Splitout: Out-Of Training-Hijacking Detection in Split Learning Via Outlier Detection

Simple item page
dc.authorscopusid 57226330858
dc.authorscopusid 58114653600
dc.authorscopusid 58114845600
dc.authorscopusid 26531375100
dc.authorscopusid 56054187000
dc.contributor.author Erdogan, Ege
dc.contributor.author Teksen, Unat
dc.contributor.author Celiktenyildiz, M. Salih
dc.contributor.author Kupcu, Alptekin
dc.contributor.author Cicek, A. Erciment
dc.date.accessioned 2024-11-15T17:49:06Z
dc.date.available 2024-11-15T17:49:06Z
dc.date.issued 2025
dc.department Kadir Has University en_US
dc.department-temp [Erdogan, Ege] Tech Univ Munich, Munich, Germany; [Teksen, Unat] Kadir Has Univ, Istanbul, Turkiye; [Celiktenyildiz, M. Salih; Cicek, A. Erciment] Bilkent Univ, Ankara, Turkiye; [Kupcu, Alptekin] Koc Univ, Istanbul, Turkiye en_US
dc.description.abstract Split learning enables efficient and privacy-aware training of a deep neural network by splitting a neural network so that the clients (data holders) compute the first layers and only share the intermediate output with the central compute-heavy server. This paradigm introduces a new attack medium in which the server has full control over what the client models learn, which has already been exploited to infer the private data of clients and to implement backdoors in the client models. Although previous work has shown that clients can successfully detect such training-hijacking attacks, the proposed methods rely on heuristics, require tuning of many hyperparameters, and do not fully utilize the clients' capabilities. In this work, we show that given modest assumptions regarding the clients' compute capabilities, an out-of-the-box outlier detection method can be used to detect existing training-hijacking attacks with almost-zero false positive rates. We conclude through experiments on different tasks that the simplicity of our approach we name SplitOut makes it a more viable and reliable alternative compared to the earlier detection methods. en_US
dc.description.sponsorship Türkiye Bilimsel ve Teknolojik Araştırma Kurumu, TÜBİTAK, (119E088) en_US
dc.description.sponsorship Scientific and Technological Research Council of Turkey (TUBITAK) [119E088] en_US
dc.description.sponsorship We acknowledge the Scientific and Technological Research Council of Turkey (TUBITAK) project 119E088. en_US
dc.description.woscitationindex Conference Proceedings Citation Index - Science
dc.identifier.citationcount 0
dc.identifier.doi 10.1007/978-981-97-8016-7_6
dc.identifier.endpage 142 en_US
dc.identifier.isbn 9789819780150
dc.identifier.isbn 9789819780167
dc.identifier.issn 0302-9743
dc.identifier.issn 1611-3349
dc.identifier.scopus 2-s2.0-85206187794
dc.identifier.scopusquality Q3
dc.identifier.startpage 118 en_US
dc.identifier.uri https://doi.org/10.1007/978-981-97-8016-7_6
dc.identifier.volume 14906 en_US
dc.identifier.wos WOS:001344497600006
dc.identifier.wosquality N/A
dc.language.iso en en_US
dc.publisher Springer-verlag Singapore Pte Ltd en_US
dc.relation.ispartof 23rd International Conference on Cryptology and Network Security (CANS) -- SEP 24-27, 2024 -- Univ Cambridge, Dep Comp Sci & Tech, Cambridge, ENGLAND en_US
dc.relation.ispartofseries Lecture Notes in Computer Science
dc.relation.publicationcategory Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı en_US
dc.rights info:eu-repo/semantics/closedAccess en_US
dc.scopus.citedbyCount 0
dc.subject Machine learning en_US
dc.subject Data privacy en_US
dc.subject Split learning en_US
dc.subject Training-hijacking en_US
dc.title Splitout: Out-Of Training-Hijacking Detection in Split Learning Via Outlier Detection en_US
dc.type Conference Object en_US
dc.wos.citedbyCount 0
dspace.entity.type Publication

Files

Collections

WoS İndeksli Yayınlar Koleksiyonu
Scopus İndeksli Yayınlar Koleksiyonu