WP2: Defining federated learning-based countermeasures for AI-based attacks

We are developing a detailed model of federated learning threats that documents different adversaries’ knowledge, capabilities, and objectives for complementary use cases. The ultimate aim of this research is to provide a comprehensive understanding of the threats and risks associated with federated learning. To achieve this, we aim to distinguish between attacks against the federated learning stack itself (e.g. data or model poisoning attacks, distributed backdoor attacks, property inference attacks) and the application that aims to benefit from the federated learning model (e.g. the impact of the limited query budget against model theft attacks). This latter distinction is crucial as it helps us understand the constraints of the application domain (e.g., the robust or non-robust characteristics specific to the application), which is of utmost importance in our work. It also helps us understand the impact of honest but inquisitive or malicious adversaries and the risks associated with the security and confidentiality of internal and external adversaries (e.g., evasion attacks in cybersecurity use cases, sensitive information leaks or membership inference attacks in medical use cases).