A review of security threats and privacy issues in federated learning
摘要
Federated learning (FL) has emerged as a promising paradigm for collaborative model training while preserving data privacy by keeping sensitive data localized at client devices. Instead of sharing raw data, participating clients exchange model updates, which can reduce communication overhead compared to centralized learning, depending on the training configuration and data distribution. However, this decentralized setting introduces significant security and privacy vulnerabilities. This review presents a structured and threat-based analysis of security risks in federated learning, focusing on backdoor attacks, Byzantine attacks (including Sybil-based mechanisms), and adversarial attacks. Following a systematic literature review of peer-reviewed and high-impact studies published between 2018 and 2025, we examine attack strategies, defense mechanisms, and their underlying assumptions. A comparative synthesis highlights critical trade-offs among robustness, privacy, computational cost, and convergence behavior, particularly under non-IID data distributions and resource-constrained environments. The paper proposes a taxonomy that clarifies the relationships between attack phases, threat models, and defensive strategies, and identifies open research challenges such as adaptive adversaries, privacy–robustness conflicts, and scalable defenses for real-world deployments in domains including healthcare, IoT, and edge intelligence. This work aims to provide both a consolidated reference and a roadmap for designing secure and trustworthy federated learning systems.