defend against poisoning attacks. This algorithm protects the security of gradient information without significantly increasing computational and communication overhead. Experimental results demonstrate that, in marine edge computing environments, this framework improves privacy protection performance by 20% and increases poisoning attack defense rates by 10% without adding extra computational costs.
... With the explosive growth of artificial intelligence (AI), concerns regarding privacy and security issues associated with centralized learning have been intensifying (Mothukuri et al. 2021). Federated Learning (FL), introduced by Google ( McMahan et al. 2017), marks a paradigm shift in distributed learning, tackling data privacy and communication challenges by decentralizing model training. ...
Preprint
Federated Learning (FL) mitigates privacy leakage in decentralized machine learning by allowing multiple clients to train collaboratively locally. However, dynamic mobile networks with high mobility, intermittent connectivity, and bandwidth limitation severely hinder model updates to the cloud server. Although previous studies have typically addressed user mobility issue through task reassignment or predictive modeling, frequent migrations may result in high communication overhead. Overcoming this obstacle involves not only dealing with resource constraints, but also finding ways to mitigate the challenges posed by user migrations. We therefore propose an intertemporal incentive framework, FedCross, which ensures the continuity of FL tasks by migrating interrupted training tasks to feasible mobile devices. Specifically, FedCross comprises two distinct stages. In Stage 1, we address the task allocation problem across regions under resource constraints by employing a multi-objective migration algorithm to quantify the optimal task receivers. Moreover, we adopt evolutionary game theory to capture the dynamic decision-making of users, forecasting the evolution of user proportions across different regions to mitigate frequent migrations. In Stage 2, we utilize a procurement auction mechanism to allocate rewards among base stations, ensuring that those providing high-quality models receive optimal compensation. This approach incentivizes sustained user participation, thereby ensuring the overall feasibility of FedCross. Finally, experimental results validate the theoretical soundness of FedCross and demonstrate its significant reduction in communication overhead.
... The size of model updates is often much smaller than the raw data, which is particularly advantageous for reducing network traffic and latency. Furthermore, FL enhances privacy by keeping sensitive data on local devices, minimizing the risk of data theft or breaches during transmission [15,16]. In this way, FL provides an efficient, scalable, and privacy-preserving solution for machine learning in distributed environments like IoT networks [17]. ...
Article
Full-text available
Federated learning (FL) has emerged as a decentralized, cutting-edge framework for training models across distributed devices, such as smartphones, IoT devices, and local servers while preserving data privacy and security. FL allows devices to collaboratively learn from shared models without exchanging sensitive data, significantly reducing privacy risks. With these benefits, the deployment of FL over wireless communication systems has gained substantial attention in recent years. However, implementing FL in wireless environments poses significant challenges due to the unpredictable and fluctuating nature of wireless channels. In particular, the limited energy resources of mobile and IoT devices, many of which operate on constrained battery power, make energy management a critical concern. Optimizing energy efficiency is therefore crucial for the successful deployment of FL in wireless networks. However, existing reviews on FL predominantly focus on framework design, wireless communication, and security/privacy concerns, while paying limited attention to the system’s energy consumption. To bridge this gap, this article delves into the foundational principles of FL and highlights energy-efficient strategies tailored for various wireless architectures. It provides a comprehensive overview of FL principles and introduces energy-efficient designs, including resource allocation techniques and communication architectures, tailored to address the unique challenges of wireless communications. Furthermore, we explore emerging technologies aimed at enhancing energy efficiency and discuss future challenges and opportunities for continued research in this field.
... As data privacy concerns are increasing, it has become one of the leading research topics [7]. It uses a decentralized approach [8], which means that the data is not sent to a central server [9]. Instead, several devices train a model based on their raw data. ...
Article
Full-text available
The previous centralized machine learning methods required combining large amounts of personal data on central servers, raising privacy concerns. Federated Learning (FL) presents a solution by training the models directly on users’ devices, thus preserving data privacy. This paper proposes the use of FL in sarcasm detection and applying neural network architectures such as Bidirectional Long Short-Term Memory (BILSTM), Gated Recurrent Unit (GRU), and Long Short-Term Memory (LSTM). The experiments have been performed on multiple clients. The results have shown that BILSTM outperforms GRU and LSTM in terms of accuracy, precision, recall, and F1 score. This makes it the most effective model for sarcasm detection in a FL. Apart from evaluating these models, this study also examined how their functionality may be further improved by integrating them with attention processes. The current study results show that attention-based models can significantly improve performance by focusing on the input parts that are more contextually relevant. Based on this work, future research could focus on improving the performance of these models and exploring hybrid approaches that combine the benefits of LSTM, GRU, and BILSTM.
... These triggers are designed so that the backdoor remains hidden under normal testing conditions but can be activated when adversarial inputs are presented [4]. These attacks exploit the fact that the central server cannot easily inspect or validate the contributions from individual clients [2] [3]. Unlike centralized ML systems, where outlier detection or anomaly filtering can be applied at the data level, FL requires methods to detect malicious contributions at the model update stage [4]. ...
Research
Full-text available
This report examines the vulnerabilities of Federated Learning (FL) systems to poisoning attacks and evaluates two anomaly detection methods, TRIM and RONI, in mitigating these threats. TRIM leverages an iterative trimming mechanism to filter anomalous updates, maintaining high model performance with minimal computational overhead. In contrast, RONI evaluates updates based on their impact on validation performance, which, while effective in some scenarios, is computationally expensive and inconsistent under high poisoning rates. The methods were tested on three datasets using various attack strategies, and results indicate that TRIM outperforms RONI in robustness, efficiency, and adaptability across datasets. These findings underscore the potential of TRIM as a scalable and reliable defense mechanism for FL systems, highlighting areas for improvement in anomaly detection methods and their application in adversarial settings.
... The aim is to develop models that can operate on encrypted or anonymized data, preventing unauthorized access to sensitive information. By combining decentralized data access for ML training and PETs, PPML enables organizations to build, deploy, and manage ML models reliably and securely (Mothukuri et al. 2021). ...
Article
Full-text available
Machine learning is one of the most widely used technologies in the field of Artificial Intelligence. As machine learning applications become increasingly ubiquitous, concerns about data privacy and security have also grown. The work in this paper presents a broad theoretical landscape concerning the evolution of machine learning and deep learning from centralized to distributed learning, first in relation to privacy-preserving machine learning and secondly in the area of privacy-enhancing technologies. It provides a comprehensive landscape of the synergy between distributed machine learning and privacy-enhancing technologies, with federated learning being one of the most prominent architectures. Various distributed learning approaches to privacy-aware techniques are structured in a review, followed by an in-depth description of relevant frameworks and libraries, more particularly in the context of federated learning. The paper also highlights the need for data protection and privacy addressed from different approaches, key findings in the field concerning AI applications, and advances in the development of related tools and techniques.
... The simulations monitor the rate of convergence of the federated learning algorithm and determine how effectively the model updates are averaged and sent back to the involved devices. They assist in achieving efficient federated learning strategies for use in implemented contexts with restricted computational capabilities or unequal distribution of resources [8]. ...
Article
Full-text available
The federated learning model on cloud platforms adjusts the training of the artificial intelligence models, shifting focus on data security while retaining the previously used formula. Traditional centralized approaches towards training AI models are insecure and unsafe for data and privacy because of the vulnerability of exposing data in a cloud setting. Federated learning helps to train the ML models with the assistance of numerous edge devices or servers without gaining access to data in a central server. The concept describing one of the promising ways to learn on big data without transmitting it and without disclosing the data themselves is called federated learning; the current paper aims to explain the principles and methodologies of federated learning. Based on the literature and reports on simulations, this study evaluates the applicability of federated learning to privacy preservation compared to the centralized approach. The conclusions indicate that the possibilities of the analytic revolution in distributed model training based on federated learning create an opportunity to preserve data ownership and guarantee model quality in cloud environments.
... Although FL provides basic data privacy protection for participants' localized training, attackers can still exploit the model update parameters exchanged during the training process to launch attacks on FL systems [16]. Membership inference attacks (MIAs) [17], as a form of privacy leakage attack, aim to determine whether a target sample was involved in the training of the target model, posing a significant threat to the data privacy and security of the model. ...
Article
Full-text available
In recent years, federated learning (FL) has gained significant attention for its ability to protect data privacy during distributed training. However, it also introduces new privacy leakage risks. Membership inference attacks (MIAs), which aim to determine whether a specific sample is part of the training dataset, pose a significant threat to federated learning. Existing research on membership inference attacks in federated learning has primarily focused on leveraging intrinsic model parameters or manipulating the training process. However, the widespread adoption of privacy-preserving frameworks in federated learning has significantly diminished the effectiveness of traditional attack methods. To overcome this limitation, this paper aims to explore an efficient Membership Inference Attack algorithm tailored for encrypted federated learning scenarios, providing new perspectives for optimizing privacy-preserving technologies. Specifically, this paper proposes a novel Membership Inference Attack algorithm based on multiple adversarial perturbation distances (MAPD_MIA) by leveraging the asymmetry in adversarial perturbation distributions near decision boundaries between member and non-member samples. By analyzing these asymmetric perturbation characteristics, the algorithm achieves accurate membership identification. Experimental results demonstrate that the proposed algorithm achieves accuracy rates of 63.0%, 68.7%, and 59.5%, and precision rates of 59.0%, 65.9%, and 55.8% on CIFAR10, CIFAR100, and MNIST datasets, respectively, outperforming three mainstream Membership Inference Attack methods. Furthermore, the algorithm exhibits robust attack performance against two common defense mechanisms, MemGuard and DP-SGD. This study provides new benchmarks and methodologies for evaluating membership privacy leakage risks in federated learning scenarios.
... The process alternates between multiple local stochastic gradient updates and the exchange of their averaged weights for updates of the global model. Since these updates could potentially expose sensitive information and are susceptible to privacy attacks [26], [27], we employ homomorphic encryption to secure the data. ...
Conference Paper
Full-text available
Distributed analytics, such as federated learning, involve collaborative computation across multiple decentralized devices. This approach not only reduces data transfer costs but also offers some degree of protection for privacy-sensitive information. To achieve a higher level of privacy protection, it is recommended to use more advanced privacy-preserving technologies, such as homomorphic encryption. However, the use of homomorphic encryption schemes results in high computational costs. In this study, we evaluate the performance characteristics of threshold fully homomorphic encryption, a technique that can be effectively applied in multiuser environments and distributed analytics scenarios. We present results from the performance evaluation of the Cheon-Kim-Kim-Song scheme.
... Second, when new users join the federated setting, mechanisms like reputation scoring should be implemented to mitigate attacks such as Byzantine and Sybil attacks, where malicious entities could introduce multiple fake clients [66]. Third, although local model weights are based on similarity scores rather than actual data values, sophisticated attackers might still infer some user data [67]. Thus, privacy-preserving solutions, such as differential privacy or homomorphic encryption, are necessary to reduce the risk of data inference [68]. ...
Preprint
Full-text available
The proliferation of Internet services has led to an increasing need to protect private data. User authentication serves as a crucial mechanism to ensure data security. Although robust authentication forms the cornerstone of remote service security, it can still leave users vulnerable to credential disclosure, device-theft attacks, session hijacking, and inadequate adaptive security measures. Risk-based Authentication (RBA) emerges as a potential solution, offering a multi-level authentication approach that enhances user experience without compromising security. In this paper, we propose a Federated Risk-based Authentication (F-RBA) framework that leverages Federated Learning to ensure privacy-centric training, keeping user data local while distributing learning across devices. Whereas traditional approaches rely on centralized storage, F-RBA introduces a distributed architecture where risk assessment occurs locally on users' devices. The framework's core innovation lies in its similarity-based feature engineering approach, which addresses the heterogeneous data challenges inherent in federated settings, a significant advancement for distributed authentication. By facilitating real-time risk evaluation across devices while maintaining unified user profiles, F-RBA achieves a balance between data protection, security, and scalability. Through its federated approach, F-RBA addresses the cold-start challenge in risk model creation, enabling swift adaptation to new users without compromising security. Empirical evaluation using a real-world multi-user dataset demonstrates the framework's effectiveness, achieving a superior true positive rate for detecting suspicious logins compared to conventional unsupervised anomaly detection models. This research introduces a new paradigm for privacy-focused RBA in distributed digital environments, facilitating advancements in federated security systems.
... However, a limitation of current ML-based approaches is that model training is based on data and computational power elaborated and owned by a centralized node (e.g. a server). Centralized ML approaches are thus generally associated with di erent challenges including the need of high computational power and long training time, as well as with the rise of security and privacy concerning users' data [18]. In order to address these issues, federated learning (FL) was originally proposed in [17] and has recently emerged as an e ective model training paradigm to address the issues recalled above. ...
Preprint
Full-text available
The Internet of Things (IoT) is growing rapidly and so the need of ensuring protection against cybersecurity attacks to IoT devices. In this scenario, Intrusion Detection Systems (IDSs) play a crucial role and data-driven IDSs based on machine learning (ML) have recently attracted more and more interest by the research community. While conventional ML-based IDSs are based on a centralized architecture where IoT devices share their data with a central server for model training, we propose a novel approach that is based on federated learning (FL). However, conventional FL is ineffective in the considered scenario, due to the high statistical heterogeneity of data collected by IoT devices. To overcome this limitation, we propose a three-tier FL-based architecture where IoT devices are clustered together based on their statistical properties. Clustering decisions are taken by means of a novel entropy-based strategy, which helps improve model training performance. We tested our solution on the CIC-ToN-IoT dataset: our clustering strategy increases intrusion detection performance with respect to a conventional FL approach up to +17% in terms of F1-score, along with a significant reduction of the number of training rounds.
... Common cryptographic techniques, such as encryption, are employed to ensure the confidentiality of the exchanged information. Using secure transmission protocols prevents unauthorized access to the model updates during their process from local devices to the global server [104,112,113]. ...
Article
Full-text available
Mental health is a significant issue worldwide, and the utilization of technology to assist mental health has seen a growing trend. This aims to alleviate the workload on healthcare professionals and aid individuals. Numerous applications have been developed to support the challenges in intelligent healthcare systems. However, because mental health data is sensitive, privacy concerns have emerged. Federated learning has gotten some attention. This research reviews the studies on federated learning and mental health related to solving the issue of intelligent healthcare systems. It explores various dimensions of federated learning in mental health, such as datasets (their types and sources), applications categorized based on mental health symptoms, federated mental health frameworks, federated machine learning, federated deep learning, and the benefits of federated learning in mental health applications. This research conducts surveys to evaluate the current state of mental health applications, mainly focusing on the role of Federated Learning (FL) and related privacy and data security concerns. The survey provides valuable insights into how these applications are emerging and evolving, specifically emphasizing FL’s impact.
... In phishing detection, privacy is a critical concern, as users' browsing histories and interactions can contain sensitive information. Federated Learning (FL) mitigates this issue by ensuring that data never leaves the client device, it consist of a recent learning techniques that brings the model to data, instead of sending the data to a centralized server [162]. Each FL client takes charge of training a local model with his private local data and only shares the model updates with a central unit. ...
Article
Full-text available
Phishing attacks remain a significant cybersecurity threat, with phishing websites serving as a primary tool for attackers to deceive users and steal sensitive information. The rapid evolution of phishing tactics has spurred the development of increasingly sophisticated detection mechanisms. This paper provides a comprehensive review of state-of-the-art techniques for phishing website detection, highlighting recent advancements in the field. In particular, it addresses emerging methods for detection, such as graph-based, large language model (LLM)-based approaches and phishing kit-based detection methods, which have not been extensively covered in previous surveys. By critically reviewing recent works from reliable databases, this study constructs a new taxonomy for phishing detection techniques. This review offers a comparison of these techniques, highlighting their strengths and limitations, and explores the challenges of real-world applications of these detection systems. Furthermore, the role of artificial intelligence (AI) in phishing website detection is discussed, and future research directions to improve detection capabilities are suggested. This work addresses emerging and uncovered phishing website detection methods in previous review papers and provides valuable insights for both researchers and practitioners working to develop more robust phishing website detection systems.
... After rounds of pre-training, the gradient trajectories of clients often exhibit great potential for clustering and distinctly different distributions (an example is shown in Fig. 5). Besides, we introduce a concept named Hopkins Statistic [37] to assess the clustering trend of the data. If the data points are uniformly distributed in the space, is approximately . ...
Article
Federated Learning (FL) has recently attracted a lot of attention due to its ability to train a machine learning model using data from multiple clients without divulging their privacy. However, the training data across clients can be very heterogeneous in terms of quality, amount, occurrences of specific features, etc. In this paper, we demonstrate how the server can observe data heterogeneity by mining gradient trajectories that the clients compute from a two-dimensional mapping of high-dimensional gradients computed by each client from its bottom layer. Based on these ideas, we propose a new clustered federated learning with gradient trajectory method, called CFLGT, which dynamically clusters clients together based on the gradient trajectories. We analyze CFLGT both theoretically and experimentally to show that it overcomes several drawbacks of mainstream Clustered Federated Learning (CFL) methods and outperforms other baselines.
... Therefore, training a threat detection model necessitates a broad range of data samples. In ML-based attack detection, data scarcity and heterogeneity are critical considerations in each ML scenario [32] [33]. ...
Article
Modern consumer electronics that integrate the concept of connected personal medical devices are known as Smart Healthcare Systems (SHS). The SHS utilized healthcare devices and edge computing for data capture, transmission via smart devices, analysis, and the delivery of healthcare services. Cyberattacks on consumer medical devices in the healthcare sector are becoming increasingly common. Technological frameworks like edge computing can act as an intermediary layer between the cloud and SHS, reducing the burden and enhancing data security and privacy. In this study, we proposed a novel edge intelligence approach for improving medical device security that employs Federated Learning (FL) and network traffic adversarial examples. First, we generated a distinctive dataset using image-based features extracted from network traffic bytes. Secondly, due to the intermittent behavior of clients, the dataset received from each client may be imbalanced, which can negatively affect performance. Third, adversarial examples are generated to assess the robustness of datasets, utilizing four distinct types of adversarial attack methods that introduce perturbations into the input data. Finally, the cooperative FL architecture ensured data security, privacy, and edge intelligence. The proposed method is analyzed using two standard datasets, CICIoMT2024 and Edge-IIoT, achieving 97.45% and 96.7% detection accuracy, respectively.
... To improve accuracy in federated learning, the authors suggest sharing a small set of data across all devices This paper mentions that sharing 5% global data impacts accuracy by a good amount 20 Data poisoning and privacy breaches Anomaly detection and secure aggregation A survey on federated learning security that highlighted potential vulnerabilities in communication channels, data manipulation, and the central server. The paper also identified various attack methods and emphasized the need for further research to ensure robust security for a wider adoption of this technology 23 Challenges in the context of FL and edge computing ...
Article
Full-text available
The growing need for data privacy and security in machine learning has led to exploring novel approaches like federated learning (FL) that allow collaborative training on distributed datasets, offering a decentralized alternative to traditional data collection methods. A prime benefit of FL is its emphasis on privacy, enabling data to stay on local devices by moving models instead of data. Despite its pioneering nature, FL faces issues such as diversity in data types, model complexity, privacy concerns, and the need for efficient resource distribution. This paper illustrates an empirical analysis of these challenges within specially designed scenarios, each aimed at studying a specific problem. In particular, differently from existing literature, we isolate the issues that can arise in an FL framework to observe their nature without the interference of external factors.
Article
This article examines the integration of adaptive machine learning (ML) within federated cloud environments, with a particular focus on its potential to advance data-centric AI. The study reviews the current landscape of federated learning, analyses the challenges and opportunities it presents, and evaluates adaptive ML techniques designed to enhance data privacy and model performance. Combining theoretical analysis with practical case studies, the paper offers valuable insights into the implementation of adaptive ML in federated cloud settings. The findings emphasise the significance of adaptive strategies in improving the efficiency, scalability, and security of AI models in distributed environments.
Article
Full-text available
Federated learning (FL) has been a rapidly growing topic in recent years. The biggest concern in federated learning is data privacy and cybersecurity. There are many algorithms that federated models have to work on to achieve greater efficiency, security, quality and effective learning. This paper focuses on algorithms such as, federated averaging algorithm, differential privacy, federated stochastic variance and reduced gradient (FSVRG). To achieve data privacy and security, this research paper presents the main data statistics with the help of graphs, visual images and design models. Later, data security in federated learning models is researched and case studies are presented to identify risks and possible solutions. Detecting security gaps is a challenge for many companies. This paper presents solutions for the identification of security-related issues which results in a decrease in time complexity and an increase in accuracy. This research sheds light on the topics of federated learning and data security.
Chapter
In the growing world of artificial intelligence, federated learning is a distributed learning framework enhanced to preserve the privacy of individuals’ data. Federated learning lays the groundwork for collaborative research in areas where the data is sensitive. Federated learning has several implications for real-world problems. In times of crisis, when real-time decision-making is critical, federated learning allows multiple entities to work collectively without sharing sensitive data. This distributed approach enables us to leverage information from multiple sources and gain more diverse insights. This chapter is a systematic review of the literature on privacy-preserving machine learning in the last few years based on the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines. Specifically, we have presented an extensive review of supervised/unsupervised machine learning algorithms, ensemble methods, meta-heuristic approaches, blockchain technology, and reinforcement learning used in the framework of federated learning, in addition to an overview of federated learning applications. This chapter reviews the literature on the components of federated learning and its applications in the last few years. The main purpose of this work is to provide researchers and practitioners with a comprehensive overview of federated learning from the machine learning point of view. A discussion of some open problems and future research directions in federated learning is also provided.
Article
Full-text available
Federated learning (FL) allows model training from local data collected by edge/mobile devices while preserving data privacy, which has wide applicability to image and vision applications. A challenge is that client devices in FL usually have much more limited computation and communication resources compared to servers in a data center. To overcome this challenge, we propose PruneFL--a novel FL approach with adaptive and distributed parameter pruning, which adapts the model size during FL to reduce both communication and computation overhead and minimize the overall training time, while maintaining a similar accuracy as the original model. PruneFL includes initial pruning at a selected client and further pruning as part of the FL process. The model size is adapted during this process, which includes maximizing the approximate empirical risk reduction divided by the time of one FL round. Our experiments with various datasets on edge devices (e.g., Raspberry Pi) show that: 1) we significantly reduce the training time compared to conventional FL and various other pruning-based methods and 2) the pruned model with automatically determined size converges to an accuracy that is very similar to the original model, and it is also a lottery ticket of the original model.
Conference Paper
Full-text available
Fairness has emerged as a critical problem in feder- ated learning (FL). In this work, we identify a cause of unfairness in FL – conflicting gradients with large differences in the magnitudes. To address this issue, we propose the federated fair averaging (FedFV) algorithm to mitigate potential conflicts among clients before averaging their gradients. We first use the cosine similarity to detect gradient con- flicts, and then iteratively eliminate such conflicts by modifying both the direction and the magnitude of the gradients. We further show the theoretical foundation of FedFV to mitigate the issue conflict- ing gradients and converge to Pareto stationary so- lutions. Extensive experiments on a suite of fed- erated datasets confirm that FedFV compares fa- vorably against state-of-the-art methods in terms of fairness, accuracy and efficiency. The source code is available at https://github.com/WwZzz/easyFL.
Article
Full-text available
Federated learning (FL) is currently the most widely adopted framework for collaborative training of (deep) machine learning models under privacy constraints. Albeit its popularity, it has been observed that FL yields suboptimal results if the local clients' data distributions diverge. To address this issue, we present clustered FL (CFL), a novel federated multitask learning (FMTL) framework, which exploits geometric properties of the FL loss surface to group the client population into clusters with jointly trainable data distributions. In contrast to existing FMTL approaches, CFL does not require any modifications to the FL communication protocol to be made, is applicable to general nonconvex objectives (in particular, deep neural networks), does not require the number of clusters to be known a priori, and comes with strong mathematical guarantees on the clustering quality. CFL is flexible enough to handle client populations that vary over time and can be implemented in a privacy-preserving way. As clustering is only performed after FL has converged to a stationary point, CFL can be viewed as a postprocessing method that will always achieve greater or equal performance than conventional FL by allowing clients to arrive at more specialized models. We verify our theoretical analysis in experiments with deep convolutional and recurrent neural networks on commonly used FL data sets.
Article
Full-text available
This paper provides a comprehensive study of Federated Learning (FL) with an emphasis on enabling software and hardware platforms, protocols, real-life applications and use-cases. FL can be applicable to multiple domains but applying it to different industries has its own set of obstacles. FL is known as collaborative learning, where algorithm(s) get trained across multiple devices or servers with decentralized data samples without having to exchange the actual data. This approach is radically different from other more established techniques such as getting the data samples uploaded to servers or having data in some form of distributed infrastructure. FL on the other hand generates more robust models without sharing data, leading to privacy-preserved solutions with higher security and access privileges to data. This paper starts by providing an overview of FL. Then, it gives an overview of technical details that pertain to FL enabling technologies, protocols, and applications. Compared to other survey papers in the field, our objective is to provide a more thorough summary of the most relevant protocols, platforms, and real-life use-cases of FL to enable data scientists to build better privacy-preserving solutions for industries in critical need of FL. We also provide an overview of key challenges presented in the recent literature and provide a summary of related research work. Moreover, we explore both the challenges and advantages of FL and present detailed service use-cases to illustrate how different architectures and protocols that use FL can fit together to deliver desired results.
Article
Full-text available
There is a growing interest in the wireless communications community to complement the traditional model-driven design approaches with data-driven machine learning (ML)-based solutions. While conventional ML approaches rely on the assumption of having the data and processing heads in a central entity, this is not always feasible in wireless communications applications because of the inaccessibility of private data and large communication overhead required to transmit raw data to central ML processors. As a result, decentralized ML approaches that keep the data where it is generated are much more appealing. Due to its privacy-preserving nature, federated learning is particularly relevant for many wireless applications, especially in the context of fifth generation (5G) networks. In this article, we provide an accessible introduction to the general idea of federated learning, discuss several possible applications in 5G networks, and describe key technical challenges and open problems for future research on federated learning in the context of wireless communications.
Article
Full-text available
Visual object detection is a computer vision-based artificial intelligence (AI) technique which has many practical applications (e.g., fire hazard monitoring). However, due to privacy concerns and the high cost of transmitting video data, it is highly challenging to build object detection models on centrally stored large training datasets following the current approach. Federated learning (FL) is a promising approach to resolve this challenge. Nevertheless, there currently lacks an easy to use tool to enable computer vision application developers who are not experts in federated learning to conveniently leverage this technology and apply it in their systems. In this paper, we report FedVision - a machine learning engineering platform to support the development of federated learning powered computer vision applications. The platform has been deployed through a collaboration between WeBank and Extreme Vision to help customers develop computer vision-based safety monitoring solutions in smart city applications. Over four months of usage, it has achieved significant efficiency improvement and cost reduction while removing the need to transmit sensitive data for three major corporate customers. To the best of our knowledge, this is the first real application of FL in computer vision-based tasks.
Article
Full-text available
Federated learning (FL) is a distributed machine learning approach that can achieve the purpose of collaborative learning from a large amount of data that belong to different parties without sharing the raw data among the data owners. FL can sufficiently utilize the computing capabilities of multiple learning agents to improve the learning efficiency while providing a better privacy solution for the data owners. FL attracts tremendous interests from a large number of industries due to growing privacy concerns. Future vehicular Internet of Things (IoT) systems, such as cooperative autonomous driving and intelligent transport systems (ITS), feature a large number of devices and privacy-sensitive data where the communication, computing, and storage resources must be efficiently utilized. FL could be a promising approach to solve these existing challenges. In this paper, we first conduct a brief survey of existing studies on FL and its use in wireless IoT. Then we discuss the significance and technical challenges of applying FL in vehicular IoT, and point out future research directions.
Article
Full-text available
Existing traffic flow forecasting approaches by deep learning models achieve excellent success based on a large volume of datasets gathered by governments and organizations. However, these datasets may contain lots of user’s private data, which is challenging the current prediction approaches as user privacy is calling for the public concern in recent years. Therefore, how to develop accurate traffic prediction while preserving privacy is a significant problem to be solved, and there is a trade-off between these two objectives. To address this challenge, we introduce a privacy-preserving machine learning technique named federated learning and propose a Federated Learning-based Gated Recurrent Unit neural network algorithm (FedGRU) for traffic flow prediction. FedGRU differs from current centralized learning methods and updates universal learning models through a secure parameter aggregation mechanism rather than directly sharing raw data among organizations. In the secure parameter aggregation mechanism, we adopt a Federated Averaging algorithm to reduce the communication overhead during the model parameter transmission process. Furthermore, we design a Joint Announcement Protocol to improve the scalability of FedGRU. We also propose an ensemble clustering-based scheme for traffic flow prediction by grouping the organizations into clusters before applying FedGRU algorithm. Extensive case studies on a real-world dataset demonstrate that FedGRU can produce predictions that are merely 0.76 km/h worse than the state-of-the-art in terms of mean average error under the privacy preservation constraint, confirming that the proposed model develops accurate traffic predictions without compromising the data privacy.
Article
Full-text available
With the rapid development of computing technology, wearable devices make it easy to get access to people's health information. Smart healthcare achieves great success by training machine learning models on a large quantity of user personal data. However, there are two critical challenges. Firstly, user data often exists in the form of isolated islands, making it difficult to perform aggregation without compromising privacy security. Secondly, the models trained on the cloud fail on personalization. In this paper, we propose FedHealth, the first federated transfer learning framework for wearable healthcare to tackle these challenges. FedHealth performs data aggregation through federated learning, and then builds relatively personalized models by transfer learning. Wearable activity recognition experiments and real Parkinson's disease auxiliary diagnosis application have evaluated that FedHealth is able to achieve accurate and personalized healthcare without compromising privacy and security. FedHealth is general and extensible in many healthcare applications.
Conference Paper
Full-text available
Federated Learning enables mobile devices to collaboratively learn a shared inference model while keeping all the training data on a user’s device, decoupling the ability to do machine learning from the need to store the data in the cloud. Existing work on federated learning with limited communication demonstrates how random rotation can enable users’ model updates to be quantized much more efficiently, reducing the communication cost between users and the server. Meanwhile, secure aggregation enables the server to learn an aggregate of at least a threshold number of device’s model contributions without observing any individual device’s contribution in unaggregated form. In this paper, we highlight some of the challenges of setting the parameters for secure aggregation to achieve communication efficiency, especially in the context of the aggressively quantized inputs enabled by random rotation. We then develop a recipe for auto-tuning communication-efficient secure aggregation, based on specific properties of random rotation and secure aggregation – namely, the predictable distribution of vector entries post-rotation and the modular wrapping inherent in secure aggregation. We present both theoretical results and initial experiments.
Article
Full-text available
Mobile internet applications on smart phones dominate large portions of daily life for many people. Conventional machine learning-based knowledge acquisition methods collect users’ data in a centralized server, then train an intelligent model, such as recommendation and prediction, using all the collected data. This knowledge acquisition method raises serious privacy concerns, and also violates the rules of the newly published General Data Protection Regulation. This paper proposes a new attention-augmented federated learning framework that can conduct decentralized knowledge acquisition for mobile Internet application scenarios, such as mobile keyboard suggestions. In particular, the attention mechanism aggregates the decentralized knowledge which has been acquired from each mobile using its own data locally. The centralized server aggregates knowledge without direct access to personal data. Experiments on three real-world datasets demonstrate that the proposed framework performs better than other baseline methods in terms of perplexity and communication cost.
Article
Full-text available
There has been significant research in privacy-related aspects of machine learning and large scale data processing. In traditional methods of training a model, data is gathered at a centralized machine where training on the entire data takes place. This has led to a major problem of not only scalability but also of preserving the anonymity and privacy of sensitive user data. As a consequence, there has been extensive work done towards distributed machine learning. In more recent times, Federated Learning has gained a lot of traction. This is because of the features that make it highly suitable to train models collaboratively while preserving the privacy of sensitive data. In this paper, we compare basic machine learning, distributed machine learning, and federated learning by modelling on the Fashion MNIST dataset. Our results show that federated learning model not only maintains privacy but is also fast, and allows deployment at scale- even with low compute, mobile devices.
Chapter
Full-text available
Federated learning can complete an enormous training task efficiently by inviting participants to train a deep learning model collaboratively, and the user privacy will be well preserved for the users only upload model parameters to the centralized server. However, the attackers can initiate poisoning attacks by uploading malicious updates in federated learning. Therefore, the accuracy of the global model will be impacted significantly after the attack. To address this vulnerability, we propose a novel poisoning defense generative adversarial network (PDGAN) to defend the poising attack. The PDGAN can reconstruct training data from model updates and audit the accuracy for each participant model by using the generated data. Precisely, the participant whose accuracy is lower than a predefined threshold will be identified as an attacker and model parameters of the attacker will be removed from the training procedure in this iteration. Experiments conducted on MNIST and Fashion-MNIST datasets demonstrate that our approach can indeed defend the poisoning attacks in federated learning.
Article
Full-text available
Flying Ad-hoc Network (FANET) is a decentralized communication system solely formed by Unmanned Aerial Vehicles (UAVs). In FANET, the UAV clients are vulnerable to various malicious attacks such as the jamming attack. The aerial adversaries in the jamming attack disrupt the communication of the victim network through interference on the receiver side. Jamming attack detection in FANET poses new challenges for its key differences from other ad-hoc networks. First, because of the varying communication range and power consumption constraints, any centralized detection system becomes trivial in FANET. Second, the existing decentralized solutions, disregarding the unbalanced sensory data from new spatial environments, are unsuitable for the highly mobile and spatially heterogeneous UAVs in FANET. Third, given a huge number of UAV clients, the global model may need to choose a sub-group of UAV clients for providing a timely global update. Recently, federated learning has gained attention, as it addresses unbalanced data properties besides providing communication efficiency, thus making it a suitable choice for FANET. Therefore, we propose a federated learning-based on-device jamming attack detection security architecture for FANET. We enhance the proposed federated learning model with a client group prioritization technique leveraging the Dempster–Shafer theory. The proposed client group prioritization mechanism allows the aggregator node to identify better client groups for calculating the global update. We evaluated our mechanism with datasets from publicly available standardized jamming attack scenarios by CRAWDAD and the ns-3 simulated FANET architecture and showed that, in terms of accuracy, our proposed solution (82.01% for the CRAWDAD dataset and 89.73% for the ns-3 simulated FANET dataset) outperforms the traditional distributed solution (49.11% for the CRAWDAD dataset and 65.62% for the ns-3 simulated FANET dataset). Moreover, the Dempster–Shafer-based client group prioritization mechanism identifies the best client groups out of 56 client group combinations for efficient federated averaging.
Article
Full-text available
Distributed machine learning (DML) can realize massive dataset training when no single node can work out the accurate results within an acceptable time. However, this will inevitably expose more potential targets to attackers compared with the non-distributed environment. In this paper, we classify DML into basic-DML and semi-DML. In basic-DML, the center server dispatches learning tasks to distributed machines and aggregates their learning results. While in semi-DML, the center server further devotes resources into dataset learning in addition to its duty in basic-DML. We firstly put forward a novel data poison detection scheme for basic-DML, which utilizes a cross-learning mechanism to find out the poisoned data. We prove that the proposed cross-learning mechanism would generate training loops, based on which a mathematical model is established to find the optimal number of training loops. Then, for semi-DML, we present an improved data poison detection scheme to provide better learning protection with the aid of the central resource. To efficiently utilize the system resources, an optimal resource allocation approach is developed. Simulation results show that the proposed scheme can significantly improve the accuracy of the final model by up to 20% for support vector machine and 60% for logistic regression in the basic-DML scenario. Moreover, in the semi-DML scenario, the improved data poison detection scheme with optimal resource allocation can decrease the wasted resources for 20-100%.
Conference Paper
Full-text available
Federated learning facilitates the collaborative training of models without the sharing of raw data. However, recent attacks demonstrate that simply maintaining data locality during training processes does not provide sufficient privacy guarantees. Rather, we need a federated learning system capable of preventing inference over both the messages exchanged during training and the final trained model while ensuring the resulting model also has acceptable predictive accuracy. Existing federated learning approaches either use secure multiparty computation (SMC) which is vulnerable to inference or differential privacy which can lead to low accuracy given a large number of parties with relatively small amounts of data each. In this paper, we present an alternative approach that utilizes both differential privacy and SMC to balance these trade-offs. Combining differential privacy with secure multiparty computation enables us to reduce the growth of noise injection as the number of parties increases without sacrificing privacy while maintaining a pre-defined rate of trust. Our system is therefore a scalable approach that protects against inference threats and produces models with high accuracy. Additionally, our system can be used to train a variety of machine learning models, which we validate with experimental results on 3 different machine learning algorithms. Our experiments demonstrate that our approach out-performs state of the art solutions.
Article
We introduce a novel federated learning framework allowing multiple parties having different sets of attributes about the same user to jointly build models without exposing their raw data or model parameters. Conventional federated learning approaches are inefficient for cross-silo problems because they require the exchange of messages for gradient updates at every iteration, and raise security concerns over sharing such messages during learning. We propose a Federated Stochastic Block Coordinate Descent (FedBCD) algorithm, allowing each party to conduct multiple local updates before each communication to effectively reduce communication overhead. Under a practical security model, we show that parties cannot infer others' exact raw data (“ deep leakage ”) from collections of messages exchanged in our framework, regardless of the number of communication to be performed. Further, we provide convergence guarantees and empirical evaluations on a variety of tasks and datasets, demonstrating significant improvement inefficiency.
Article
We address the problem of federated learning (FL) where users are distributed and partitioned into clusters. This setup captures settings where different groups of users have their own objectives (learning tasks) but by aggregating their data with others in the same cluster (same learning task), they can leverage the strength in numbers in order to perform more efficient federated learning. For this new framework of clustered federated learning, we propose the Iterative Federated Clustering Algorithm (IFCA), which alternately estimates the cluster identities of the users and optimizes model parameters for the user clusters via gradient descent. We analyze the convergence rate of this algorithm first in a linear model with squared loss and then for generic strongly convex and smooth loss functions. We show that in both settings, with good initialization, IFCA is guaranteed to converge, and discuss the optimality of the statistical error rate. In particular, for the linear model with two clusters, we can guarantee that our algorithm converges as long as the initialization is slightly better than random. When the clustering structure is ambiguous, we propose to train the models by combining IFCA with the weight sharing technique in multi-task learning. In the experiments, we show that our algorithm can succeed even if we relax the requirements on initialization with random initialization and multiple restarts. We also present experimental results showing that our algorithm is efficient in non-convex problems such as neural networks. We demonstrate the benefits of IFCA over the baselines on several clustered FL benchmarks.
Article
2018 Curran Associates Inc. All rights reserved. A recent line of work has uncovered a new form of data poisoning: so-called backdoor attacks. These attacks are particularly dangerous because they do not affect a network's behavior on typical, benign data. Rather, the network only deviates from its expected output when triggered by a perturbation planted by an adversary. In this paper, we identify a new property of all known backdoor attacks, which we call spectral signatures. This property allows us to utilize tools from robust statistics to thwart the attacks. We demonstrate the efficacy of these signatures in detecting and removing poisoned examples on real image sets and state of the art neural network architectures. We believe that understanding spectral signatures is a crucial first step towards designing ML systems secure against such backdoor attacks.
Article
The protection of user privacy is an important concern in machine learning, as evidenced by the rolling out of the General Data Protection Regulation (GDPR) in the European Union (EU) in May 2018. The GDPR is designed to give users more control over their personal data, which motivates us to explore machine learning frameworks for data sharing that do not violate user privacy. To meet this goal, in this paper, we propose a novel lossless privacy-preserving tree-boosting system known as SecureBoost in the setting of federated learning. This federated-learning system allows the learning process to be jointly conducted over multiple parties with partially common user samples but different feature sets, which corresponds to a vertically partitioned data set. An advantage of SecureBoost is that it provides the same level of accuracy as the non privacy-preserving approach while at the same time, reveals no information of each private data provider. We formally prove that the SecureBoost framework is as accurate as other non-federated gradient tree-boosting algorithms that concentrate data in one place. In addition, we describe information leakage during the protocol execution and propose ways to provably reduce it.
Chapter
Distributed machine learning algorithms play a significant role in processing massive data sets over large networks. However, the increasing reliance on machine learning on information and communication technologies (ICTs) makes it inherently vulnerable to cyber threats. This work aims to develop secure distributed algorithms to protect the learning from data poisoning and network attacks. We establish a game-theoretic framework to capture the conflicting goals of a learner who uses distributed support vector machines (SVMs) and an attacker who is capable of modifying training data and labels. We develop a fully distributed and iterative algorithm to capture real-time reactions of the learner at each node to adversarial behaviors. The numerical results show that distributed SVM is prone to fail in different types of attacks, and their impact has a strong dependence on the network structure and attack capabilities.
Article
Recent developments in technologies such as MEC and AI contribute significantly in accelerating the deployment of VCPS. Techniques such as dynamic content caching, efficient resource allocation, and data sharing play a crucial role in enhancing the service quality and user driving experience. Meanwhile, data leakage in VCPS can lead to physical consequences such as endangering passenger safety and privacy, and causing severe property loss for data providers. The increasing volume of data, the dynamic network topology, and the availability of limited resources make data leakage in VCPS an even more challenging problem, especially when it involves multiple users and multiple transmission channels. In this article, we first propose a secure and intelligent architecture for enhancing data privacy. Then we present our new privacy-preserving federated learning mechanism and design a two-phase mitigating scheme consisting of intelligent data transformation and collaborative data leakage detection. Numerical results based on a real-world dataset demonstrate the effectiveness of our proposed scheme and show that our scheme achieves good accuracy, efficiency, and high security.
Article
The protection of user private data has long been the focus of AI security. We know that training machine learning models rely on large amounts of user data. However, user data often exists in the form of isolated islands that can not be integrated under many secure and legal constraints. The large-scale application of image steganalysis algorithms in real life is still not satisfactory due to the following challenges. First, it is difficult to aggregate all of the scattered steganographic images to train a robust classifier. Second, even if the images are encrypted, participants do not want irrelevant people to peek into the hidden information, resulting in the disclosure of private data. Finally, it is often impossible for different participants to train their tailored models. In this paper, we introduce a novel framework, referred to as FedSteg, to train a secure, personalized distributed model through federated transfer learning to fulfill secure image steganalysis. Extensive experiments on detecting several state-of-the-art steganographic methods i.e., WOW, S-UNIWARD, and HILL, validate that FedSteg achieves certain improvements compared to traditional non-federated steganalysis approaches. In addition, FedSteg is highly extensible and can be easily employed to various large-scale secure steganographic recognition tasks.
Article
Internet of Things (IoT) devices and systems will be increasingly targeted by cybercriminals (including nation state-sponsored or affiliated threat actors) as they become an integral part of our connected society and ecosystem. However, the challenges in securing these devices and systems are compounded by the scale and diversity of deployment, the fast-paced cyber threat landscape, and many other factors. Thus, in this paper, we design an approach using advanced deep learning to detect cyber attacks against IoT systems. Specifically, our approach integrates a set of Long-Short-Term-Memory (LSTM) modules into an ensemble of detectors. These modules are then merged using a decision tree to arrive at an aggregated output at the final stage. We evaluate the effectiveness of our approach using a real-world dataset of Modbus network traffic and obtain an accuracy rate of over 99% in the detection of cyber attacks against IoT devices.
Article
We propose FedGP, a framework for privacy-preserving data release in the federated learning setting. We use generative adversarial networks, generator components of which are trained by FedAvg algorithm, to draw private artificial data samples and empirically assess the risk of information disclosure. Our experiments show that FedGP is able to generate labelled data of high quality to successfully train and validate supervised models. Finally, we demonstrate that our approach significantly reduces vulnerability of such models to model inversion attacks.
Article
Federated learning involves training statistical models over remote devices or siloed data centers, such as mobile phones or hospitals, while keeping data localized. Training in heterogeneous and potentially massive networks introduces novel challenges that require a fundamental departure from standard approaches for large-scale machine learning, distributed optimization, and privacy-preserving data analysis. In this article, we discuss the unique characteristics and challenges of federated learning, provide a broad overview of current approaches, and outline several directions of future work that are relevant to a wide range of research communities.
Article
Machine learning relies on the availability of vast amounts of data for training. However, in reality, data are mostly scattered across different organizations and cannot be easily integrated due to many legal and practical constraints. To address this important challenge in the field of machine learning, we introduce a new technique and framework, known as federated transfer learning (FTL), to improve statistical modeling under a data federation. FTL allows knowledge to be shared without compromising user privacy and enables complementary knowledge to be transferred across domains in a data federation, thereby enabling a target-domain party to build flexible and effective models by leveraging rich labels from a source domain. This framework requires minimal modifications to the existing model structure and provides the same level of accuracy as the non-privacy-preserving transfer learning. It is flexible and can be effectively adapted to various secure multi-party machine learning tasks.
Article
Federated learning (FL), as a type of distributed machine learning, is capable of significantly preserving clients’ private data from being exposed to adversaries. Nevertheless, private information can still be divulged by analyzing uploaded parameters from clients, e.g., weights trained in deep neural networks. In this paper, to effectively prevent information leakage, we propose a novel framework based on the concept of differential privacy (DP), in which artificial noise is added to parameters at the clients’ side before aggregating, namely, noising before model aggregation FL (NbAFL). First, we prove that the NbAFL can satisfy DP under distinct protection levels by properly adapting different variances of artificial noise. Then we develop a theoretical convergence bound on the loss function of the trained FL model in the NbAFL. Specifically, the theoretical bound reveals the following three key properties: 1) there is a tradeoff between convergence performance and privacy protection levels, i.e., better convergence performance leads to a lower protection level; 2) given a fixed privacy protection level, increasing the number N of overall clients participating in FL can improve the convergence performance; and 3) there is an optimal number aggregation times (communication rounds) in terms of convergence performance for a given protection level. Furthermore, we propose a K -client random scheduling strategy, where K ( 1K<N1\leq K< N ) clients are randomly selected from the N overall clients to participate in each aggregation. We also develop a corresponding convergence bound for the loss function in this case and the K -client random scheduling strategy also retains the above three properties. Moreover, we find that there is an optimal K that achieves the best convergence performance at a fixed privacy level. Evaluations demonstrate that our theoretical results are consistent with simulations, thereby facilitating the design of various privacy-preserving FL algorithms with different tradeoff requirements on convergence performance and privacy levels.
Article
In recent years, mobile devices are equipped with increasingly advanced sensing and computing capabilities. Coupled with advancements in Deep Learning (DL), this opens up countless possibilities for meaningful applications, e.g., for medical purposes and in vehicular networks. Traditional cloud-based Machine Learning (ML) approaches require the data to be centralized in a cloud server or data center. However, this results in critical issues related to unacceptable latency and communication inefficiency. To this end, Mobile Edge Computing (MEC) has been proposed to bring intelligence closer to the edge, where data is produced. However, conventional enabling technologies for ML at mobile edge networks still require personal data to be shared with external parties, e.g., edge servers. Recently, in light of increasingly stringent data privacy legislations and growing privacy concerns, the concept of Federated Learning (FL) has been introduced. In FL, end devices use their local data to train an ML model required by the server. The end devices then send the model updates rather than raw data to the server for aggregation. FL can serve as an enabling technology in mobile edge networks since it enables the collaborative training of an ML model and also enables DL for mobile edge network optimization. However, in a large-scale and complex mobile edge network, heterogeneous devices with varying constraints are involved. This raises challenges of communication costs, resource allocation, and privacy and security in the implementation of FL at scale. In this survey, we begin with an introduction to the background and fundamentals of FL. Then, we highlight the aforementioned challenges of FL implementation and review existing solutions. Furthermore, we present the applications of FL for mobile edge network optimization. Finally, we discuss the important challenges and future research directions in FL.
Article
In Internet of Vehicles (IoV), data sharing among vehicles for collaborative analysis can improve the driving experience and service quality. However, the security and privacy issues hinder data providers from participating in the data sharing process. In addition, due to the intermittent and unreliable communications in IoV, the efficiency and reliability of data sharing need to be further enhanced. In this paper, we propose a new architecture for data sharing based on blockchain and federated learning. To enhance the efficiency and security of data sharing, we develop a hybrid blockchain architecture which consists of the permissioned blockchain and the local Directed Acyclic Graph (DAG). Moreover, we propose an asynchronous federated learning scheme by adopting Deep Reinforcement Learning (DRL) for node selection to improve the efficiency. The reliability of shared data is also guaranteed by integrating learned models into blockchain and executing a two-stage verification. Numerical results show that the proposed data sharing scheme provides both higher learning accuracy and convergence efficiency.