FedCCW: a privacy-preserving Byzantine-robust federated learning with local differential privacy for healthcare

The integration of artificial intelligence technology in the medical sector has led to the accumulation of substantial medical data by healthcare institutions, to utilize this data to train high-quality deep learning models to aid in medical diagnosis. However, the sensitive nature of medical data has posed challenges in data fusion. Federated Learning (FL) has emerged as a prominent approach due to its ability to train models without direct access to raw data. Nonetheless, research indicates that FL still faces the risk of privacy breaches, and during model aggregation, it may be vulnerable to various Byzantine attacks. In this study, we design the FedCCW, a novel FL scheme with Byzantine robustness and privacy preservation based on the Clipping, Clustering, and Weighting mechanism, to enable collaboration among medical institutions and facilitate the integration of medical data. The Differential Privacy (DP) noise mechanism is adopted to obfuscate local training gradients of participants against privacy breaches during FL. Additionally, a clustering mechanism is utilized to categorize participants into groups, thereby identifying and filtering out malicious updates that deviate from the intended aggregation path. A dynamic clipping method is designed to prevent attackers from manipulating the server's cosine similarity and spectral clustering mechanisms by artificially inflating updates without altering their direction, thereby enhancing the accuracy of the global model. An adaptive weighting method is also introduced to dynamically adjust participant weights, thereby expediting model convergence. Extensive experiments conducted on authentic medical datasets demonstrate the superior performance of FedCCW in comparison to existing methods.