IEEE Transactions on Information Forensics and Security最新文献

{"title":"Identifying Backdoored Graphs in Graph Neural Network Training: An Explanation-Based Approach with Novel Metrics","authors":"Jane Downer, Ren Wang, Binghui Wang","doi":"10.1109/tifs.2025.3613061","DOIUrl":"https://doi.org/10.1109/tifs.2025.3613061","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"30 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145127662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Differentially-Private Collaborative Online Personalized Mean Estimation","authors":"Yauhen Yakimenka, Chung-Wei Weng, Hsuan-Yin Lin, Eirik Rosnes, Jörg Kliewer","doi":"10.1109/tifs.2025.3612276","DOIUrl":"https://doi.org/10.1109/tifs.2025.3612276","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"40 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145116686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Using Random Forests for Efficient Identification of Decoys Under Link Flooding Attacks in SDNs","authors":"Wenjie Yu;Boyang Zhou","doi":"10.1109/TIFS.2025.3612159","DOIUrl":"10.1109/TIFS.2025.3612159","url":null,"abstract":"Software-defined networks (SDNs) face significant challenges from link flooding attacks (LFAs), where malicious bots flood towards a limited number of hidden hosts, known as decoys, at a low rate. Efficient decoy identification is crucial for mitigating LFAs and is more resource-efficient than traditional bot detection methods, given the smaller number of decoys compared to bots. This paper proposes a novel decoy identification mechanism (DIM) that utilizes the SDN controller to generate forwarding rules for critical switches, enabling them to classify and report decoy addresses effectively. DIM addresses the challenges of minimizing communication overhead between the controller and data plane while maintaining high classification accuracy. It optimizes critical switch selection by partitioning the network into smaller areas, which reduces communication costs while maximizing monitoring efficiency. Within each area, DIM pre-trains random forest (RF) models for the selected switches and generates their respective binary-encoded forwarding rules. These rules empower the switches to identify decoy addresses in LFA traffic at line speed. The identified addresses are then reported back to DIM for further analysis. Theoretical analysis demonstrates that DIM scales efficiently in terms of time and space complexity. Our evaluation with the NS-3 simulator—using real CAIDA traffic and a synthesized topology of over 30,000 nodes—shows DIM achieves 98.3% decoy identification accuracy, outperforming state-of-the-art models like LSTM and CNN in both accuracy and speed. Tests under routing changes and moving target defense scenarios confirm DIM’s robustness and adaptability, highlighting its practical effectiveness against LFAs.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10636-10651"},"PeriodicalIF":8.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089371","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detection of Unknown Attacks Through Encrypted Traffic: A Gaussian Prototype-Aided Variational Autoencoder Framework","authors":"Qianwei Meng, Jing Tao, Qingjun Yuan, Guangsong Li, Yongjuan Wang, Bing Gao, Siqi Lu","doi":"10.1109/tifs.2025.3612141","DOIUrl":"https://doi.org/10.1109/tifs.2025.3612141","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"11 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimal String Sanitization Against Strategic Attackers","authors":"Pengxin Bian, George Theodorakopoulos, Solon P. Pissis, Grigorios Loukides","doi":"10.1109/tifs.2025.3610245","DOIUrl":"https://doi.org/10.1109/tifs.2025.3610245","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"162 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"JMA: a General Algorithm to Craft Nearly Optimal Targeted Adversarial Examples","authors":"Benedetta Tondi, Wei Guo, Niccolò Pancino, Mauro Barni","doi":"10.1109/tifs.2025.3611121","DOIUrl":"https://doi.org/10.1109/tifs.2025.3611121","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"36 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fine-Grained and Class-Incremental Malicious Account Detection in Ethereum via Dynamic Graph Learning","authors":"Hanbiao Du;Meng Shen;Yang Liu;Zheng Che;Jinhe Wu;Wei Wang;Liehuang Zhu","doi":"10.1109/TIFS.2025.3612194","DOIUrl":"10.1109/TIFS.2025.3612194","url":null,"abstract":"Ethereum serves as the cornerstone for value transfer in Web 3.0, providing a decentralized and efficient trust mechanism for global connectivity. However, the anonymity of Ethereum undermines market regulatory capabilities, leading to frequent malicious behaviors such as Ponzi Scheme, Money Laundering, and Phishing. Therefore, in the face of the diverse and continuously emerging malicious behaviors, implementing fine-grained detection is crucial for maintaining the prosperous development of the blockchain ecosystem. In this paper, we propose FiMAD, a fine-grained and class-incremental malicious account detection framework based on dynamic graph learning. Specifically, we first propose a general graph structure called Dynamic Account Relation Graph (DARG), which dynamically models Ethereum accounts from a continuous-time perspective. Then, we design a cascade graph feature extraction method to capture deep temporal evolution patterns and neighbor interaction features in DARG. Next, we construct a pre-training universal encoder to transform account features into high-dimensional embeddings, followed by fine-tuning the model classifier with a few labeled samples, enabling accurate fine-grained detection and rapid updates for incremental classes. We conduct extensive experiments using real Ethereum data. The results demonstrate that FiMAD outperforms state-of-the-art (SOTA) methods in fine-grained detection across five typical scenarios: class-incremental, full data, new malicious accounts, imbalanced data, and binary classification. In the class-incremental scenario, FiMAD improves the Macro-F1 by up to 26.4% compared to SOTA methods.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10130-10145"},"PeriodicalIF":8.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089506","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LMAE4Eth: Generalizable and Robust Ethereum Fraud Detection by Exploring Transaction Semantics and Masked Graph Embedding","authors":"Yifan Jia;Yanbin Wang;Jianguo Sun;Ye Tian;Peng Qian","doi":"10.1109/TIFS.2025.3612149","DOIUrl":"10.1109/TIFS.2025.3612149","url":null,"abstract":"As Ethereum confronts increasingly sophisticated fraud threats, recent research seeks to improve fraud account detection by leveraging advanced pre-trained Transformer or self-supervised graph neural network. However, current Transformer-based methods rely on context-independent, numerical transaction sequences, failing to capture semantic of account transactions. Furthermore, the pervasive homogeneity in Ethereum transaction records renders it challenging to learn discriminative account embeddings. Moreover, current self-supervised graph learning methods primarily learn node representations through graph reconstruction, resulting in suboptimal performance for node-level tasks like fraud account detection, while these methods also encounter scalability challenges. To tackle these challenges, we propose LMAE4Eth, a multi-view learning framework that fuses transaction semantics, masked graph embedding, and expert knowledge. We first propose a transaction-token contrastive language model (TxCLM) that transforms context-independent numerical transaction records into logically cohesive linguistic representations, and leverages language modeling to learn transaction semantics. To clearly characterize the semantic differences between accounts, we also use a token-aware contrastive learning pre-training objective, which, together with the masked transaction model pre-training objective, learns high-expressive account representations. We then propose a masked account graph autoencoder (MAGAE) using generative self-supervised learning, which achieves superior node-level account detection by focusing on reconstructing account node features rather than graph structure. To enable MAGAE to scale for large-scale training, we propose to integrate layer-neighbor sampling into the graph, which reduces the number of sampled vertices by several times without compromising training quality. Additionally, we initialize the account nodes in the graph with expert-engineered features to inject empirical and statistical knowledge into the model. Finally, using a cross-attention fusion network, we unify the embeddings of TxCLM and MAGAE to leverage the benefits of both. We evaluate our method against 21 baseline approaches on three datasets. Experimental results show that our method improves the F1-score by over 10% at most compared with the best baseline. Furthermore, we observe from three datasets that the proposed method demonstrates strong generalization ability compared to previous work. Our source code is avaliable at: <uri>https://github.com/lmae4eth/LMAE4Eth</uri>","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10260-10274"},"PeriodicalIF":8.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detecting DeFi Fraud With a Graph-Transformer Language Model","authors":"Wei Ma;Junjie Shi;Jiaxi Qiu;Cong Wu;Jing Chen;Lingxiao Jiang;Shangqing Liu;Yang Liu;Yang Xiang","doi":"10.1109/TIFS.2025.3612184","DOIUrl":"10.1109/TIFS.2025.3612184","url":null,"abstract":"With the rapid development of blockchain technology, the widespread adoption of smart contracts—particularly in decentralized finance (DeFi) applications—has introduced significant security challenges, such as reentrancy attacks, phishing, and Sybil attacks. To address these issues, we propose a novel model called TrxGNNBERT, which combines Graph Neural Network (GNN) and the Transformer architecture to effectively handle both graph-structured and textual data. This combination enhances the detection of suspicious transactions and accounts on blockchain platforms like Ethereum. TrxGNNBERT was pre-trained using a masked language model (MLM) on a dataset of 60,000 Ethereum transactions by randomly masking the attributes of nodes and edges, thereby capturing deep semantic relationships and structural information. In this work, we constructed transaction subgraphs, using a GNN module to enrich the embedding representations, which were then fed into a Transformer encoder. The experimental results demonstrate that TrxGNNBERT outperforms various baseline models—including DeepWalk, Trans2Vec, Role2Vec, GCN, GAT, GraphSAGE, CodeBERT, GraphCodeBERT, Zipzap and BERT4ETH—in detecting suspicious transactions and accounts. Specifically, TrxGNNBERT achieved an accuracy of 0.755 and an F1 score of 0.756 on the TrxLarge dataset; an accuracy of 0.903 and an F1 score of 0.894 on the TrxSmall dataset; and an accuracy of 0.790 and an F1 score of 0.781 on the AddrDec dataset. We also explored different pre-training configurations and strategies, comparing the performance of encoder-based versus decoder-based Transformer structures. The results indicate that pre-training improves downstream task performance, with encoder-based structures outperforming decoder-based ones. Through ablation studies, we found that node-level information and subgraph structures are critical for achieving optimal performance in transaction classification tasks. When key features were removed, the model performance declined considerably, demonstrating the importance of each component of our method. These findings offer valuable insights for future research, suggesting further improvements in node attribute representation and subgraph extraction.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10051-10065"},"PeriodicalIF":8.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145089368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Feature Reconstruction: Far Field EM Side-Channel Attacks in Complex Environment","authors":"Huanyu Wang;Dalin He;Deng Tuo;Junnian Wang","doi":"10.1109/TIFS.2025.3611788","DOIUrl":"10.1109/TIFS.2025.3611788","url":null,"abstract":"Far Field EM Side-Channel Attacks (FEM-SCAs) have emerged as a realistic security threat to widely deployed RF-integrated IoT edge devices. In mixed-signal chips, side-channel leakage may unintentionally couple with transmission signals and be emitted via the on-chip antenna, potentially allowing adversaries to extract sensitive information from the victim at long distances. However, in practical scenarios, far field EM traces captured at long distances usually suffer from noise and interference, which makes the attack less efficient or sometimes even unfeasible. In this paper, we propose a Domain-Adversarial ReFeature Nueral Network (DAR-NN) to facilitate “noisy-clean” adaptation for far field EM traces captured at long distances. By integrating a DAE model with two deep-learning classifiers as regularization terms, the proposed DAR-NN model can reconstruct features of traces obtained remotely in complex environments, thereby achieving a more efficient FEM-SCA. We first test our model by using a publicly available dataset and show that it is feasible to extract the AES key from 141 traces captured at 15 m distance to the victim, which is 58.7% more efficient than existing methods with 80% less profiling data. Afterwards, we set up a more complex experimental environment with a HackRF radio serving as an interference source. We show that the proposed model can still extract the key by using around 2K traces at 15 m even in the presence of 25% active interference, while the state-of-the-art model fails under same conditions.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10066-10081"},"PeriodicalIF":8.0,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145083814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}