隐私法规法（例如GDPR）将透明度和安全性作为数据处理算法的设计支柱。在这种情况下，联邦学习是保护隐私的分布式机器学习的最具影响力的框架之一，从而实现了许多自然语言处理和计算机视觉任务的惊人结果。一些联合学习框架采用差异隐私，以防止私人数据泄漏到未经授权的政党和恶意攻击者。但是，许多研究突出了标准联邦学习对中毒和推理的脆弱性，因此引起了人们对敏感数据潜在风险的担忧。为了解决此问题，我们提出了SGDE，这是一种生成数据交换协议，可改善跨索洛联合会中的用户安全性和机器学习性能。 SGDE的核心是共享具有强大差异隐私的数据生成器，保证了对私人数据培训的培训，而不是通信显式梯度信息。这些发电机合成了任意大量数据，这些数据保留了私人样品的独特特征，但有很大差异。我们展示了将SGDE纳入跨核心联合网络如何提高对联邦学习最有影响力的攻击的弹性。我们在图像和表格数据集上测试我们的方法，利用β变量自动编码器作为数据生成器，并突出了对非生成数据的本地和联合学习的公平性和绩效改进。

In terms of artificial intelligence, there are several security and privacy deficiencies in the traditional centralized training methods of machine learning models by a server. To address this limitation, federated learning (FL) has been proposed and is known for breaking down ``data silos" and protecting the privacy of users. However, FL has not yet gained popularity in the industry, mainly due to its security, privacy, and high cost of communication. For the purpose of advancing the research in this field, building a robust FL system, and realizing the wide application of FL, this paper sorts out the possible attacks and corresponding defenses of the current FL system systematically. Firstly, this paper briefly introduces the basic workflow of FL and related knowledge of attacks and defenses. It reviews a great deal of research about privacy theft and malicious attacks that have been studied in recent years. Most importantly, in view of the current three classification criteria, namely the three stages of machine learning, the three different roles in federated learning, and the CIA (Confidentiality, Integrity, and Availability) guidelines on privacy protection, we divide attack approaches into two categories according to the training stage and the prediction stage in machine learning. Furthermore, we also identify the CIA property violated for each attack method and potential attack role. Various defense mechanisms are then analyzed separately from the level of privacy and security. Finally, we summarize the possible challenges in the application of FL from the aspect of attacks and defenses and discuss the future development direction of FL systems. In this way, the designed FL system has the ability to resist different attacks and is more secure and stable.

联合学习（FL）和分裂学习（SL）是两种新兴的协作学习方法，可能会极大地促进物联网（IoT）中无处不在的智能。联合学习使机器学习（ML）模型在本地培训的模型使用私人数据汇总为全球模型。分裂学习使ML模型的不同部分可以在学习框架中对不同工人进行协作培训。联合学习和分裂学习，每个学习都有独特的优势和各自的局限性，可能会相互补充，在物联网中无处不在的智能。因此，联合学习和分裂学习的结合最近成为一个活跃的研究领域，引起了广泛的兴趣。在本文中，我们回顾了联合学习和拆分学习方面的最新发展，并介绍了有关最先进技术的调查，该技术用于将这两种学习方法组合在基于边缘计算的物联网环境中。我们还确定了一些开放问题，并讨论了该领域未来研究的可能方向，希望进一步引起研究界对这个新兴领域的兴趣。

Federated learning is a collaborative method that aims to preserve data privacy while creating AI models. Current approaches to federated learning tend to rely heavily on secure aggregation protocols to preserve data privacy. However, to some degree, such protocols assume that the entity orchestrating the federated learning process (i.e., the server) is not fully malicious or dishonest. We investigate vulnerabilities to secure aggregation that could arise if the server is fully malicious and attempts to obtain access to private, potentially sensitive data. Furthermore, we provide a method to further defend against such a malicious server, and demonstrate effectiveness against known attacks that reconstruct data in a federated learning setting.

联邦学习的出现在维持隐私的同时，促进了机器学习模型之间的大规模数据交换。尽管历史悠久，但联邦学习正在迅速发展，以使更广泛的使用更加实用。该领域中最重要的进步之一是将转移学习纳入联邦学习，这克服了主要联合学习的基本限制，尤其是在安全方面。本章从安全的角度进行了有关联合和转移学习的交集的全面调查。这项研究的主要目标是发现可能损害使用联合和转移学习的系统的隐私和性能的潜在脆弱性和防御机制。

联邦学习一直是一个热门的研究主题，使不同组织的机器学习模型的协作培训在隐私限制下。随着研究人员试图支持更多具有不同隐私方法的机器学习模型，需要开发系统和基础设施，以便于开发各种联合学习算法。类似于Pytorch和Tensorflow等深度学习系统，可以增强深度学习的发展，联邦学习系统（FLSS）是等效的，并且面临各个方面的面临挑战，如有效性，效率和隐私。在本调查中，我们对联合学习系统进行了全面的审查。为实现流畅的流动和引导未来的研究，我们介绍了联合学习系统的定义并分析了系统组件。此外，我们根据六种不同方面提供联合学习系统的全面分类，包括数据分布，机器学习模型，隐私机制，通信架构，联合集市和联合的动机。分类可以帮助设计联合学习系统，如我们的案例研究所示。通过系统地总结现有联合学习系统，我们展示了设计因素，案例研究和未来的研究机会。

In recent years, mobile devices are equipped with increasingly advanced sensing and computing capabilities. Coupled with advancements in Deep Learning (DL), this opens up countless possibilities for meaningful applications, e.g., for medical purposes and in vehicular networks. Traditional cloudbased Machine Learning (ML) approaches require the data to be centralized in a cloud server or data center. However, this results in critical issues related to unacceptable latency and communication inefficiency. To this end, Mobile Edge Computing (MEC) has been proposed to bring intelligence closer to the edge, where data is produced. However, conventional enabling technologies for ML at mobile edge networks still require personal data to be shared with external parties, e.g., edge servers. Recently, in light of increasingly stringent data privacy legislations and growing privacy concerns, the concept of Federated Learning (FL) has been introduced. In FL, end devices use their local data to train an ML model required by the server. The end devices then send the model updates rather than raw data to the server for aggregation. FL can serve as an enabling technology in mobile edge networks since it enables the collaborative training of an ML model and also enables DL for mobile edge network optimization. However, in a large-scale and complex mobile edge network, heterogeneous devices with varying constraints are involved. This raises challenges of communication costs, resource allocation, and privacy and security in the implementation of FL at scale. In this survey, we begin with an introduction to the background and fundamentals of FL. Then, we highlight the aforementioned challenges of FL implementation and review existing solutions. Furthermore, we present the applications of FL for mobile edge network optimization. Finally, we discuss the important challenges and future research directions in FL.

Differentially private federated learning (DP-FL) has received increasing attention to mitigate the privacy risk in federated learning. Although different schemes for DP-FL have been proposed, there is still a utility gap. Employing central Differential Privacy in FL (CDP-FL) can provide a good balance between the privacy and model utility, but requires a trusted server. Using Local Differential Privacy for FL (LDP-FL) does not require a trusted server, but suffers from lousy privacy-utility trade-off. Recently proposed shuffle DP based FL has the potential to bridge the gap between CDP-FL and LDP-FL without a trusted server; however, there is still a utility gap when the number of model parameters is large. In this work, we propose OLIVE, a system that combines the merits from CDP-FL and LDP-FL by leveraging Trusted Execution Environment (TEE). Our main technical contributions are the analysis and countermeasures against the vulnerability of TEE in OLIVE. Firstly, we theoretically analyze the memory access pattern leakage of OLIVE and find that there is a risk for sparsified gradients, which is common in FL. Secondly, we design an inference attack to understand how the memory access pattern could be linked to the training data. Thirdly, we propose oblivious yet efficient algorithms to prevent the memory access pattern leakage in OLIVE. Our experiments on real-world data demonstrate that OLIVE is efficient even when training a model with hundreds of thousands of parameters and effective against side-channel attacks on TEE.

我们调查分裂学习的安全 - 一种新颖的协作机器学习框架，通过需要最小的资源消耗来实现峰值性能。在本文中，我们通过介绍客户私人培训集重建的一般攻击策略来揭示议定书的脆弱性并展示其固有的不安全。更突出地，我们表明恶意服务器可以积极地劫持分布式模型的学习过程，并将其纳入不安全状态，从而为客户端提供推动攻击。我们实施不同的攻击调整，并在各种数据集中测试它们以及现实的威胁方案。我们证明我们的攻击能够克服最近提出的防御技术，旨在提高分裂学习议定书的安全性。最后，我们还通过扩展以前设计的联合学习的攻击来说明协议对恶意客户的不安全性。要使我们的结果可重复，我们会在https://github.com/pasquini-dario/splitn_fsha提供的代码。

联合学习是一种协作机器学习，参与客户在本地处理他们的数据，仅与协作模型共享更新。这使得能够建立隐私意识的分布式机器学习模型等。目的是通过最大程度地减少一组客户本地存储的数据集的成本函数来优化统计模型的参数。这个过程使客户遇到了两个问题：私人信息的泄漏和模型的个性化缺乏。另一方面，随着分析数据的最新进步，人们对侵犯参与客户的隐私行为的关注激增。为了减轻这种情况，差异隐私及其变体是提供正式隐私保证的标准。客户通常代表非常异构的社区，并拥有非常多样化的数据。因此，与FL社区的最新重点保持一致，以为代表其多样性的用户建立个性化模型框架，这对于防止潜在威胁免受客户的敏感和个人信息而言也是至关重要的。 $ d $ - 私人是对地理位置可区分性的概括，即最近普及的位置隐私范式，它使用了一种基于公制的混淆技术，可保留原始数据的空间分布。为了解决保护客户隐私并允许个性化模型培训以增强系统的公平性和实用性的问题，我们提出了一种提供团体隐私性的方法在FL的框架下。我们为对现实世界数据集的适用性和实验验证提供了理论上的理由，以说明该方法的工作。

联合学习是一种数据解散隐私化技术，用于以安全的方式执行机器或深度学习。在本文中，我们介绍了有关联合学习的理论方面客户次数有所不同的用例。具体而言，使用从开放数据存储库中获得的胸部X射线图像提出了医学图像分析的用例。除了与隐私相关的优势外，还将研究预测的改进（就曲线下的准确性和面积而言）和减少执行时间（集中式方法）。将从培训数据中模拟不同的客户，以不平衡的方式选择，即，他们并非都有相同数量的数据。考虑三个或十个客户之间的结果与集中案件相比。间歇性客户将分析两种遵循方法，就像在实际情况下，某些客户可能会离开培训，一些新的新方法可能会进入培训。根据准确性，曲线下的区域和执行时间的结果，结果的结果的演变显示为原始数据被划分的客户次数。最后，提出了该领域的改进和未来工作。

从公共机器学习（ML）模型中泄漏数据是一个越来越重要的领域，因为ML的商业和政府应用可以利用多个数据源，可能包括用户和客户的敏感数据。我们对几个方面的当代进步进行了全面的调查，涵盖了非自愿数据泄漏，这对ML模型很自然，潜在的恶毒泄漏是由隐私攻击引起的，以及目前可用的防御机制。我们专注于推理时间泄漏，这是公开可用模型的最可能场景。我们首先在不同的数据，任务和模型体系结构的背景下讨论什么是泄漏。然后，我们提出了跨非自愿和恶意泄漏的分类法，可用的防御措施，然后进行当前可用的评估指标和应用。我们以杰出的挑战和开放性的问题结束，概述了一些有希望的未来研究方向。

联合学习允许一组用户在私人训练数据集中培训深度神经网络。在协议期间，数据集永远不会留下各个用户的设备。这是通过要求每个用户向中央服务器发送“仅”模型更新来实现，从而汇总它们以更新深神经网络的参数。然而，已经表明，每个模型更新都具有关于用户数据集的敏感信息（例如，梯度反转攻击）。联合学习的最先进的实现通过利用安全聚合来保护这些模型更新：安全监控协议，用于安全地计算用户的模型更新的聚合。安全聚合是关键，以保护用户的隐私，因为它会阻碍服务器学习用户提供的个人模型更新的源，防止推断和数据归因攻击。在这项工作中，我们表明恶意服务器可以轻松地阐明安全聚合，就像后者未到位一样。我们设计了两种不同的攻击，能够在参与安全聚合的用户数量上，独立于参与安全聚合的用户数。这使得它们在大规模现实世界联邦学习应用中的具体威胁。攻击是通用的，不瞄准任何特定的安全聚合协议。即使安全聚合协议被其理想功能替换为提供完美的安全性的理想功能，它们也同样有效。我们的工作表明，安全聚合与联合学习相结合，当前实施只提供了“虚假的安全感”。

Federated learning has recently been applied to recommendation systems to protect user privacy. In federated learning settings, recommendation systems can train recommendation models only collecting the intermediate parameters instead of the real user data, which greatly enhances the user privacy. Beside, federated recommendation systems enable to collaborate with other data platforms to improve recommended model performance while meeting the regulation and privacy constraints. However, federated recommendation systems faces many new challenges such as privacy, security, heterogeneity and communication costs. While significant research has been conducted in these areas, gaps in the surveying literature still exist. In this survey, we-(1) summarize some common privacy mechanisms used in federated recommendation systems and discuss the advantages and limitations of each mechanism; (2) review some robust aggregation strategies and several novel attacks against security; (3) summarize some approaches to address heterogeneity and communication costs problems; (4)introduce some open source platforms that can be used to build federated recommendation systems; (5) present some prospective research directions in the future. This survey can guide researchers and practitioners understand the research progress in these areas.

本文提出了一个传感器数据匿名模型，该模型接受了分散数据的培训，并在数据实用程序和隐私之间进行了理想的权衡，即使在收集到的传感器数据具有不同的基础分布的异质环境中也是如此。我们称为Blinder的匿名模型基于以对抗性方式训练的变异自动编码器和歧视网络。我们使用模型 - 不合稳定元学习框架来调整通过联合学习训练的匿名模型，以适应每个用户的数据分布。我们在不同的设置下评估了盲人，并表明它提供了端到端的隐私保护，以增加隐私损失高达4.00％，并将数据实用程序降低高达4.24％，而最新的数据实用程序则将其降低了4.24％。对集中数据培训的匿名模型。我们的实验证实，Blinder可以一次掩盖多个私人属性，并且具有足够低的功耗和计算开销，以便将其部署在边缘设备和智能手机上，以执行传感器数据的实时匿名化。

Federated learning (FL) has been proposed as a privacy-preserving approach in distributed machine learning. A federated learning architecture consists of a central server and a number of clients that have access to private, potentially sensitive data. Clients are able to keep their data in their local machines and only share their locally trained model's parameters with a central server that manages the collaborative learning process. FL has delivered promising results in real-life scenarios, such as healthcare, energy, and finance. However, when the number of participating clients is large, the overhead of managing the clients slows down the learning. Thus, client selection has been introduced as a strategy to limit the number of communicating parties at every step of the process. Since the early na\"{i}ve random selection of clients, several client selection methods have been proposed in the literature. Unfortunately, given that this is an emergent field, there is a lack of a taxonomy of client selection methods, making it hard to compare approaches. In this paper, we propose a taxonomy of client selection in Federated Learning that enables us to shed light on current progress in the field and identify potential areas of future research in this promising area of machine learning.

随着物联网，AI和ML/DL算法的出现，数据驱动的医疗应用已成为一种有前途的工具，用于从医学数据设计可靠且可扩展的诊断和预后模型。近年来，这引起了从学术界到工业的广泛关注。这无疑改善了医疗保健提供的质量。但是，由于这些基于AI的医疗应用程序在满足严格的安全性，隐私和服务标准（例如低延迟）方面的困难，因此仍然采用较差。此外，医疗数据通常是分散的和私人的，这使得在人群之间产生强大的结果具有挑战性。联邦学习（FL）的最新发展使得以分布式方式训练复杂的机器学习模型成为可能。因此，FL已成为一个积极的研究领域，尤其是以分散的方式处理网络边缘的医疗数据，以保护隐私和安全问题。为此，本次调查论文重点介绍了数据共享是重大负担的医疗应用中FL技术的当前和未来。它还审查并讨论了当前的研究趋势及其设计可靠和可扩展模型的结果。我们概述了FL将军的统计问题，设备挑战，安全性，隐私问题及其在医疗领域的潜力。此外，我们的研究还集中在医疗应用上，我们重点介绍了全球癌症的负担以及有效利用FL来开发计算机辅助诊断工具来解决这些诊断工具。我们希望这篇评论是一个检查站，以彻底的方式阐明现有的最新最新作品，并为该领域提供开放的问题和未来的研究指示。

通常利用机器学习方法并有效地将智能电表读数从家庭级别分解为设备级消耗，可以帮助分析用户的电力消耗行为并启用实用智能能源和智能网格申请。最近的研究提出了许多基于联邦深度学习（FL）的新型NILM框架。但是，缺乏综合研究，探讨了不同基于FL的NILM应用程序方案中的实用性优化方案和隐私保护方案。在本文中，我们首次尝试通过开发分布式和隐私的尼尔姆（DP2-NILM）框架来进行基于FL的NILM，重点关注实用程序优化和隐私保护，并在实用的NILM场景上进行比较实验基于现实世界的智能电表数据集。具体而言，在实用程序优化方案（即FedAvg和FedProx）中检查了两种替代联合学习策略。此外，DP2-NILM提供了不同级别的隐私保证，即联合学习的当地差异隐私学习和联合的全球差异隐私学习。在三个现实世界数据集上进行了广泛的比较实验，以评估所提出的框架。

Federated learning achieves joint training of deep models by connecting decentralized data sources, which can significantly mitigate the risk of privacy leakage. However, in a more general case, the distributions of labels among clients are different, called ``label distribution skew''. Directly applying conventional federated learning without consideration of label distribution skew issue significantly hurts the performance of the global model. To this end, we propose a novel federated learning method, named FedMGD, to alleviate the performance degradation caused by the label distribution skew issue. It introduces a global Generative Adversarial Network to model the global data distribution without access to local datasets, so the global model can be trained using the global information of data distribution without privacy leakage. The experimental results demonstrate that our proposed method significantly outperforms the state-of-the-art on several public benchmarks. Code is available at \url{https://github.com/Sheng-T/FedMGD}.

联合学习（FL）是一个系统，中央聚合器协调多个客户解决机器学习问题的努力。此设置允许分散培训数据以保护隐私。本文的目的是提供针对医疗保健的FL系统的概述。 FL在此根据其框架，架构和应用程序进行评估。这里显示的是，FL通过中央聚合器服务器通过共享的全球深度学习（DL）模型解决了前面的问题。本文研究了最新的发展，并提供了来自FL研究的快速增长的启发，列出了未解决的问题。在FL的背景下，描述了几种隐私方法，包括安全的多方计算，同态加密，差异隐私和随机梯度下降。此外，还提供了对各种FL类的综述，例如水平和垂直FL以及联合转移学习。 FL在无线通信，服务建议，智能医学诊断系统和医疗保健方面有应用，本文将在本文中进行讨论。我们还对现有的FL挑战进行了彻底的审查，例如隐私保护，沟通成本，系统异质性和不可靠的模型上传，然后是未来的研究指示。