Privacy and Security in Federated Learning: A Survey

In recent years, privacy concerns have become a serious issue for companies wishing to protect economic models and comply with end-user expectations. In the same vein, some countries now impose, by law, constraints on data use and protection. Such context thus encourages machine learning to evolve f...

Full description

Saved in:
Bibliographic Details
Published inApplied sciences Vol. 12; no. 19; p. 9901
Main Authors Gosselin, Rémi, Vieu, Loïc, Loukil, Faiza, Benoit, Alexandre
Format Journal Article
LanguageEnglish
Published Multidisciplinary digital publishing institute (MDPI) 01.10.2022
MDPI AG
Subjects
Computer Science
deep learning
distributed learning
federated learning
machine learning
privacy
survey
Online AccessGet full text
ISSN2076-3417
2076-3417
DOI10.3390/app12199901

Cover

Abstract In recent years, privacy concerns have become a serious issue for companies wishing to protect economic models and comply with end-user expectations. In the same vein, some countries now impose, by law, constraints on data use and protection. Such context thus encourages machine learning to evolve from a centralized data and computation approach to decentralized approaches. Specifically, Federated Learning (FL) has been recently developed as a solution to improve privacy, relying on local data to train local models, which collaborate to update a global model that improves generalization behaviors. However, by definition, no computer system is entirely safe. Security issues, such as data poisoning and adversarial attack, can introduce bias in the model predictions. In addition, it has recently been shown that the reconstruction of private raw data is still possible. This paper presents a comprehensive study concerning various privacy and security issues related to federated learning. Then, we identify the state-of-the-art approaches that aim to counteract these problems. Findings from our study confirm that the current major security threats are poisoning, backdoor, and Generative Adversarial Network (GAN)-based attacks, while inference-based attacks are the most critical to the privacy of FL. Finally, we identify ongoing research directions on the topic. This paper could be used as a reference to promote cybersecurity-related research on designing FL-based solutions for alleviating future challenges.
AbstractList In recent years, privacy concerns have become a serious issue for companies wishing to protect economic models and comply with end-user expectations. In the same vein, some countries now impose, by law, constraints on data use and protection. Such context thus encourages machine learning to evolve from a centralized data and computation approach to decentralized approaches. Specifically, Federated Learning (FL) has been recently developed as a solution to improve privacy, relying on local data to train local models, which collaborate to update a global model that improves generalization behaviors. However, by definition, no computer system is entirely safe. Security issues, such as data poisoning and adversarial attack, can introduce bias in the model predictions. In addition, it has recently been shown that the reconstruction of private raw data is still possible. This paper presents a comprehensive study concerning various privacy and security issues related to federated learning. Then, we identify the state-of-the-art approaches that aim to counteract these problems. Findings from our study confirm that the current major security threats are poisoning, backdoor, and Generative Adversarial Network (GAN)-based attacks, while inference-based attacks are the most critical to the privacy of FL. Finally, we identify ongoing research directions on the topic. This paper could be used as a reference to promote cybersecurity-related research on designing FL-based solutions for alleviating future challenges.
Author Gosselin, Rémi
Benoit, Alexandre
Vieu, Loïc
Loukil, Faiza
Author_xml – sequence: 1
  givenname: Rémi
  surname: Gosselin
  fullname: Gosselin, Rémi
– sequence: 2
  givenname: Loïc
  surname: Vieu
  fullname: Vieu, Loïc
– sequence: 3
  givenname: Faiza
  orcidid: 0000-0003-4753-060X
  surname: Loukil
  fullname: Loukil, Faiza
– sequence: 4
  givenname: Alexandre
  orcidid: 0000-0002-0627-4948
  surname: Benoit
  fullname: Benoit, Alexandre
BackLink https://hal.science/hal-03794100$$DView record in HAL
BookMark eNptkFtLw0AQhRepYK198g_kVSS6t-5mfSvF2kJAofq8TPZSt8SkbNJC_r2pFanivMxw5jsHZi7RoKorh9A1wXeMKXwP2y2hRCmFyRkaUixFyjiRg5P5Ao2bZoP7UoRlBA8Rf4lhD6ZLoLLJypldDG2XhCqZO-sitM4muYNYhWr9kEyT1S7uXXeFzj2UjRt_9xF6mz--zhZp_vy0nE3z1HAm2tRbxjChYISwE04oV7YQ1HnOLYgJwY7ZfukUNR4KL4oJt9gWjDPsFAgr2Qgtj7m2ho3exvABsdM1BP0l1HGtIbbBlE57y7ln_VVUZjxjBiTPMOVSUlp4meE-6-aY9Q7lr6jFNNcHDTOpOMF4T3r29siaWDdNdP7HQLA-_Fqf_LqnyR_ahBbaUFdthFD-6_kEj3aAkg
CitedBy_id crossref_primary_10_1002_spy2_403
crossref_primary_10_1145_3701724
crossref_primary_10_2139_ssrn_4945516
crossref_primary_10_1007_s10462_024_10970_5
crossref_primary_10_1016_j_inffus_2024_102598
crossref_primary_10_1016_j_aei_2025_103179
crossref_primary_10_3390_foods13060846
crossref_primary_10_3390_fi16110415
crossref_primary_10_1007_s11390_024_3702_7
crossref_primary_10_14201_adcaij_31647
crossref_primary_10_3390_en17215337
crossref_primary_10_1016_j_future_2024_06_023
crossref_primary_10_1177_2057150X251314299
crossref_primary_10_3390_fi15120383
crossref_primary_10_1109_MCI_2024_3487955
crossref_primary_10_1109_JIOT_2023_3347552
crossref_primary_10_3390_electronics12214463
crossref_primary_10_3390_jsan14010009
crossref_primary_10_1016_j_softx_2024_101765
crossref_primary_10_1109_JIOT_2024_3492074
crossref_primary_10_1016_j_neucom_2024_127427
crossref_primary_10_1093_gigascience_giae021
crossref_primary_10_1109_ACCESS_2024_3404948
crossref_primary_10_1049_cth2_12761
crossref_primary_10_3390_s23031252
crossref_primary_10_3390_app132111722
crossref_primary_10_32604_cmc_2024_049846
crossref_primary_10_1016_j_ejcped_2024_100196
crossref_primary_10_1016_j_eswa_2024_126233
crossref_primary_10_1109_TAI_2024_3426408
crossref_primary_10_1016_j_cose_2024_103801
crossref_primary_10_1016_j_iotcps_2023_04_001
crossref_primary_10_1016_j_iot_2023_100947
crossref_primary_10_3390_bdcc6040127
crossref_primary_10_1080_07366981_2023_2301832
crossref_primary_10_1007_s10586_024_04567_4
crossref_primary_10_3390_electronics13183672
crossref_primary_10_7717_peerj_cs_1778
crossref_primary_10_1016_j_bspc_2023_105416
crossref_primary_10_1016_j_engappai_2023_107166
crossref_primary_10_3390_pr12061262
crossref_primary_10_1007_s00521_023_09160_1
crossref_primary_10_1109_ACCESS_2024_3418016
crossref_primary_10_1109_ACCESS_2024_3458437
crossref_primary_10_1038_s41598_024_70375_w
crossref_primary_10_1016_j_rineng_2024_103886
crossref_primary_10_1109_ACCESS_2024_3388992
crossref_primary_10_1016_j_comnet_2023_109650
crossref_primary_10_1109_ACCESS_2023_3238823
Cites_doi 10.23919/APNOMS.2019.8892848
10.1109/ICPADS47876.2019.00042
10.1038/s41591-022-01768-5
10.1145/3457607
10.1016/j.cose.2021.102402
10.1109/SP.2019.00065
10.1109/JIOT.2020.3017377
10.1109/TII.2019.2945367
10.1109/TrustCom/BigDataSE.2019.00057
10.1109/TPDS.2020.3044223
10.1016/j.future.2020.10.007
10.1109/JIOT.2020.3023126
10.1145/3133956.3134012
10.1109/TIFS.2019.2929409
10.1007/978-3-030-63076-8_1
10.1109/SP.2019.00029
10.1007/978-3-030-00470-5_13
10.1007/s00105-021-04940-z
10.1007/978-3-030-58951-6_24
10.3390/computers9010008
10.1561/2200000083
10.1038/s41591-021-01506-3
10.1109/INFOCOM.2019.8737416
10.1038/s41586-021-03583-3
10.1109/JSAC.2020.3000372
10.1016/j.cie.2021.107174
10.1109/LCOMM.2019.2921755
10.1016/j.future.2021.10.016
10.1109/TII.2022.3170348
10.1109/IJCNN48605.2020.9207469
ContentType Journal Article
Copyright Distributed under a Creative Commons Attribution 4.0 International License
Copyright_xml – notice: Distributed under a Creative Commons Attribution 4.0 International License
DBID AAYXX
CITATION
1XC
DOA
DOI 10.3390/app12199901
DatabaseName CrossRef
Hyper Article en Ligne (HAL)
DOAJ Directory of Open Access Journals
DatabaseTitle CrossRef
DatabaseTitleList
CrossRef
Database_xml – sequence: 1
  dbid: DOA
  name: Directory of Open Access Journals
  url: https://www.doaj.org/
  sourceTypes: Open Website
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Sciences (General)
Computer Science
EISSN 2076-3417
ExternalDocumentID oai_doaj_org_article_fd44f3913278483ca7480247722bf780
oai_HAL_hal_03794100v1
10_3390_app12199901
GroupedDBID .4S
2XV
5VS
7XC
8CJ
8FE
8FG
8FH
AADQD
AAFWJ
AAYXX
ADBBV
ADMLS
AFKRA
AFPKN
AFZYC
ALMA_UNASSIGNED_HOLDINGS
APEBS
ARCSS
BCNDV
BENPR
CCPQU
CITATION
CZ9
D1I
D1J
D1K
GROUPED_DOAJ
IAO
IGS
ITC
K6-
K6V
KC.
KQ8
L6V
LK5
LK8
M7R
MODMG
M~E
OK1
P62
PHGZM
PHGZT
PIMPY
PROAC
TUS
1XC
PUEGO
ID FETCH-LOGICAL-c436t-fd33012ac66d541249db62ef44da6510e3d2ace92cfabf6b54d0db3430e9a6d73
IEDL.DBID DOA
ISSN 2076-3417
IngestDate Wed Aug 27 01:27:20 EDT 2025
Fri May 09 12:20:19 EDT 2025
Thu Apr 24 23:10:16 EDT 2025
Tue Jul 01 00:41:38 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 19
Language English
License https://creativecommons.org/licenses/by/4.0
Distributed under a Creative Commons Attribution 4.0 International License: http://creativecommons.org/licenses/by/4.0
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c436t-fd33012ac66d541249db62ef44da6510e3d2ace92cfabf6b54d0db3430e9a6d73
ORCID 0000-0002-0627-4948
0000-0003-4753-060X
OpenAccessLink https://doaj.org/article/fd44f3913278483ca7480247722bf780
ParticipantIDs doaj_primary_oai_doaj_org_article_fd44f3913278483ca7480247722bf780
hal_primary_oai_HAL_hal_03794100v1
crossref_primary_10_3390_app12199901
crossref_citationtrail_10_3390_app12199901
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2022-10-01
PublicationDateYYYYMMDD 2022-10-01
PublicationDate_xml – month: 10
  year: 2022
  text: 2022-10-01
  day: 01
PublicationDecade 2020
PublicationTitle Applied sciences
PublicationYear 2022
Publisher Multidisciplinary digital publishing institute (MDPI)
MDPI AG
Publisher_xml – name: Multidisciplinary digital publishing institute (MDPI)
– name: MDPI AG
References ref_50
Hathaway (ref_23) 2012; 100
Aono (ref_47) 2017; 13
Zhu (ref_7) 2019; 32
Kairouz (ref_10) 2021; 14
Truong (ref_38) 2021; 110
ref_58
ref_13
ref_11
ref_53
Crosby (ref_34) 2016; 2
ref_52
ref_19
ref_17
ref_16
Schultze (ref_63) 2021; 594
ref_15
ref_59
Geiping (ref_41) 2020; 33
Mehrabi (ref_57) 2021; 54
ref_25
Shayan (ref_4) 2020; 32
Ranzato (ref_60) 2021; Volume 34
Yang (ref_9) 2019; 13
ref_22
ref_21
ref_20
ref_29
Becker (ref_62) 2022; 73
ref_28
ref_26
Zhao (ref_55) 2020; 8
Abdellatif (ref_51) 2022; 128
ref_35
ref_33
ref_32
ref_31
Xu (ref_54) 2019; 15
Sun (ref_12) 2020; 60
Li (ref_18) 2020; 2
ref_39
ref_37
Song (ref_43) 2020; 38
Dayan (ref_14) 2021; 27
Mothukuri (ref_24) 2021; 115
ref_46
ref_45
ref_44
Hao (ref_56) 2019; 16
ref_42
ref_40
ref_1
Kim (ref_36) 2019; 24
ref_3
ref_49
Saldanha (ref_61) 2022; 28
ref_48
Zhang (ref_27) 2020; 8
Wang (ref_2) 2021; 155
ref_8
ref_5
Hayes (ref_30) 2018; 31
ref_6
References_xml – ident: ref_35
  doi: 10.23919/APNOMS.2019.8892848
– ident: ref_29
  doi: 10.1109/ICPADS47876.2019.00042
– ident: ref_49
– volume: Volume 34
  start-page: 11220
  year: 2021
  ident: ref_60
  article-title: Federated Reconstruction: Partially Local Federated Learning
  publication-title: Proceedings of the Advances in Neural Information Processing Systems, Virtual Conference
– ident: ref_5
– volume: 28
  start-page: 1232
  year: 2022
  ident: ref_61
  article-title: Swarm learning for decentralized artificial intelligence in cancer histopathology
  publication-title: Nat. Med.
  doi: 10.1038/s41591-022-01768-5
– volume: 54
  start-page: 1
  year: 2021
  ident: ref_57
  article-title: A survey on bias and fairness in machine learning
  publication-title: ACM Comput. Surv. (CSUR)
  doi: 10.1145/3457607
– ident: ref_16
– volume: 110
  start-page: 102402
  year: 2021
  ident: ref_38
  article-title: Privacy preservation in federated learning: An insightful survey from the GDPR perspective
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2021.102402
– volume: 13
  start-page: 1333
  year: 2017
  ident: ref_47
  article-title: Privacy-preserving deep learning via additively homomorphic encryption
  publication-title: IEEE Trans. Inf. Forensics Secur.
– ident: ref_39
  doi: 10.1109/SP.2019.00065
– ident: ref_42
– volume: 8
  start-page: 1817
  year: 2020
  ident: ref_55
  article-title: Privacy-preserving blockchain-based federated learning for IoT devices
  publication-title: IEEE Internet Things J.
  doi: 10.1109/JIOT.2020.3017377
– volume: 16
  start-page: 6532
  year: 2019
  ident: ref_56
  article-title: Efficient and privacy-enhanced federated learning for industrial artificial intelligence
  publication-title: IEEE Trans. Ind. Inform.
  doi: 10.1109/TII.2019.2945367
– ident: ref_58
– ident: ref_6
  doi: 10.1109/TrustCom/BigDataSE.2019.00057
– ident: ref_8
– volume: 60
  start-page: 146
  year: 2020
  ident: ref_12
  article-title: Privacy and security in the big data paradigm
  publication-title: J. Comput. Inf. Syst.
– ident: ref_31
– volume: 32
  start-page: 1513
  year: 2020
  ident: ref_4
  article-title: Biscotti: A blockchain system for private and secure federated learning
  publication-title: IEEE Trans. Parallel Distrib. Syst.
  doi: 10.1109/TPDS.2020.3044223
– volume: 115
  start-page: 619
  year: 2021
  ident: ref_24
  article-title: A survey on security and privacy of federated learning
  publication-title: Future Gener. Comput. Syst.
  doi: 10.1016/j.future.2020.10.007
– ident: ref_52
– volume: 8
  start-page: 3310
  year: 2020
  ident: ref_27
  article-title: Poisongan: Generative poisoning attacks against federated learning in edge computing systems
  publication-title: IEEE Internet Things J.
  doi: 10.1109/JIOT.2020.3023126
– ident: ref_46
  doi: 10.1145/3133956.3134012
– ident: ref_48
– volume: 2
  start-page: 429
  year: 2020
  ident: ref_18
  article-title: Federated optimization in heterogeneous networks
  publication-title: Proc. Mach. Learn. Syst.
– volume: 100
  start-page: 817
  year: 2012
  ident: ref_23
  article-title: The law of cyber-attack
  publication-title: Calif. Law Rev.
– volume: 15
  start-page: 911
  year: 2019
  ident: ref_54
  article-title: Verifynet: Secure and verifiable federated learning
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2019.2929409
– ident: ref_45
  doi: 10.1016/j.cose.2021.102402
– ident: ref_13
– ident: ref_25
  doi: 10.1007/978-3-030-63076-8_1
– ident: ref_17
– ident: ref_40
  doi: 10.1109/SP.2019.00029
– ident: ref_20
– ident: ref_32
  doi: 10.1007/978-3-030-00470-5_13
– ident: ref_28
– ident: ref_53
– volume: 73
  start-page: 323
  year: 2022
  ident: ref_62
  article-title: Swarm learning for decentralized healthcare
  publication-title: Der Hautarzt
  doi: 10.1007/s00105-021-04940-z
– ident: ref_26
  doi: 10.1007/978-3-030-58951-6_24
– ident: ref_3
– volume: 33
  start-page: 16937
  year: 2020
  ident: ref_41
  article-title: Inverting gradients-how easy is it to break privacy in federated learning?
  publication-title: Adv. Neural Inf. Process. Syst.
– ident: ref_11
– ident: ref_1
  doi: 10.3390/computers9010008
– volume: 14
  start-page: 1
  year: 2021
  ident: ref_10
  article-title: Advances and open problems in federated learning
  publication-title: Found. Trends® Mach. Learn.
  doi: 10.1561/2200000083
– volume: 27
  start-page: 1735
  year: 2021
  ident: ref_14
  article-title: Federated learning for predicting clinical outcomes in patients with COVID-19
  publication-title: Nat. Med.
  doi: 10.1038/s41591-021-01506-3
– ident: ref_21
– ident: ref_44
  doi: 10.1109/INFOCOM.2019.8737416
– volume: 594
  start-page: 265
  year: 2021
  ident: ref_63
  article-title: Swarm learning for decentralized and confidential clinical machine learning
  publication-title: Nature
  doi: 10.1038/s41586-021-03583-3
– volume: 2
  start-page: 71
  year: 2016
  ident: ref_34
  article-title: Blockchain technology: Beyond bitcoin
  publication-title: Appl. Innov.
– ident: ref_50
– ident: ref_33
– volume: 13
  start-page: 1
  year: 2019
  ident: ref_9
  article-title: Federated learning
  publication-title: Synth. Lect. Artif. Intell. Mach. Learn.
– volume: 38
  start-page: 2430
  year: 2020
  ident: ref_43
  article-title: Analyzing user-level privacy attack against federated learning
  publication-title: IEEE J. Sel. Areas Commun.
  doi: 10.1109/JSAC.2020.3000372
– volume: 31
  start-page: 6604
  year: 2018
  ident: ref_30
  article-title: Contamination attacks and mitigation in multi-party machine learning
  publication-title: Adv. Neural Inf. Process. Syst.
– volume: 155
  start-page: 107174
  year: 2021
  ident: ref_2
  article-title: The evolution of the Internet of Things (IoT) over the past 20 years
  publication-title: Comput. Ind. Eng.
  doi: 10.1016/j.cie.2021.107174
– ident: ref_15
– volume: 24
  start-page: 1279
  year: 2019
  ident: ref_36
  article-title: Blockchained on-device federated learning
  publication-title: IEEE Commun. Lett.
  doi: 10.1109/LCOMM.2019.2921755
– volume: 128
  start-page: 406
  year: 2022
  ident: ref_51
  article-title: Communication-efficient hierarchical federated learning for IoT heterogeneous systems with imbalanced data
  publication-title: Future Gener. Comput. Syst.
  doi: 10.1016/j.future.2021.10.016
– ident: ref_37
  doi: 10.1109/TII.2022.3170348
– ident: ref_19
– ident: ref_22
– ident: ref_59
  doi: 10.1109/IJCNN48605.2020.9207469
– volume: 32
  start-page: 14774
  year: 2019
  ident: ref_7
  article-title: Deep leakage from gradients
  publication-title: Adv. Neural Inf. Process. Syst.
SSID ssj0000913810
Score 2.5444224
Snippet In recent years, privacy concerns have become a serious issue for companies wishing to protect economic models and comply with end-user expectations. In the...
SourceID doaj
hal
crossref
SourceType Open Website
Open Access Repository
Enrichment Source
Index Database
StartPage 9901
SubjectTerms Computer Science
deep learning
distributed learning
federated learning
machine learning
privacy
survey
Title Privacy and Security in Federated Learning: A Survey
URI https://hal.science/hal-03794100
https://doaj.org/article/fd44f3913278483ca7480247722bf780
Volume 12
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1LS8NAEF5EL3oQWxXroyziQYVgsrvdbLxVsRQRER_gLexTCxKltoX-e2c3W4kgePG6mTyYL7Mzk8x8g9CRJkIzZQgYkqAJ6xmXSC5JYhSRlkuVERkKZG_58IldP_eeG6O-fE1YTQ9cK-7MGcYcLSBpygUTVMucCfArEBQS5XIRsvW0SBvJVNiD4QSRpXVDHoW83v8PzojvuY_jXxYuKDD1g2N5XXxIDY5lsIHWY0SI-_WTtNCSrdporcET2EataIGf-DjSRJ9sInY3Hs2knmNZGfwQx9DhUYUHnh8CQkiDI3nqyznu44fpeGbnW-hpcPV4OUziDIREM8oniTMUTJBIzbnphUnRRnFiHWNGcrAnSw0ctAXRTirHVY-Z1CjKaGoLyU1Ot9Fy9V7ZHYS1pRaCnTyXRLMcEBIQ3BllXEF55gTpoNOFWkodCcL9nIq3EhIFr8OyocMOwLwQ_qh5MX4Xu_D6_RbxZNZhASAuI8TlXxB30CGg8-Maw_5N6ddSCvtJlqazbPc_7rSHVolvbwjFevtoeTKe2gMIOiaqi1Yurm7v7rvhPfsCCsbRrQ
linkProvider Directory of Open Access Journals
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Privacy+and+Security+in+Federated+Learning%3A+A+Survey&rft.jtitle=Applied+sciences&rft.au=Gosselin%2C+R%C3%A9mi&rft.au=Vieu%2C+Lo%C3%AFc&rft.au=Loukil%2C+Faiza&rft.au=Benoit%2C+A&rft.date=2022-10-01&rft.pub=Multidisciplinary+digital+publishing+institute+%28MDPI%29&rft.issn=2076-3417&rft.eissn=2076-3417&rft_id=info:doi/10.3390%2Fapp12199901&rft.externalDBID=HAS_PDF_LINK&rft.externalDocID=oai_HAL_hal_03794100v1
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2076-3417&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2076-3417&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2076-3417&client=summon