Towards Privacy-Preserving and Heterogeneity-aware Split Federated Learning via Probabilistic Masking

Split Federated Learning (SFL) has emerged as an efficient alternative to traditional Federated Learning (FL) by reducing client-side computation through model partitioning. However, exchanging of intermediate activations and model updates introduces significant privacy risks, especially from data reconstruction attacks that recover original inputs from intermediate representations. Existing defenses using noise injection often degrade model performance. To overcome these challenges, we present PM-SFL, a scalable and privacy-preserving SFL framework that incorporates Probabilistic Mask training to add structured randomness without relying on explicit noise. This mitigates data reconstruction risks while maintaining model utility. To address data heterogeneity, PM-SFL employs personalized mask learning that tailors submodel structures to each client's local data. For system heterogeneity, we introduce a layer-wise knowledge compensation mechanism, enabling clients with varying resources to participate effectively under adaptive model splitting. Theoretical analysis confirms its privacy protection, and experiments on image and wireless sensing tasks demonstrate that PM-SFL consistently improves accuracy, communication efficiency, and robustness to privacy attacks, with particularly strong performance under data and system heterogeneity.

Key Contributions

• Probabilistic Mask (PM) training framework that adds structured randomness to intermediate activations to resist data reconstruction attacks without explicit noise injection
• Personalized mask learning per client to handle data heterogeneity while maintaining model utility
• Layer-wise knowledge compensation mechanism enabling participation of resource-constrained clients under adaptive model splitting

🛡️ Threat Analysis

Details

Similar Papers