A Privacy-Preserving Federated Learning Framework for Multi-Institutional Healthcare AI with Differential Privacy, Byzantine Fault Tolerance, and Gradient Inversion Defence

Priya Venkatachalam; Santhosh Babu Krishnamoorthy

doi:10.5281/zenodo.19351129

Journal Information

Journal Name: International Journal of Advanced Engineering Application

ISSN: 3048-6807

Frequency: Monthly (12 issues per year)

Language: English

Publication Format: Online

Website: https://ijaea.com/

Email ID: editorinchief.ijaea@gmail.com:

Publisher: NERD Publication

Indexing: Google Scholar, Crossref, Zenodo and more

A Privacy-Preserving Federated Learning Framework for Multi-Institutional Healthcare AI with Differential Privacy, Byzantine Fault Tolerance, and Gradient Inversion Defence

Author(s):Priya Venkatachalam, Santhosh Babu Krishnamoorthy

Affiliation: Department of Information Technology, PSG College of Technology, Coimbatore, Tamil Nadu, India

Page No: 54-63

Volume issue & Publishing Year: Volume 3, Issue 3, 2026/03/12

Journal: International Journal of Advanced Engineering Application (IJAEA)

ISSN NO: 3048-6807

DOI: https://doi.org/10.5281/zenodo.19351129

Download PDF

Article Indexing:

Abstract:
Healthcare AI models trained on multi-institutional electronic health records (EHR) demonstrate substantially superior clinical performance compared to models trained on single-institution datasets — a phenomenon well-documented across diabetic retinopathy screening, cardiac risk stratification, and sepsis prediction tasks — yet the pooling of patient data across hospital boundaries is legally impermissible under India's Personal Data Protection framework (DPDPA 2023), HIPAA's cross-border transfer restrictions, and institutional ethics protocols that prohibit patient-identifiable data leaving the originating facility. Federated Learning (FL) addresses this by enabling distributed model training where only model gradients, not raw patient data, are communicated from participating sites to an aggregation server. However, recent cryptanalytic work has demonstrated that naive FL is not intrinsically private: gradient inversion attacks can reconstruct individual training images from shared gradients with near-pixel accuracy, and Byzantine poisoning attacks by malicious clients can corrupt the global model with as few as one compromised participant.
This paper presents SecFed-HC, a comprehensive privacy-preserving federated learning framework designed for Indian multi-institutional healthcare AI deployment, combining four defence mechanisms: Gaussian differential privacy (DP) noise injection (ε=2.0, δ=10⁻⁵) into gradient updates; Paillier homomorphic encryption of gradients before transmission; Byzantine-robust Krum aggregation replacing FedAvg; and an adaptive gradient clipping schedule that prevents gradient inversion without excessive accuracy degradation. The framework is evaluated on three clinical classification tasks — diabetic retinopathy grading from fundus images (8 hospital sites, South India), cardiac risk classification from ECG features (6 sites, Tamil Nadu and Andhra Pradesh), and CKD staging from biochemical markers (5 sites) — using a total of 84,731 de-identified patient records distributed across 19 participating hospital nodes.
SecFed-HC achieves AUC-ROC of 96.4%, 95.1%, and 93.8% for the three clinical tasks respectively, compared to 91.3%, 88.7%, and 87.4% for FedAvg baseline and 97.1%, 96.2%, and 94.7% for a centralised (privacy-violating) upper bound, narrowing the federated-to-centralised performance gap to under 1.5% while providing mathematically rigorous (ε, δ)-differential privacy guarantees. The framework completely defeats gradient inversion attacks in adversarial simulation testing and reduces Byzantine client impact to < 0.3% accuracy degradation even with 20% malicious participants.

Keywords: federated learning, differential privacy, Byzantine fault tolerance, gradient inversion, healthcare AI, electronic health records, Paillier encryption, Krum aggregation, DPDPA 2023, diabetic retinopathy, EHR, hospital federation, privacy-preserving ML, India

Reference:

[1] Abadi, M., Chu, A., Goodfellow, I., et al. (2016). Deep learning with differential privacy. CCS '16, 308-318.
[2] Blanchard, P., El Mhamdi, E. M., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. NeurIPS, 30.
[3] Dwork, C., McSherry, F., Nissim, K., & Smith, A. (2006). Calibrating noise to sensitivity in private data analysis. TCC 2006, 265-284.
[4] Li, T., Sahu, A. K., Zaheer, M., et al. (2020). Federated optimization in heterogeneous networks (FedProx). MLSys 2020.
[5] McMahan, H. B., Moore, E., Ramage, D., et al. (2017). Communication-efficient learning of deep networks from decentralized data. AISTATS 2017.
[6] Ministry of Electronics & IT. (2023). Digital Personal Data Protection Act 2023. Government of India Gazette.
[7] Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. EUROCRYPT 1999, 223-238.
[8] Rieke, N., Hancox, J., Li, W., et al. (2020). The future of digital health with federated learning. NPJ Digital Medicine, 3(1), 119.
[9] Shokri, R., Stronati, M., Song, C., & Shmatikov, V. (2017). Membership inference attacks against ML models. IEEE S&P 2017.
[10] Zhao, B., Mopuri, K. R., & Bilen, H. (2020). iDLG: Improved deep leakage from gradients. arXiv:2001.02610.

Notice Board

Peer Review Timeline average processing time is 1 to 2 days

Call for Papers , Volume 3, Issue 5 (May 2026) is now open.

Contact :editorinchief.ijaea@gmail.com | submitpaper@ijaea.comn

ISSN : 3048-6807 (Online) has been officially allotted to IJAEA.

Call for Papers , Volume 3, Issue 5(May 2026) is now open.

Google Scholar & Zenodo have indexed IJAEA articles

DOI is assigned to each published article via Zenodo.

INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING APPLICATION

A Privacy-Preserving Federated Learning Framework for Multi-Institutional Healthcare AI with Differential Privacy, Byzantine Fault Tolerance, and Gradient Inversion Defence