Behavior Tomographer: Identifying Hidden Cybercrimes by Behavior Interior Structure Modeling

IF 5.5 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Services Computing Pub Date : 2025-02-06 DOI:10.1109/TSC.2025.3539194

Cheng Wang;Hangyu Zhu

{"title":"Behavior Tomographer: Identifying Hidden Cybercrimes by Behavior Interior Structure Modeling","authors":"Cheng Wang;Hangyu Zhu","doi":"10.1109/TSC.2025.3539194","DOIUrl":null,"url":null,"abstract":"Identifying hidden cybercrimes is a challenging task, as these behaviors are often carefully planned by criminals with counter-surveillance awareness. Existing solutions for cybercrime detection struggle to uncover enough clues to identify hidden criminal behaviors. Malicious behaviors are concealed beneath benign behaviors, and the boundaries between malicious and benign behaviors in the representation space are blurred to evade mainstream deep learning-based security authentication models. We introduce a <underline>b</u>ehavior <underline>t</u>omographer (BT) to reconstruct the behavior structure from three slices: agent, event, and attribute slices, enabling more granular detection of hidden cybercrimes. The core idea of BT is to reconstruct interior information about behavior structure from multiple slices, much like computed tomography in modern medicine enables the reconstruction of internal body. It enables the extraction of discriminative information from intricate interior associations between behavioral attributes rather than surface information meticulously crafted by criminals. Our experiments are conducted on two representative cybercrime datasets. Promising experimental results demonstrate that BT outperforms state-of-the-art models on key metrics, achieving around 0.99 AUC-ROC and approximately 0.9 AUC-PR. Moreover, BT notably excels at low false positive rates, showcasing its high effectiveness for real-world applications.","PeriodicalId":13255,"journal":{"name":"IEEE Transactions on Services Computing","volume":"18 2","pages":"673-689"},"PeriodicalIF":5.5000,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Services Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10876798/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Identifying hidden cybercrimes is a challenging task, as these behaviors are often carefully planned by criminals with counter-surveillance awareness. Existing solutions for cybercrime detection struggle to uncover enough clues to identify hidden criminal behaviors. Malicious behaviors are concealed beneath benign behaviors, and the boundaries between malicious and benign behaviors in the representation space are blurred to evade mainstream deep learning-based security authentication models. We introduce a behavior tomographer (BT) to reconstruct the behavior structure from three slices: agent, event, and attribute slices, enabling more granular detection of hidden cybercrimes. The core idea of BT is to reconstruct interior information about behavior structure from multiple slices, much like computed tomography in modern medicine enables the reconstruction of internal body. It enables the extraction of discriminative information from intricate interior associations between behavioral attributes rather than surface information meticulously crafted by criminals. Our experiments are conducted on two representative cybercrime datasets. Promising experimental results demonstrate that BT outperforms state-of-the-art models on key metrics, achieving around 0.99 AUC-ROC and approximately 0.9 AUC-PR. Moreover, BT notably excels at low false positive rates, showcasing its high effectiveness for real-world applications.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Services Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

11.50

自引率

6.20%

发文量

278

审稿时长

>12 weeks

期刊介绍： IEEE Transactions on Services Computing encompasses the computing and software aspects of the science and technology of services innovation research and development. It places emphasis on algorithmic, mathematical, statistical, and computational methods central to services computing. Topics covered include Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, and Services Operations and Management. The transactions address mathematical foundations, security, privacy, agreement, contract, discovery, negotiation, collaboration, and quality of service for web services. It also covers areas like composite web service creation, business and scientific applications, standards, utility models, business process modeling, integration, collaboration, and more in the realm of Services Computing.