Federated Large Language Models: Feasibility, Robustness, Security and Future Directions
Wenhao Jiang, Yuchuan Luo, Guilin Deng, Silong Chen, Xu Yang, Shihong Wu, Xinwen Gao, Lin Liu, Shaojing Fu
TL;DR
This paper surveys Federated Large Language Models (FLLM), focusing on feasibility, robustness, security, and future directions to enable privacy-preserving training on distributed data silos. It argues that full-parameter fine-tuning is generally infeasible at scale and foregrounds Federated Parameter-Efficient Fine-Tuning (FedPEFT) with methods like LoRA, Adapter, and Prompt Tuning as practical alternatives. The analysis covers robustness against resource, data, and task heterogeneity, and details privacy and security threats (e.g., MIA, DRA, jailbreaking, prompt injection, LTDL) along with defense mechanisms such as robust aggregation and differential privacy. It also outlines promising directions, including few-shot learning, federated unlearning, and IP protection, highlighting the need for further work to build robust, secure, and scalable FLLM systems with real-world impact.
Abstract
The integration of Large Language Models (LLMs) and Federated Learning (FL) presents a promising solution for joint training on distributed data while preserving privacy and addressing data silo issues. However, this emerging field, known as Federated Large Language Models (FLLM), faces significant challenges, including communication and computation overheads, heterogeneity, privacy and security concerns. Current research has primarily focused on the feasibility of FLLM, but future trends are expected to emphasize enhancing system robustness and security. This paper provides a comprehensive review of the latest advancements in FLLM, examining challenges from four critical perspectives: feasibility, robustness, security, and future directions. We present an exhaustive survey of existing studies on FLLM feasibility, introduce methods to enhance robustness in the face of resource, data, and task heterogeneity, and analyze novel risks associated with this integration, including privacy threats and security challenges. We also review the latest developments in defense mechanisms and explore promising future research directions, such as few-shot learning, machine unlearning, and IP protection. This survey highlights the pressing need for further research to enhance system robustness and security while addressing the unique challenges posed by the integration of FL and LLM.
