Federated Learning (FL) has emerged as a promising approach to address data privacy and confidentiality concerns by allowing multiple participants to construct a shared model without centralizing sensitive data. However, this decentralized paradigm introduces new security challenges, necessitating a comprehensive identification and classification of potential risks to ensure FL's security guarantees. This paper presents a comprehensive taxonomy of security and privacy challenges in Federated Learning (FL) across various machine learning models, including large language models. We specifically categorize attacks performed by the aggregator and participants, focusing on poisoning attacks, backdoor attacks, membership inference attacks, generative adversarial network (GAN) based attacks, and differential privacy attacks. Additionally, we propose new directions for future research, seeking innovative solutions to fortify FL systems against emerging security risks and uphold sensitive data confidentiality in distributed learning environments.

分布式学习中的联邦学习存在安全和隐私挑战，本研究针对各类机器学习模型，包括大型语言模型，提出了安全和隐私挑战的综合分类，重点关注聚合器和参与者的攻击，包括投毒攻击、后门攻击、成员推断攻击、生成对抗网络攻击和差分隐私攻击，同时提出了未来研究的新方向，旨在强化联邦学习系统以应对新兴安全风险并保护分布式学习环境中的敏感数据隐私。

联邦学习的安全与隐私问题