Abstract:Federated learning is a decentralized machine learning approach where clients train models locally and share model updates to develop a global model. This enables low-resource devices to collaboratively build a high-quality model without requiring direct access to the raw training data. However, despite only sharing model updates, federated learning still faces several privacy vulnerabilities. One of the key threats is membership inference attacks, which target clients' privacy by determining whether a specific example is part of the training set. These attacks can compromise sensitive information in real-world applications, such as medical diagnoses within a healthcare system. Although there has been extensive research on membership inference attacks, a comprehensive and up-to-date survey specifically focused on it within federated learning is still absent. To fill this gap, we categorize and summarize membership inference attacks and their corresponding defense strategies based on their characteristics in this setting. We introduce a unique taxonomy of existing attack research and provide a systematic overview of various countermeasures. For these studies, we thoroughly analyze the strengths and weaknesses of different approaches. Finally, we identify and discuss key future research directions for readers interested in advancing the field.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is: in the Federated Learning (FL) environment, how to deal with and prevent Membership Inference Attacks (MIAs). Specifically, the paper focuses on the following points: 1. **Privacy Risks**: - Although Federated Learning avoids direct access to raw data through decentralized training, there is still a risk of privacy leakage. Membership Inference Attack is a key privacy threat. An attacker can determine whether a specific sample belongs to the training set through model updates, thus leaking sensitive information. 2. **Insufficiencies of Existing Research**: - Although there has been a large amount of research on Membership Inference Attacks, the systematic review in the specific environment of Federated Learning is still not perfect. Existing review articles either only involve preliminary discussions or omit many of the latest research results. 3. **Differences in Attack and Defense Mechanisms**: - The paper points out that in Centralized Learning (CL) and Federated Learning, there are significant differences in Membership Inference Attacks and their defense strategies. For example, there are differences in the role of the attacker, the timing of the attack, the knowledge obtained by the attacker, and the active attack strategies. To fill these gaps, the paper has carried out the following work: - **Classification and Summary**: Classify and summarize the existing Membership Inference Attacks and defense strategies, provide a unique taxonomy, and systematically outline various countermeasures. - **Analysis of Advantages and Disadvantages**: Analyze in detail the advantages and disadvantages of different methods. - **Future Research Directions**: Identify and discuss future research directions, providing readers with ideas for further exploration. ### Formula Example According to the content of the paper, Membership Inference Attack can be formalized as a binary classification task, determining whether a sample \( x \) belongs to the training set \( D_{tr} \): \[ m = A(x, F(\theta)) = \begin{cases} 0, & \text{if } x \notin D_{tr} \\ 1, & \text{if } x \in D_{tr} \end{cases} \] where \( m \) is the membership state, \( A \) is the inference algorithm, and \( F(\theta) \) is the target model. ### Summary The paper aims to comprehensively review and analyze Membership Inference Attacks and their defense strategies in Federated Learning, fill the gaps in existing literature, and provide guidance for future research.

Membership Inference Attacks and Defenses in Federated Learning: A Survey

Backdoor Attacks and Defenses in Federated Learning: State-of-the-Art, Taxonomy, and Future Directions

Federated Learning Attacks and Defenses: A Survey

Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges

User-Level Membership Inference for Federated Learning in Wireless Network Environment

Threats to Federated Learning: A Survey

MIA-Leak: Exploring Membership Inference Attacks in Federated Learning Systems

Federated Learning Privacy: Attacks, Defenses, Applications, and Policy Landscape - A Survey

Defenses to Membership Inference Attacks: A Survey

A Survey on Federated Learning Poisoning Attacks and Defenses

Threats and Defenses in Federated Learning Life Cycle: A Comprehensive Survey and Challenges

Subject Membership Inference Attacks in Federated Learning

Challenges and future directions of secure federated learning: a survey

Privacy preserving and secure robust federated learning: A survey

From distributed machine learning to federated learning: In the view of data privacy and security

Multi-level membership inference attacks in federated Learning based on active GAN

Federated Learning: Balancing the Thin Line Between Data Intelligence and Privacy

An overview of implementing security and privacy in federated learning

Privacy and Robustness in Federated Learning: Attacks and Defenses

Recent Advances on Federated Learning: A Systematic Survey

Membership Inference Attacks on Machine Learning: A Survey