DeMas: An efficient method for malicious samples detection and mitigation in cloud-based systems

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2025-07-15 DOI:10.1016/j.sysarc.2025.103519

Hengqi Guo , Shijing Hu , Xin Xu , Yusiyuan Chen , Weishen Lu , Baoqi Huang , Qiang Duan

{"title":"DeMas: An efficient method for malicious samples detection and mitigation in cloud-based systems","authors":"Hengqi Guo , Shijing Hu , Xin Xu , Yusiyuan Chen , Weishen Lu , Baoqi Huang , Qiang Duan","doi":"10.1016/j.sysarc.2025.103519","DOIUrl":null,"url":null,"abstract":"<div><div>Cloud services, particularly large-scale computing and data platforms, have become integral to enterprise operations, processing vast volumes of input data in real-time. However, these systems are increasingly vulnerable to adversarial actors who inject malicious data, thereby posing substantial security threats. Prevailing detection mechanisms often emphasize unintended class exclusions, which are inadequate in mitigating malicious attacks and are especially susceptible to class imbalance. To overcome these limitations, we introduce <strong>DeMas</strong>, a novel framework for the detection and mitigation of malicious samples. DeMas synergistically integrates adversarial perturbation with neighborhood averaging to robustly identify anomalous inputs. Furthermore, it employs a diffusion model, guided by a tractable probabilistic model, to remediate identified threats at the input level. This dual-stage approach transforms malicious samples into benign counterparts, thereby enhancing the security of downstream cloud-based models while preserving the usability of the data. Our empirical evaluation demonstrates that DeMas achieves a detection accuracy of 91.37% on a dataset of malicious samples, affirming its efficacy as a comprehensive defense strategy for secure and scalable cloud computing environments.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"167 ","pages":"Article 103519"},"PeriodicalIF":3.7000,"publicationDate":"2025-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125001912","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Cloud services, particularly large-scale computing and data platforms, have become integral to enterprise operations, processing vast volumes of input data in real-time. However, these systems are increasingly vulnerable to adversarial actors who inject malicious data, thereby posing substantial security threats. Prevailing detection mechanisms often emphasize unintended class exclusions, which are inadequate in mitigating malicious attacks and are especially susceptible to class imbalance. To overcome these limitations, we introduce DeMas, a novel framework for the detection and mitigation of malicious samples. DeMas synergistically integrates adversarial perturbation with neighborhood averaging to robustly identify anomalous inputs. Furthermore, it employs a diffusion model, guided by a tractable probabilistic model, to remediate identified threats at the input level. This dual-stage approach transforms malicious samples into benign counterparts, thereby enhancing the security of downstream cloud-based models while preserving the usability of the data. Our empirical evaluation demonstrates that DeMas achieves a detection accuracy of 91.37% on a dataset of malicious samples, affirming its efficacy as a comprehensive defense strategy for secure and scalable cloud computing environments.

查看原文本刊更多论文

DeMas：在基于云的系统中检测和缓解恶意样本的有效方法

云服务，特别是大规模计算和数据平台，已经成为企业运营不可或缺的一部分，可以实时处理大量输入数据。然而，这些系统越来越容易受到注入恶意数据的敌对行为者的攻击，从而构成实质性的安全威胁。流行的检测机制经常强调无意的类排除，这在减轻恶意攻击方面是不够的，而且特别容易受到类不平衡的影响。为了克服这些限制，我们引入了DeMas，这是一种用于检测和缓解恶意样本的新框架。DeMas协同集成对抗性扰动与邻域平均，以鲁棒识别异常输入。此外，它采用了一个扩散模型，由一个可处理的概率模型指导，在输入级别修复已识别的威胁。这种双阶段方法将恶意样本转换为良性样本，从而增强下游基于云的模型的安全性，同时保持数据的可用性。我们的实证评估表明，DeMas在恶意样本数据集上的检测准确率达到了91.37%，肯定了其作为安全和可扩展云计算环境的综合防御策略的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.