发布求助
文献互助 智能选刊 最新文献

IEEE Transactions on Information Forensics and Security最新文献

筛选
英文 中文
Privacy-Preserving Statistical Analysis With Low Redundancy Over Task-Relevant Microdata 任务相关微数据的低冗余隐私保护统计分析
IF 6.3 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-08 DOI: 10.1109/TIFS.2025.3556347
Jingcheng Zhao;Kaiping Xue;Yingjie Xue;Meng Li;Bin Zhu;Shaoxian Yuan
{"title":"Privacy-Preserving Statistical Analysis With Low Redundancy Over Task-Relevant Microdata","authors":"Jingcheng Zhao;Kaiping Xue;Yingjie Xue;Meng Li;Bin Zhu;Shaoxian Yuan","doi":"10.1109/TIFS.2025.3556347","DOIUrl":"10.1109/TIFS.2025.3556347","url":null,"abstract":"Privacy-preserving statistical analysis enables the data center to analyze datasets from multiple data owners, extracting valuable insights while safeguarding privacy. However, the observation of microdata involvement in various analysis tasks within the data center can indirectly lead to privacy breaches. For instance, when the data center observes microdata involved in a disease-related task, it may reveal information about the corresponding user’s disease. Existing schemes process the entire dataset for each analysis task to prevent privacy breaches, resulting in significant redundancy overhead due to the large amount of task-irrelevant data involved in processing. In this paper, we propose FDC, which can protect privacy and effectively reduce the redundancy overhead. It frees the data center from huge redundancy overhead. Specifically, we propose a co-design of local differential privacy and multiparty computation with preprocessing by the data owner. This design enables the data center to process only task-relevant and LDP noise-induced microdata instead of the entire dataset while maintaining analysis results without accuracy loss. In some scenarios where preprocessing by the data owner is unfeasible, we present a data center-assisted method to complete preprocessing within the data center. Additionally, we design and optimize a secure shuffle protocol within this method. Finally, we implement and evaluate FDC using the aggregation task as a baseline. With different proportions of task-relevant microdata, experimental results show that the runtime of FDC is <inline-formula> <tex-math>$2sim 11$ </tex-math></inline-formula>x faster than existing schemes on LAN and <inline-formula> <tex-math>$2sim 22$ </tex-math></inline-formula>x on WAN, and the communication overhead is up to <inline-formula> <tex-math>$3sim 153$ </tex-math></inline-formula>x lower.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4382-4395"},"PeriodicalIF":6.3,"publicationDate":"2025-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143805746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Looking Clearer With Text: A Hierarchical Context Blending Network for Occluded Person Re-Identification 用文本看得更清楚:一个用于闭塞人物再识别的分层上下文混合网络
IF 6.3 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-07 DOI: 10.1109/TIFS.2025.3558586
Changshuo Wang;Xingyu Gao;Meiqing Wu;Siew-Kei Lam;Shuting He;Prayag Tiwari
{"title":"Looking Clearer With Text: A Hierarchical Context Blending Network for Occluded Person Re-Identification","authors":"Changshuo Wang;Xingyu Gao;Meiqing Wu;Siew-Kei Lam;Shuting He;Prayag Tiwari","doi":"10.1109/TIFS.2025.3558586","DOIUrl":"10.1109/TIFS.2025.3558586","url":null,"abstract":"Existing occluded person re-identification (re-ID) methods mainly learn limited visual information for occluded pedestrians from images. However, textual information, which can describe various human appearance attributes, is rarely fully utilized in the task. To address this issue, we propose a Text-guided Hierarchical Context Blending Network (THCB-Net) for occluded person re-ID. Specifically, at the data level, informative multi-modal inputs are first generated to make full use of the auxiliary role of textual information and make image data have a strong inductive bias for occluded environments. At the feature expression level, we design a novel Hierarchical Context Blending (HCB) module that can adaptively integrate shallow appearance features obtained by CNNs and multi-scale semantic features from visual transformer encoder. At the model optimization level, a Multi-modal Feature Interaction (MFI) module is proposed to learn the multi-modal information of pedestrians from texts and images, then guide the visual transformer encoder and HCB module to further learn discriminative identity information for occluded pedestrians through Image-Multimodal Contrastive (IMC) learning. Extensive experiments on standard occluded person re-ID benchmarks demonstrate that the proposed THCB-Net outperforms state-of-the-art methods. The code will be available soon.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4296-4307"},"PeriodicalIF":6.3,"publicationDate":"2025-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143797846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Statistical Analysis of Non-Profiling Higher-Order Distinguishers Against Inner Product Masking 内积掩蔽下非轮廓高阶区分符的统计分析
IF 6.3 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-07 DOI: 10.1109/TIFS.2025.3558601
Qianmei Wu;Wei Cheng;Fan Zhang;Sylvain Guilley
{"title":"Statistical Analysis of Non-Profiling Higher-Order Distinguishers Against Inner Product Masking","authors":"Qianmei Wu;Wei Cheng;Fan Zhang;Sylvain Guilley","doi":"10.1109/TIFS.2025.3558601","DOIUrl":"10.1109/TIFS.2025.3558601","url":null,"abstract":"Inner Product Masking (IPM) is one representative masking scheme, which captivates by so-called Security Order Amplification (SOA) property. It is commonly recognized that SOA holds under linear leakages. In this paper, we revisit SOA from a non-profiling attack perspective. Specifically, we conduct statistical analyses on three non-profiling distinguishers, including Pearson Coefficient Distinguisher (PCD), Spearman Coefficient Distinguisher (SCD) and Kruskal-Wallis Distinguisher (KWD). We find a fundamental connection between SCD and KWD such that SCD is a more generic distinguisher which encompasses KWD. Theoretical explanations for why KWD outperforms SCD under non-linear leakages are provided. We also propose a new adjusted SCD and present its optimal form, which bridges the efficiency gap with KWD. Grounded on this, SOA is extensively assessed and the observations are two-fold. On the one hand, we confirm again the effectiveness of SOA under Hamming weight leakage through the statistical analysis of PCD. On the other hand, we show that SOA can not resist rank-based distinguishers even under linear leakages, which has never been revealed before (to the best of our knowledge). At last, we verify the theoretical findings through both simulated and real-world measurements. Our results demonstrate the advantage of rank-based distinguishers in uncovering non-linear relationships hidden in leakage, enriching the tool-set for non-profiling class of side-channel attacks. Remarkably, we provide an adversary perspective to investigate SOA, highlighting that the side-channel resistance promised by SOA is vulnerable even considering the ideal linear leakage models.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4008-4023"},"PeriodicalIF":6.3,"publicationDate":"2025-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143797691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
FHECAP: An Encrypted Control System with Piecewise Continuous Actuation FHECAP:分段连续驱动的加密控制系统
IF 6.8 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-07 DOI: 10.1109/tifs.2025.3558580
Song Bian, Yunhao Fu, Dong Zhao, Haowen Pan, Yuexiang Jin, Jiayue Sun, Hui Qiao, Zhenyu Guan
{"title":"FHECAP: An Encrypted Control System with Piecewise Continuous Actuation","authors":"Song Bian, Yunhao Fu, Dong Zhao, Haowen Pan, Yuexiang Jin, Jiayue Sun, Hui Qiao, Zhenyu Guan","doi":"10.1109/tifs.2025.3558580","DOIUrl":"https://doi.org/10.1109/tifs.2025.3558580","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"87 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143797690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
What Makes a Good Exchange? Privacy-Preserving and Fair Contract Agreement in Data Trading 什么是好的交易?数据交易中的隐私保护与公平合同协议
IF 6.3 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-07 DOI: 10.1109/TIFS.2025.3558590
Xinyu He;Yuan Zhang;Yaqing Song;Weidong Qiu;Hongwei Li;Qiang Tang
{"title":"What Makes a Good Exchange? Privacy-Preserving and Fair Contract Agreement in Data Trading","authors":"Xinyu He;Yuan Zhang;Yaqing Song;Weidong Qiu;Hongwei Li;Qiang Tang","doi":"10.1109/TIFS.2025.3558590","DOIUrl":"10.1109/TIFS.2025.3558590","url":null,"abstract":"Exchange-assisted data trading (EADT) has become an essential paradigm in current data marketplaces. With data exchanges, sellers and buyers can trade data in an efficient and convenient way. However, existing EADT systems are vulnerable to privacy violations. Sensitive information about the data owned by sellers (manifested as attributes of the data) and the purchasing requirements of buyers (manifested as interests) are highly susceptible to leakage. On the one hand, buyers and sellers have direct access to the type of data supplied or desired before the data transaction is established. On the other hand, the information about transactions between the seller and buyer is transparent to the exchange, including the content of the transaction contract. In addition, the participants are likely to repudiate the content of previously accepted contracts or trigger a bidding war by contract first authorized by others, which raises threats towards authenticity and fairness. In this paper, we investigate the contract agreement in actual EADT systems, enumerate the inherent requirements of secrecy and fairness, and formally define them. Then we propose a privacy-preserving and fair contract agreement framework, dubbed PFCA, which consists of order-matching, negotiation, and authorization. We further propose a practical instantiation of PFCA, dubbed BestPFCA, utilizing efficient private set intersection (PSI), secure messaging (SM), and three-party signature (TPS). In addition, we also implement a BestPFCA prototype and conduct a comprehensive performance evaluation, which demonstrates the efficiency and practicality of BestPFCA.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4265-4279"},"PeriodicalIF":6.3,"publicationDate":"2025-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143797848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Handwritten Signature Verification via Multimodal Consistency Learning 通过多模态一致性学习的手写签名验证
IF 6.3 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-07 DOI: 10.1109/TIFS.2025.3557674
Zhaosen Shi;Fagen Li;Dong Hao;Qinshuo Sun
{"title":"Handwritten Signature Verification via Multimodal Consistency Learning","authors":"Zhaosen Shi;Fagen Li;Dong Hao;Qinshuo Sun","doi":"10.1109/TIFS.2025.3557674","DOIUrl":"10.1109/TIFS.2025.3557674","url":null,"abstract":"Multimodal handwritten signatures usually involve offline images and online sequences. Since in real-world scenarios, different modalities of the same signature are generated simultaneously, most research hypothesizes that the different modalities are consistent. However, attacks launched on a partial modality (e.g., only tampering on the image modality) of signature data are commonly seen, and will cause the inter-modal inconsistency. In this paper, we propose and analyze the multimodal security and attack levels for handwritten signatures, and provide a multimodal consistency learning method to detect different levels of attacks of signatures. The modalities include not only traditional offline and online data, but also videos capturing hand movements. We collect a number of triple modal signatures to address the scarcity of public handwritten video datasets. Then, we extract hand joint sequences from videos and utilize them to analyze subtle multimodal consistency with the online modality. We provide extensive experiments for the consistency between online and offline signatures, as well as between online signatures and movement videos. The verification involves distance-based and classification-based fusion models, showing the most effective discriminative networks for attack detection and the superiority of consistency learning.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3995-4007"},"PeriodicalIF":6.3,"publicationDate":"2025-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143797643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Gupacker: Generalized Unpacking Framework for Android Malware Gupacker: Android恶意软件的通用解包框架
IF 6.3 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-07 DOI: 10.1109/TIFS.2025.3558592
Tao Zheng;Qiyu Hou;Xingshu Chen;Hao Ren;Meng Li;Hongwei Li;Changxiang Shen
{"title":"Gupacker: Generalized Unpacking Framework for Android Malware","authors":"Tao Zheng;Qiyu Hou;Xingshu Chen;Hao Ren;Meng Li;Hongwei Li;Changxiang Shen","doi":"10.1109/TIFS.2025.3558592","DOIUrl":"10.1109/TIFS.2025.3558592","url":null,"abstract":"Android malware authors often use packers to evade analysis. Although many unpacking tools have been proposed, they face two significant challenges: 1) They are easily impeded by anti-analysis techniques employed by packers, preventing efficient collection of hidden Dex data. 2) They are typically designed to unpack a specific packer and cannot handle malware packed with mixed packers. Consequently, many packed malware samples evade detection. To bridge this gap, we propose <inline-formula> <tex-math>$textsf {Gupacker}$ </tex-math></inline-formula>, a novel generalized unpacking framework. <inline-formula> <tex-math>$textsf {Gupacker}$ </tex-math></inline-formula> offers a generic solution for first-generation holistic packer by customizing the Android system source code. It identifies the type of packer and selects an appropriate unpacking function, constructs a deeper active call chain to achieve generic unpacking of second-generation function extraction packers, and uses JNI function and instruction monitoring to handle third-generation virtual obfuscation packer. On this basis, we counteract a diverse array of anti-analysis techniques. We conduct extensive experiments on 5K packed Android malware samples, comparing <inline-formula> <tex-math>$textsf {Gupacker}$ </tex-math></inline-formula> with 2 commercial and 4 state-of-the-art academic unpacking tools. The results demonstrate that <inline-formula> <tex-math>$textsf {Gupacker}$ </tex-math></inline-formula> significantly improves the efficiency of Android malware unpacking with acceptable system overhead. We analyze real packed applications based on <inline-formula> <tex-math>$textsf {Gupacker}$ </tex-math></inline-formula> and found several are second-packed by attackers, including WPS for Android, with tens of millions of users. We receive and responsibly report 13 0day vulnerabilities and also assist in the remediation of all vulnerabilities.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4338-4352"},"PeriodicalIF":6.3,"publicationDate":"2025-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143797687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
GTAE-IDS: Graph Transformer-Based Autoencoder Framework for Real-Time Network Intrusion Detection GTAE-IDS:基于图变换器自动编码器的实时网络入侵检测框架
IF 6.3 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-03 DOI: 10.1109/TIFS.2025.3557741
Jalal Ghadermazi;Soumyadeep Hore;Ankit Shah;Nathaniel D. Bastian
{"title":"GTAE-IDS: Graph Transformer-Based Autoencoder Framework for Real-Time Network Intrusion Detection","authors":"Jalal Ghadermazi;Soumyadeep Hore;Ankit Shah;Nathaniel D. Bastian","doi":"10.1109/TIFS.2025.3557741","DOIUrl":"10.1109/TIFS.2025.3557741","url":null,"abstract":"Network intrusion detection systems (NIDS) utilize signature and anomaly-based methods to detect malicious activities within networks. Advances in machine learning (ML) and deep learning (DL) algorithms have enabled NIDS to analyze large volumes of data and identify complex patterns. However, traditional ML/DL approaches in NIDS have primarily relied on flow-based features and utilized flat data formats, such as vectors or grids, which limit their ability to recognize the structural and contextual nuances of network attacks, particularly in real-time. Additionally, most NIDS depend on supervised or semi-supervised learning, requiring extensive labeled data that is time-consuming to generate and not always feasible. This reliance restricts their ability to detect novel attacks, as they typically only recognize threats similar to those encountered during training. Hence, there is a significant need to develop NIDS that can operate in near real-time, eliminate the need for labeled data, and effectively identify novel attack patterns. We propose GTAE-IDS, a novel unsupervised packet-based graph neural network framework aimed at early and precise anomaly detection in network traffic. GTAE-IDS employs graph embeddings to capture and process network traffic data swiftly, creating sequential packet-based graphs that reflect network communications. Our approach employs graph autoencoders to identify structural and global patterns in benign data without needing labeled graph data, enhancing detection capabilities against novel attacks. Incorporating transformers in the encoder segment, GTAE-IDS effectively discerns contextual patterns in network traffic, achieving over 98% accuracy in identifying malicious activities on benchmark network intrusion data sets.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4026-4041"},"PeriodicalIF":6.3,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10948513","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143775542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
FedWiper: Federated Unlearning via Universal Adapter FedWiper:通过通用适配器联合学习
IF 6.3 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-03 DOI: 10.1109/TIFS.2025.3557671
Shuai Zhao;Junying Zhang;Xindi Ma;Qi Jiang;Zhuo Ma;Sheng Gao;Zuobin Ying;Jianfeng Ma
{"title":"FedWiper: Federated Unlearning via Universal Adapter","authors":"Shuai Zhao;Junying Zhang;Xindi Ma;Qi Jiang;Zhuo Ma;Sheng Gao;Zuobin Ying;Jianfeng Ma","doi":"10.1109/TIFS.2025.3557671","DOIUrl":"10.1109/TIFS.2025.3557671","url":null,"abstract":"Privacy preservation are becoming increasingly significant in machine learning, with recent privacy regulations requiring the deletion of personal data and its impact on models. Although erasing data from storage is simple, removing the influence of data on models remains a challenge. Federated unlearning is an emerging paradigm that aims to forget the knowledge contributed by some specific data to the federated model. In this paper, we design a novel federated unlearning strategy, named FedWiper, which enables exact unlearning in federated learning by erasing specific data and its impact from the federated model. Specifically, based on the granularity of the dataset, we propose training multiple federated submodels to construct a federated unlearning framework, thereby narrowing the scope of the impact of wiped data. Furthermore, the proposed Uni-Adapter structure effectively mitigates the negative impact on model performance from diminishing the dataset scale, while also reducing communication cost. Rather than focusing solely on achieving indistinguishability unlearning of the model for classification task, we extend FedWiper to unlearning for multiple types of tasks and achieve the exact unlearning. Experiments demonstrate that FedWiper can not only accelerate federated unlearning, but also achieve exact unlearning across multiple types of tasks in federated learning while ensuring minimal loss of model performance. Our Code: <uri>https://github.com/grey1989/FedWiper</uri>.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4042-4054"},"PeriodicalIF":6.3,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143775539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
TAGAPT: Toward Automatic Generation of APT Samples With Provenance-Level Granularity TAGAPT:自动生成具有来源级粒度的APT样本
IF 6.3 1区 计算机科学
IEEE Transactions on Information Forensics and Security Pub Date : 2025-04-03 DOI: 10.1109/TIFS.2025.3557742
Wenrui Cheng;Qixuan Yuan;Tiantian Zhu;Tieming Chen;Jie Ying;Aohan Zheng;Mingjun Ma;Chunlin Xiong;Mingqi Lv;Yan Chen
{"title":"TAGAPT: Toward Automatic Generation of APT Samples With Provenance-Level Granularity","authors":"Wenrui Cheng;Qixuan Yuan;Tiantian Zhu;Tieming Chen;Jie Ying;Aohan Zheng;Mingjun Ma;Chunlin Xiong;Mingqi Lv;Yan Chen","doi":"10.1109/TIFS.2025.3557742","DOIUrl":"10.1109/TIFS.2025.3557742","url":null,"abstract":"Detecting advanced persistent threats (APTs) at a host via data provenance has emerged as a valuable yet challenging task. Compared with attack rule matching, machine learning approaches offer new perspectives for efficiently detecting attacks by leveraging their inherent ability to autonomously learn from data and adapt to dynamic environments. However, the scarcity of APT samples poses a significant limitation, rendering supervised learning methods that have demonstrated remarkable capabilities in other domains (e.g., malware detection) impractical. Therefore, we propose a system called TAGAPT, which is able to automatically generate numerous APT samples with provenance-level granularity. First, we introduce a deep graph generation model to generalize various graph structures that represent new attack patterns. Second, we propose an attack stage division algorithm to divide each generated graph structure into stage subgraphs. Finally, we design a genetic algorithm to find the optimal attack technique explanation for each subgraph and obtain fully instantiated APT samples. Experimental results demonstrate that TAGAPT can learn from existing attack patterns and generalize to novel attack patterns. Furthermore, the generated APT samples 1) exhibit the ability to help with efficient threat hunting and 2) provide additional assistance to the state-of-the-art (SOTA) attack detection system (Kairos) by filtering out 73% of the observed false positives. We have open-sourced the code and the generated samples to support the development of the security community.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"4137-4151"},"PeriodicalIF":6.3,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143775541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信