Analyzing the vulnerabilities in Split Federated Learning: assessing the robustness against data poisoning attacks.
Journal:
Scientific reports
Published Date:
Aug 19, 2025
Abstract
Distributed Collaborative Machine Learning (DCML) offers a promising alternative to address privacy concerns in centralized machine learning. Split learning (SL) and Federated Learning (FL) are two effective learning approaches within DCML. Recently, there has been growing interest in Split Federated Learning (SFL), which combines elements of both FL and SL. This research provides a comprehensive study, analysis, and presentation of the impact of data poisoning attacks on Split Federated Learning (SFL). We propose three attack strategies: untargeted attacks, targeted attacks, and distance-based attacks. All these strategies aim to degrade the performance of the DCML classifier. We evaluate the proposed attack strategies using two case studies: Electrocardiogram Signal Classification and Automatic Handwritten Digit Recognition (MNIST dataset). We conducted a series of attack experiments, varying the percentage of malicious clients and the model split layer between the clients and the server. A comprehensive analysis of the attack strategies reveals that distance-based and untargeted poisoning attacks have a greater impact on evading classifier outcomes compared to targeted attacks in SFL.
