SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks in Split Learning
Phillip Rieger
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Federated Learning 1
This talk introduces **SafeSplit**, a novel defense mechanism designed to protect **split learning** (SL) systems from client-side backdoor attacks. Given by Phillip Rieger from Todd Damshot (likely TU Darmstadt), the presentation highlights the unique vulnerabilities of split learning, particularly its sequential training paradigm, which renders many existing defenses from **federated learning** (FL) ineffective. Split learning is a critical collaborative learning scheme that allows multiple clients to jointly train large, complex deep neural networks (DNNs) even when individual clients lack the computational resources to handle the entire model, all while keeping their sensitive training data local.
AI review
Legitimate academic security research on a real and underexplored problem — backdoor attacks in split learning — with a technically coherent defense mechanism. The rotational frequency analyzer is a genuinely novel metric, and the ensemble approach is sound in principle, but this is a conference paper presentation, not a practitioner talk, and the gap between the academic contribution and real-world deployability is wide enough to matter.