A Taxonomy of Attacks and Defenses in Split Learning
Aqsa Shabbir, Halil İbrahim Kanpak, Alptekin Küpçü, Sinem Sav
TL;DR
This paper introduces a taxonomy of attacks and defenses for Split Learning (SL) by organizing threats and mitigations along strategies, constraints, and effectiveness. It surveys data reconstruction, label inference, property inference, and model manipulation attacks across SL variants (VanSL, USL, NLSL, Hybrid-SL, MHSL) and data-partitioning schemes, and reviews defenses including differential privacy, secure computation (HE/FSS), architectural/protocol modifications, and detection techniques. It highlights persistent vulnerabilities at the SL cut layer and analyzes trade-offs among privacy, utility, and computational overhead, offering open research directions such as uncertainty-aware defenses, layered monitoring, and verifiable training. The work aims to guide practitioners and researchers in designing robust SL systems for privacy-preserving distributed learning.
Abstract
Split Learning (SL) has emerged as a promising paradigm for distributed deep learning, allowing resource-constrained clients to offload portions of their model computation to servers while maintaining collaborative learning. However, recent research has demonstrated that SL remains vulnerable to a range of privacy and security threats, including information leakage, model inversion, and adversarial attacks. While various defense mechanisms have been proposed, a systematic understanding of the attack landscape and corresponding countermeasures is still lacking. In this study, we present a comprehensive taxonomy of attacks and defenses in SL, categorizing them along three key dimensions: employed strategies, constraints, and effectiveness. Furthermore, we identify key open challenges and research gaps in SL based on our systematization, highlighting potential future directions.
