IEEE Transactions on Information Forensics and Security最新文献

{"title":"Fine-Grained and Class-Incremental Malicious Account Detection in Ethereum via Dynamic Graph Learning","authors":"Hanbiao Du;Meng Shen;Yang Liu;Zheng Che;Jinhe Wu;Wei Wang;Liehuang Zhu","doi":"10.1109/TIFS.2025.3612194","DOIUrl":"10.1109/TIFS.2025.3612194","url":null,"abstract":"Ethereum serves as the cornerstone for value transfer in Web 3.0, providing a decentralized and efficient trust mechanism for global connectivity. However, the anonymity of Ethereum undermines market regulatory capabilities, leading to frequent malicious behaviors such as Ponzi Scheme, Money Laundering, and Phishing. Therefore, in the face of the diverse and continuously emerging malicious behaviors, implementing fine-grained detection is crucial for maintaining the prosperous development of the blockchain ecosystem. In this paper, we propose FiMAD, a fine-grained and class-incremental malicious account detection framework based on dynamic graph learning. Specifically, we first propose a general graph structure called Dynamic Account Relation Graph (DARG), which dynamically models Ethereum accounts from a continuous-time perspective. Then, we design a cascade graph feature extraction method to capture deep temporal evolution patterns and neighbor interaction features in DARG. Next, we construct a pre-training universal encoder to transform account features into high-dimensional embeddings, followed by fine-tuning the model classifier with a few labeled samples, enabling accurate fine-grained detection and rapid updates for incremental classes. We conduct extensive experiments using real Ethereum data. The results demonstrate that FiMAD outperforms state-of-the-art (SOTA) methods in fine-grained detection across five typical scenarios: class-incremental, full data, new malicious accounts, imbalanced data, and binary classification. In the class-incremental scenario, FiMAD improves the Macro-F1 by up to 26.4% compared to SOTA methods.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10130-10145"},"PeriodicalIF":8.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089506","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LMAE4Eth: Generalizable and Robust Ethereum Fraud Detection by Exploring Transaction Semantics and Masked Graph Embedding","authors":"Yifan Jia;Yanbin Wang;Jianguo Sun;Ye Tian;Peng Qian","doi":"10.1109/TIFS.2025.3612149","DOIUrl":"10.1109/TIFS.2025.3612149","url":null,"abstract":"As Ethereum confronts increasingly sophisticated fraud threats, recent research seeks to improve fraud account detection by leveraging advanced pre-trained Transformer or self-supervised graph neural network. However, current Transformer-based methods rely on context-independent, numerical transaction sequences, failing to capture semantic of account transactions. Furthermore, the pervasive homogeneity in Ethereum transaction records renders it challenging to learn discriminative account embeddings. Moreover, current self-supervised graph learning methods primarily learn node representations through graph reconstruction, resulting in suboptimal performance for node-level tasks like fraud account detection, while these methods also encounter scalability challenges. To tackle these challenges, we propose LMAE4Eth, a multi-view learning framework that fuses transaction semantics, masked graph embedding, and expert knowledge. We first propose a transaction-token contrastive language model (TxCLM) that transforms context-independent numerical transaction records into logically cohesive linguistic representations, and leverages language modeling to learn transaction semantics. To clearly characterize the semantic differences between accounts, we also use a token-aware contrastive learning pre-training objective, which, together with the masked transaction model pre-training objective, learns high-expressive account representations. We then propose a masked account graph autoencoder (MAGAE) using generative self-supervised learning, which achieves superior node-level account detection by focusing on reconstructing account node features rather than graph structure. To enable MAGAE to scale for large-scale training, we propose to integrate layer-neighbor sampling into the graph, which reduces the number of sampled vertices by several times without compromising training quality. Additionally, we initialize the account nodes in the graph with expert-engineered features to inject empirical and statistical knowledge into the model. Finally, using a cross-attention fusion network, we unify the embeddings of TxCLM and MAGAE to leverage the benefits of both. We evaluate our method against 21 baseline approaches on three datasets. Experimental results show that our method improves the F1-score by over 10% at most compared with the best baseline. Furthermore, we observe from three datasets that the proposed method demonstrates strong generalization ability compared to previous work. Our source code is avaliable at: <uri>https://github.com/lmae4eth/LMAE4Eth</uri>","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10260-10274"},"PeriodicalIF":8.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detecting DeFi Fraud With a Graph-Transformer Language Model","authors":"Wei Ma;Junjie Shi;Jiaxi Qiu;Cong Wu;Jing Chen;Lingxiao Jiang;Shangqing Liu;Yang Liu;Yang Xiang","doi":"10.1109/TIFS.2025.3612184","DOIUrl":"10.1109/TIFS.2025.3612184","url":null,"abstract":"With the rapid development of blockchain technology, the widespread adoption of smart contracts—particularly in decentralized finance (DeFi) applications—has introduced significant security challenges, such as reentrancy attacks, phishing, and Sybil attacks. To address these issues, we propose a novel model called TrxGNNBERT, which combines Graph Neural Network (GNN) and the Transformer architecture to effectively handle both graph-structured and textual data. This combination enhances the detection of suspicious transactions and accounts on blockchain platforms like Ethereum. TrxGNNBERT was pre-trained using a masked language model (MLM) on a dataset of 60,000 Ethereum transactions by randomly masking the attributes of nodes and edges, thereby capturing deep semantic relationships and structural information. In this work, we constructed transaction subgraphs, using a GNN module to enrich the embedding representations, which were then fed into a Transformer encoder. The experimental results demonstrate that TrxGNNBERT outperforms various baseline models—including DeepWalk, Trans2Vec, Role2Vec, GCN, GAT, GraphSAGE, CodeBERT, GraphCodeBERT, Zipzap and BERT4ETH—in detecting suspicious transactions and accounts. Specifically, TrxGNNBERT achieved an accuracy of 0.755 and an F1 score of 0.756 on the TrxLarge dataset; an accuracy of 0.903 and an F1 score of 0.894 on the TrxSmall dataset; and an accuracy of 0.790 and an F1 score of 0.781 on the AddrDec dataset. We also explored different pre-training configurations and strategies, comparing the performance of encoder-based versus decoder-based Transformer structures. The results indicate that pre-training improves downstream task performance, with encoder-based structures outperforming decoder-based ones. Through ablation studies, we found that node-level information and subgraph structures are critical for achieving optimal performance in transaction classification tasks. When key features were removed, the model performance declined considerably, demonstrating the importance of each component of our method. These findings offer valuable insights for future research, suggesting further improvements in node attribute representation and subgraph extraction.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10051-10065"},"PeriodicalIF":8.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Feature Reconstruction: Far Field EM Side-Channel Attacks in Complex Environment","authors":"Huanyu Wang;Dalin He;Deng Tuo;Junnian Wang","doi":"10.1109/TIFS.2025.3611788","DOIUrl":"10.1109/TIFS.2025.3611788","url":null,"abstract":"Far Field EM Side-Channel Attacks (FEM-SCAs) have emerged as a realistic security threat to widely deployed RF-integrated IoT edge devices. In mixed-signal chips, side-channel leakage may unintentionally couple with transmission signals and be emitted via the on-chip antenna, potentially allowing adversaries to extract sensitive information from the victim at long distances. However, in practical scenarios, far field EM traces captured at long distances usually suffer from noise and interference, which makes the attack less efficient or sometimes even unfeasible. In this paper, we propose a Domain-Adversarial ReFeature Nueral Network (DAR-NN) to facilitate “noisy-clean” adaptation for far field EM traces captured at long distances. By integrating a DAE model with two deep-learning classifiers as regularization terms, the proposed DAR-NN model can reconstruct features of traces obtained remotely in complex environments, thereby achieving a more efficient FEM-SCA. We first test our model by using a publicly available dataset and show that it is feasible to extract the AES key from 141 traces captured at 15 m distance to the victim, which is 58.7% more efficient than existing methods with 80% less profiling data. Afterwards, we set up a more complex experimental environment with a HackRF radio serving as an interference source. We show that the proposed model can still extract the key by using around 2K traces at 15 m even in the presence of 25% active interference, while the state-of-the-art model fails under same conditions.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10066-10081"},"PeriodicalIF":8.0,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SF2Net: Sequence Feature Fusion Network for Palmprint Verification","authors":"Yunlong Liu;Lu Leng;Ziyuan Yang;Andrew Beng Jin Teoh;Bob Zhang","doi":"10.1109/TIFS.2025.3611692","DOIUrl":"10.1109/TIFS.2025.3611692","url":null,"abstract":"Currently global features are usually extracted directly from local patterns in palmprint verification. Furthermore, sequence features for palmprint verification are only used as local features, but the properties of sequence features are not fully utilized. To solve this issue, this paper introduces Sequence Feature Fusion Network (SF2Net) for palmprint verification. SF2Net proposes a new paradigm: using stable and spatially correlated sequence features as an intermediate bridge to generate robust global representations. SF2Net’s core mechanism is to first extract fine-grained local features that are then converted into sequence features by a Sequence Feature Extractor (SFE). Finally, the sequence features are used as a superior input to capture high-quality global features. By fusing multi-order texture-based local features with globally extracted sequence features, SF2Net achieves superior discrimination. To ensure high accuracy even with limited training data, a hybrid loss function is proposed, which integrate a cross-entropy loss and a triplet loss. Triplet loss effectively optimizes feature separation by explicitly considering negative samples. Extensive experiments on multiple publicly available palmprint datasets demonstrate that SF2Net achieves state-of-the-art (SOTA) performance. Remarkably, even with a small training-to-testing ratio (1:9), SF2Net achieves 100% accuracy, surpassing SOTA methods under several benchmark datasets. The code is released at <uri>https://github.com/20201422/SF2Net</uri>","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9936-9949"},"PeriodicalIF":8.0,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Digital Scapegoat: An Incentive Deception Model for Resisting Unknown APT Stealing Attacks on Critical Data Resource","authors":"Xiaochun Yun, Guangjun Wu, Shuhao Li, Qige Song, Zixian Tang, Zhenyu Cheng","doi":"10.1109/tifs.2025.3611653","DOIUrl":"https://doi.org/10.1109/tifs.2025.3611653","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"71 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing Model Generalization for Efficient Cross-Device Side-Channel Analysis","authors":"Yimeng Chen;Bo Wang;Changshan Su;Ao Li;Yuxing Tang;Gen Li","doi":"10.1109/TIFS.2025.3611696","DOIUrl":"10.1109/TIFS.2025.3611696","url":null,"abstract":"Deep learning (DL)-based techniques have garnered significant attention as an innovative method for profiled side-channel analysis (SCA). Despite their proven effectiveness, recent studies have highlighted challenges faced by DL-based profiled attacks in a more realistic portability threat model, where two devices are used respectively for profiling and the attack. In this paper, we propose a novel approach for cross-device attack by incorporating the Denoising Diffusion Probabilistic Model (DDPM) to develop a generalized model. Additionally, an adaptive multi-task loss is employed to balance multiple training objectives that respectively focus on model generalization and precision. We evaluate our strategy on five cross-device SCA datasets. The experimental results show that, compared to baseline methods, our approach achieves significantly enhanced performance, as measured by the number of traces required to recover the secret key. Specifically, on a more challenging dataset obtained from three SAKURA-G evaluation boards, our method successfully recovers the secret key using approximately 300 traces, whereas baseline methods fail to guarantee a successful cross-device attack even with 5,000 traces. Furthermore, our method demonstrates remarkably enhanced attack efficiency, reducing attack time by over an hour compared to the baselines.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10114-10129"},"PeriodicalIF":8.0,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Unveiling Malware Visual Patterns: A Self-analysis Perspective","authors":"Fangtian Zhong, Qin Hu, Yili Jiang, Jiaqi Huang, Xiuzhen Cheng","doi":"10.1109/tifs.2025.3611649","DOIUrl":"https://doi.org/10.1109/tifs.2025.3611649","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"71 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Diffusion Prediction and Control of Negative Information on Simplicial Complexes Using Physics-Informed Neural Networks","authors":"Ying Jing;Youguo Wang;Qiqing Zhai;Zhangfei Zhou;Haojie Hou","doi":"10.1109/TIFS.2025.3611070","DOIUrl":"10.1109/TIFS.2025.3611070","url":null,"abstract":"The inadequacy of traditional binary interaction networks in characterizing information flow processes within higher-order structures has driven growing research focus toward higher-order networks. Considering reporting mechanism and the dynamics of network scale, this paper proposes a susceptible-infected-quarantine-removed-empty (SIQRE) negative information diffusion model on simplicial complexes. An optimal control strategy, taking into account the system gain, is then implemented. The existence and stability of equilibria, and bi-stability between invasion threshold and persistence threshold are derived. Experiments on synthetic and empirical simplicial complexes reveal the dynamic behavior of the system with discontinuous phase transitions, backward bifurcation and periodic oscillations. An increase in the birth rate makes the system more susceptible to outbreaks of negative information, while the opposite is true for the death rate. Reporting mechanism suppresses discontinuous phase transition. And the synergistic application of preventive and corrective strategies demonstrates superior cost-effectiveness in system control compared to their isolated implementation. Additionally, an identifiability analysis of the model is conducted. Finally, the model parameters are inversely estimated and the diffusion dynamics are predicted using physics-informed neural networks (PINNs) across three instances, and the optimal control is subsequently performed, validating the effectiveness of both the proposed model and the control strategy.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10019-10034"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145077650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimized Sparse Vector Aggregation Under Local Differential Privacy","authors":"Ellen Z. Zhang;Yunguo Guan;Rongxing Lu;Harry Zhang","doi":"10.1109/TIFS.2025.3611115","DOIUrl":"10.1109/TIFS.2025.3611115","url":null,"abstract":"In crowdsourcing applications, gathering and analyzing users’ strong positive <xref>(1)</xref> or negative (−1) reactions to a large number of items is crucial for improving service quality, particularly in recommendation systems. However, protecting users’ privacy while handling diverse sparse patterns in contexts with a large dimension size <inline-formula> <tex-math>$d$ </tex-math></inline-formula> poses significant challenges for efficient and privacy-preserving data aggregation. To address these challenges, in this paper, we propose an optimized <inline-formula> <tex-math>$k$ </tex-math></inline-formula>-sparse vector mean estimation scheme under Local Differential Privacy (LDP), ensuring that each user’s entire set of up to <inline-formula> <tex-math>$k$ </tex-math></inline-formula> private values from <inline-formula> <tex-math>${-1, 1}$ </tex-math></inline-formula> satisfies <inline-formula> <tex-math>$varepsilon $ </tex-math></inline-formula>-LDP. Specifically, our proposed scheme employs a seed mining technique in conjunction with PRNG Randomizer, which allows users to send their data only once while enabling the server to accurately estimate any value’s mean in the domain. Our scheme achieves an asymptotically optimal per-coordinate error of <inline-formula> <tex-math>$Oleft ({{frac {1}{varepsilon sqrt {n}} }}right)$ </tex-math></inline-formula>, equivalent to that of a 1-sparse case, while also ensuring efficient communication costs. The communication cost remains at a minimal level of <inline-formula> <tex-math>$O(1)$ </tex-math></inline-formula> (only 2 bytes per user’s report) for smaller <inline-formula> <tex-math>$k$ </tex-math></inline-formula> values and scales to <inline-formula> <tex-math>$O(k)$ </tex-math></inline-formula> for larger <inline-formula> <tex-math>$k$ </tex-math></inline-formula>, due to efficient binning strategies. Extensive experimental results confirm that our results align with theoretical expectations, demonstrating that our scheme not only preserves user privacy but also ensures higher accuracy compared to other schemes.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10246-10259"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145077648","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}