An alternative approach to federated learning for model security and data privacy

From National Research Council Canada

Download	View accepted manuscript: An alternative approach to federated learning for model security and data privacy (PDF, 570 KiB)
DOI	Resolve DOI: https://doi.org/10.5220/0013237500003899
Author	Search for: Briguglio, William ORCID identifier: https://orcid.org/0000-0002-2357-3966; Search for: Yousef, Waleed ORCID identifier: https://orcid.org/0000-0001-9669-7241; Search for: Traoré, Issa ORCID identifier: https://orcid.org/0000-0003-2987-8047; Search for: Mamun, Mohammad¹ORCID identifier: https://orcid.org/0000-0002-4045-8687; Search for: Saad, Sherif ORCID identifier: https://orcid.org/0000-0002-5506-5261
Affiliation	National Research Council of Canada. Digital Technologies
Format	Text, Article
Conference	11th International Conference on Information Systems Security and Privacy, February 20-22, 2025, Porto, Portugal
Subject	data poisoning; federated learning; model poisoning; non-IID
Abstract	Federated learning (FL) enables machine learning on data held across multiple clients without exchanging private data. However, exchanging information for model training can compromise data privacy. Further, participants may be untrustworthy and can attempt to sabotage model performance. Also, data that is not independently and identically distributed (IID) impede the convergence of FL techniques. We present a general framework for federated learning via aggregating multivariate estimated densities (FLAMED). FLAMED aggregates density estimations of clients’ data, from which it simulates training datasets to perform centralized learning, bypassing problems arising from non-IID data and contributing to addressing privacy and security concerns. FLAMED does not require a copy of the global model to be distributed to each participant during training, meaning the aggregating server can retain sole proprietorship of the global model without the use of resource-intensive homomorphic encrypti on. We compared its performance to standard FL approaches using synthetic and real datasets and evaluated its resilience to model poisoning attacks. Our results indicate that FLAMED effectively handles non-IID data in many settings while also being more secure.
Publication date	2025
Publisher	SCITEPRESS - Science and Technology Publications
Licence	Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) https://creativecommons.org/licenses/by-nc-nd/4.0/
In	Proceedings of the 11th International Conference on Information Systems Security and Privacy (Volume 1) (20 February 2025): 291–301. https://doi.org/10.5220/0000197100003899.
Language	English
Peer reviewed	Yes
Export citation	Export as RIS
Report a correction	Report a correction (opens in a new tab)
Record identifier	96f2e1e2-a1f9-4247-8497-7ab80a91fe20
Record created	2025-03-12
Record modified	2025-03-14

Date modified:: 2025-06-12