Model Rake: A Defense Against Stealing Attacks in Split Learning
Authors: Qinbo Zhang, Xiao Yan, Yanfeng Zhao, Fangcheng Fu, Quanqing Xu, Yukai Ding, Xiaokai Zhou, Chuang Hu, Jiawei Jiang
IJCAI 2025 | Venue PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments show that Rake is much more effective than existing methods in defending against both model and data stealing attacks, and the accuracy of normal model training is not affected. |
| Researcher Affiliation | Collaboration | 1School of Computer Science, Wuhan University 2Institute for Math & AI, Wuhan University 3School of Computer Science, Peking University 4Ocean Base, Ant Group EMAIL, EMAIL, EMAIL, EMAIL |
| Pseudocode | No | The paper describes methods and processes in regular paragraph text (e.g., in Section 3.1 Defense Design) but does not include any explicitly labeled 'Pseudocode' or 'Algorithm' blocks or structured code-like procedures. |
| Open Source Code | No | The paper does not contain any explicit statements about releasing source code, nor does it provide a link to a code repository in the main text or references. |
| Open Datasets | Yes | We conduct extensive experiments on diverse datasets stored in Oceanbase [Yang et al., 2023c; Yang et al., 2022]. Table 3 provides an overview of the datasets used in our experiments. Among them, CO [Blackard, 1998] is designed for seven-class classification, while SU [Whiteson, 2014], RI [Ms Smarty Pants, 2021], and BA [Topre, 2022] are tailored for binary classification tasks. For the SU dataset, we randomly selected 500,000 samples from the original dataset. HP [Sleem, 2018] and YP [Bertin-Mahieux, 2011] are regression datasets. |
| Dataset Splits | Yes | For each dataset, we partitioned the samples into three subsets: a training set (70%) for model training, an auxiliary set (10%) for conducting stealing attacks, and a test set (20%) for performance evaluation. |
| Hardware Specification | Yes | We run our experiments on a cluster, where each machine has a Intel-i9 CPU and 24GB memory, and the machines are connected via 10GBps Ethernet. |
| Software Dependencies | No | The machine communication is implemented using distributed tools available in Py Torch, specifically torch.distributed. The paper mentions PyTorch but does not specify a version number. |
| Experiment Setup | Yes | For all experiments, we set the batch size to 1% of the original dataset size and use cross-entropy as the loss function. We use Adam [Kingma and Ba, 2014] as the optimization protocol with a learning rate of 1e 3. Each model is trained for 100 epochs to ensure convergence. For the weights of the loss function components, we set β = 0.6, γ = 0.4, as this configuration yields effective results. |