survey 2025

Oops!... They Stole it Again: Attacks on Split Learning

Tanveer Khan , Antonis Michalas

Tampere University

0 citations
α

Published on arXiv

2508.10598

Model Inversion Attack

OWASP ML Top 10 — ML03

Membership Inference Attack

OWASP ML Top 10 — ML04

Model Poisoning

OWASP ML Top 10 — ML10

Key Finding

Survey reveals persistent security gaps in Split Learning, showing that existing defenses have significant limitations against data reconstruction, membership inference, and backdoor attacks.

Split Learning (SL) is a collaborative learning approach that improves privacy by keeping data on the client-side while sharing only the intermediate output with a server. However, the distributed nature of SL introduces new security challenges, necessitating a comprehensive exploration of potential attacks. This paper systematically reviews various attacks on SL, classifying them based on factors such as the attacker's role, the type of privacy risks, when data leaks occur, and where vulnerabilities exist. We also analyze existing defense methods, including cryptographic methods, data modification approaches, distributed techniques, and hybrid solutions. Our findings reveal security gaps, highlighting the effectiveness and limitations of existing defenses. By identifying open challenges and future directions, this work provides valuable information to improve SL privacy issues and guide further research.

Key Contributions

  • Systematic taxonomy of attacks on Split Learning classified by attacker role, privacy risk type, data leak timing, and vulnerability location
  • Comprehensive analysis of existing defenses including cryptographic methods, data modification approaches, distributed techniques, and hybrid solutions
  • Identification of security gaps, open challenges, and future research directions in Split Learning privacy

🛡️ Threat Analysis

Model Inversion Attack

A dominant attack class in Split Learning is reconstructing private training data from shared intermediate outputs (smashed data/activations), which is a direct model inversion / gradient leakage threat — the survey explicitly covers these data reconstruction attacks and defenses against them.

Membership Inference Attack

Membership inference attacks on Split Learning — determining whether a specific data point was in the training set from shared intermediate representations — are a well-established threat class covered in this survey.

Model Poisoning

As a collaborative learning protocol, Split Learning is susceptible to backdoor/trojan injection attacks; the survey covers these training-time threats alongside poisoning-based attacks in the SL threat landscape.

Details

Domains
federated-learningvisionnlp
Model Types
cnntransformerfederated
Threat Tags
white_boxblack_boxtraining_timeinference_time
Applications
split learningcollaborative machine learningprivacy-preserving ml
Read PDF arXiv

Similar Papers

defense

ERIS: Enhancing Privacy and Communication Efficiency in Serverless Federated Learning

2026 0 cit.
Membership Inference AttackModel Inversion Attack
64%
defense

Privacy-Preserving Collaborative Medical Image Segmentation Using Latent Transform Networks

2026 0 cit.
Model Inversion AttackMembership Inference Attack
58%
attack

Enhancing the Effectiveness and Durability of Backdoor Attacks in Federated Learning through Maximizing Task Distinction

2025 0 cit.
Model Poisoning
56%
defense

A Unified Masked Jigsaw Puzzle Framework for Vision and Language Models

2026 0 cit.
Model Inversion Attack
54%
defense

Teleportation-Based Defenses for Privacy in Approximate Machine Unlearning

2025 0 cit.
Membership Inference AttackModel Inversion Attack
54%
benchmark

Evaluating Selective Encryption Against Gradient Inversion Attacks

2025 0 cit.
Model Inversion Attack
54%
survey

Decentralized Privacy-Preserving Federal Learning of Computer Vision Models on Edge Devices

2026 0 cit.
Model Inversion Attack
52%
defense

Local Layer-wise Differential Privacy in Federated Learning

2026 0 cit.
Model Inversion AttackMembership Inference Attack
52%