Assessing security vulnerabilities in a docker-enabled federated learning framework with hyperparameter tuning for software bug prediction
摘要
Federated Learning (FL) has come up as a promising paradigm for collaborative machine learning over decentralized data by maintaining user privacy at the same time enabling broader data access. Although FL is increasingly being used, its security during deployment, especially in containerized environments, remains under-explored. This study directly addresses the gap by examining security risks within a Docker-based FL deployment designed for Software Bug Prediction (SBP). We developed two federated models—a Convolutional Neural Network (FLCNN) as well as an Artificial Neural Network (FLANN)—and integrated hyperparameter tuning (HPT) using the Grey Wolf Optimizer (GWO). After training the model on multiple open-source SBP datasets, we containerized the best FLCNN model, deploying it as a Flask API within Docker. Vulnerability scans, executed using open-source tools (Anchore, Aqua Trivy, Snyk, JFrog Xray), disclosed several security flaws, including critical and high-severity risks such as denial-of-service, buffer overflow, as well as memory management issues. By subsequently applying updated dependencies and recommended container security protocols, we established a substantially more secure FL deployment profile. This analysis underscores the essential need for rigorous, continuous security assessment when deploying federated learning via containerization.