Journal article 90 views 35 downloads
A survey on vulnerability of federated learning: A learning algorithm perspective
Xianghua Xie 
,
Chen Hu,
Hans Ren,
Jingjing Deng
,
Chen Hu,
Hans Ren,
Jingjing Deng
Neurocomputing, Volume: 573, Start page: 127225
Swansea University Authors:
Xianghua Xie , Chen Hu, Hans Ren
-
PDF | Version of Record
© 2024 The Author(s). This is an open access article under the CC BY license.
Download (5.14MB)
DOI (Published version): 10.1016/j.neucom.2023.127225
Abstract
Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, priv...
| Published in: | Neurocomputing |
|---|---|
| ISSN: | 0925-2312 |
| Published: |
Elsevier BV
2024
|
| Online Access: |
Check full text
|
| URI: | https://cronfa.swan.ac.uk/Record/cronfa65451 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| first_indexed |
2024-01-16T10:52:25Z |
|---|---|
| last_indexed |
2024-01-16T10:52:25Z |
| id |
cronfa65451 |
| recordtype |
SURis |
| fullrecord |
<?xml version="1.0" encoding="utf-8"?><rfc1807 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><bib-version>v2</bib-version><id>65451</id><entry>2024-01-16</entry><title>A survey on vulnerability of federated learning: A learning algorithm perspective</title><swanseaauthors><author><sid>b334d40963c7a2f435f06d2c26c74e11</sid><ORCID>0000-0002-2701-8660</ORCID><firstname>Xianghua</firstname><surname>Xie</surname><name>Xianghua Xie</name><active>true</active><ethesisStudent>false</ethesisStudent></author><author><sid>55d3ba5f8378c2e3439d7e3962aee726</sid><firstname>Chen</firstname><surname>Hu</surname><name>Chen Hu</name><active>true</active><ethesisStudent>false</ethesisStudent></author><author><sid>9e043b899a2b786672a28ed4f864ffcc</sid><firstname>Hans</firstname><surname>Ren</surname><name>Hans Ren</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2024-01-16</date><deptcode>MACS</deptcode><abstract>Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, privacy and security and are critical. However, this decentralized training process also opens up new avenues for opponents to launch unique attacks, where it has been becoming an urgent need to understand the vulnerabilities and corresponding defense mechanisms from a learning algorithm perspective. This review paper takes a comprehensive look at malicious attacks against FL, categorizing them from new perspectives on attack origins and targets, and providing insights into their methodology and impact. In this survey, we focus on threat models targeting the learning process of FL systems. Based on the source and target of the attack, we categorize existing threat models into four types, Data to Model (D2M), Model to Data (M2D), Model to Model (M2M) and composite attacks. For each attack type, we discuss the defense strategies proposed, highlighting their effectiveness, assumptions and potential areas for improvement. Defense strategies have evolved from using a singular metric to excluding malicious clients, to employing a multifaceted approach examining client models at various phases. In this survey paper, our research indicates that the to-learn data, the learning gradients, and the learned model at different stages all can be manipulated to initiate malicious attacks that range from undermining model performance, reconstructing private local data, and to inserting backdoors. We have also seen these threat are becoming more insidious. While earlier studies typically amplified malicious gradients, recent endeavors subtly alter the least significant weights in local models to bypass defense measures. This literature review provides a holistic understanding of the current FL threat landscape and highlights the importance of developing robust, efficient, and privacy-preserving defenses to ensure the safe and trusted adoption of FL in real-world applications. The categorized bibliography can be found at: https://github.com/Rand2AI/Awesome-Vulnerability-of-Federated-Learning.</abstract><type>Journal Article</type><journal>Neurocomputing</journal><volume>573</volume><journalNumber/><paginationStart>127225</paginationStart><paginationEnd/><publisher>Elsevier BV</publisher><placeOfPublication/><isbnPrint/><isbnElectronic/><issnPrint>0925-2312</issnPrint><issnElectronic/><keywords>Federated Learning, Deep Learning, Model vulnerability, Privacy preserving</keywords><publishedDay>7</publishedDay><publishedMonth>3</publishedMonth><publishedYear>2024</publishedYear><publishedDate>2024-03-07</publishedDate><doi>10.1016/j.neucom.2023.127225</doi><url/><notes/><college>COLLEGE NANME</college><department>Mathematics and Computer Science School</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>MACS</DepartmentCode><institution>Swansea University</institution><apcterm>SU Library paid the OA fee (TA Institutional Deal)</apcterm><funders>Swansea University</funders><projectreference/><lastEdited>2024-05-31T13:16:31.1170748</lastEdited><Created>2024-01-16T10:41:53.9942293</Created><path><level id="1">Faculty of Science and Engineering</level><level id="2">School of Mathematics and Computer Science - Computer Science</level></path><authors><author><firstname>Xianghua</firstname><surname>Xie</surname><orcid>0000-0002-2701-8660</orcid><order>1</order></author><author><firstname>Chen</firstname><surname>Hu</surname><order>2</order></author><author><firstname>Hans</firstname><surname>Ren</surname><order>3</order></author><author><firstname>Jingjing</firstname><surname>Deng</surname><orcid>0000-0001-9274-651x</orcid><order>4</order></author></authors><documents><document><filename>65451__29558__dfca8db1dd4e4d058ed0d5241017da07.pdf</filename><originalFilename>65451.pdf</originalFilename><uploaded>2024-02-15T15:21:02.6207990</uploaded><type>Output</type><contentLength>5387723</contentLength><contentType>application/pdf</contentType><version>Version of Record</version><cronfaStatus>true</cronfaStatus><documentNotes>© 2024 The Author(s). This is an open access article under the CC BY license.</documentNotes><copyrightCorrect>true</copyrightCorrect><language>eng</language><licence>http://creativecommons.org/licenses/by/4.0/</licence></document></documents><OutputDurs/></rfc1807> |
| spelling |
v2 65451 2024-01-16 A survey on vulnerability of federated learning: A learning algorithm perspective b334d40963c7a2f435f06d2c26c74e11 0000-0002-2701-8660 Xianghua Xie Xianghua Xie true false 55d3ba5f8378c2e3439d7e3962aee726 Chen Hu Chen Hu true false 9e043b899a2b786672a28ed4f864ffcc Hans Ren Hans Ren true false 2024-01-16 MACS Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, privacy and security and are critical. However, this decentralized training process also opens up new avenues for opponents to launch unique attacks, where it has been becoming an urgent need to understand the vulnerabilities and corresponding defense mechanisms from a learning algorithm perspective. This review paper takes a comprehensive look at malicious attacks against FL, categorizing them from new perspectives on attack origins and targets, and providing insights into their methodology and impact. In this survey, we focus on threat models targeting the learning process of FL systems. Based on the source and target of the attack, we categorize existing threat models into four types, Data to Model (D2M), Model to Data (M2D), Model to Model (M2M) and composite attacks. For each attack type, we discuss the defense strategies proposed, highlighting their effectiveness, assumptions and potential areas for improvement. Defense strategies have evolved from using a singular metric to excluding malicious clients, to employing a multifaceted approach examining client models at various phases. In this survey paper, our research indicates that the to-learn data, the learning gradients, and the learned model at different stages all can be manipulated to initiate malicious attacks that range from undermining model performance, reconstructing private local data, and to inserting backdoors. We have also seen these threat are becoming more insidious. While earlier studies typically amplified malicious gradients, recent endeavors subtly alter the least significant weights in local models to bypass defense measures. This literature review provides a holistic understanding of the current FL threat landscape and highlights the importance of developing robust, efficient, and privacy-preserving defenses to ensure the safe and trusted adoption of FL in real-world applications. The categorized bibliography can be found at: https://github.com/Rand2AI/Awesome-Vulnerability-of-Federated-Learning. Journal Article Neurocomputing 573 127225 Elsevier BV 0925-2312 Federated Learning, Deep Learning, Model vulnerability, Privacy preserving 7 3 2024 2024-03-07 10.1016/j.neucom.2023.127225 COLLEGE NANME Mathematics and Computer Science School COLLEGE CODE MACS Swansea University SU Library paid the OA fee (TA Institutional Deal) Swansea University 2024-05-31T13:16:31.1170748 2024-01-16T10:41:53.9942293 Faculty of Science and Engineering School of Mathematics and Computer Science - Computer Science Xianghua Xie 0000-0002-2701-8660 1 Chen Hu 2 Hans Ren 3 Jingjing Deng 0000-0001-9274-651x 4 65451__29558__dfca8db1dd4e4d058ed0d5241017da07.pdf 65451.pdf 2024-02-15T15:21:02.6207990 Output 5387723 application/pdf Version of Record true © 2024 The Author(s). This is an open access article under the CC BY license. true eng http://creativecommons.org/licenses/by/4.0/ |
| title |
A survey on vulnerability of federated learning: A learning algorithm perspective |
| spellingShingle |
A survey on vulnerability of federated learning: A learning algorithm perspective Xianghua Xie Chen Hu Hans Ren |
| title_short |
A survey on vulnerability of federated learning: A learning algorithm perspective |
| title_full |
A survey on vulnerability of federated learning: A learning algorithm perspective |
| title_fullStr |
A survey on vulnerability of federated learning: A learning algorithm perspective |
| title_full_unstemmed |
A survey on vulnerability of federated learning: A learning algorithm perspective |
| title_sort |
A survey on vulnerability of federated learning: A learning algorithm perspective |
| author_id_str_mv |
b334d40963c7a2f435f06d2c26c74e11 55d3ba5f8378c2e3439d7e3962aee726 9e043b899a2b786672a28ed4f864ffcc |
| author_id_fullname_str_mv |
b334d40963c7a2f435f06d2c26c74e11_***_Xianghua Xie 55d3ba5f8378c2e3439d7e3962aee726_***_Chen Hu 9e043b899a2b786672a28ed4f864ffcc_***_Hans Ren |
| author |
Xianghua Xie Chen Hu Hans Ren |
| author2 |
Xianghua Xie Chen Hu Hans Ren Jingjing Deng |
| format |
Journal article |
| container_title |
Neurocomputing |
| container_volume |
573 |
| container_start_page |
127225 |
| publishDate |
2024 |
| institution |
Swansea University |
| issn |
0925-2312 |
| doi_str_mv |
10.1016/j.neucom.2023.127225 |
| publisher |
Elsevier BV |
| college_str |
Faculty of Science and Engineering |
| hierarchytype |
|
| hierarchy_top_id |
facultyofscienceandengineering |
| hierarchy_top_title |
Faculty of Science and Engineering |
| hierarchy_parent_id |
facultyofscienceandengineering |
| hierarchy_parent_title |
Faculty of Science and Engineering |
| department_str |
School of Mathematics and Computer Science - Computer Science{{{_:::_}}}Faculty of Science and Engineering{{{_:::_}}}School of Mathematics and Computer Science - Computer Science |
| document_store_str |
1 |
| active_str |
0 |
| description |
Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, privacy and security and are critical. However, this decentralized training process also opens up new avenues for opponents to launch unique attacks, where it has been becoming an urgent need to understand the vulnerabilities and corresponding defense mechanisms from a learning algorithm perspective. This review paper takes a comprehensive look at malicious attacks against FL, categorizing them from new perspectives on attack origins and targets, and providing insights into their methodology and impact. In this survey, we focus on threat models targeting the learning process of FL systems. Based on the source and target of the attack, we categorize existing threat models into four types, Data to Model (D2M), Model to Data (M2D), Model to Model (M2M) and composite attacks. For each attack type, we discuss the defense strategies proposed, highlighting their effectiveness, assumptions and potential areas for improvement. Defense strategies have evolved from using a singular metric to excluding malicious clients, to employing a multifaceted approach examining client models at various phases. In this survey paper, our research indicates that the to-learn data, the learning gradients, and the learned model at different stages all can be manipulated to initiate malicious attacks that range from undermining model performance, reconstructing private local data, and to inserting backdoors. We have also seen these threat are becoming more insidious. While earlier studies typically amplified malicious gradients, recent endeavors subtly alter the least significant weights in local models to bypass defense measures. This literature review provides a holistic understanding of the current FL threat landscape and highlights the importance of developing robust, efficient, and privacy-preserving defenses to ensure the safe and trusted adoption of FL in real-world applications. The categorized bibliography can be found at: https://github.com/Rand2AI/Awesome-Vulnerability-of-Federated-Learning. |
| published_date |
2024-03-07T13:16:30Z |
| _version_ |
1800570447080718336 |
| score |
11.012924 |