Federated Learning for Privacy-Preserving Medical AI

Abstract

This dissertation investigates privacy-preserving federated learning for Alzheimer's disease classification using three-dimensional MRI data from the Alzheimer's Disease Neuroimaging Initiative (ADNI). Existing methodologies often suffer from unrealistic data partitioning, inadequate privacy guarantees, and insufficient benchmarking, limiting their practical deployment in healthcare. To address these gaps, this research proposes a novel site-aware data partitioning strategy that preserves institutional boundaries, reflecting real-world multi-institutional collaborations and data heterogeneity. Furthermore, an Adaptive Local Differential Privacy (ALDP) mechanism is introduced, dynamically adjusting privacy parameters based on training progression and parameter characteristics, thereby significantly improving the privacy-utility trade-off over traditional fixed-noise approaches. Systematic empirical evaluation across multiple client federations and privacy budgets demonstrated that advanced federated optimisation algorithms, particularly FedProx, could equal or surpass centralised training performance while ensuring rigorous privacy protection. Notably, ALDP achieved up to 80.4% accuracy in a two-client configuration, surpassing fixed-noise Local DP by 5-7 percentage points and demonstrating substantially greater training stability. The comprehensive ablation studies and benchmarking establish quantitative standards for privacy-preserving collaborative medical AI, providing practical guidelines for real-world deployment. This work thereby advances the state-of-the-art in federated learning for medical imaging, establishing both methodological foundations and empirical evidence necessary for future privacy-compliant AI adoption in healthcare.

Figures (10)

• Figure 1: Traditional centralised training paradigm in medical AI. Multiple healthcare institutions aggregate sensitive patient data in centralised repositories, creating privacy risks, regulatory compliance challenges, and single points of failure that limit collaborative medical AI development.
• Figure 2: Federated learning paradigm for privacy-preserving collaborative medical AI. Healthcare institutions maintain local data sovereignty whilst participating in collaborative model development through secure parameter aggregation, eliminating the need for centralised data repositories whilst preserving privacy and regulatory compliance.
• Figure 3: Overview of federated learning with Adaptive Local Differential Privacy (ALDP) in multi-institutional medical imaging. Each medical institution trains a local 3D CNN model on its private MRI data and applies local differential privacy by adding calibrated Gaussian noise to model parameters before transmission. In ALDP, both the privacy budget $\varepsilon_t$ and noise scale $\sigma_{\text{base}}$ are adapted per round and per parameter tensor to improve privacy-utility trade-off. After each round, noisy local model updates are transmitted to a central server, where federated averaging is performed and the aggregated global model is broadcast back to all participating clients.
• Figure 4: Implementation architecture for federated learning-based ADNI classification system. The framework integrates the Flower federated learning platform with MONAI medical imaging capabilities and PyTorch deep learning infrastructure. The modular design supports multiple federated learning strategies and enables both local simulation and distributed deployment across cloud servers for large-scale experiments. Comprehensive experiment tracking and monitoring are provided through Weights & Biases integration.
• Figure 5: ADNI dataset filtering process using Analysis Ready Cohort (ARC) Builder on ida.loni.usc.edu platform, showing selection criteria for 3T MRI acquisitions and demographic filtering parameters.