General test-time backdoor detection in split neural network-based vertical federated learning

Author

Shunjie YUAN
Xinghua LI
Xuelin CAO
Haiyan ZHANG
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Journal Article

Publication Date

12-2025

Abstract

As a new distributed machine learning framework, vertical federated learning (VFL) has been widely applied in the industry. However, recent studies have demonstrated that VFL faces serious challenges from backdoor attacks, which significantly hinder its further development. Although a few studies have focused on defending against VFL backdoor attacks, these defenses either do not consider the latest attack methods or show limited effectiveness. Moreover, most existing backdoor defense efforts primarily focus on backdoor attacks in horizontal federated learning (HFL) and centralized learning. Due to the unique architecture of VFL models, these methods cannot be directly applied to backdoor defense in VFL. To mitigate the threat of backdoor attacks in VFL, we propose a general backdoor detection (GBD) scheme for backdoor defense, which detects backdoor samples by analyzing the correlation between backdoor samples and the target label, as well as by leveraging the response differences between clean and backdoor samples. Specifically, we propose two backdoor detection metrics: Class Activation Probability (CAP) and Class Activation Contribution (CAC), which are used to calculate the likelihood of a sample being a backdoor sample. We leverage these two metrics to identify backdoor samples during the inference stage. Evaluation results on both tabular and image datasets show that GBD can detect backdoor samples with high accuracy, demonstrating its effectiveness in backdoor defense.

Keywords

Training, Federated Learning, Data Models, Neurons, Predictive Models, Autoencoders, Reviews, Faces, Correlation, Computer Architecture

Discipline

Information Security | OS and Networks

Research Areas

Cybersecurity

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

22

Issue

6

First Page

7157

Last Page

7171

ISSN

1545-5971

Identifier

10.1109/TDSC.2025.3595518

Publisher

Institute of Electrical and Electronics Engineers

Citation

YUAN, Shunjie; LI, Xinghua; CAO, Xuelin; ZHANG, Haiyan; and DENG, Robert H.. General test-time backdoor detection in split neural network-based vertical federated learning. (2025). IEEE Transactions on Dependable and Secure Computing. 22, (6), 7157-7171.
Available at: https://ink.library.smu.edu.sg/sis_research/11001

Additional URL

https://doi.org/10.1109/TDSC.2025.3595518