IEEE Transactions on Information Forensics and Security最新文献

{"title":"A-NIDS: Adaptive Network Intrusion Detection System Based on Clustering and Stacked CTGAN","authors":"Chao Zha;Zhiyu Wang;Yifei Fan;Bing Bai;Yinjie Zhang;Sainan Shi;Ruyun Zhang","doi":"10.1109/TIFS.2025.3551643","DOIUrl":"10.1109/TIFS.2025.3551643","url":null,"abstract":"Intrusion detection systems (IDS) are crucial tools for detecting anomalous network traffic in cybersecurity. In recent years, significant progress has been made in applying artificial intelligence to IDS. However, existing research often assumes that training and testing data are static and identically distributed, whereas in reality, data drift is inevitable. Moreover, to enhance model versatility and detection performance, models have become increasingly complex, posing challenges to real-time deployment. To address these challenges, we propose an adaptive network intrusion detection system named A-NIDS, consisting of a main task and two bypass tasks. The main task is to develop a fully connected and shallow network with strong detection performance and real-time capability. The first bypass task is a clustering model that helps the main task detect data drift in an unsupervised manner. The second bypass task is a generation model to generate old data to address catastrophic forgetting in new model iterations and the storage cost issue caused by accumulating old data. We conduct extensive experiments on the CICIDS-2017 and CSE-CICIDS-2018 datasets, demonstrating the superior performance of A-NIDS on new and old data. Furthermore, our detection module achieves a detection latency of 5 microseconds, highlighting its suitability for real-time applications. All the related code is publicly available at: <uri>https://github.com/ids-sec-hub/A-NIDS</uri>.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3204-3219"},"PeriodicalIF":6.3,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143631298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing Security in 5G NR With Channel-Robust RF Fingerprinting Leveraging SRS for Cross-Domain Stability","authors":"Haoran Zha;Hanhong Wang;Yu Wang;Zhi Sun;Guan Gui;Yun Lin","doi":"10.1109/TIFS.2025.3551638","DOIUrl":"10.1109/TIFS.2025.3551638","url":null,"abstract":"Radio Frequency Fingerprinting (RFF) has emerged as a vital technique for enhancing Physical Layer Authentication (PLA) in New Radio (NR) networks. Unlike cryptographic methods, RFF leverages device-specific signal impairments to uniquely identify transmitters. Deep Learning (DL) advances have improved PLA, though challenges persist due to communication channel dynamics and device state changes. In this study, we propose a novel framework that integrates 5G NR protocol-specific structures and channel knowledge via SRS-based CSI to generate relative RFF features. Through a tailored frame design and carefully engineered processing pipeline, we achieve cross-domain stability and improved robustness against time-varying conditions. By applying regularization techniques (e.g., mixup) during training, our method further mitigates model overfitting and domain bias. Simulation and real-world SDR experiments, using data from 9 ADALM-PLUTO devices, validate the approach’s effectiveness. The proposed system attains recognition accuracies of 99.878%, 93.376%, 86.325%, and 66.558% in intra-domain, cross-channel, cross-time, and cross-scenario tests, respectively, highlighting its potential to substantially enhance physical layer security in NR-based networks.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3429-3444"},"PeriodicalIF":6.3,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143631300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"I2OL-Net: Intra-Inter Objectness Learning Network for Point-Supervised X-Ray Prohibited Item Detection","authors":"Chenyang Wang;Yan Yan;Jing-Hao Xue;Hanzi Wang","doi":"10.1109/TIFS.2025.3550052","DOIUrl":"10.1109/TIFS.2025.3550052","url":null,"abstract":"Automatic detection of prohibited items in X-ray images plays a crucial role in public security. However, existing methods rely heavily on labor-intensive box annotations. To address this, we investigate X-ray prohibited item detection under labor-efficient point supervision and develop an intra-inter objectness learning network (I2OL-Net). I2OL-Net consists of two key modules: an intra-modality objectness learning (intra-OL) module and an inter-modality objectness learning (inter-OL) module. The intra-OL module designs a local focus Gaussian masking block and a global random Gaussian masking block to collaboratively learn the objectness in X-ray images. Meanwhile, the inter-OL module introduces the wavelet decomposition-based adversarial learning block and the objectness block, effectively reducing the modality discrepancy between natural images and X-ray images and transferring the objectness knowledge learned from natural images with box annotations to X-ray images. Based on the above, I2OL-Net greatly alleviates the severe problem of part domination caused by large intra-class variations in X-ray images. Experimental results on four X-ray datasets show that I2OL-Net can achieve superior performance with a significant reduction of annotation cost, thus enhancing its accessibility and practicality. The source code is released at <uri>https://github.com/houjoeng/I2OL-Net</uri>.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3045-3059"},"PeriodicalIF":6.3,"publicationDate":"2025-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143618282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enforcing Differential Privacy in Federated Learning via Long-Term Contribution Incentives","authors":"Xiangyun Tang;Luyao Peng;Yu Weng;Meng Shen;Liehuang Zhu;Robert H. Deng","doi":"10.1109/TIFS.2025.3550777","DOIUrl":"10.1109/TIFS.2025.3550777","url":null,"abstract":"Privacy-preserving Federated Learning (FL) based on Differential Privacy (DP) protects clients’ data by adding DP noise to samples’ gradients and has emerged as a de facto standard for data privacy in FL. However, the accuracy of global models in DP-based FL may be reduced significantly when rogue clients occur who deviate from the preset DP-based FL approaches and selfishly inject excessive DP noise beyond expectations, thereby applying a smaller privacy budget in the DP mechanism to ensure a higher level of security. Existing DP-based FL fails to prevent such attacks as they are imperceptible. Under the DP-based FL system and random Gaussian noise, the local model parameters of the rogue clients and the honest clients have identical distributions. In particular, the rogue local models show a low performance, but directly filtering out lower-performance local models compromises the generalizability of global models, as local models trained on scarce data also behave with low performance in the early epoch. In this paper, we propose ReFL, a novel privacy-preserving FL system that enforces DP and avoids the accuracy reduction of global models caused by excessive DP noise of rogue clients. Based on the observation that rogue local models with excessive DP noise and honest local models trained on scarce data have different performance patterns in long-term training epochs, we propose a long-term contribution incentives scheme to evaluate clients’ reputations and identify rogue clients. Furthermore, we design a reputation-based aggregation to avoid the damage of rogue clients’ models on the global model accuracy, based on the incentive reputation. Extensive experiments demonstrate ReFL guarantees the global model accuracy performance 0.77% - 81.71% higher than existing DP-based FL methods in the presence of rogue clients.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3102-3115"},"PeriodicalIF":6.3,"publicationDate":"2025-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143607777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MD-SONIC: Maliciously-Secure Outsourcing Neural Network Inference With Reduced Online Communication","authors":"Yansong Zhang;Xiaojun Chen;Ye Dong;Qinghui Zhang;Rui Hou;Qiang Liu;Xudong Chen","doi":"10.1109/TIFS.2025.3550834","DOIUrl":"10.1109/TIFS.2025.3550834","url":null,"abstract":"With the widespread deployment of Deep-Learning-as-a-Service, secure multi-party computation-based outsourcing neural network (NN) inference has garnered significant attention for its high-security guarantee. Nevertheless, under the dishonest-majority setting with malicious adversaries, prior secure inference works are still costly in terms of communication and run-time. Additionally, existing outsourcing frameworks impose a substantial client-side design, which leads to obstacles in resource-constrained devices. To address the above challenges, we propose MD-SONIC, an online efficient and maliciously-secure framework for outsourcing NN inference with a dishonest majority. We first construct communication-efficient n-party protocols for the basic primitives such as fixed-point multiplication and most significant bit extraction by combining mask-sharing and TinyOT-sharing with SPD<inline-formula> <tex-math>$mathbb {Z}_{2^{k}}$ </tex-math></inline-formula> seamlessly. Then, we build fast secure blocks for the widely used NN operators, including matrix multiplication, ReLU, and Maxpool, on top of our basic primitives. To enable an arbitrary number of users to outsource the secure inference task to n computing servers, we propose a lightweight-client and fast <inline-formula> <tex-math>$Sigma $ </tex-math></inline-formula> paradigm named SPIN, stemming from zero-knowledge proofs. Our SPIN can be instantiated into a set of efficient outsourcing protocols over multiple algebraic structures (e.g., finite field and ring). We also conduct extensive evaluations of MD-SONIC on various neural networks. Compared to the work by Damgård et al. (IEEE S&P’19) and MD-ML (USENIX Security’24), we achieve up to <inline-formula> <tex-math>$594.4times $ </tex-math></inline-formula> and <inline-formula> <tex-math>$45.1times $ </tex-math></inline-formula> online communication improvements, and improve the online execution time by at most <inline-formula> <tex-math>$14.3times $ </tex-math></inline-formula> (resp. <inline-formula> <tex-math>$20.5times $ </tex-math></inline-formula>) and <inline-formula> <tex-math>$1.8times $ </tex-math></inline-formula> (resp. <inline-formula> <tex-math>$2.3times $ </tex-math></inline-formula>) in LAN (resp. WAN).","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3534-3549"},"PeriodicalIF":6.3,"publicationDate":"2025-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143608006","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Toward Secure Weighted Aggregation for Privacy-Preserving Federated Learning","authors":"Yunlong He;Jia Yu","doi":"10.1109/TIFS.2025.3550787","DOIUrl":"10.1109/TIFS.2025.3550787","url":null,"abstract":"Privacy-preserving federated learning can protect the privacy of model gradients/parameters in the model aggregation phase. Most existing schemes only consider the scenario where user models have the same weight in model aggregation. However, users often hold different numbers of training samples in practice. This makes the model convergence speed of existing schemes very slow. To solve this problem, we propose a privacy-preserving federated learning scheme with secure weighted aggregation. It is able to allocate appropriate user weights based on the user’s local data size with privacy protection. In addition, it is impossible for the cloud server to obtain the user’s original model parameters and local data size in the proposed scheme. Specifically, we use Lagrange interpolation to combine the model parameters and local data size into a set of ciphertexts. The cloud server can smoothly perform weighted aggregation based on these ciphertexts. Leveraging the Chinese Remainder Theorem, we convert the local data size into a series of verification values. This enables the user to verify the correctness of results returned from the server. We provide a theoretical analysis for the proposed scheme, demonstrating its effectiveness, privacy, and verifiability. We perform extensive experiments on the MNIST dataset. Experimental results demonstrate its model performance, computation overhead, and communication overhead.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3475-3488"},"PeriodicalIF":6.3,"publicationDate":"2025-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143608033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CR-DAP: A Comprehensive and Regulatory Decentralized Anonymous Payment System","authors":"Weiqi Dai;Yang Zhou;Xiaohai Dai;Kim-Kwang Raymond Choo;Xia Xie;Deqing Zou;Hai Jin","doi":"10.1109/TIFS.2025.3550821","DOIUrl":"10.1109/TIFS.2025.3550821","url":null,"abstract":"Among various blockchain applications, decentralized anonymous payment (DAP) systems stand out for their enhanced privacy protection compared to traditional payment methods. However, DAPs face challenges such as the lack of asset recovery and identity verification features. To ensure the long-term healthy development of DAP systems, adherence to legal regulations and privacy protection is equally critical. In response to these requirements, we propose a <inline-formula> <tex-math>$textsf {CR}$ </tex-math></inline-formula>-<inline-formula> <tex-math>$textsf {DAP}$ </tex-math></inline-formula> system that offers a secure and efficient solution without compromising on practicality. Our innovation lies in introducing an identity-based traceable anonymous signature scheme, which skillfully balances anonymity with traceability. This scheme supports private key retrieval and allows for identity tracking when necessary, addressing key pain points in existing anonymous payment systems and enhancing user trust. We have implemented the prototype of this signature scheme and the <inline-formula> <tex-math>$textsf {CR}$ </tex-math></inline-formula>-<inline-formula> <tex-math>$textsf {DAP}$ </tex-math></inline-formula> system, evaluating its performance to demonstrate its practicality.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3274-3286"},"PeriodicalIF":6.3,"publicationDate":"2025-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143608034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Differentially Private Linearized ADMM Algorithm for Decentralized Nonconvex Optimization","authors":"Xiao-Yu Yue;Jiang-Wen Xiao;Xiao-Kang Liu;Yan-Wu Wang","doi":"10.1109/TIFS.2025.3550808","DOIUrl":"10.1109/TIFS.2025.3550808","url":null,"abstract":"Privacy preservation is a challenging problem in decentralized nonconvex optimization containing sensitive data. Prior approaches to decentralized nonconvex optimization are either not strong enough to protect privacy or exhibit low utility under a high privacy guarantee. To address these issues, we propose a differentially private linearized alternating direction method of multipliers (DP-LADMM), which achieves fast convergence property for nonconvex objective functions while achieving saddle/maximum avoidance under differential privacy guarantee. We also apply the Analytic Gaussian Mechanism to track the cumulative privacy loss and provide a tight global differential privacy guarantee for DP-LADMM. The theoretical analysis offers an explicit convergence rate for our algorithm. To the best of our knowledge, this is the first paper to provide explicit convergence for decentralized nonconvex optimization with differential privacy and saddle/maximum avoidance. Numerical simulations and comparison studies on decentralized estimation confirm the superiority of the algorithm and the effectiveness of global privacy preservation.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3316-3329"},"PeriodicalIF":6.3,"publicationDate":"2025-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143608008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Stable and Efficient Data-Free Model Attack With Label-Noise Data Generation","authors":"Zhixuan Zhang;Xingjian Zheng;Linbo Qing;Qi Liu;Pingyu Wang;Yu Liu;Jiyang Liao","doi":"10.1109/TIFS.2025.3550066","DOIUrl":"10.1109/TIFS.2025.3550066","url":null,"abstract":"The objective of a data-free closed-box adversarial attack is to attack a victim model without using internal information, training datasets or semantically similar substitute datasets. Concerned about stricter attack scenarios, recent studies have tried employing generative networks to synthesize data for training substitute models. Nevertheless, these approaches concurrently encounter challenges associated with unstable training and diminished attack efficiency. In this paper, we propose a novel query-efficient data-free closed-box adversarial attack method. To mitigate unstable training, for the first time, we directly manipulate the intermediate-layer feature of a generator without relying on any substitute models. Specifically, a label noise-based generation module is created to enhance the intra-class patterns by incorporating partial historical information during the learning process. Additionally, we present a feature-disturbed diversity generation method to augment the inter-class distance. Meanwhile, we propose an adaptive intra-class attack strategy to heighten attack capability within a limited query budget. In this strategy, entropy-based distance is utilized to characterize the relative information from model outputs, while positive classes and negative samples are used to enhance low attack efficiency. The comprehensive experiments conducted on six datasets demonstrate the superior performance of our method compared to six state-of-the-art data-free closed-box competitors in both label-only and probability-only attack scenarios. Intriguingly, our method can realize the highest attack success rate on the online Microsoft Azure model under an extremely low query budget. Additionally, the proposed approach not only achieves more stable training but also significantly reduces the query count for a more balanced data generation. Furthermore, our method can maintain the best performance under the existing defense models and a limited query budget.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3131-3145"},"PeriodicalIF":6.3,"publicationDate":"2025-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143599001","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient Source Detection in Incomplete Networks via Sensor Deployment and Source Approaching","authors":"Le Cheng, Peican Zhu, Keke Tang, Chao Gao, Zhen Wang","doi":"10.1109/tifs.2025.3550069","DOIUrl":"https://doi.org/10.1109/tifs.2025.3550069","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"5 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143598822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}