The advent of Federated Learning has enabled the creation of a high-performing model as if it had been trained on a considerable amount of data. A multitude of participants and a server cooperatively train a model without the need for data disclosure or collection. The healthcare industry, where security and privacy are paramount, can substantially benefit from this new learning paradigm, as data collection is no longer feasible due to stringent data policies. Nonetheless, unaddressed challenges and insufficient attack mitigation are hampering its adoption. Attack surfaces differ from traditional centralized learning in that the server and clients communicate between each round of training. In this paper, we thus present vulnerabilities, attacks, and defenses based on the widened attack surfaces, as well as suggest promising new research directions toward a more robust FL.

翻译：联邦学习的出现使得构建高性能模型成为可能，仿佛模型已经在大量数据上经过训练。众多参与方与服务器协作训练模型，无需数据披露或收集。在安全与隐私至关重要的医疗领域，这一新学习范式能带来显著收益，因为严格的数据政策使得数据收集不再可行。然而，未解决的挑战和不足的攻击缓解措施阻碍了其应用。与传统的集中式学习不同，联邦学习的攻击面体现在每轮训练中服务器与客户端之间的通信。因此，本文基于扩大的攻击面，提出了漏洞、攻击及其防御措施，并建议了面向更鲁棒联邦学习的有前景的新研究方向。