Table 3 Defense methods against privacy inference attacks in the training phase
From: Threats, attacks and defenses to federated learning: issues, taxonomy and perspectives
| Â | Actor | Guarantee | Weakness | ||
|---|---|---|---|---|---|
Model | Aggregated value | Local releasedvalue | |||
Compression gradients | Â | Â | Â | Â | Â |
 Pruning | Worker | Y | N | Y | Failintext inferringtask |
 Dropout | Worker | Y | N | Y | Slightlydecrease modelaccuracy |
Cryptology gradients | Â | Â | Â | Â | Â |
 SMC | Worker | N | Y | Y | Computationand communicationconsuming |
 HE | Worker | N | Y | Y | |
Perturbation gradients | Â | Â | Â | Â | Â |
 CDP | Server | N | Y | N | Requirea trustaggregator |
 LDP | Worker | N | N | Y | Needenough calibrationnoise |
 DDP | Worker | N | N | Y | Computation consuming |