ML Security PapersHybrid Federated and Split Learning for Privacy Preserving Clinical Prediction and Treatment Optimization
Farzana Akter 1, Rakib Hossain 2, Deb Kanna Roy Toushi 1, Mahmood Menon Khan 1, Sultana Amin 2, Lisan Al Amin 2
Published on arXiv
2602.15304
Membership Inference Attack
OWASP ML Top 10 — ML04
Key Finding
Hybrid FL-SL variants achieve competitive clinical predictive performance and uplift-based prioritization while providing a tunable privacy-utility trade-off that reduces audited membership inference leakage without raw-data sharing.
Hybrid FL-SL with activation clipping and additive Gaussian noise
Novel technique introduced
Collaborative clinical decision support is often constrained by governance and privacy rules that prevent pooling patient-level records across institutions. We present a hybrid privacy-preserving framework that combines Federated Learning (FL) and Split Learning (SL) to support decision-oriented healthcare modeling without raw-data sharing. The approach keeps feature-extraction trunks on clients while hosting prediction heads on a coordinating server, enabling shared representation learning and exposing an explicit collaboration boundary where privacy controls can be applied. Rather than assuming distributed training is inherently private, we audit leakage empirically using membership inference on cut-layer representations and study lightweight defenses based on activation clipping and additive Gaussian noise. We evaluate across three public clinical datasets under non-IID client partitions using a unified pipeline and assess performance jointly along four deployment-relevant axes: factual predictive utility, uplift-based ranking under capacity constraints, audited privacy leakage, and communication overhead. Results show that hybrid FL-SL variants achieve competitive predictive performance and decision-facing prioritization behavior relative to standalone FL or SL, while providing a tunable privacy-utility trade-off that can reduce audited leakage without requiring raw-data sharing. Overall, the work positions hybrid FL-SL as a practical design space for privacy-preserving healthcare decision support where utility, leakage risk, and deployment cost must be balanced explicitly.
Key Contributions
- Hybrid FL-SL protocol for multi-institution clinical learning with tunable cut-layer placement governing compute, communication, and privacy exposure
- Empirical membership inference audit on cut-layer representations with lightweight defenses (activation clipping and additive Gaussian noise) that reduce audited leakage
- Cross-dataset evaluation across three clinical datasets under non-IID partitions covering predictive utility, uplift-based prioritization, audited MIA leakage, and communication cost
🛡️ Threat Analysis
The paper explicitly audits privacy leakage by running membership inference attacks on cut-layer intermediate representations and evaluates lightweight defenses (activation clipping, additive Gaussian noise) to reduce MIA success — membership inference auditing and defense is one of the paper's four stated deployment-relevant evaluation axes and a named contribution.