{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T23:56:24Z","timestamp":1772927784503,"version":"3.50.1"},"reference-count":22,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Fundamentals"],"published-print":{"date-parts":[[2026,3,1]]},"DOI":"10.1587\/transfun.2025cip0018","type":"journal-article","created":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T22:07:45Z","timestamp":1764022065000},"page":"339-348","source":"Crossref","is-referenced-by-count":0,"title":["Adversarial Examples on Vertical Federated Split Learning by Using Gradient Sign Prediction"],"prefix":"10.1587","volume":"E109.A","author":[{"given":"Kota","family":"YOSHIDA","sequence":"first","affiliation":[{"name":"Ritsumeikan University"}]},{"given":"Takeshi","family":"FUJINO","sequence":"additional","affiliation":[{"name":"Ritsumeikan University"}]}],"member":"532","reference":[{"key":"1","unstructured":"[1] C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I.J. Goodfellow, and R. Fergus, \u201cIntriguing properties of neural networks,\u201d ICLR, 2014."},{"key":"2","unstructured":"[2] I.J. Goodfellow, J. Shlens, and C. Szegedy, \u201cExplaining and harnessing adversarial examples,\u201d ICLR, 2015."},{"key":"3","unstructured":"[3] A. Krizhevsky, \u201cLearning multiple layers of features from tiny images,\u201d 2009."},{"key":"4","doi-asserted-by":"crossref","unstructured":"[4] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, \u201cMembership inference attacks against machine learning models,\u201d IEEE S&P, pp.3-18, IEEE Computer Society, 2017. 10.1109\/sp.2017.41","DOI":"10.1109\/SP.2017.41"},{"key":"5","doi-asserted-by":"publisher","unstructured":"[5] D.M. Escalera, I. Agudo, and J. L\u00f3pez, \u201cPrivate set intersection: A systematic literature review,\u201d Comput. Sci. Rev., vol.49, p.100567, 2023. 10.1016\/j.cosrev.2023.100567","DOI":"10.1016\/j.cosrev.2023.100567"},{"key":"6","unstructured":"[6] Z. Wu, Z. Qin, J. Hou, H. Zhao, Q. Li, B. He, and L. Fan, \u201cVertical federated learning in practice: The good, the bad, and the ugly,\u201d arXiv preprint arXiv:2502.08160, 2025. 10.48550\/arXiv.2502.08160"},{"key":"7","unstructured":"[7] D. Romanini, A.J. Hall, P. Papadopoulos, T. Titcombe, A. Ismail, T. Cebere, R. Sandmann, R. Roehm, and M.A. Hoeh, \u201cPyvertical: A vertical federated learning framework for multi-headed splitnn,\u201d CoRR, vol.abs\/2104.00489, 2021. 10.48550\/arXiv.2104.00489"},{"key":"8","unstructured":"[8] A. Singh, P. Vepakomma, O. Gupta, and R. Raskar, \u201cDetailed comparison of communication efficiency of split learning and federated learning,\u201d CoRR, vol.abs\/1909.09145, 2019. 10.48550\/arXiv.1909.09145"},{"key":"9","unstructured":"[9] K. Wei, J. Li, C. Ma, M. Ding, S. Wei, F. Wu, G. Chen, and T. Ranbaduge, \u201cVertical federated learning: Challenges, methodologies and experiments,\u201d CoRR, vol.abs\/2202.04309, 2022. 10.48550\/arXiv.2202.04309"},{"key":"10","unstructured":"[10] Q. Pang, Y. Yuan, S. Wang, and W. Zheng, \u201cADI: Adversarial dominating inputs in vertical federated learning systems,\u201d arXiv, vol.abs\/2201.02775, 2022. 10.48550\/arXiv.2201.02775"},{"key":"11","doi-asserted-by":"publisher","unstructured":"[11] J. Chen, G. Huang, H. Zheng, S. Yu, W. Jiang, and C. Cui, \u201cGraph-fraudster: Adversarial attacks on graph neural network-based vertical federated learning,\u201d IEEE Trans. Comput. Soc. Syst., vol.10, no.2, pp.492-506, 2023. 10.1109\/tcss.2022.3161016","DOI":"10.1109\/TCSS.2022.3161016"},{"key":"12","doi-asserted-by":"crossref","unstructured":"[12] M. Fan, C. Chen, C. Wang, W. Zhou, and J. Huang, \u201cOn the robustness of split learning against adversarial attacks,\u201d ECAI 2023, pp.668-675, 2023. 10.3233\/faia230330","DOI":"10.3233\/FAIA230330"},{"key":"13","unstructured":"[13] P. Vepakomma, O. Gupta, T. Swedish, and R. Raskar, \u201cSplit learning for health: Distributed deep learning without sharing raw patient data,\u201d CoRR, vol.abs\/1812.00564, 2018. 10.48550\/arXiv.1812.00564"},{"key":"14","unstructured":"[14] J. Li, A.S. Rakin, X. Chen, L. Yang, Z. He, D. Fan, and C. Chakrabarti, \u201cModel extraction attacks on split federated learning,\u201d CoRR, vol.abs\/2303.08581, 2023. 10.48550\/arXiv.2303.08581"},{"key":"15","doi-asserted-by":"publisher","unstructured":"[15] C. Thapa, M.A.P. Chamikara, S. Camtepe, and L. Sun, \u201cSplitFed: When federated learning meets split learning,\u201d Thirty-Sixth AAAI Conference on Artificial Intelligence, AAAI 2022, Thirty-Fourth Conference on Innovative Applications of Artificial Intelligence, IAAI 2022, The Twelveth Symposium on Educational Advances in Artificial Intelligence, EAAI 2022 Virtual Event, Feb-March 2022, pp.8485-8493, AAAI Press, 2022. 10.1609\/aaai.v36i8.20825","DOI":"10.1609\/aaai.v36i8.20825"},{"key":"16","doi-asserted-by":"crossref","unstructured":"[16] N. Papernot, P.D. McDaniel, I.J. Goodfellow, S. Jha, Z.B. Celik, and A. Swami, \u201cPractical black-box attacks against machine learning,\u201d Proc. 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, April 2017, R. Karri, O. Sinanoglu, A. Sadeghi, and X. Yi, eds., pp.506-519, ACM, 2017. 10.1145\/3052973.3053009","DOI":"10.1145\/3052973.3053009"},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] K. He, X. Zhang, S. Ren, and J. Sun, \u201cDeep residual learning for image recognition,\u201d CVPR, pp.770-778, IEEE Computer Society, 2016. 10.1109\/CVPR.2016.90","DOI":"10.1109\/CVPR.2016.90"},{"key":"18","unstructured":"[18] C. Fu, X. Zhang, S. Ji, J. Chen, J. Wu, S. Guo, J. Zhou, A.X. Liu, and T. Wang, \u201cLabel inference attacks against vertical federated learning,\u201d 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, Aug. 2022, K.R.B. Butler and K. Thomas, eds., pp.1397-1414, USENIX Association, 2022."},{"key":"19","doi-asserted-by":"crossref","unstructured":"[19] J. Liu and X. Lyu, \u201cDistance-based online label inference attacks against split learning,\u201d IEEE International Conference on Acoustics, Speech and Signal Processing ICASSP 2023, Rhodes Island, Greece, June 2023, pp.1-5, IEEE, 2023. 10.1109\/ICASSP49357.2023.10096955","DOI":"10.1109\/ICASSP49357.2023.10096955"},{"key":"20","doi-asserted-by":"publisher","unstructured":"[20] T. Nakai, Y. Wang, K. Yoshida, and T. Fujino, \u201cSEDMA: Self-distillation with model aggregation for membership privacy,\u201d Proc. Priv. Enhancing Technol., vol.2024, no.1, pp.494-508, 2024. 10.56553\/popets-2024-0029","DOI":"10.56553\/popets-2024-0029"},{"key":"21","doi-asserted-by":"publisher","unstructured":"[21] R. Chourasia, B. Enkhtaivan, K. Ito, J. Mori, I. Teranishi, and H. Tsuchida, \u201cKnowledge cross-distillation for membership privacy,\u201d Proc. Priv. Enhancing Technol., vol.2022, no.2, pp.362-377, 2022. 10.2478\/popets-2022-0050","DOI":"10.2478\/popets-2022-0050"},{"key":"22","doi-asserted-by":"crossref","unstructured":"[22] M. Abadi, A. Chu, I.J. Goodfellow, H.B. McMahan, I. Mironov, K. Talwar, and L. Zhang, \u201cDeep learning with differential privacy,\u201d ACM CCS, pp.308-318, ACM, 2016. 10.1145\/2976749.2978318","DOI":"10.1145\/2976749.2978318"}],"container-title":["IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transfun\/E109.A\/3\/E109.A_2025CIP0018\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T04:11:08Z","timestamp":1772856668000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transfun\/E109.A\/3\/E109.A_2025CIP0018\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,1]]},"references-count":22,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026]]}},"URL":"https:\/\/doi.org\/10.1587\/transfun.2025cip0018","relation":{},"ISSN":["0916-8508","1745-1337"],"issn-type":[{"value":"0916-8508","type":"print"},{"value":"1745-1337","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,1]]},"article-number":"2025CIP0018"}}