Collaborative learning is an emerging technique for building machine learning models from decentralized data sources without requiring raw and possibly sensitive data to be centralized. A commonly considered framework is federated learning (FL), but there are others, such as split learning and swarm learning. Such frameworks tackle critical privacy and security concerns associated with traditional, centralized AI models, making them highly relevant in scenarios where the learning is based on sensitive data. Collaborative learning accomplishes this by allowing multiple independent clients to collaboratively train a shared global model, with only model updates—rather than raw data—transmitted to a central aggregator entity.

Despite these advantages, collaborative learning introduces many critical security concerns that must be considered to make it a reliable technology. In particular, its decentralized nature opens new opportunities for adversarial threats. To defend against collaborative learning threats, the research community is also investigating advanced defense mechanisms.

This seminar will explore the architecture of collaborative learning paradigms through the lens of security and privacy experts. Its main objective is to comprehensively analyze and discuss the security/privacy challenges of popular decentralized learning approaches.

The topics to be covered during this Dagstuhl Seminar are:

1. Attack Vectors and Vulnerabilities in Collaborative Learning
2. Federated and Split Learning Architectures: Security and Privacy Challenges and Solutions
3. Model and Data Poisoning Attacks in Federated/Split Learning
4. Advanced Inference Attacks in Federated/Split Learning
5. Defense Strategies for Federated/Split Learning
6. Other Decentralized Learning Paradigms and their Security Challenges

We expect that the seminar will produce several ideas on improving state-of-the-art security solutions for FL and, more in general, for decentralized learning. Moreover, it will enable researchers from different disciplines to connect and set the agenda for potentially impactful research to be carried out in the following years.

Creative Commons BY 4.0

Alexandra Dmitrienko, Antonino Nocera, Stjepan Picek, and Ahmad-Reza Sadeghi