Pub Date : 2025-01-20DOI: 10.1109/TIFS.2025.3530677
Dongming Li;Wanting Ma;Fuhui Zhou;Qihui Wu;Derrick Wing Kwan Ng
The fifth-generation new radio (NR) cellular communication is featured with numerous advancements over Long Term Evolution (LTE) and earlier technologies. It enables more flexible physical-layer resource scheduling across multiple dimensions, and two representative techniques are beamspace transmissions and time-frequency numerology selection. Nevertheless, the lightweight physical-layer secure transmission in NR remains under investigation, especially taking NR beamspace and mobility into consideration. In this work, we propose a physical-layer wireless key generation (KG) efficient beamspace adaptation scheme for NR, where the KG capacity is theoretically characterized by critical NR components including beam direction and beamwidth. In addition, we consider the impacts of user mobility on KG performance. Since NR beamspace plays a key role in deciding the channel probing window in the spatial dimension, the NR beamspace directly affects channel probing results and hence the KG efficiency. To this end, NR beam parameters are obtained to improve the KG performance. Especially, we propose to optimize the NR beamwidth for maximizing the secrecy-delay efficiency, because a tradeoff exists in adapting the beamwidth where smaller beamwidth can improve the channel estimation accuracy but increase the beam sweeping delay. Theoretical analysis and simulation results show that the beam direction adaptation provides spatial degrees of freedom for NR to enhance KG, by enabling beam selection pointing at target areas with richer multipath scatterings. Experimental results demonstrate that the narrow beam is beneficial to enhancing the channel estimation accuracy and the resultant key agreements.
{"title":"Physical-Layer Key Generation Efficient Beamspace Adaptations in 5G New Radio","authors":"Dongming Li;Wanting Ma;Fuhui Zhou;Qihui Wu;Derrick Wing Kwan Ng","doi":"10.1109/TIFS.2025.3530677","DOIUrl":"10.1109/TIFS.2025.3530677","url":null,"abstract":"The fifth-generation new radio (NR) cellular communication is featured with numerous advancements over Long Term Evolution (LTE) and earlier technologies. It enables more flexible physical-layer resource scheduling across multiple dimensions, and two representative techniques are beamspace transmissions and time-frequency numerology selection. Nevertheless, the lightweight physical-layer secure transmission in NR remains under investigation, especially taking NR beamspace and mobility into consideration. In this work, we propose a physical-layer wireless key generation (KG) efficient beamspace adaptation scheme for NR, where the KG capacity is theoretically characterized by critical NR components including beam direction and beamwidth. In addition, we consider the impacts of user mobility on KG performance. Since NR beamspace plays a key role in deciding the channel probing window in the spatial dimension, the NR beamspace directly affects channel probing results and hence the KG efficiency. To this end, NR beam parameters are obtained to improve the KG performance. Especially, we propose to optimize the NR beamwidth for maximizing the secrecy-delay efficiency, because a tradeoff exists in adapting the beamwidth where smaller beamwidth can improve the channel estimation accuracy but increase the beam sweeping delay. Theoretical analysis and simulation results show that the beam direction adaptation provides spatial degrees of freedom for NR to enhance KG, by enabling beam selection pointing at target areas with richer multipath scatterings. Experimental results demonstrate that the narrow beam is beneficial to enhancing the channel estimation accuracy and the resultant key agreements.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1535-1550"},"PeriodicalIF":6.3,"publicationDate":"2025-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142991404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-20DOI: 10.1109/TIFS.2025.3531772
Jie Zhang;Zhifan Wan;Lanqing Hu;Stephen Lin;Shuzhe Wu;Shiguang Shan
Considering the close connection between action recognition and human pose estimation, we design a Collaboratively Self-supervised Video Representation (CSVR) learning framework specific to action recognition by jointly factoring in generative pose prediction and discriminative context matching as pretext tasks. Specifically, our CSVR consists of three branches: a generative pose prediction branch, a discriminative context matching branch, and a video generating branch. Among them, the first one encodes dynamic motion feature by utilizing Conditional-GAN to predict the human poses of future frames, and the second branch extracts static context features by contrasting positive and negative video feature and I-frame feature pairs. The third branch is designed to generate both current and future video frames, for the purpose of collaboratively improving dynamic motion features and static context features. Extensive experiments demonstrate that our method achieves state-of-the-art performance on multiple popular video datasets.
{"title":"Collaboratively Self-Supervised Video Representation Learning for Action Recognition","authors":"Jie Zhang;Zhifan Wan;Lanqing Hu;Stephen Lin;Shuzhe Wu;Shiguang Shan","doi":"10.1109/TIFS.2025.3531772","DOIUrl":"10.1109/TIFS.2025.3531772","url":null,"abstract":"Considering the close connection between action recognition and human pose estimation, we design a Collaboratively Self-supervised Video Representation (CSVR) learning framework specific to action recognition by jointly factoring in generative pose prediction and discriminative context matching as pretext tasks. Specifically, our CSVR consists of three branches: a generative pose prediction branch, a discriminative context matching branch, and a video generating branch. Among them, the first one encodes dynamic motion feature by utilizing Conditional-GAN to predict the human poses of future frames, and the second branch extracts static context features by contrasting positive and negative video feature and I-frame feature pairs. The third branch is designed to generate both current and future video frames, for the purpose of collaboratively improving dynamic motion features and static context features. Extensive experiments demonstrate that our method achieves state-of-the-art performance on multiple popular video datasets.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1895-1907"},"PeriodicalIF":6.3,"publicationDate":"2025-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142991403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-17DOI: 10.1109/TIFS.2025.3531239
Aruna Jayasena;Richard Bachmann;Prabhat Mishra
Software based cryptographic implementations provide flexibility but they face performance limitations. In contrast, hardware based cryptographic accelerators utilize application-specific customization to provide real-time security solutions. Cryptographic instruction-set extensions (CISE) combine the advantages of both hardware and software based solutions to provide higher performance combined with the flexibility of atomic-level cryptographic operations. While CISE is widely used to develop security solutions, side-channel analysis of CISE-based devices is in its infancy. Specifically, it is important to evaluate whether the power usage and electromagnetic emissions of CISE-based devices have any correlation with its internal operations, which an adversary can exploit to deduce cryptographic secrets. In this paper, we propose a test vector leakage assessment framework to evaluate the pre-silicon prototypes at the early stages of the design life-cycle. Specifically, we first identify functional units with the potential for leaking information through power side-channel signatures and then evaluate them on system prototypes by generating the necessary firmware to maximize the side-channel signature. Our experimental results on two RISC-V based cryptographic extensions, RISCV-CRYPTO and XCRYPTO, demonstrated that seven out of eight prototype AES- and SHA-related functional units are vulnerable to leaking cryptographic secrets through their power side-channel signature even in full system mode with a statistical significance of $alpha = 0.05$ .
{"title":"CiseLeaks: Information Leakage Assessment of Cryptographic Instruction Set Extension Prototypes","authors":"Aruna Jayasena;Richard Bachmann;Prabhat Mishra","doi":"10.1109/TIFS.2025.3531239","DOIUrl":"10.1109/TIFS.2025.3531239","url":null,"abstract":"Software based cryptographic implementations provide flexibility but they face performance limitations. In contrast, hardware based cryptographic accelerators utilize application-specific customization to provide real-time security solutions. Cryptographic instruction-set extensions (CISE) combine the advantages of both hardware and software based solutions to provide higher performance combined with the flexibility of atomic-level cryptographic operations. While CISE is widely used to develop security solutions, side-channel analysis of CISE-based devices is in its infancy. Specifically, it is important to evaluate whether the power usage and electromagnetic emissions of CISE-based devices have any correlation with its internal operations, which an adversary can exploit to deduce cryptographic secrets. In this paper, we propose a test vector leakage assessment framework to evaluate the pre-silicon prototypes at the early stages of the design life-cycle. Specifically, we first identify functional units with the potential for leaking information through power side-channel signatures and then evaluate them on system prototypes by generating the necessary firmware to maximize the side-channel signature. Our experimental results on two RISC-V based cryptographic extensions, RISCV-CRYPTO and XCRYPTO, demonstrated that seven out of eight prototype AES- and SHA-related functional units are vulnerable to leaking cryptographic secrets through their power side-channel signature even in full system mode with a statistical significance of <inline-formula> <tex-math>$alpha = 0.05$ </tex-math></inline-formula>.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1551-1565"},"PeriodicalIF":6.3,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142989189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the increasing digitization of medical records and the interconnected nature of healthcare networks, robust security measures are vital to mitigate the risk of data breaches, cyberattacks, and unauthorized access. Existing healthcare security models, like one-time authentication (OTA), rely on complex mathematical problems such as the integer factorization problem (IFP) and discrete logarithm problem (DLP). However, advancements in quantum computing, notably Shor’s algorithm, pose a threat to the security of these systems. Once the attacker bypasses OTA, they gain permanent access and can reveal sensitive healthcare user information. Given the numerous vulnerabilities exposed in OTA systems, there is a rising demand and trend toward implementing continuous authentication systems. Current cutting-edge privacy technologies either are not feasible or entail high costs for continuous authentication systems, which necessitate periodic real-time verification. As a result, we proposed a cutting-edge novel approach to healthcare security through post-quantum continuous authentication without breaking the continuity of a session, leveraging behavioral biometrics (BB) and vector similarity search (VSS). By integrating BB, which analyzes individual behavioral patterns, with VSS, our robust lightweight quantum-secure technique ensures a heightened level of security. The proposed framework offers seamless and continuous authentication, adapting in real-time to users’ behavioral patterns. The proof of concept for VSS demonstrates the efficiency of the proposed scheme in real-time healthcare applications. Through extensive testing, analysis, and performance analysis under unknown attacks, this study demonstrates the efficacy and resilience of our approach, promising a new frontier in healthcare security. A real-time testbed experiment, along with the implementation and design of FastAPI, demonstrates the novelty of the proposed scheme.
{"title":"Healthcare Security: Post-Quantum Continuous Authentication With Behavioral Biometrics Using Vector Similarity Search","authors":"Basudeb Bera;Sutanu Nandi;Ashok Kumar Das;Biplab Sikdar","doi":"10.1109/TIFS.2025.3531197","DOIUrl":"10.1109/TIFS.2025.3531197","url":null,"abstract":"With the increasing digitization of medical records and the interconnected nature of healthcare networks, robust security measures are vital to mitigate the risk of data breaches, cyberattacks, and unauthorized access. Existing healthcare security models, like one-time authentication (OTA), rely on complex mathematical problems such as the integer factorization problem (IFP) and discrete logarithm problem (DLP). However, advancements in quantum computing, notably Shor’s algorithm, pose a threat to the security of these systems. Once the attacker bypasses OTA, they gain permanent access and can reveal sensitive healthcare user information. Given the numerous vulnerabilities exposed in OTA systems, there is a rising demand and trend toward implementing continuous authentication systems. Current cutting-edge privacy technologies either are not feasible or entail high costs for continuous authentication systems, which necessitate periodic real-time verification. As a result, we proposed a cutting-edge novel approach to healthcare security through post-quantum continuous authentication without breaking the continuity of a session, leveraging behavioral biometrics (BB) and vector similarity search (VSS). By integrating BB, which analyzes individual behavioral patterns, with VSS, our robust lightweight quantum-secure technique ensures a heightened level of security. The proposed framework offers seamless and continuous authentication, adapting in real-time to users’ behavioral patterns. The proof of concept for VSS demonstrates the efficiency of the proposed scheme in real-time healthcare applications. Through extensive testing, analysis, and performance analysis under unknown attacks, this study demonstrates the efficacy and resilience of our approach, promising a new frontier in healthcare security. A real-time testbed experiment, along with the implementation and design of FastAPI, demonstrates the novelty of the proposed scheme.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1597-1612"},"PeriodicalIF":6.3,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142989187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the era of ubiquitous computing devices, malware is the primary weapon of cyber attacks, and malware-related security breaches remain a significant security concern. Nowadays, adversaries require fewer resources to exploit a system with the help of contemporary malicious payloads and AI tools than in the old days. Despite many advances in malware defense research, adversaries continually employ sophisticated tools and techniques to evade existing defense mechanisms and create chaos. Moreover, it is challenging to recognize these malicious binaries with shallow features such as section names, entropies, virtual sizes, and strings, which are not robust. The proposed work mainly focuses on identifying robust features that can help to detect more sophisticated (i) seen and (ii) never-seen-before malware effectively. Unlike the existing research works, $D^{2}4D$ concentrates on four types of analysis: Registry key, API function, network, and memory analysis. Above all, $D^{2}4D$ identifies the binaries that perform fast-flux attacks, DGA-based attacks, homoglyphs attacks, and other attack types. The evaluation results indicate that the $D^{2}4D$ achieves an accuracy of 99.67%, with a 0.10% False Positive Rate for seen binaries and more than 91% accuracy for never-seen-before binaries. Beyond that, $D^{2}4D$ outperforms 33 existing anti-malware. The extracted features prove robust in identifying seen and never-seen-before binaries based on the experimental analysis, comparison with the state-of-the-art models, and ablation study.
{"title":"D24D: Dynamic Deep 4-Dimensional Analysis for Malware Detection","authors":"Rama Krishna Koppanati;Monika Santra;Sateesh Kumar Peddoju","doi":"10.1109/TIFS.2025.3531230","DOIUrl":"10.1109/TIFS.2025.3531230","url":null,"abstract":"In the era of ubiquitous computing devices, malware is the primary weapon of cyber attacks, and malware-related security breaches remain a significant security concern. Nowadays, adversaries require fewer resources to exploit a system with the help of contemporary malicious payloads and AI tools than in the old days. Despite many advances in malware defense research, adversaries continually employ sophisticated tools and techniques to evade existing defense mechanisms and create chaos. Moreover, it is challenging to recognize these malicious binaries with shallow features such as section names, entropies, virtual sizes, and strings, which are not robust. The proposed work mainly focuses on identifying robust features that can help to detect more sophisticated (i) seen and (ii) never-seen-before malware effectively. Unlike the existing research works, <inline-formula> <tex-math>$D^{2}4D$ </tex-math></inline-formula> concentrates on four types of analysis: Registry key, API function, network, and memory analysis. Above all, <inline-formula> <tex-math>$D^{2}4D$ </tex-math></inline-formula> identifies the binaries that perform fast-flux attacks, DGA-based attacks, homoglyphs attacks, and other attack types. The evaluation results indicate that the <inline-formula> <tex-math>$D^{2}4D$ </tex-math></inline-formula> achieves an accuracy of 99.67%, with a 0.10% False Positive Rate for seen binaries and more than 91% accuracy for never-seen-before binaries. Beyond that, <inline-formula> <tex-math>$D^{2}4D$ </tex-math></inline-formula> outperforms 33 existing anti-malware. The extracted features prove robust in identifying seen and never-seen-before binaries based on the experimental analysis, comparison with the state-of-the-art models, and ablation study.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"2083-2095"},"PeriodicalIF":6.3,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142989043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Maximizing Uncertainty for Federated learning via Bayesian Optimisation-based Model Poisoning","authors":"Marios Aristodemou, Xiaolan Liu, Yuan Wang, Konstantinos G. Kyriakopoulos, Sangarapillai Lambotharan, Qingsong Wei","doi":"10.1109/tifs.2025.3531143","DOIUrl":"https://doi.org/10.1109/tifs.2025.3531143","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"51 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142989042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-17DOI: 10.1109/TIFS.2025.3531103
Ye Yao;Tingfeng Han;Shan Jia;Siwei Lyu
Image inpainting, the process of filling in missing areas in an image, is a common image editing technique. Inpainting can be used to conceal or alter image contents in malicious manipulation of images, driving the need for research in image inpainting detection. Most existing methods use a basic encoder-decoder structure, which often results in a high number of false positives or misses the inpainted regions, especially when dealing with targets of varying semantics and scales. Additionally, the lack of an effective approach to capture boundary artifacts leads to less accurate edge localization. In this paper, we describe a new method for inpainting detection based on a Dense Feature Interaction Network (DeFI-Net). DeFI-Net uses a novel feature pyramid architecture to capture and amplify multi-scale representations across various stages, thereby improving the detection of image inpainting by better strengthening feature-level interactions. Additionally, the network can adaptively direct the lower-level features, which carry edge and shape information, to refine the localization of manipulated regions while integrating the higher-level semantic features. Using DeFI-Net, we develop a method combining complementary representations to accurately identify inpainted areas. Evaluation on seven image inpainting datasets demonstrates the effectiveness of our approach, which achieves state-of-the-art performance in detecting inpainting across diverse models. Code and models are available at https://github.com/Boombb/DeFI-Net_Inpainting.
{"title":"Dense Feature Interaction Network for Image Inpainting Localization","authors":"Ye Yao;Tingfeng Han;Shan Jia;Siwei Lyu","doi":"10.1109/TIFS.2025.3531103","DOIUrl":"10.1109/TIFS.2025.3531103","url":null,"abstract":"Image inpainting, the process of filling in missing areas in an image, is a common image editing technique. Inpainting can be used to conceal or alter image contents in malicious manipulation of images, driving the need for research in image inpainting detection. Most existing methods use a basic encoder-decoder structure, which often results in a high number of false positives or misses the inpainted regions, especially when dealing with targets of varying semantics and scales. Additionally, the lack of an effective approach to capture boundary artifacts leads to less accurate edge localization. In this paper, we describe a new method for inpainting detection based on a Dense Feature Interaction Network (DeFI-Net). DeFI-Net uses a novel feature pyramid architecture to capture and amplify multi-scale representations across various stages, thereby improving the detection of image inpainting by better strengthening feature-level interactions. Additionally, the network can adaptively direct the lower-level features, which carry edge and shape information, to refine the localization of manipulated regions while integrating the higher-level semantic features. Using DeFI-Net, we develop a method combining complementary representations to accurately identify inpainted areas. Evaluation on seven image inpainting datasets demonstrates the effectiveness of our approach, which achieves state-of-the-art performance in detecting inpainting across diverse models. Code and models are available at <uri>https://github.com/Boombb/DeFI-Net_Inpainting</uri>.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1636-1648"},"PeriodicalIF":6.3,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142989188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-17DOI: 10.1109/TIFS.2025.3531141
Jian Chen;Zehui Lin;Wanyu Lin;Wenlong Shi;Xiaoyan Yin;Di Wang
Recently, the practical needs of “the right to be forgotten” in federated learning gave birth to a paradigm known as federated unlearning, which enables the server to forget personal data upon the client’s removal request. Existing studies on federated unlearning have primarily focused on efficiently eliminating the influence of requested data from the client’s model without retraining from scratch, however, they have rarely doubted the reliability of the global model posed by the discrepancy between its prediction performance before and after unlearning. To bridge this gap, we take the first step by introducing a novel malicious unlearning attack dubbed FedMUA, aiming to unveil potential vulnerabilities emerging from federated learning during the unlearning process. Specifically, clients may act as attackers by crafting malicious unlearning requests to manipulate the prediction behavior of the global model. The crux of FedMUA is to mislead the global model into unlearning more information associated with the influential samples for the target sample than anticipated, thus inducing adverse effects on target samples from other clients. To achieve this, we design a novel two-step method, known as Influential Sample Identification and Malicious Unlearning Generation, to identify and subsequently generate malicious feature unlearning requests within the influential samples. By doing so, we can significantly alter the predictions pertaining to the target sample by initiating the malicious feature unlearning requests, leading to the deliberate manipulation for the user adversely. Additionally, we design a new defense mechanism that is highly resilient against malicious unlearning attacks. Extensive experiments on three realistic datasets reveal that FedMUA effectively induces misclassification on target samples and can achieve an 80% attack success rate by triggering only 0.3% malicious unlearning requests.
{"title":"FedMUA: Exploring the Vulnerabilities of Federated Learning to Malicious Unlearning Attacks","authors":"Jian Chen;Zehui Lin;Wanyu Lin;Wenlong Shi;Xiaoyan Yin;Di Wang","doi":"10.1109/TIFS.2025.3531141","DOIUrl":"10.1109/TIFS.2025.3531141","url":null,"abstract":"Recently, the practical needs of “the right to be forgotten” in federated learning gave birth to a paradigm known as federated unlearning, which enables the server to forget personal data upon the client’s removal request. Existing studies on federated unlearning have primarily focused on efficiently eliminating the influence of requested data from the client’s model without retraining from scratch, however, they have rarely doubted the reliability of the global model posed by the discrepancy between its prediction performance before and after unlearning. To bridge this gap, we take the first step by introducing a novel malicious unlearning attack dubbed FedMUA, aiming to unveil potential vulnerabilities emerging from federated learning during the unlearning process. Specifically, clients may act as attackers by crafting malicious unlearning requests to manipulate the prediction behavior of the global model. The crux of FedMUA is to mislead the global model into unlearning more information associated with the influential samples for the target sample than anticipated, thus inducing adverse effects on target samples from other clients. To achieve this, we design a novel two-step method, known as Influential Sample Identification and Malicious Unlearning Generation, to identify and subsequently generate malicious feature unlearning requests within the influential samples. By doing so, we can significantly alter the predictions pertaining to the target sample by initiating the malicious feature unlearning requests, leading to the deliberate manipulation for the user adversely. Additionally, we design a new defense mechanism that is highly resilient against malicious unlearning attacks. Extensive experiments on three realistic datasets reveal that FedMUA effectively induces misclassification on target samples and can achieve an 80% attack success rate by triggering only 0.3% malicious unlearning requests.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1665-1678"},"PeriodicalIF":6.3,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142989595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-01-16DOI: 10.1109/TIFS.2025.3530703
Xinyue Zhang;Jiahuan Zhou;Luxin Yan;Sheng Zhong;Xu Zou
Due to the high similarity between hidden objects and the surrounding background, camouflaged object detection (COD) remains a challenge. While many recently proposed methods have shown remarkable performance, most of them begin object perception by indiscriminately considering every pixel of the image. However, these early-stage region-insensitive perception methods still struggle to resist background interference, potentially missing subtle pixel changes by not prioritizing potential camouflaged areas initially. Fortunately, we reveal that the availability of an accurate mutation map can significantly enhance camouflaged discrimination ability. To this end, we propose MRNet (Mutation Region Network). MRNet initially generates a mutation map that identifies potential mutation regions exhibiting subtle pixel changes. The generation method involves amplifying and differing pixel changes based on the position and corresponding values of pixels. Subsequently, the selective expansion search operation utilizes the mutation map to extract the mapped graph, effectively reducing interference from background pixels that are distant from the mutation regions. Finally, decoding the mapped graph generates precise masks. Furthermore, we have created the largest test dataset with known categories to advance community research. Extensive experiments conducted on three widely used datasets and our proposed dataset show that MRNet surpasses other methods with superior performance. Source code is publicly available at https://github.com/XinyueZhangHust/MRNet
{"title":"Hunt Camouflaged Objects via Revealing Mutation Regions","authors":"Xinyue Zhang;Jiahuan Zhou;Luxin Yan;Sheng Zhong;Xu Zou","doi":"10.1109/TIFS.2025.3530703","DOIUrl":"10.1109/TIFS.2025.3530703","url":null,"abstract":"Due to the high similarity between hidden objects and the surrounding background, camouflaged object detection (COD) remains a challenge. While many recently proposed methods have shown remarkable performance, most of them begin object perception by indiscriminately considering every pixel of the image. However, these early-stage region-insensitive perception methods still struggle to resist background interference, potentially missing subtle pixel changes by not prioritizing potential camouflaged areas initially. Fortunately, we reveal that the availability of an accurate mutation map can significantly enhance camouflaged discrimination ability. To this end, we propose MRNet (Mutation Region Network). MRNet initially generates a mutation map that identifies potential mutation regions exhibiting subtle pixel changes. The generation method involves amplifying and differing pixel changes based on the position and corresponding values of pixels. Subsequently, the selective expansion search operation utilizes the mutation map to extract the mapped graph, effectively reducing interference from background pixels that are distant from the mutation regions. Finally, decoding the mapped graph generates precise masks. Furthermore, we have created the largest test dataset with known categories to advance community research. Extensive experiments conducted on three widely used datasets and our proposed dataset show that MRNet surpasses other methods with superior performance. Source code is publicly available at <uri>https://github.com/XinyueZhangHust/MRNet</uri>","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1836-1851"},"PeriodicalIF":6.3,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142987546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: