Threats and defenses in the federated learning life cycle: a comprehensive survey and challenges

Federated learning (FL) offers innovative solutions for privacy-preserving distributed machine learning (ML). Different from centralized data collection algorithms, FL enables participants to locally train their model and only share the model updates for aggregation. Since private data never leaves the end node, FL effectively mitigates privacy leakage during collaborative training. Despite its promising potential, FL is vulnerable to various attacks due to its distributed nature, affecting the entire life cycle of FL services. These threats can harm the model’s utility or compromise participants’ privacy, either directly or indirectly. In response, numerous defense frameworks have been proposed, demonstrating effectiveness in specific settings and scenarios. To provide a clear understanding of the current research landscape, this article reviews the most representative and state-of-the-art threats and defense frameworks throughout the FL service life cycle. We start by identifying FL threats that harm utility and privacy, including those with potential or direct impacts. Then, we dive into the defense frameworks, analyze the relationship between threats and defenses, and compare the trade-offs among different defense strategies. We subsequently revisit these studies to evaluate their practicality in real-world scenarios and conclude by summarizing existing research bottlenecks and outlining future directions. We hope this survey sheds light on trustworthy FL research and contributes to the FL community.