{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T01:14:36Z","timestamp":1778721276980,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,13]]},"DOI":"10.1145\/3774904.3792484","type":"proceedings-article","created":{"date-parts":[[2026,4,27]],"date-time":"2026-04-27T12:38:33Z","timestamp":1777293513000},"page":"5503-5514","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["SecureSplit: Mitigating Backdoor Attacks in Split Learning"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3525-7442","authenticated-orcid":false,"given":"Zhihao","family":"Dou","sequence":"first","affiliation":[{"name":"Case Western Reserve University, Cleveland, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1474-0520","authenticated-orcid":false,"given":"Dongfei","family":"Cui","sequence":"additional","affiliation":[{"name":"Northeast Electric Power University, Jilin, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-5893-525X","authenticated-orcid":false,"given":"Weida","family":"Wang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-0165-4235","authenticated-orcid":false,"given":"Anjun","family":"Gao","sequence":"additional","affiliation":[{"name":"University of Louisville, Louisville, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-5129-2908","authenticated-orcid":false,"given":"Yueyang","family":"Quan","sequence":"additional","affiliation":[{"name":"University of North Texas, Denton, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5550-5845","authenticated-orcid":false,"given":"Mengyao","family":"Ma","sequence":"additional","affiliation":[{"name":"The University of Queensland, Brisbane, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5984-7981","authenticated-orcid":false,"given":"Viet","family":"Vo","sequence":"additional","affiliation":[{"name":"Swinburne University of Technology, Melbourne, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6390-9890","authenticated-orcid":false,"given":"Guangdong","family":"Bai","sequence":"additional","affiliation":[{"name":"City University of Hong Kong, Hong Kong, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0146-5101","authenticated-orcid":false,"given":"Zhuqing","family":"Liu","sequence":"additional","affiliation":[{"name":"University of North Texas, Denton, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1365-3911","authenticated-orcid":false,"given":"Minghong","family":"Fang","sequence":"additional","affiliation":[{"name":"University of Louisville, Louisville, USA"}]}],"member":"320","published-online":{"date-parts":[[2026,4,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. Utilization of FATE in Risk Management of Credit in Small and Micro Enterprises. https:\/\/www.fedai.org\/cases\/utilization-of-fate-in-risk-management-ofcredit- in-small-and-micro-\\enterprises\/"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Martin Abadi Andy Chu Ian Goodfellow H Brendan McMahan Ilya Mironov Kunal Talwar and Li Zhang. 2016. Deep learning with differential privacy. In CCS.","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_1_3_1","volume-title":"Principal component analysis","author":"Abdi Herv\u00e9","year":"2010","unstructured":"Herv\u00e9 Abdi and Lynne J Williams. 2010. Principal component analysis. Wiley interdisciplinary reviews: computational statistics 2, 4 (2010), 433-459."},{"key":"e_1_3_2_1_4_1","volume-title":"USENIX Security Symposium.","author":"Bai Yijie","year":"2023","unstructured":"Yijie Bai, Yanjiao Chen, Hanlei Zhang, Wenyuan Xu, Haiqin Weng, and Dou Goodman. 2023. VILLAIN: Backdoor attacks against vertical split learning. In USENIX Security Symposium."},{"key":"e_1_3_2_1_5_1","volume-title":"Rachid Guerraoui, and Julien Stainer.","author":"Blanchard Peva","year":"2017","unstructured":"Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. In NeurIPS."},{"key":"e_1_3_2_1_6_1","volume-title":"Fltrust: Byzantine-robust federated learning via trust bootstrapping. In NDSS.","author":"Cao Xiaoyu","year":"2021","unstructured":"Xiaoyu Cao, Minghong Fang, Jia Liu, and Neil Zhenqiang Gong. 2021. Fltrust: Byzantine-robust federated learning via trust bootstrapping. In NDSS."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Yiwei Chen Kaiyu Li Guoliang Li and Yong Wang. 2024. Contributions Estimation in Federated Learning: A Comprehensive Experimental Evaluation. In VLDB.","DOI":"10.14778\/3659437.3659459"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-70903-6_15"},{"key":"e_1_3_2_1_9_1","volume-title":"Cinic-10 is not imagenet or cifar-10. arXiv preprint arXiv:1810.03505","author":"Darlow Luke N","year":"2018","unstructured":"Luke N Darlow, Elliot J Crowley, Antreas Antoniou, and Amos J Storkey. 2018. Cinic-10 is not imagenet or cifar-10. arXiv preprint arXiv:1810.03505 (2018)."},{"key":"e_1_3_2_1_10_1","unstructured":"Zhihao Dou Jiaqi Wang Wei Sun Zhuqing Liu and Minghong Fang. 2025. Toward Malicious Clients Detection in Federated Learning. In ASIACCS."},{"key":"e_1_3_2_1_11_1","volume-title":"USENIX Security Symposium.","author":"Fang Minghong","year":"2020","unstructured":"Minghong Fang, Xiaoyu Cao, Jinyuan Jia, and Neil Gong. 2020. Local model poisoning attacks to Byzantine-robust federated learning. In USENIX Security Symposium."},{"key":"e_1_3_2_1_12_1","volume-title":"Neil Zhenqiang Gong, and Elizabeth S Bentley","author":"Fang Minghong","year":"2022","unstructured":"Minghong Fang, Jia Liu, Neil Zhenqiang Gong, and Elizabeth S Bentley. 2022. Aflguard: Byzantine-robust asynchronous federated learning. In ACSAC."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3701716.3715491"},{"key":"e_1_3_2_1_14_1","volume-title":"Sundararaja Sitharama Iyengar, and Haibo Yang","author":"Fang Minghong","year":"2025","unstructured":"Minghong Fang, Seyedsina Nabavirazavi, Zhuqing Liu, Wei Sun, Sundararaja Sitharama Iyengar, and Haibo Yang. 2025. Do we really need to design new byzantine-robust aggregation rules?. In NDSS."},{"key":"e_1_3_2_1_15_1","volume-title":"Provably Robust Federated Reinforcement Learning. In The Web Conference.","author":"Fang Minghong","year":"2025","unstructured":"Minghong Fang, Xilong Wang, and Neil Zhenqiang Gong. 2025. Provably Robust Federated Reinforcement Learning. In The Web Conference."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Minghong Fang Zifan Zhang Prashant Khanduri Jia Liu Songtao Lu Yuchen Liu Neil Gong et al. 2024. Byzantine-robust decentralized federated learning. In CCS.","DOI":"10.1145\/3658644.3670307"},{"key":"e_1_3_2_1_17_1","volume-title":"USENIX Security Symposium.","author":"Fu Chong","year":"2022","unstructured":"Chong Fu, Xuhong Zhang, Shouling Ji, Jinyin Chen, Jingzheng Wu, Shanqing Guo, Jun Zhou, Alex X Liu, and TingWang. 2022. Label inference attacks against vertical federated learning. In USENIX Security Symposium."},{"key":"e_1_3_2_1_18_1","volume-title":"Blindfl: Vertical federated machine learning without peeking into your data. In SIGMOD.","author":"Fu Fangcheng","year":"2022","unstructured":"Fangcheng Fu, Huanran Xue, Yong Cheng, Yangyu Tao, and Bin Cui. 2022. Blindfl: Vertical federated machine learning without peeking into your data. In SIGMOD."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3327853"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.3390\/info11020108"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.4324\/9781315788135"},{"key":"e_1_3_2_1_22_1","unstructured":"A. Krizhevsky and G. Hinton. 2009. Learning multiple layers of features from tiny images. Handbook of Systemic Autoimmune Diseases (2009)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_1_24_1","volume-title":"MNIST handwritten digit database. Available: http:\/\/yann. lecun. com\/exdb\/mnist","author":"LeCun Yann","year":"1998","unstructured":"Yann LeCun, Corinna Cortes, and CJ Burges. 1998. MNIST handwritten digit database. Available: http:\/\/yann. lecun. com\/exdb\/mnist (1998)."},{"key":"e_1_3_2_1_25_1","volume-title":"Fine-pruning: Defending against backdooring attacks on deep neural networks. In RAID.","author":"Liu Kang","year":"2018","unstructured":"Kang Liu, Brendan Dolan-Gavitt, and Siddharth Garg. 2018. Fine-pruning: Defending against backdooring attacks on deep neural networks. In RAID."},{"key":"e_1_3_2_1_26_1","volume-title":"Asymmetrical vertical federated learning. arXiv preprint arXiv:2004.07427","author":"Liu Yang","year":"2020","unstructured":"Yang Liu, Xiong Zhang, and Libin Wang. 2020. Asymmetrical vertical federated learning. arXiv preprint arXiv:2004.07427 (2020)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Claudia Malzer and Marcus Baum. 2020. A hybrid approach to hierarchical density-based cluster selection. In MFI.","DOI":"10.1109\/MFI49285.2020.9235263"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.21105\/joss.00205"},{"key":"e_1_3_2_1_29_1","volume-title":"Umap: Uniform manifold approximation and projection for dimension reduction. arXiv preprint arXiv:1802.03426.","author":"McInnes Leland","year":"2018","unstructured":"Leland McInnes, John Healy, and James Melville. 2018. Umap: Uniform manifold approximation and projection for dimension reduction. arXiv preprint arXiv:1802.03426."},{"key":"e_1_3_2_1_30_1","unstructured":"H. Brendan McMahan Eider Moore Daniel Ramage Seth Hampson and Blaise Ag\u00fcera y Arcas. 2017. Communication-Efficient Learning of Deep Networks from Decentralized Data. In AISTATS."},{"key":"e_1_3_2_1_31_1","unstructured":"Wenjin Mo Zhiyuan Li Minghong Fang and Mingwei Fang. 2025. Find a Scapegoat: Poisoning Membership Inference Attack and Defense to Federated Learning. In ICCV."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00008"},{"key":"e_1_3_2_1_33_1","volume-title":"Luke Carlson, Filip Granqvist, Chris Vandevelde, et al.","author":"Paulik Matthias","year":"2021","unstructured":"Matthias Paulik, Matt Seigel, Henry Mason, Dominic Telaar, Joris Kluivers, Rogier van Dalen, Chi Wai Lau, Luke Carlson, Filip Granqvist, Chris Vandevelde, et al. 2021. Federated evaluation and tuning for on-device personalization: System design & applications. arXiv preprint arXiv:2102.08503 (2021)."},{"key":"e_1_3_2_1_34_1","volume-title":"Split learning for collaborative deep learning in healthcare. arXiv preprint arXiv:1912.12115","author":"Poirot Maarten G","year":"2019","unstructured":"Maarten G Poirot, Praneeth Vepakomma, Ken Chang, Jayashree Kalpathy-Cramer, Rajiv Gupta, and Ramesh Raskar. 2019. Split learning for collaborative deep learning in healthcare. arXiv preprint arXiv:1912.12115 (2019)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Phillip Rieger Alessandro Pegoraro Kavita Kumari Tigist Abera Jonathan Knauer and Ahmad-Reza Sadeghi. 2025. SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks in Split Learning. In NDSS.","DOI":"10.14722\/ndss.2025.241698"},{"key":"e_1_3_2_1_36_1","volume-title":"Pavlos Papadopoulos, Tom Titcombe, Abbas Ismail, Tudor Cebere, Robert Sandmann, Robin Roehm, and Michael A Hoeh.","author":"Romanini Daniele","year":"2021","unstructured":"Daniele Romanini, Adam James Hall, Pavlos Papadopoulos, Tom Titcombe, Abbas Ismail, Tudor Cebere, Robert Sandmann, Robin Roehm, and Michael A Hoeh. 2021. Pyvertical: A vertical federated learning framework for multi-headed splitnn. arXiv preprint arXiv:2104.00489 (2021)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Bernhard Sch\u00f6lkopf Alexander Smola and Klaus-Robert M\u00fcller. 1997. Kernel principal component analysis. In ICANN.","DOI":"10.7551\/mitpress\/1130.003.0026"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.7551\/mitpress\/4175.001.0001"},{"key":"e_1_3_2_1_39_1","volume-title":"Detailed comparison of communication efficiency of split learning and federated learning. arXiv preprint arXiv:1909.09145","author":"Singh Abhishek","year":"2019","unstructured":"Abhishek Singh, Praneeth Vepakomma, Otkrist Gupta, and Ramesh Raskar. 2019. Detailed comparison of communication efficiency of split learning and federated learning. arXiv preprint arXiv:1909.09145 (2019)."},{"key":"e_1_3_2_1_40_1","volume-title":"Seyit Camtepe, and Lichao Sun.","author":"Thapa Chandra","year":"2022","unstructured":"Chandra Thapa, Pathum Chamikara Mahawaga Arachchige, Seyit Camtepe, and Lichao Sun. 2022. Splitfed: When federated learning meets split learning. In AAAI."},{"key":"e_1_3_2_1_41_1","article-title":"Visualizing data using t-SNE","volume":"9","author":"der Maaten Laurens Van","year":"2008","unstructured":"Laurens Van der Maaten and Geoffrey Hinton. 2008. Visualizing data using t-SNE. Journal of machine learning research 9, 11 (2008).","journal-title":"Journal of machine learning research"},{"key":"e_1_3_2_1_42_1","volume-title":"Split learning for health: Distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564","author":"Vepakomma Praneeth","year":"2018","unstructured":"Praneeth Vepakomma, Otkrist Gupta, Tristan Swedish, and Ramesh Raskar. 2018. Split learning for health: Distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564 (2018)."},{"key":"e_1_3_2_1_43_1","volume-title":"The Web Conference.","author":"Ma Qiwen","year":"2025","unstructured":"WenbinWang, Qiwen Ma, Zifan Zhang, Yuchen Liu, Zhuqing Liu, and Minghong Fang. 2025. Poisoning attacks and defenses to federated unlearning. In The Web Conference."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Alexander Wei\u00dfe Gerhard Wellein Andreas Alvermann and Holger Fehske. 2006. The kernel polynomial method. In Reviews of modern physics.","DOI":"10.1103\/RevModPhys.78.275"},{"key":"e_1_3_2_1_45_1","unstructured":"Dongxian Wu and Yisen Wang. 2021. Adversarial neuron pruning purifies backdoored deep models. In NeurIPS."},{"key":"e_1_3_2_1_46_1","volume-title":"Fedredefense: Defending against model poisoning attacks for federated learning using model update reconstruction error. ICML.","author":"Xie Yueqi","year":"2024","unstructured":"Yueqi Xie, Minghong Fang, and Neil Zhenqiang Gong. 2024. Fedredefense: Defending against model poisoning attacks for federated learning using model update reconstruction error. ICML."},{"key":"e_1_3_2_1_47_1","volume-title":"Federatedscope: A flexible federated learning platform for heterogeneity. In VLDB.","author":"Xie Yuexiang","year":"2022","unstructured":"Yuexiang Xie, Zhen Wang, Dawei Gao, Daoyuan Chen, Liuyi Yao, Weirui Kuang, Yaliang Li, Bolin Ding, and Jingren Zhou. 2022. Federatedscope: A flexible federated learning platform for heterogeneity. In VLDB."},{"key":"e_1_3_2_1_48_1","unstructured":"Dong Yin Yudong Chen Ramchandran Kannan and Peter Bartlett. 2018. Byzantine-robust distributed learning: Towards optimal statistical rates. In ICML."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2024.3421895"}],"event":{"name":"WWW '26: The ACM Web Conference 2026","location":"Dubai United Arab Emirates","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM Web Conference 2026"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3774904.3792484","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T01:00:57Z","timestamp":1778720457000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3774904.3792484"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,12]]},"references-count":49,"alternative-id":["10.1145\/3774904.3792484","10.1145\/3774904"],"URL":"https:\/\/doi.org\/10.1145\/3774904.3792484","relation":{},"subject":[],"published":{"date-parts":[[2026,4,12]]},"assertion":[{"value":"2026-04-12","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}