IEEE Transactions on Information Forensics and Security最新文献

{"title":"Federated Learning Minimal Model Replacement Attack Using Optimal Transport: An Attacker Perspective","authors":"K. Naveen Kumar;C. Krishna Mohan;Linga Reddy Cenkeramaddi","doi":"10.1109/TIFS.2024.3516555","DOIUrl":"10.1109/TIFS.2024.3516555","url":null,"abstract":"Federated learning (FL) has emerged as a powerful collaborative learning approach that enables client devices to train a joint machine learning model without sharing private data. However, the decentralized nature of FL makes it highly vulnerable to adversarial attacks from multiple sources. There are diverse FL data poisoning and model poisoning attack methods in the literature. Nevertheless, most of them focus only on the attack’s impact and do not consider the attack budget and attack visibility. These factors are essential to effectively comprehend the adversary’s rationale in designing an attack. Hence, our work highlights the significance of considering these factors by providing an attacker perspective in designing an attack with a low budget, low visibility, and high impact. Also, existing attacks that use total neuron replacement and randomly selected neuron replacement approaches only cater to these factors partially. Therefore, we propose a novel federated learning minimal model replacement attack (FL-MMR) that uses optimal transport (OT) for minimal neural alignment between a surrogate poisoned model and the benign model. Later, we optimize the attack budget in a three-fold adaptive fashion by considering critical learning periods and introducing the replacement map. In addition, we comprehensively evaluate our attack under three threat scenarios using three large-scale datasets: GTSRB, CIFAR10, and EMNIST. We observed that our FL-MMR attack drops global accuracy to \u0000<inline-formula> <tex-math>$approx 35%$ </tex-math></inline-formula>\u0000 less with merely 0.54% total attack budget and lower attack visibility than other attacks. The results confirm that our method aligns closely with the attacker’s viewpoint compared to other methods.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"478-487"},"PeriodicalIF":6.3,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142832515","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Selfish Mining Time-Averaged Analysis in Bitcoin: Is Orphan Reporting an Effective Countermeasure?","authors":"Roozbeh Sarenche;Ren Zhang;Svetla Nikova;Bart Preneel","doi":"10.1109/TIFS.2024.3518090","DOIUrl":"10.1109/TIFS.2024.3518090","url":null,"abstract":"A Bitcoin miner who owns a sufficient amount of mining power can perform selfish mining to increase its relative revenue. Studies have demonstrated that the time-averaged profit of a selfish miner starts to rise once the mining difficulty level gets adjusted in favor of the attacker. Selfish mining profitability lies in the fact that orphan blocks are not incorporated into the current version of Bitcoin’s difficulty adjustment mechanism (DAM). Therefore, it is believed that considering the count of orphan blocks in the DAM can result in complete unprofitability for selfish mining. In this paper, we disprove this belief by providing a formal analysis of the selfish mining time-averaged profit. We present a precise definition of the orphan blocks that can be incorporated into calculating the next epoch’s target and then introduce two modified versions of DAM in which both main-chain blocks and orphan blocks are incorporated. We propose two versions of smart intermittent selfish mining, where the first one dominates the normal intermittent selfish mining, and the second one results in selfish mining profitability under the modified DAMs. Moreover, we present the orphan exclusion attack with the help of which the attacker can stop honest miners from reporting the orphan blocks. Using combinatorial tools, we analyze the profitability of selfish mining accompanied by the orphan exclusion attack under the modified DAMs. Our results show that even when considering orphan blocks in the DAM, selfish mining can still be profitable. However, the level of profitability under the modified DAMs is significantly lower than that observed under the current version of Bitcoin DAM, suggesting that orphan reporting can be an effective countermeasure against a payoff-maximizing selfish miner.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"449-464"},"PeriodicalIF":6.3,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142832514","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Illicit Social Accounts? Anti-Money Laundering for Transactional Blockchains","authors":"Jie Song;Sijia Zhang;Pengyi Zhang;Junghoon Park;Yu Gu;Ge Yu","doi":"10.1109/TIFS.2024.3518068","DOIUrl":"10.1109/TIFS.2024.3518068","url":null,"abstract":"In recent years, blockchain anonymity has led to more illicit accounts participating in various money laundering transactions. Existing studies typically detect money laundering transactions, known as AML (Anti-money Laundering), through learning transaction features on transaction graphs of transactional blockchains. However, transaction graphs fail to represent the accounts’ social features within transactional organizations. Account graphs reveal such features well, and detecting illicit accounts on account graphs provides a new perspective on AML. For example, it helps uncover illegal transactions whose transaction features are not distinct in transaction graphs, with a loose assumption that illicit accounts are likely involved in illegal transactions. In this paper, we propose a Social Attention Graph Neural Network (\u0000<inline-formula> <tex-math>$textsf {SGNN}$ </tex-math></inline-formula>\u0000) on account graphs converted from transaction graphs. To detect illicit accounts, \u0000<inline-formula> <tex-math>$textsf {SGNN}$ </tex-math></inline-formula>\u0000 learns the social features on two sub-graphs, a heterogeneous graph and a hypergraph, extracted from the account graph, and fuses these features into account attribute vectors through attention. The experimental results on the Elliptic++ dataset demonstrate \u0000<inline-formula> <tex-math>$textsf {SGNN}$ </tex-math></inline-formula>\u0000’s advances. It outperforms the best baseline by 14.18% in precision, 7.37% in F1 score, 0.96% in accuracy, and 0.64% in recall when detecting illicit accounts on account graphs, as well as detects 20.3% more recall of illegal transactions through these illicit accounts than state-of-the-art methods based on transaction graphs when the mappings between illegal transactions and illicit accounts are provided. Moreover, thanks to social features, \u0000<inline-formula> <tex-math>$textsf {SGNN}$ </tex-math></inline-formula>\u0000 has a novel capability that works under many account scales and activity degrees. We release our code on \u0000<uri>https://github.com/CloudLab-NEU/SGNN</uri>\u0000.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"391-404"},"PeriodicalIF":6.3,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142832517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust Image Hashing With Weighted Saliency Map and Laplacian Eigenmaps","authors":"Xiaoping Liang;Zhenjun Tang;Xianquan Zhang;Xinpeng Zhang;Ching-Nung Yang","doi":"10.1109/TIFS.2024.3516552","DOIUrl":"10.1109/TIFS.2024.3516552","url":null,"abstract":"Copy detection is crucial for protecting image copyright. This paper proposes a robust image hashing approach via Weighted Saliency Map (WSM) and Laplacian Eigenmaps (LE) (hereafter WSM-LE approach). An important contribution is the WSM construction via the edge map and the saliency map. As the WSM can indicate the interest regions of image, hash calculation based on WSM can provide robustness of our WSM-LE approach. Another contribution is the low-dimensional feature learning by the LE technique. As the LE technique can effectively learn the internal geometric relationships of image, the extracted low-dimensional features can improve discrimination of our WSM-LE approach. In addition, the low-dimensional features are treated as vectors and the vector distances are used to create a compact and encrypted hash. Numerous experiments and comparisons are conducted to confirm the effectiveness and superiority of our WSM-LE approach. The results indicate that our WSM-LE approach has excellent classification and copy detection performances than some baseline approaches.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"665-676"},"PeriodicalIF":6.3,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10802924","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142832516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DEEPREG: A Trustworthy and Privacy-Friendly Ownership Regulatory Framework for Deep Learning Models","authors":"Xirong Zhuang, Lan Zhang, Chen Tang, Yaliang Li","doi":"10.1109/tifs.2024.3518061","DOIUrl":"https://doi.org/10.1109/tifs.2024.3518061","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"121 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142832518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Game-Theoretic Neyman-Pearson Detection to Combat Strategic Evasion","authors":"Yinan Hu;Juntao Chen;Quanyan Zhu","doi":"10.1109/TIFS.2024.3515834","DOIUrl":"10.1109/TIFS.2024.3515834","url":null,"abstract":"The security in networked systems depends greatly on recognizing and identifying adversarial behaviors. Traditional detection methods target specific categories of attacks and have become inadequate against increasingly stealthy and deceptive attacks that are designed to bypass detection strategically. This work proposes game-theoretical frameworks to recognize and combat such evasive attacks. We focus on extending a fundamental class of statistical-based detection methods based on Neyman-Pearson’s (NP) hypothesis testing formulation. We capture the conflicting relationship between a strategic evasive attacker and an evasion-aware NP detector. By analyzing both the equilibrium behaviors of the attacker and the NP detector, we characterize their performance using Equilibrium Receiver-Operational-Characteristic (EROC) curves. We show that the evasion-aware NP detectors outperform the non-strategic ones by allowing them to take advantage of the attacker’s messages to adaptively modify their decision rules to enhance their success rate in detecting anomalies. In addition, we extend our framework to a sequential setting where the user sends out identically distributed messages. We corroborate the analytical results with a case study of an intrusion detection evasion problem.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"516-530"},"PeriodicalIF":6.3,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142820923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"X-DFS: Explainable Artificial Intelligence Guided Design-for-Security Solution Space Exploration","authors":"Tanzim Mahfuz;Swarup Bhunia;Prabuddha Chakraborty","doi":"10.1109/TIFS.2024.3515855","DOIUrl":"10.1109/TIFS.2024.3515855","url":null,"abstract":"Design and manufacturing of integrated circuits predominantly use a globally distributed semiconductor supply chain involving diverse entities. The modern semiconductor supply chain has been designed to boost production efficiency, but is filled with major security concerns such as malicious modifications (hardware Trojans), reverse engineering (RE), and cloning. While being deployed, digital systems are also subject to a plethora of threats such as power, timing, and electromagnetic (EM) side channel attacks. Many Design-for-Security (DFS) solutions have been proposed to deal with these vulnerabilities, and such solutions (DFS) relays on strategic modifications (e.g., logic locking, side channel resilient masking, and dummy logic insertion) of the digital designs for ensuring a higher level of security. However, most of these DFS strategies lack robust formalism, are often not human-understandable, and require an extensive amount of human expert effort during their development/use. All of these factors make it difficult to keep up with the ever growing number of microelectronic vulnerabilities. In this work, we propose X-DFS, an explainable Artificial Intelligence (AI) guided DFS isolution-space exploration approach that can dramatically cut down the mitigation strategy development/use time while enriching our understanding of the vulnerability by providing human-understandable decision rationale. We implement X-DFS and comprehensively evaluate it for reverse engineering threats (SAIL, SWEEP, and OMLA) and formalize a generalized mechanism for applying X-DFS to defend against other threats such as hardware Trojans, fault attacks, and side channel attacks for seamless future extensions.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"753-766"},"PeriodicalIF":6.3,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142820922","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Accountable Decryption Made Formal and Practical","authors":"Rujia Li;Yuanzhao Li;Qin Wang;Sisi Duan;Qi Wang;Mark Ryan","doi":"10.1109/TIFS.2024.3515808","DOIUrl":"10.1109/TIFS.2024.3515808","url":null,"abstract":"With the increasing scale and complexity of online activities, accountability, as an after-the-fact mechanism, has become an effective complementary approach to ensure system security. Decades of research have delved into the connotation of accountability. They fail, however, to achieve practical accountability of decryption. This paper seeks to address this gap. We consider the scenario where a client (called encryptor, her) encrypts her data and then chooses a delegate (a.k.a. decryptor, him) that stores data for her. If the decryptor initiates an illegitimate decryption on the encrypted data, there is a non-negligible probability that this behavior will be detected, thereby holding the decryptor accountable for his decryption. We make three contributions. First, we review key definitions of accountability known so far. Based on extensive investigations, we formalize new definitions of accountability specifically targeting the decryption process, denoted as accountable decryption, and discuss the (im)possibilities when capturing this concept. We also define the security goals in correspondence. Second, we present a novel Trusted Execution Environment(TEE)-assisted solution aligning with definitions. Instead of fully trusting TEE, we take a further step, making TEE work in the “trust, but verify” model where we trust TEE and use its service, but empower users (i.e., decryptors) to detect the potentially compromised state of TEEs. Third, we implement a full-fledged system and conduct a series of evaluations. The results demonstrate that our solution is efficient. Even in a scenario involving \u0000<inline-formula> <tex-math>$300,000$ </tex-math></inline-formula>\u0000 log entries, the decryption process concludes in approximately 5.5ms, and malicious decryptors can be identified within 69ms.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"620-635"},"PeriodicalIF":6.3,"publicationDate":"2024-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142820926","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Byzantine Fault Tolerance With Non-Determinism, Revisited","authors":"Yue Huang;Huizhong Li;Yi Sun;Sisi Duan","doi":"10.1109/TIFS.2024.3516541","DOIUrl":"10.1109/TIFS.2024.3516541","url":null,"abstract":"Conventional Byzantine fault tolerance (BFT) requires replicated state machines to execute deterministic operations only. In practice, numerous applications and scenarios, especially in the era of blockchains, contain various sources of non-determinism. Meanwhile, it is even sometimes desirable to support non-determinism, and replicas still agree on the execution results. Despite decades of research on BFT, we still lack an efficient and easy-to-deploy solution for BFT with non-determinism—BFT-ND, especially in the asynchronous setting. We revisit the problem of BFT-ND and provide a formal and asynchronous treatment of BFT-ND. In particular, we design and implement Block-ND that insightfully separates the task of agreeing on the order of transactions from the task of agreement on the state: Block-ND allows reusing existing BFT implementations; on top of BFT, we reduce the agreement on the state to multivalued Byzantine agreement (MBA), a somewhat neglected primitive by practical systems. Block-ND is completely asynchronous as long as the underlying BFT is asynchronous. We provide a new MBA construction that is significantly faster than existing MBA constructions. We instantiate Block-ND in both the partially synchronous setting (with PBFT, OSDI 1999) and the purely asynchronous setting (with PACE, CCS 2022). Via a 91-instance WAN deployment on Amazon EC2, we show that Block-ND has only marginal performance degradation compared to conventional BFT.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"309-322"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Joint Finger Valley Points-Free ROI Detection and Recurrent Layer Aggregation for Palmprint Recognition in Open Environment","authors":"Tingting Chai;Xin Wang;Ru Li;Wei Jia;Xiangqian Wu","doi":"10.1109/TIFS.2024.3516539","DOIUrl":"10.1109/TIFS.2024.3516539","url":null,"abstract":"Cooperative palmprint recognition, pivotal for civilian and commercial uses, stands as the most essential and broadly demanded branch in biometrics. These applications, often tied to financial transactions, require high accuracy in recognition. Currently, research in palmprint recognition primarily aims to enhance accuracy, with relatively few studies addressing the automatic and flexible palm region of interest (ROI) extraction (PROIE) suitable for complex scenes. Particularly, the intricate conditions of open environment, alongside the constraint of human finger skeletal extension limiting the visibility of Finger Valley Points (FVPs), render conventional FVPs-based PROIE methods ineffective. In response to this challenge, we propose an FVPs-Free Adaptive ROI Detection (FFARD) approach, which utilizes cross-dataset hand shape semantic transfer (CHSST) combined with the constrained palm inscribed circle search, delivering exceptional hand segmentation and precise PROIE. Furthermore, a Recurrent Layer Aggregation-based Neural Network (RLANN) is proposed to learn discriminative feature representation for high recognition accuracy in both open-set and closed-set modes. The Angular Center Proximity Loss (ACPLoss) is designed to enhance intra-class compactness and inter-class discrepancy between learned palmprint features. Overall, the combined FFARD and RLANN methods are proposed to address the challenges of palmprint recognition in open environment, collectively referred to as RDRLA. Experimental results on four palmprint benchmarks HIT-NIST-V1, IITD, MPD and BJTU_PalmV2 show the superiority of the proposed method RDRLA over the state-of-the-art (SOTA) competitors. The code of the proposed method is available at \u0000<uri>https://github.com/godfatherwang2/</uri>\u0000 RDRLA.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"421-435"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}