IEEE Transactions on Information Forensics and Security最新文献

{"title":"Patty: Pattern Series-Based Semantics Analysis for Agnostic Industrial Control Protocols","authors":"Daoqing Yang, Yu Yao, Yao Shan, Licheng Yang, Wei Yang, Fuyi Liu, Yunfeng Wu","doi":"10.1109/tifs.2025.3569129","DOIUrl":"https://doi.org/10.1109/tifs.2025.3569129","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"58 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143939906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Class-Aware Adversarial Unsupervised Domain Adaptation for Linguistic Steganalysis","authors":"Zhen Yang, Yufei Luo, Jinshuai Yang, Xin Xu, Ru Zhang, Yongfeng Huang","doi":"10.1109/tifs.2025.3569409","DOIUrl":"https://doi.org/10.1109/tifs.2025.3569409","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"54 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143939908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An Active Authorization Control Method for Deep Reinforcement Learning Model Based on GANs and Adaptive Trigger","authors":"Mingfu Xue, Kewei Chen, Leo Yu Zhang, Yushu Zhang, Weiqiang Liu","doi":"10.1109/tifs.2025.3567915","DOIUrl":"https://doi.org/10.1109/tifs.2025.3567915","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"24 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143930908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Modality Unified Attack for Omni-Modality Person Re-Identification","authors":"Yuan Bian, Min Liu, Yunqi Yi, Xueping Wang, Yunfeng Ma, Yaonan Wang","doi":"10.1109/tifs.2025.3566993","DOIUrl":"https://doi.org/10.1109/tifs.2025.3566993","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"15 1","pages":"1-1"},"PeriodicalIF":6.8,"publicationDate":"2025-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143910439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Defending Against Model Inversion Attack via Feature Purification","authors":"Shenhao Shi;Yan Wo","doi":"10.1109/TIFS.2025.3565997","DOIUrl":"10.1109/TIFS.2025.3565997","url":null,"abstract":"The Model Inversion Attack (MIA) aims to reconstruct the privacy data used to train the target model, raising significant public concerns about the privacy of machine learning models. Therefore, proposing effective methods to defend against MIA has become crucial. The relationship between MIA and defense is a typical adversarial process. If the upper bound of the attacker’s capability can be estimated through theoretical analysis, a more robust defense method can be achieved by weakening this upper bound. To achieve this goal, we simplify MIA to a problem of reconstructing estimates, and analyze the lower bound of the reconstruction error obtained by the attacker, from which we infer the theoretical upper bound of the attacker’s capability, providing a foundation for designing the defense mechanism. We find that the lower bound of reconstruction error is inversely proportional to the Fisher information. This means that smaller Fisher information can lead to a larger reconstruction error. If the attacker cannot obtain second-order information during the reconstruction estimation, the corresponding Fisher information will be reduced. Consequently, we propose a defense against model inversion attacks via feature purification (DMIAFP). To reduce the Fisher information, DMIAFP hides the private data contained within the features and its second-order information (the relationships between private data) by minimizing the first-order and second-order correlations between private data and output features. Additionally, we introduce Principal Inertia Components (PIC) for the correlation metric, and infer the theoretical upper bound of the attacker’s reconstruction ability through PIC, thereby avoiding the issue of poor defensive performance caused by data-driven instability in defense methods that train by adversarially inverse models. Experimental results show that our method achieves good performance in defense and exhibits significant advantages in removing redundant information contained in features.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4755-4768"},"PeriodicalIF":6.3,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143893637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"WF-A2D: Enhancing Privacy With Asymmetric Adversarial Defense Against Website Fingerprinting","authors":"Jianan Huang;Weiwei Liu;Guangjie Liu;Bo Gao;Fengyuan Nie","doi":"10.1109/TIFS.2025.3565994","DOIUrl":"10.1109/TIFS.2025.3565994","url":null,"abstract":"Despite the end-to-end encryption capabilities provided by network protocols such as QUIC in HTTP/3 and the additional tunneling functions offered by proxy tools like virtual private networks (VPNs) and the onion router (Tor), website fingerprinting (WF) techniques can still identify specific network services by exploiting the spatio-temporal characteristics of network traffic. Therefore, defending against WF attacks is crucial for ensuring comprehensive privacy protection for network services. Existing WF defenses typically rely on proxy-based solutions that require coordinated packet manipulations between the client and the proxy node to counteract WF attacks. These symmetric architectures cannot protect network traffic between proxy nodes and web servers from WF attacks. Furthermore, the ability to counter more powerful traffic analysis tools remains a challenging issue. In this paper, we propose WF-A2D, an asymmetric adversarial defense method against website fingerprinting for HTTP/3. WF-A2D employs a two-stage cascading adversarial learning strategy, leveraging packet direction and length patterns to enhance defense performance. Position-based perturbation vectors representing packet operations are generated for packet-by-packet manipulations to achieve real-time WF defense. Experimental results on a real-world HTTP/3-QUIC website browsing traffic dataset demonstrate that WF-A2D can achieve a defense success rate of 97.10% on average against seven state-of-the-art traffic analysis tools, while incurring less than 2% bandwidth overhead. More importantly, WF-A2D can operate independently on the client side and ensure end-to-end protection to web servers.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4739-4754"},"PeriodicalIF":6.3,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143893636","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"TruVRF: Toward Triple-Granularity Verification on Machine Unlearning","authors":"Chunyi Zhou;Yansong Gao;Anmin Fu;Kai Chen;Zhi Zhang;Minhui Xue;Zhiyang Dai;Shouling Ji;Yuqing Zhang","doi":"10.1109/TIFS.2025.3565991","DOIUrl":"10.1109/TIFS.2025.3565991","url":null,"abstract":"The right to be forgotten has incentivized machine unlearning, but a key challenge persists: the lack of reliable methods to verify unlearning conducted by model providers. This gap facilitates dishonest model providers to deceive data contributors. Current approaches often rely on invasive methods like backdoor injection. However, it poses security concerns and is also inapplicable to legacy data—already released data. To tackle this challenge, this work initializes the first non-invasive unlearning verification framework which operates at triple-granularity (class-, volume-, sample-level) to assess the data facticity and volume integrity of machine unlearning. In this paper, we propose a framework, named <monospace>TruVRF</monospace>, encompasses three Unlearning-Metrics, each tailored to counter different types of dishonest model providers or servers (Neglecting Server, Lazy Server, Deceiving Server). <monospace>TruVRF</monospace> leverages non-invasive model sensitivity to enable multi-granularity verification of unlearning. Specifically, Unlearning-Metric-I checks if the removed class matches the data contributor’s unlearning request, Unlearning-Metric-II measures the amount of unlearned data, and Unlearning-Metric-III validates the correspondence of a specific unlearned sample with the requested deletion. We conducted extensive evaluations of <monospace>TruVRF</monospace> efficacy across three datasets, and notably, we also evaluated the effectiveness and computational overhead of <monospace>TruVRF</monospace> in real-world applications for the face recognition dataset. Our experimental results demonstrate that <monospace>TruVRF</monospace> achieves robust verification performance: Unlearning-Metric-I and -III achieve over 90% verification accuracy on average against dishonest servers, while Unlearning-Metric-II maintains an inference deviation within 4.8% to 8.2%. Additionally, <monospace>TruVRF</monospace> demonstrates generalizability across diverse conditions, including varying numbers of unlearned classes and sample volumes. Significantly, <monospace>TruVRF</monospace> is applied to two state-of-the-art unlearning frameworks: SISA (presented at Oakland’21) and Amnesiac Unlearning, representing exact and approximate unlearning methods, respectively, which affirm <monospace>TruVRF</monospace>’s practicality. In addition, we conducted extensive evaluations around <monospace>TruVRF</monospace>, including ablation experiments, trade-offs in computational overhead, and the robustness of model sensitivity, among others.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4844-4859"},"PeriodicalIF":6.3,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143893788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DD-rPPGNet: De-Interfering and Descriptive Feature Learning for Unsupervised rPPG Estimation","authors":"Pei-Kai Huang;Tzu-Hsien Chen;Ya-Ting Chan;Kuan-Wen Chen;Chiou-Ting Hsu","doi":"10.1109/TIFS.2025.3565965","DOIUrl":"10.1109/TIFS.2025.3565965","url":null,"abstract":"Remote Photoplethysmography (rPPG) aims to measure physiological signals and Heart Rate (HR) from facial videos. Recent unsupervised rPPG estimation methods have shown promising potential in estimating rPPG signals from facial regions without relying on ground truth rPPG signals. However, these methods seem oblivious to interference existing in rPPG signals and still result in unsatisfactory performance. In this paper, we propose a novel De-interfered and Descriptive rPPG Estimation Network (DD-rPPGNet) to eliminate the interference within rPPG features for learning genuine rPPG signals. First, we investigate the characteristics of local spatial-temporal similarities of interference and design a novel unsupervised model to estimate the interference. Next, we propose an unsupervised de-interfered method to learn genuine rPPG signals with two stages. In the first stage, we estimate the initial rPPG signals by contrastive learning from both the training data and their augmented counterparts. In the second stage, we use the estimated interference features to derive de-interfered rPPG features and encourage the rPPG signals to be distinct from the interference. In addition, we propose an effective descriptive rPPG feature learning by developing a strong 3D Learnable Descriptive Convolution (3DLDC) to capture the subtle chrominance changes for enhancing rPPG estimation. Extensive experiments conducted on five rPPG benchmark datasets demonstrate that the proposed DD-rPPGNet outperforms previous unsupervised rPPG estimation methods and achieves competitive performances with state-of-the-art supervised rPPG methods. The code is available at: <uri>https://github.com/Pei-KaiHuang/TIFS2025-DD-rPPGNet</uri>","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4956-4970"},"PeriodicalIF":6.3,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143893638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CoSwinVIT: A Vision Transformer for Enhanced Uniform Spectrum Response in Specific Emitter Identification","authors":"Yuting Lei, Dingzhao Li, Mingyuan Shao, Shaohua Hong, Haixin Sun","doi":"10.1109/tifs.2025.3565999","DOIUrl":"https://doi.org/10.1109/tifs.2025.3565999","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"12 1","pages":"1-1"},"PeriodicalIF":6.8,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143893787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CAMeL: Cross-Modality Adaptive Meta-Learning for Text-Based Person Retrieval","authors":"Hang Yu;Jiahao Wen;Zhedong Zheng","doi":"10.1109/TIFS.2025.3565392","DOIUrl":"10.1109/TIFS.2025.3565392","url":null,"abstract":"Text-based person retrieval aims to identify specific individuals within an image database using textual descriptions. Due to the high cost of annotation and privacy protection, researchers resort to synthesized data for the paradigm of pretraining and fine-tuning. However, these generated data often exhibit domain biases in both images and textual annotations, which largely compromise the scalability of the pre-trained model. Therefore, we introduce a domain-agnostic pretraining framework based on Cross-modality Adaptive Meta-Learning (CAMeL) to enhance the model generalization capability during pretraining to facilitate the subsequent downstream tasks. In particular, we develop a series of tasks that reflect the diversity and complexity of real-world scenarios, and introduce a dynamic error sample memory unit to memorize the history for errors encountered within multiple tasks. To further ensure multi-task adaptation, we also adopt an adaptive dual-speed update strategy, balancing fast adaptation to new tasks and slow weight updates for historical tasks. Albeit simple, our proposed model not only surpasses existing state-of-the-art methods on real-world benchmarks, including CUHK-PEDES, ICFG-PEDES, and RSTPReid, but also showcases robustness and scalability in handling biased synthetic images and noisy text annotations. Our code is available at <uri>https://github.com/Jahawn-Wen/CAMeL-reID</uri>","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4651-4663"},"PeriodicalIF":6.3,"publicationDate":"2025-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143889754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}