{"id":"https://openalex.org/W4414360271","doi":"https://doi.org/10.24963/ijcai.2025/779","title":"Model Rake: A Defense Against Stealing Attacks in Split Learning","display_name":"Model Rake: A Defense Against Stealing Attacks in Split Learning","publication_year":2025,"publication_date":"2025-09-01","ids":{"openalex":"https://openalex.org/W4414360271","doi":"https://doi.org/10.24963/ijcai.2025/779"},"language":"en","primary_location":{"id":"doi:10.24963/ijcai.2025/779","is_oa":false,"landing_page_url":"https://doi.org/10.24963/ijcai.2025/779","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Thirty-Fourth International Joint Conference on Artificial Intelligence","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035596412","display_name":"Q. Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Qinbo Zhang","raw_affiliation_strings":["Wuhan University"],"affiliations":[{"raw_affiliation_string":"Wuhan University","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073431580","display_name":"Xiao Yan","orcid":"https://orcid.org/0000-0001-9189-8511"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiao Yan","raw_affiliation_strings":["Wuhan University"],"affiliations":[{"raw_affiliation_string":"Wuhan University","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101854548","display_name":"Yanfeng Zhao","orcid":"https://orcid.org/0000-0003-4268-6269"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yanfeng Zhao","raw_affiliation_strings":["Wuhan University"],"affiliations":[{"raw_affiliation_string":"Wuhan University","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039254679","display_name":"Fangcheng Fu","orcid":"https://orcid.org/0000-0003-1658-0380"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Fangcheng Fu","raw_affiliation_strings":["Peking University"],"affiliations":[{"raw_affiliation_string":"Peking University","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074979952","display_name":"Quanqing Xu","orcid":"https://orcid.org/0000-0001-8989-9662"},"institutions":[{"id":"https://openalex.org/I4210135679","display_name":"Antea Group (France)","ror":"https://ror.org/03kfw6k71","country_code":"FR","type":"company","lineage":["https://openalex.org/I4210101086","https://openalex.org/I4210135679"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Quanqing Xu","raw_affiliation_strings":["OceanBase, Ant Group"],"affiliations":[{"raw_affiliation_string":"OceanBase, Ant Group","institution_ids":["https://openalex.org/I4210135679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047598394","display_name":"Yukai Ding","orcid":"https://orcid.org/0000-0002-4611-4033"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yukai Ding","raw_affiliation_strings":["Wuhan University"],"affiliations":[{"raw_affiliation_string":"Wuhan University","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111353326","display_name":"Xiaokai Zhou","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaokai Zhou","raw_affiliation_strings":["Wuhan University"],"affiliations":[{"raw_affiliation_string":"Wuhan University","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038334756","display_name":"Chuang Hu","orcid":"https://orcid.org/0000-0002-9051-3242"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chuang Hu","raw_affiliation_strings":["Wuhan University"],"affiliations":[{"raw_affiliation_string":"Wuhan University","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102918834","display_name":"Jiawei Jiang","orcid":"https://orcid.org/0000-0003-0051-0046"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiawei Jiang","raw_affiliation_strings":["Wuhan University"],"affiliations":[{"raw_affiliation_string":"Wuhan University","institution_ids":["https://openalex.org/I37461747"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5035596412"],"corresponding_institution_ids":["https://openalex.org/I37461747"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.13989565,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"7002","last_page":"7010"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9911999702453613,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9911999702453613,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6855000257492065},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5460000038146973},{"id":"https://openalex.org/keywords/surrogate-model","display_name":"Surrogate model","score":0.47679999470710754},{"id":"https://openalex.org/keywords/rake","display_name":"Rake","score":0.40220001339912415},{"id":"https://openalex.org/keywords/data-modeling","display_name":"Data modeling","score":0.3986000120639801},{"id":"https://openalex.org/keywords/training","display_name":"Training (meteorology)","score":0.39739999175071716},{"id":"https://openalex.org/keywords/training-set","display_name":"Training set","score":0.392300009727478},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.39079999923706055}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8069000244140625},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6855000257492065},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5460000038146973},{"id":"https://openalex.org/C131675550","wikidata":"https://www.wikidata.org/wiki/Q7646884","display_name":"Surrogate model","level":2,"score":0.47679999470710754},{"id":"https://openalex.org/C2778855872","wikidata":"https://www.wikidata.org/wiki/Q7286559","display_name":"Rake","level":2,"score":0.40220001339912415},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3986000120639801},{"id":"https://openalex.org/C2777211547","wikidata":"https://www.wikidata.org/wiki/Q17141490","display_name":"Training (meteorology)","level":2,"score":0.39739999175071716},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.392300009727478},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.39079999923706055},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3619999885559082},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.34940001368522644},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3467000126838684},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.34599998593330383},{"id":"https://openalex.org/C114289077","wikidata":"https://www.wikidata.org/wiki/Q3284399","display_name":"Statistical model","level":2,"score":0.33500000834465027},{"id":"https://openalex.org/C135798126","wikidata":"https://www.wikidata.org/wiki/Q2167279","display_name":"Top-down and bottom-up design","level":2,"score":0.3116999864578247},{"id":"https://openalex.org/C2778112365","wikidata":"https://www.wikidata.org/wiki/Q3511065","display_name":"Sequence (biology)","level":2,"score":0.2928999960422516},{"id":"https://openalex.org/C160920958","wikidata":"https://www.wikidata.org/wiki/Q7662746","display_name":"Synthetic data","level":2,"score":0.2915000021457672},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.27320000529289246},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.27160000801086426},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.2676999866962433},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2662000060081482},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2612999975681305}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.24963/ijcai.2025/779","is_oa":false,"landing_page_url":"https://doi.org/10.24963/ijcai.2025/779","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Thirty-Fourth International Joint Conference on Artificial Intelligence","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Split":[0],"learning":[1],"is":[2,27,109,149,172],"a":[3,15,112],"prominent":[4],"framework":[5],"for":[6,18,111],"vertical":[7],"federated":[8],"learning,":[9],"where":[10],"multiple":[11],"clients":[12,49,67],"collaborate":[13],"with":[14],"central":[16],"server":[17,32],"model":[19,51,114,129,160,170],"training":[20,63,171],"by":[21],"exchanging":[22],"intermediate":[23,36],"embeddings.":[24],"Recently,":[25],"it":[26,108],"shown":[28],"that":[29,147],"an":[30],"adversarial":[31],"can":[33,56],"exploit":[34],"the":[35,44,48,66,98,104,127,132,135,166],"embeddings":[37],"to":[38,42,60,96,115,131],"train":[39],"surrogate":[40,54,113,128],"models":[41,46,55,87,100,138],"replace":[43],"bottom":[45,86,119,137],"on":[47,88],"(i.e.,":[50,68,81],"stealing).":[52,70],"The":[53],"also":[57],"be":[58,142],"used":[59],"reconstruct":[61],"private":[62],"data":[64,69,162],"of":[65,134,168],"To":[71],"defend":[72],"against":[73,158],"these":[74],"stealing":[75,105,163],"attacks,":[76,164],"we":[77],"propose":[78],"Model":[79],"Rake":[80,102,148],"Rake),":[82],"which":[83],"runs":[84],"two":[85,99,117,136],"each":[89],"client":[90],"and":[91,139,161,165],"differentiates":[92],"their":[93],"output":[94],"spaces":[95],"make":[97],"distinct.":[101],"hinders":[103],"attacks":[106],"because":[107],"difficult":[110],"approximate":[116],"distinct":[118],"models.":[120],"We":[121],"prove":[122],"that,":[123],"under":[124],"some":[125],"assumptions,":[126],"converges":[130],"average":[133],"thus":[140],"will":[141],"inaccurate.":[143],"Extensive":[144],"experiments":[145],"show":[146],"much":[150],"more":[151],"effective":[152],"than":[153],"existing":[154],"methods":[155],"in":[156],"defending":[157],"both":[159],"accuracy":[167],"normal":[169],"not":[173],"affected.":[174]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-10T00:00:00"}