行为层析：通过行为内部结构建模识别隐藏的网络犯罪

IF 5.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Services Computing Pub Date : 2025-02-06 DOI:10.1109/TSC.2025.3539194

Cheng Wang;Hangyu Zhu

{"title":"行为层析：通过行为内部结构建模识别隐藏的网络犯罪","authors":"Cheng Wang;Hangyu Zhu","doi":"10.1109/TSC.2025.3539194","DOIUrl":null,"url":null,"abstract":"Identifying hidden cybercrimes is a challenging task, as these behaviors are often carefully planned by criminals with counter-surveillance awareness. Existing solutions for cybercrime detection struggle to uncover enough clues to identify hidden criminal behaviors. Malicious behaviors are concealed beneath benign behaviors, and the boundaries between malicious and benign behaviors in the representation space are blurred to evade mainstream deep learning-based security authentication models. We introduce a <underline>b</u>ehavior <underline>t</u>omographer (BT) to reconstruct the behavior structure from three slices: agent, event, and attribute slices, enabling more granular detection of hidden cybercrimes. The core idea of BT is to reconstruct interior information about behavior structure from multiple slices, much like computed tomography in modern medicine enables the reconstruction of internal body. It enables the extraction of discriminative information from intricate interior associations between behavioral attributes rather than surface information meticulously crafted by criminals. Our experiments are conducted on two representative cybercrime datasets. Promising experimental results demonstrate that BT outperforms state-of-the-art models on key metrics, achieving around 0.99 AUC-ROC and approximately 0.9 AUC-PR. Moreover, BT notably excels at low false positive rates, showcasing its high effectiveness for real-world applications.","PeriodicalId":13255,"journal":{"name":"IEEE Transactions on Services Computing","volume":"18 2","pages":"673-689"},"PeriodicalIF":5.8000,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Behavior Tomographer: Identifying Hidden Cybercrimes by Behavior Interior Structure Modeling\",\"authors\":\"Cheng Wang;Hangyu Zhu\",\"doi\":\"10.1109/TSC.2025.3539194\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Identifying hidden cybercrimes is a challenging task, as these behaviors are often carefully planned by criminals with counter-surveillance awareness. Existing solutions for cybercrime detection struggle to uncover enough clues to identify hidden criminal behaviors. Malicious behaviors are concealed beneath benign behaviors, and the boundaries between malicious and benign behaviors in the representation space are blurred to evade mainstream deep learning-based security authentication models. We introduce a <underline>b</u>ehavior <underline>t</u>omographer (BT) to reconstruct the behavior structure from three slices: agent, event, and attribute slices, enabling more granular detection of hidden cybercrimes. The core idea of BT is to reconstruct interior information about behavior structure from multiple slices, much like computed tomography in modern medicine enables the reconstruction of internal body. It enables the extraction of discriminative information from intricate interior associations between behavioral attributes rather than surface information meticulously crafted by criminals. Our experiments are conducted on two representative cybercrime datasets. Promising experimental results demonstrate that BT outperforms state-of-the-art models on key metrics, achieving around 0.99 AUC-ROC and approximately 0.9 AUC-PR. Moreover, BT notably excels at low false positive rates, showcasing its high effectiveness for real-world applications.\",\"PeriodicalId\":13255,\"journal\":{\"name\":\"IEEE Transactions on Services Computing\",\"volume\":\"18 2\",\"pages\":\"673-689\"},\"PeriodicalIF\":5.8000,\"publicationDate\":\"2025-02-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Services Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10876798/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Services Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10876798/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

识别隐藏的网络犯罪是一项具有挑战性的任务，因为这些行为通常是由具有反监视意识的罪犯精心策划的。现有的网络犯罪侦查解决方案很难发现足够的线索来识别隐藏的犯罪行为。恶意行为隐藏在良性行为之下，模糊了表示空间中恶意和良性行为的界限，从而规避了主流的基于深度学习的安全认证模型。我们引入了行为断层仪（BT），从三个切片（代理、事件和属性切片）重建行为结构，从而能够更细粒度地检测隐藏的网络犯罪。BT的核心思想是从多个切片中重建行为结构的内部信息，就像现代医学中的计算机断层扫描可以重建身体内部一样。它可以从行为属性之间复杂的内部关联中提取有区别的信息，而不是罪犯精心制作的表面信息。我们的实验是在两个代表性的网络犯罪数据集上进行的。有希望的实验结果表明，BT在关键指标上优于最先进的模型，达到约0.99 AUC-ROC和约0.9 AUC-PR。此外，英国电信在低误报率方面表现出色，显示了其在实际应用中的高有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Behavior Tomographer: Identifying Hidden Cybercrimes by Behavior Interior Structure Modeling

Identifying hidden cybercrimes is a challenging task, as these behaviors are often carefully planned by criminals with counter-surveillance awareness. Existing solutions for cybercrime detection struggle to uncover enough clues to identify hidden criminal behaviors. Malicious behaviors are concealed beneath benign behaviors, and the boundaries between malicious and benign behaviors in the representation space are blurred to evade mainstream deep learning-based security authentication models. We introduce a behavior tomographer (BT) to reconstruct the behavior structure from three slices: agent, event, and attribute slices, enabling more granular detection of hidden cybercrimes. The core idea of BT is to reconstruct interior information about behavior structure from multiple slices, much like computed tomography in modern medicine enables the reconstruction of internal body. It enables the extraction of discriminative information from intricate interior associations between behavioral attributes rather than surface information meticulously crafted by criminals. Our experiments are conducted on two representative cybercrime datasets. Promising experimental results demonstrate that BT outperforms state-of-the-art models on key metrics, achieving around 0.99 AUC-ROC and approximately 0.9 AUC-PR. Moreover, BT notably excels at low false positive rates, showcasing its high effectiveness for real-world applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Services Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

11.50

自引率

6.20%

发文量

278

审稿时长

>12 weeks

期刊介绍： IEEE Transactions on Services Computing encompasses the computing and software aspects of the science and technology of services innovation research and development. It places emphasis on algorithmic, mathematical, statistical, and computational methods central to services computing. Topics covered include Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, and Services Operations and Management. The transactions address mathematical foundations, security, privacy, agreement, contract, discovery, negotiation, collaboration, and quality of service for web services. It also covers areas like composite web service creation, business and scientific applications, standards, utility models, business process modeling, integration, collaboration, and more in the realm of Services Computing.