IEEE Transactions on Information Forensics and Security最新文献

{"title":"Detecting DeFi Fraud With a Graph-Transformer Language Model","authors":"Wei Ma;Junjie Shi;Jiaxi Qiu;Cong Wu;Jing Chen;Lingxiao Jiang;Shangqing Liu;Yang Liu;Yang Xiang","doi":"10.1109/TIFS.2025.3612184","DOIUrl":"10.1109/TIFS.2025.3612184","url":null,"abstract":"With the rapid development of blockchain technology, the widespread adoption of smart contracts—particularly in decentralized finance (DeFi) applications—has introduced significant security challenges, such as reentrancy attacks, phishing, and Sybil attacks. To address these issues, we propose a novel model called TrxGNNBERT, which combines Graph Neural Network (GNN) and the Transformer architecture to effectively handle both graph-structured and textual data. This combination enhances the detection of suspicious transactions and accounts on blockchain platforms like Ethereum. TrxGNNBERT was pre-trained using a masked language model (MLM) on a dataset of 60,000 Ethereum transactions by randomly masking the attributes of nodes and edges, thereby capturing deep semantic relationships and structural information. In this work, we constructed transaction subgraphs, using a GNN module to enrich the embedding representations, which were then fed into a Transformer encoder. The experimental results demonstrate that TrxGNNBERT outperforms various baseline models—including DeepWalk, Trans2Vec, Role2Vec, GCN, GAT, GraphSAGE, CodeBERT, GraphCodeBERT, Zipzap and BERT4ETH—in detecting suspicious transactions and accounts. Specifically, TrxGNNBERT achieved an accuracy of 0.755 and an F1 score of 0.756 on the TrxLarge dataset; an accuracy of 0.903 and an F1 score of 0.894 on the TrxSmall dataset; and an accuracy of 0.790 and an F1 score of 0.781 on the AddrDec dataset. We also explored different pre-training configurations and strategies, comparing the performance of encoder-based versus decoder-based Transformer structures. The results indicate that pre-training improves downstream task performance, with encoder-based structures outperforming decoder-based ones. Through ablation studies, we found that node-level information and subgraph structures are critical for achieving optimal performance in transaction classification tasks. When key features were removed, the model performance declined considerably, demonstrating the importance of each component of our method. These findings offer valuable insights for future research, suggesting further improvements in node attribute representation and subgraph extraction.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10051-10065"},"PeriodicalIF":8.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Feature Reconstruction: Far Field EM Side-Channel Attacks in Complex Environment","authors":"Huanyu Wang;Dalin He;Deng Tuo;Junnian Wang","doi":"10.1109/TIFS.2025.3611788","DOIUrl":"10.1109/TIFS.2025.3611788","url":null,"abstract":"Far Field EM Side-Channel Attacks (FEM-SCAs) have emerged as a realistic security threat to widely deployed RF-integrated IoT edge devices. In mixed-signal chips, side-channel leakage may unintentionally couple with transmission signals and be emitted via the on-chip antenna, potentially allowing adversaries to extract sensitive information from the victim at long distances. However, in practical scenarios, far field EM traces captured at long distances usually suffer from noise and interference, which makes the attack less efficient or sometimes even unfeasible. In this paper, we propose a Domain-Adversarial ReFeature Nueral Network (DAR-NN) to facilitate “noisy-clean” adaptation for far field EM traces captured at long distances. By integrating a DAE model with two deep-learning classifiers as regularization terms, the proposed DAR-NN model can reconstruct features of traces obtained remotely in complex environments, thereby achieving a more efficient FEM-SCA. We first test our model by using a publicly available dataset and show that it is feasible to extract the AES key from 141 traces captured at 15 m distance to the victim, which is 58.7% more efficient than existing methods with 80% less profiling data. Afterwards, we set up a more complex experimental environment with a HackRF radio serving as an interference source. We show that the proposed model can still extract the key by using around 2K traces at 15 m even in the presence of 25% active interference, while the state-of-the-art model fails under same conditions.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10066-10081"},"PeriodicalIF":8.0,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SF2Net: Sequence Feature Fusion Network for Palmprint Verification","authors":"Yunlong Liu;Lu Leng;Ziyuan Yang;Andrew Beng Jin Teoh;Bob Zhang","doi":"10.1109/TIFS.2025.3611692","DOIUrl":"10.1109/TIFS.2025.3611692","url":null,"abstract":"Currently global features are usually extracted directly from local patterns in palmprint verification. Furthermore, sequence features for palmprint verification are only used as local features, but the properties of sequence features are not fully utilized. To solve this issue, this paper introduces Sequence Feature Fusion Network (SF2Net) for palmprint verification. SF2Net proposes a new paradigm: using stable and spatially correlated sequence features as an intermediate bridge to generate robust global representations. SF2Net’s core mechanism is to first extract fine-grained local features that are then converted into sequence features by a Sequence Feature Extractor (SFE). Finally, the sequence features are used as a superior input to capture high-quality global features. By fusing multi-order texture-based local features with globally extracted sequence features, SF2Net achieves superior discrimination. To ensure high accuracy even with limited training data, a hybrid loss function is proposed, which integrate a cross-entropy loss and a triplet loss. Triplet loss effectively optimizes feature separation by explicitly considering negative samples. Extensive experiments on multiple publicly available palmprint datasets demonstrate that SF2Net achieves state-of-the-art (SOTA) performance. Remarkably, even with a small training-to-testing ratio (1:9), SF2Net achieves 100% accuracy, surpassing SOTA methods under several benchmark datasets. The code is released at <uri>https://github.com/20201422/SF2Net</uri>","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9936-9949"},"PeriodicalIF":8.0,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Digital Scapegoat: An Incentive Deception Model for Resisting Unknown APT Stealing Attacks on Critical Data Resource","authors":"Xiaochun Yun, Guangjun Wu, Shuhao Li, Qige Song, Zixian Tang, Zhenyu Cheng","doi":"10.1109/tifs.2025.3611653","DOIUrl":"https://doi.org/10.1109/tifs.2025.3611653","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"71 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing Model Generalization for Efficient Cross-Device Side-Channel Analysis","authors":"Yimeng Chen;Bo Wang;Changshan Su;Ao Li;Yuxing Tang;Gen Li","doi":"10.1109/TIFS.2025.3611696","DOIUrl":"10.1109/TIFS.2025.3611696","url":null,"abstract":"Deep learning (DL)-based techniques have garnered significant attention as an innovative method for profiled side-channel analysis (SCA). Despite their proven effectiveness, recent studies have highlighted challenges faced by DL-based profiled attacks in a more realistic portability threat model, where two devices are used respectively for profiling and the attack. In this paper, we propose a novel approach for cross-device attack by incorporating the Denoising Diffusion Probabilistic Model (DDPM) to develop a generalized model. Additionally, an adaptive multi-task loss is employed to balance multiple training objectives that respectively focus on model generalization and precision. We evaluate our strategy on five cross-device SCA datasets. The experimental results show that, compared to baseline methods, our approach achieves significantly enhanced performance, as measured by the number of traces required to recover the secret key. Specifically, on a more challenging dataset obtained from three SAKURA-G evaluation boards, our method successfully recovers the secret key using approximately 300 traces, whereas baseline methods fail to guarantee a successful cross-device attack even with 5,000 traces. Furthermore, our method demonstrates remarkably enhanced attack efficiency, reducing attack time by over an hour compared to the baselines.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10114-10129"},"PeriodicalIF":8.0,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Unveiling Malware Visual Patterns: A Self-analysis Perspective","authors":"Fangtian Zhong, Qin Hu, Yili Jiang, Jiaqi Huang, Xiuzhen Cheng","doi":"10.1109/tifs.2025.3611649","DOIUrl":"https://doi.org/10.1109/tifs.2025.3611649","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"71 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Diffusion Prediction and Control of Negative Information on Simplicial Complexes Using Physics-Informed Neural Networks","authors":"Ying Jing;Youguo Wang;Qiqing Zhai;Zhangfei Zhou;Haojie Hou","doi":"10.1109/TIFS.2025.3611070","DOIUrl":"10.1109/TIFS.2025.3611070","url":null,"abstract":"The inadequacy of traditional binary interaction networks in characterizing information flow processes within higher-order structures has driven growing research focus toward higher-order networks. Considering reporting mechanism and the dynamics of network scale, this paper proposes a susceptible-infected-quarantine-removed-empty (SIQRE) negative information diffusion model on simplicial complexes. An optimal control strategy, taking into account the system gain, is then implemented. The existence and stability of equilibria, and bi-stability between invasion threshold and persistence threshold are derived. Experiments on synthetic and empirical simplicial complexes reveal the dynamic behavior of the system with discontinuous phase transitions, backward bifurcation and periodic oscillations. An increase in the birth rate makes the system more susceptible to outbreaks of negative information, while the opposite is true for the death rate. Reporting mechanism suppresses discontinuous phase transition. And the synergistic application of preventive and corrective strategies demonstrates superior cost-effectiveness in system control compared to their isolated implementation. Additionally, an identifiability analysis of the model is conducted. Finally, the model parameters are inversely estimated and the diffusion dynamics are predicted using physics-informed neural networks (PINNs) across three instances, and the optimal control is subsequently performed, validating the effectiveness of both the proposed model and the control strategy.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10019-10034"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145077650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimized Sparse Vector Aggregation Under Local Differential Privacy","authors":"Ellen Z. Zhang;Yunguo Guan;Rongxing Lu;Harry Zhang","doi":"10.1109/TIFS.2025.3611115","DOIUrl":"10.1109/TIFS.2025.3611115","url":null,"abstract":"In crowdsourcing applications, gathering and analyzing users’ strong positive <xref>(1)</xref> or negative (−1) reactions to a large number of items is crucial for improving service quality, particularly in recommendation systems. However, protecting users’ privacy while handling diverse sparse patterns in contexts with a large dimension size <inline-formula> <tex-math>$d$ </tex-math></inline-formula> poses significant challenges for efficient and privacy-preserving data aggregation. To address these challenges, in this paper, we propose an optimized <inline-formula> <tex-math>$k$ </tex-math></inline-formula>-sparse vector mean estimation scheme under Local Differential Privacy (LDP), ensuring that each user’s entire set of up to <inline-formula> <tex-math>$k$ </tex-math></inline-formula> private values from <inline-formula> <tex-math>${-1, 1}$ </tex-math></inline-formula> satisfies <inline-formula> <tex-math>$varepsilon $ </tex-math></inline-formula>-LDP. Specifically, our proposed scheme employs a seed mining technique in conjunction with PRNG Randomizer, which allows users to send their data only once while enabling the server to accurately estimate any value’s mean in the domain. Our scheme achieves an asymptotically optimal per-coordinate error of <inline-formula> <tex-math>$Oleft ({{frac {1}{varepsilon sqrt {n}} }}right)$ </tex-math></inline-formula>, equivalent to that of a 1-sparse case, while also ensuring efficient communication costs. The communication cost remains at a minimal level of <inline-formula> <tex-math>$O(1)$ </tex-math></inline-formula> (only 2 bytes per user’s report) for smaller <inline-formula> <tex-math>$k$ </tex-math></inline-formula> values and scales to <inline-formula> <tex-math>$O(k)$ </tex-math></inline-formula> for larger <inline-formula> <tex-math>$k$ </tex-math></inline-formula>, due to efficient binning strategies. Extensive experimental results confirm that our results align with theoretical expectations, demonstrating that our scheme not only preserves user privacy but also ensures higher accuracy compared to other schemes.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10246-10259"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145077648","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Traceable Access Control Encryption With Parallel Multiple Sanitizers","authors":"Wei Luo;Qinghe Duan;Chengzhe Lai","doi":"10.1109/TIFS.2025.3611076","DOIUrl":"10.1109/TIFS.2025.3611076","url":null,"abstract":"Access control encryption (ACE) is an innovative cryptographic primitive that realizes fine-grained read/write control of data and protects data privacy and security while facilitating the effective flow of information. However, existing ACE schemes face several limitations: 1) Inability to adequately mitigate the risks of a single point of failure in the sanitizer. 2) Lack of an effective accountability mechanism for disputes arising during the sanitization process. To solve these problems, this paper proposes the notion of traceable access control encryption with parallel multiple sanitizers for the first time and designs a specific structure of traceable parallel ACE to prevent the single point of failure, effectively deter abnormal sanitizer behaviors, and optimize system performance. Additionally, computationally intensive operations in the encryption and decryption processes are outsourced to third-party servers, resulting in a significant reduction of computational overhead. Furthermore, theoretical analysis and experimental simulations validate the effectiveness of the proposed scheme. Comprehensive security analysis demonstrates its no-read security under the decisional q-parallel Bilinear Diffie-Hellman Exponent (BDHE) assumption and its no-write security under the Discrete Logarithm (DL) assumption, ensuring its reliability in practical applications.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9993-10006"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145077651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"PREXP: Uncovering and Exploiting Security-Sensitive Objects in the Linux Kernel","authors":"Zuxin Chen;Yaowen Zheng;Hong Li;Siyuan Li;Weijie Wang;Dongliang Fang;Zhiqiang Shi;Limin Sun","doi":"10.1109/TIFS.2025.3611149","DOIUrl":"10.1109/TIFS.2025.3611149","url":null,"abstract":"Security-Sensitive Objects (SSOs) are often critical components in the exploitation of Linux kernel memory corruption vulnerabilities. While existing research has advanced SSOs identification and classification, there remains a significant gap in systematically understanding how these objects can be effectively exploited in real-world security analysis. To address this challenge, we present PREXP, a novel approach to analyzing SSOs exploitability and automating the transformation of Proof-of-Concept (PoC) into exploitable states. Our approach encompasses three key techniques: (1) capability analysis and attribute modeling of vulnerable object (2) extraction and filtering of target SSOs and (3) automatically augmenting PoCs with SSO-specific code to create exploitation capabilities. To evaluate our approach, we tested our prototype on 30 public CVEs, successfully parsing vulnerable object in 22 cases (73.3%) and achieving accurate SSO matches in 18 (60.0%). PREXP outperformed state-of-the-art tools such as SCAVY and AlphaEXP in structure-matching, and enabled the generation of new Control Flow Hijacking Primitives (CFHPs) for 3 previously unexploited vulnerabilities, demonstrating its practical value in real-world exploit development.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10146-10160"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145077335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}