Title: Oops!… They Stole it Again: Attacks on Split Learning
Authors: Tanveer Khan and Antonis Michalas
Venue: 18th ACM Workshop on Artificial Intelligence and Security (AISec), co-located with the 32nd ACM Conference on Computer and Communications Security (CCS), Taipei, Taiwan, October 13—17, 2025.
Abstract: Split Learning (SL) is a collaborative learning approach that improves privacy by keeping data on the client-side while sharing only the intermediate output with a server. However, the distributed nature of SL introduces new security challenges, necessitating a comprehensive exploration of potential attacks. This paper systematically reviews various attacks on SL, classifying them based on factors such as the attacker’s role, the type of privacy risks, when data leaks occur, and where vulnerabilities exist. We also analyze existing defense methods, including cryptographic methods, data modification approaches, distributed techniques, and hybrid solutions. Our findings reveal security gaps, highlighting the effectiveness and limitations of existing defenses. By identifying open challenges and future directions, this work provides valuable information to improve SL privacy issues and guide further research.
