Welcome to Psychiatryai.com: Latest Evidence - RAISR4D

Security Analysis of a Federated Learning Framework for Medical Image-to-Image Translation

AI Summary
  • Federated I2I translation frameworks are not inherently secure and require explicit, multi-layered evaluation and safeguards for clinical deployment.
  • Federated membership inference attack achieved high discrimination (AUC 0.92 to 0.99); Secure Aggregation reduced AUC to near random without degrading synthesis quality.
  • Gradient leakage recovered only coarse anatomy; data poisoning broke FedAvg under high noise, while FedMedian largely restored performance but low noise poses stealthy threat.
Summarise with AI (MRCPsych/FRANZCP)

J Med Syst. 2026 Jul 4;50(1):108. doi: 10.1007/s10916-026-02436-8.

ABSTRACT

Federated Learning (FL) emerged as a privacy-preserving paradigm for collaborative training of deep learning models across institutions without sharing patient data. This approach has been applied to complex tasks such as medical image-to-image (I2I) translation, including MRI-to-synthetic CT (sCT) generation. However, existing federated I2I frameworks often assume privacy preservation as an inherent property of FL rather than a requirement to be explicitly validated, leaving their robustness to representative adversarial threat scenarios largely unexplored. In this study, we evaluated the vulnerability of a federated MRI-to-sCT translation framework (FedSynthCT-Brain) to three representative attack classes: Deep Leakage from Gradients (DLG), Federated Membership Inference Attack (FedMIA), and data poisoning. The efficacy of corresponding defense mechanisms, such as Secure Aggregation (SecAgg) and Byzantine-robust median aggregation (FedMedian), were assessed. DLG enabled only the recovery of coarse anatomical structures, with no clinically identifiable details (SSIM ≤ 0.16, PSNR ≤ 11 dB) across clients, suggesting limited vulnerability under the evaluated DLG setting. In contrast, FedMIA achieved high membership discrimination, with AUC scores between 0.92 and 0.99, revealing a critical privacy vulnerability. The introduction of SecAgg reduced AUC values to near-random levels (0.23-0.56) across all centers without impacting synthesis quality. Under high-noise poisoning, the standard federated averaging (FedAvg) aggregation rendered the federation inoperative, while FedMedian restored performance close to the no-poisoning baseline in most scenarios, with significant residual degradation in specific center configurations. At low noise levels, the advantage of FedMedian was less consistent, as low-level noise injection may be indistinguishable from natural heterogeneity across centers, potentially enabling stealthy degradation. These findings demonstrate that federated I2I translation frameworks are not inherently secure and require explicit, multi-layered evaluation. As FL is increasingly adopted in clinical workflows, our results underscore the necessity of integrating cryptographic, algorithmic, and infrastructural safeguards for secure deployment.

PMID:42400864 | DOI:10.1007/s10916-026-02436-8

Document this CPD

Share Evidence Blueprint

QR Code

Search Google Scholar

Save as PDF

close chatgpt icon
ChatGPT

Enter your request.

Psychiatry AI: Real-Time AI Scoping Review