Federated learning vulnerabilities, threats and defenses: A systematic review and future directions

Today, a broad range of items, ranging from smartphones to smart cars are connected together via the Internet, also known as the Internet of Things (IoT). The IoT is powered by Machine Learning (ML) to facilitate client services and applications. Traditionally, centralized ML techniques require the collection and processing of enormous data sets, which may not be feasible in the context of realistic IoT applications scenarios, due to the exponential increase in IoT devices. Federated learning (FL) is a new paradigm of ML training that relies on decentralized collaborative learning, between various clients, where data is located locally with each client. FL has brings about many advantages, such as helping preserve privacy where the client's local data is retained locally to train the model. While FL has emerged as an attractive and promising training solution to protect clients' privacy, it needs additional exploration to specify its potential security implications, as these may preclude its routine adoption. Existing FL algorithms, security and privacy techniques exhibit new vulnerabilities, which could be exploit by attackers to compromise the FL model. Thus, it is critical to increase awareness of the potential consequences associated with novel threats to FL models. Prior research has examined various FL concepts, such as algorithms, attacks, privacy, vulnerabilities, etc. However, these concepts were not encompassed in a single survey. To the best of our knowledge, this is the first survey combining analysis of FL security and privacy techniques by highlighting sources of FL vulnerabilities, possible attacks and privacy techniques, and presenting FL basics including data distribution and aggregation algorithms. We then present state of the art studies in FL attack studies, and privacy techniques for protecting against these attacks. Finally, we conclude by identifying FL challenges and future research directions to address current limitations.