MediSecFed: Private and Secure Medical Image Classification in the Presence of Malicious Clients

Abstract

Deep learning demonstrates its efficacy and potential to solve challenging computer vision problems in medical and other industrial applications. Federated learning is a learning paradigm that facilitates collaborative learning in a federation of users without exchanging actual data with a single authority like a server. However, federated learning provides only a basic level of privacy and robustness and is vulnerable to model poisoning and model inversion attacks in hostile training environments. Hence, in this article, we propose MediSecFed—a secure framework for federated learning in a hostile environment. Compared to the widely used FedAvg, our method relies on simple and practical ideas from knowledge distillation and model inversion to ensure additional security and privacy features. Our approach achieves knowledge exchange among participating entities without sharing model parameters as FedAvg does, thus protecting the privacy of the local data from the server and significantly reducing communication costs. We evaluate our method on two chest X-ray datasets. Our method outperforms FedAvg by 15% on both datasets in a hostile environment. Our method will also continue to maintain good performance even if the number of malicious participating entities increases. Robustness to learn in a malicious environment while preserving privacy with reduced communication costs makes our method more desirable and efficient than that of FedAvg.