Threats,attacks and defenses to federated learning:issues,taxonomy and perspectives

作     者：Pengrui Liu Xiangrui Xu Wei Wang Pengrui Liu;Xiangrui Xu;Wei Wang

作者机构：Beijing Key Laboratory of Security and Privacy in Intelligent TransportationBeijing Jiaotong UniversityBeijing100044China 

出 版 物：《Cybersecurity》 (网络空间安全科学与技术（英文）)

年 卷 期：2022年第5卷第2期

页      面：56-74页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：This work was supported in part by National Key R&D Program of China,under Grant 2020YFB2103802 in part by the National Natural Science Foundation of China,uder grant U21A20463 in part by the Fundamental Research Funds for the Central Universities of China under Grant KKJB320001536 

主　　题：Federated learning Security and privacy threats Multi-phases Inference attacks Poisoning attacks Evasion attacks Defenses Trusted 

摘      要：Empirical attacks on Federated Learning(FL)systems indicate that FL is fraught with numerous attack surfaces throughout the FL *** attacks can not only cause models to fail in specific tasks,but also infer private *** previous surveys have identified the risks,listed the attack methods available in the literature or provided a basic taxonomy to classify them,they mainly focused on the risks in the training phase of *** this work,we survey the threats,attacks and defenses to FL throughout the whole process of FL in three phases,including Data and Behavior Auditing Phase,Training Phase and Predicting *** further provide a comprehensive analysis of these threats,attacks and defenses,and summarize their issues and *** work considers security and privacy of FL based on the viewpoint of the execution process of *** highlight that establishing a trusted FL requires adequate measures to mitigate security and privacy threats at each ***,we discuss the limitations of current attacks and defense approaches and provide an outlook on promising future research directions in FL.