Splitout: Out-Of Training-Hijacking Detection in Split Learning Via Outlier Detection
| dc.authorscopusid | 57226330858 | |
| dc.authorscopusid | 58114653600 | |
| dc.authorscopusid | 58114845600 | |
| dc.authorscopusid | 26531375100 | |
| dc.authorscopusid | 56054187000 | |
| dc.contributor.author | Erdoğan,E. | |
| dc.contributor.author | Tekşen,U. | |
| dc.contributor.author | Çeliktenyıldız,M.S. | |
| dc.contributor.author | Küpçü,A. | |
| dc.contributor.author | Çiçek,A.E. | |
| dc.date.accessioned | 2024-11-15T17:49:06Z | |
| dc.date.available | 2024-11-15T17:49:06Z | |
| dc.date.issued | 2025 | |
| dc.department | Kadir Has University | en_US |
| dc.department-temp | Erdoğan E., Technical University of Munich, Munich, Germany; Tekşen U., Kadir Has University, Istanbul, Turkey; Çeliktenyıldız M.S., Bilkent University, Ankara, Turkey; Küpçü A., Koç University, Istanbul, Turkey; Çiçek A.E., Bilkent University, Ankara, Turkey | en_US |
| dc.description.abstract | Split learning enables efficient and privacy-aware training of a deep neural network by splitting a neural network so that the clients (data holders) compute the first layers and only share the intermediate output with the central compute-heavy server. This paradigm introduces a new attack medium in which the server has full control over what the client models learn, which has already been exploited to infer the private data of clients and to implement backdoors in the client models. Although previous work has shown that clients can successfully detect such training-hijacking attacks, the proposed methods rely on heuristics, require tuning of many hyperparameters, and do not fully utilize the clients’ capabilities. In this work, we show that given modest assumptions regarding the clients’ compute capabilities, an out-of-the-box outlier detection method can be used to detect existing training-hijacking attacks with almost-zero false positive rates. We conclude through experiments on different tasks that the simplicity of our approach we name SplitOut makes it a more viable and reliable alternative compared to the earlier detection methods. © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025. | en_US |
| dc.description.sponsorship | Türkiye Bilimsel ve Teknolojik Araştırma Kurumu, TÜBİTAK, (119E088) | en_US |
| dc.identifier.doi | 10.1007/978-981-97-8016-7_6 | |
| dc.identifier.endpage | 142 | en_US |
| dc.identifier.isbn | 978-981978015-0 | |
| dc.identifier.issn | 0302-9743 | |
| dc.identifier.scopus | 2-s2.0-85206187794 | |
| dc.identifier.scopusquality | Q3 | |
| dc.identifier.startpage | 118 | en_US |
| dc.identifier.uri | https://doi.org/10.1007/978-981-97-8016-7_6 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12469/6728 | |
| dc.identifier.volume | 14906 LNCS | en_US |
| dc.identifier.wosquality | N/A | |
| dc.language.iso | en | en_US |
| dc.publisher | Springer Science and Business Media Deutschland GmbH | en_US |
| dc.relation.ispartof | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) -- 23rd International Conference on Cryptology and Network Security, CANS 2024 -- 24 September 2024 through 27 September 2024 -- Cambridge -- 320659 | en_US |
| dc.relation.publicationcategory | Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı | en_US |
| dc.rights | info:eu-repo/semantics/closedAccess | en_US |
| dc.subject | Data privacy | en_US |
| dc.subject | Machine learning | en_US |
| dc.subject | Split learning | en_US |
| dc.subject | Training-hijacking | en_US |
| dc.title | Splitout: Out-Of Training-Hijacking Detection in Split Learning Via Outlier Detection | en_US |
| dc.type | Conference Object | en_US |
| dspace.entity.type | Publication |