Federated learning has become prevalent in medical diagnosis due to its effectiveness in training a federated model among multiple health institutions (i.e. Data Islands (DIs)). However, increasingly massive DI-level poisoning attacks have shed light on a vulnerability in federated learning, which inject poisoned data into certain DIs to corrupt the availability of the federated model. Previous works on federated learning have been inadequate in ensuring the privacy of DIs and the availability of the final federated model. In this paper, we design a secure federated learning mechanism with multiple keys to prevent DI-level poisoning attacks for medical diagnosis, called SFPA. Concretely, SFPA provides privacy-preserving random forest-based federated learning by using the multi-key secure computation, which guarantees the confidentiality of DI-related information. Meanwhile, a secure defense strategy over encrypted locally-submitted models is proposed to defense DI-level poisoning attacks. Finally, our formal security analysis and empirical tests on a public cloud platform demonstrate the security and efficiency of SFPA as well as its capability of resisting DI-level poisoning attacks.

中文翻译：

---

袖珍诊断：保护联邦学习免受云中中毒攻击

由于联合学习在多个医疗机构（即数据岛（DI））之间训练联合模型的有效性，联合学习在医学诊断中变得普遍。然而，越来越大规模的 DI 级中毒攻击揭示了联邦学习中的一个漏洞，该漏洞将中毒数据注入某些 DI 以破坏联邦模型的可用性。以前关于联邦学习的工作在确保 DI 的隐私和最终联邦模型的可用性方面是不够的。在本文中，我们设计了一种具有多个密钥的安全联邦学习机制，以防止用于医疗诊断的 DI 级中毒攻击，称为 SFPA。具体来说，SFPA 通过使用多密钥安全计算提供基于隐私保护的随机森林联邦学习，保证DI相关信息的机密性。同时，提出了一种针对加密本地提交模型的安全防御策略，以防御 DI 级中毒攻击。最后，我们在公共云平台上的正式安全分析和实证测试证明了 SFPA 的安全性和效率以及其抵抗 DI 级中毒攻击的能力。