联邦学习安全防御与隐私保护技术研究

联邦学习（federated learning，FL）在多个参与方不直接进行数据传输的前提下共同完成模型训练，充分发挥各方数据价值；然而，由于联邦学习的固有缺陷以及存储和通信的安全问题，其在实际应用场景中仍面临多种安全与隐私威胁。首先阐述了FL面临的安全攻击和隐私攻击；然后针对这两类典型攻击分别总结了最新的安全防御机制和隐私保护手段，包括投毒攻击防御、后门攻击防御、搭便车攻击防御、女巫攻击防御以及基于安全计算与差分隐私的防御手段。通过对联邦学习的现有风险和相应防御手段的系统梳理，展望了联邦学习未来的研究挑战与发展方向。

Survey on federated learning security defense and privacy protection technology

On the premise that multiple participants do not transmit data samples, federated learning performs model collaborative training to take advantage of the data value of all parties. However, due to the inherent shortcomings of federated learning and the security issues of data storage and communication, federated learning still faces multiple security and privacy threats in practical application scenarios. This paper summarized the security and privacy attacks faced by federated learning. Then, it summarized the latest security defense mechanisms and privacy protection methods, including poisoning attack defense, backdoor attack defense, free-rider attack defense, sybil attack defense and defense methods based on secure computing and differential privacy. Finally, through a systematic summary of the existing risks and corresponding defense methods of federated learning, this paper looked forward to the future research challenges and development directions of federated learning.