随着大数据、云计算等领域的蓬勃发展, 重视数据安全与隐私已经成为了世界性的趋势, 不同团体为保护自身利益和隐私不愿贡献数据, 形成了数据孤岛. 联邦学习使数据不出本地就可被多方利用, 为解决数据碎片化和数据隔离等问题提供了解决思路. 然而越来越多研究表明, 由谷歌首先提出的联邦学习算法不足以抵抗精心设计的隐私攻击, 因此如何进一步加强隐私防护, 保护联邦学习场景下的用户数据隐私成为了一个重要问题. 对近些年来联邦学习隐私攻击与防护领域取得的成果进行了系统总结. 首先介绍了联邦学习的定义、特点和分类; 然后分析了联邦学习场景下隐私威胁的敌手模型, 并根据敌手攻击目标对隐私攻击方法进行了分类和梳理; 介绍了联邦学习中的主流隐私防护技术, 并比较了各技术在实际应用中的优缺点; 分析并总结了6类目前联邦学习的隐私保护方案; 最后指出目前联邦学习隐私保护面临的挑战, 展望了未来可能的研究方向.
With the vigorous development of areas such as big data and cloud computing, it has become a worldwide trend for the public to attach importance to data security and privacy. Different groups are reluctant to share data in order to protect their own interests and privacy, which leads to data silos. Federated learning enables multiple parties to build a common, robust model without exchanging their data samples, thus addressing critical issues such as data fragmentation and data isolation. However, more and more studies have shown that the federated learning algorithm first proposed by Google can not resist sophisticated privacy attacks. Therefore, how to strengthen privacy protection and protect users’ data privacy in the federated learning scenario is an important issue. This paper offers a systematic survey of existing research achievements of privacy attacks and protection in federated learning in recent years. First, the definition, characteristics and classification of federated learning are introduced. Then the adversarial model of privacy threats in federated learning is analyzed, and typical works of privacy attacks are classified with respect to the adversary’s objectives. Next, several mainstream privacy-preserving technologies are introduced and their advantages and disadvantages in practical applications are pointed out. Futhermore, the existing achievements on protection against privacy attacks are summarized and six privacy-preserving schemes are elaborated. Finally, future challenges of privacy preserving in federated learning are concluded and promising future research directions are discussed.