{"id":"https://openalex.org/W7125796010","doi":"https://doi.org/10.1109/tdsc.2026.3654766","title":"SFI: A Practical and Efficient Backdoor Attack Framework Against Split Learning","display_name":"SFI: A Practical and Efficient Backdoor Attack Framework Against Split Learning","publication_year":2026,"publication_date":"2026-01-27","ids":{"openalex":"https://openalex.org/W7125796010","doi":"https://doi.org/10.1109/tdsc.2026.3654766"},"language":null,"primary_location":{"id":"doi:10.1109/tdsc.2026.3654766","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2026.3654766","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5041393155","display_name":"Fangchao Yu","orcid":"https://orcid.org/0000-0003-0889-3790"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Fangchao Yu","raw_affiliation_strings":["Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0003-0889-3790","affiliations":[{"raw_affiliation_string":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123954772","display_name":"Bo Zeng","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Zeng","raw_affiliation_strings":["Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0002-3334-6150","affiliations":[{"raw_affiliation_string":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123960585","display_name":"Kai Zhao","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kai Zhao","raw_affiliation_strings":["Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0002-7410-3112","affiliations":[{"raw_affiliation_string":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123954982","display_name":"Zhi Pang","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhi Pang","raw_affiliation_strings":["Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123931271","display_name":"Lina Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lina Wang","raw_affiliation_strings":["Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0001-8085-1312","affiliations":[{"raw_affiliation_string":"Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5041393155"],"corresponding_institution_ids":["https://openalex.org/I37461747"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.13622936,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"3","first_page":"5705","last_page":"5717"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.5331000089645386,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.5331000089645386,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.28850001096725464,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11498","display_name":"Security in Wireless Sensor Networks","score":0.02590000070631504,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.998199999332428},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4925000071525574},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.41600000858306885},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.37709999084472656},{"id":"https://openalex.org/keywords/data-modeling","display_name":"Data modeling","score":0.350600004196167},{"id":"https://openalex.org/keywords/shadow","display_name":"Shadow (psychology)","score":0.3352000117301941},{"id":"https://openalex.org/keywords/training-set","display_name":"Training set","score":0.3253999948501587},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.32420000433921814}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.998199999332428},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8090999722480774},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5598999857902527},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4925000071525574},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4235999882221222},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.41600000858306885},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.37709999084472656},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.36550000309944153},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.350600004196167},{"id":"https://openalex.org/C117797892","wikidata":"https://www.wikidata.org/wiki/Q286363","display_name":"Shadow (psychology)","level":2,"score":0.3352000117301941},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.3253999948501587},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.32420000433921814},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.31299999356269836},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.3018999993801117},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.29159998893737793},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.28949999809265137},{"id":"https://openalex.org/C184898388","wikidata":"https://www.wikidata.org/wiki/Q1435712","display_name":"Pairwise comparison","level":2,"score":0.27379998564720154},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.26350000500679016},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2632000148296356},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.2565000057220459},{"id":"https://openalex.org/C136389625","wikidata":"https://www.wikidata.org/wiki/Q334384","display_name":"Supervised learning","level":3,"score":0.25459998846054077},{"id":"https://openalex.org/C2775892892","wikidata":"https://www.wikidata.org/wiki/Q6509517","display_name":"Revocation","level":3,"score":0.25040000677108765}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2026.3654766","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2026.3654766","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.45771685242652893,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G6366853662","display_name":null,"funder_award_id":"NSFC62372334","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2007339694","https://openalex.org/W2194775991","https://openalex.org/W2473418344","https://openalex.org/W2594311007","https://openalex.org/W3021654819","https://openalex.org/W3042368254","https://openalex.org/W3105915864","https://openalex.org/W3107337211","https://openalex.org/W3135231128","https://openalex.org/W3213008925","https://openalex.org/W3216759837","https://openalex.org/W4205228770","https://openalex.org/W4206320562","https://openalex.org/W4296411155","https://openalex.org/W4307823718","https://openalex.org/W4324007921","https://openalex.org/W4378976729","https://openalex.org/W4385320128","https://openalex.org/W4386999121","https://openalex.org/W4402264407"],"related_works":[],"abstract_inverted_index":{"Split":[0],"learning":[1,7,29,61,106,134],"is":[2,69],"a":[3,31,38,116,157],"computing":[4],"resource-friendly":[5],"distributed":[6],"framework":[8,160,165],"that":[9,27,123,175],"protects":[10],"client":[11,20,85,131,145],"training":[12,50,82,140],"data":[13,46,83],"by":[14,47],"splitting":[15],"the":[16,19,43,49,57,72,76,81,90,113,120,130,139,144,148,169,176,181],"model":[17,86,118,132,137],"between":[18],"and":[21,84,128,173,190,197],"server.":[22],"Previous":[23],"work":[24],"has":[25],"proved":[26],"split":[28,60,88,105],"faces":[30],"severe":[32],"risk":[33],"of":[34,59],"privacy":[35],"leakage,":[36],"as":[37],"malicious":[39],"server":[40,121],"can":[41,124],"recover":[42],"client's":[44],"private":[45],"hijacking":[48],"process.":[51],"In":[52],"this":[53,136],"paper,":[54],"we":[55,155],"explore":[56],"vulnerability":[58],"to":[62,70,146,180],"server-side":[63,77],"backdoor":[64,93,102,126,158],"attacks,":[65],"where":[66],"our":[67],"goal":[68],"compromise":[71],"model's":[73],"integrity.":[74],"Since":[75],"attacker":[78,114],"cannot":[79],"access":[80],"in":[87,104,133],"learning,":[89],"traditional":[91],"poisoning-based":[92],"attack":[94,159,164,177],"methods":[95],"are":[96],"no":[97],"longer":[98],"applicable.":[99],"Therefore,":[100],"constructing":[101],"attacks":[103],"poses":[107],"significant":[108],"challenges.":[109],"Our":[110,163],"strategy":[111],"involves":[112],"establishing":[115],"shadow":[117],"on":[119,152,186],"side":[122],"encode":[125],"samples":[127],"guide":[129],"from":[135],"during":[138],"process,":[141],"thereby":[142],"enabling":[143],"acquire":[147],"same":[149],"capability.":[150],"Based":[151],"these":[153],"insights,":[154],"propose":[156],"named":[161],"SFI.":[162],"minimizes":[166],"assumptions":[167],"about":[168],"attacker's":[170],"background":[171],"knowledge":[172],"ensures":[174],"remains":[178],"imperceptible":[179],"client.":[182],"We":[183],"implement":[184],"SFI":[185],"various":[187],"benchmark":[188],"datasets,":[189],"extensive":[191],"experimental":[192],"results":[193],"demonstrate":[194],"its":[195],"effectiveness":[196],"generality.":[198]},"counts_by_year":[],"updated_date":"2026-05-15T06:05:50.897203","created_date":"2026-01-28T00:00:00"}