{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T16:13:48Z","timestamp":1774628028544,"version":"3.50.1"},"reference-count":90,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100023530","name":"U.S. Army Contracting Command-Aberdeen Proving Ground","doi-asserted-by":"crossref","award":["W911NF-18-C0019"],"award-info":[{"award-number":["W911NF-18-C0019"]}],"id":[{"id":"10.13039\/100023530","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"crossref","award":["W911NF-21-10322"],"award-info":[{"award-number":["W911NF-21-10322"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100019923","name":"U.S. Army Combat Capabilities Development Command Army Research Laboratory","doi-asserted-by":"crossref","award":["W911NF-13-2-0045"],"award-info":[{"award-number":["W911NF-13-2-0045"]}],"id":[{"id":"10.13039\/100019923","id-type":"DOI","asserted-by":"crossref"}]},{"name":"NSF","award":["CNS-1717634"],"award-info":[{"award-number":["CNS-1717634"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3614442","type":"journal-article","created":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T17:52:23Z","timestamp":1759168343000},"page":"10434-10448","source":"Crossref","is-referenced-by-count":4,"title":["CELEST: Federated Learning for Globally Coordinated Threat Detection"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9861-389X","authenticated-orcid":false,"given":"Talha","family":"Ongun","sequence":"first","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-3411-8912","authenticated-orcid":false,"given":"Simona","family":"Boboila","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4979-5292","authenticated-orcid":false,"given":"Alina","family":"Oprea","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"given":"Tina","family":"Eliassi-Rad","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"given":"Jason","family":"Hiser","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5883-8274","authenticated-orcid":false,"given":"Jack","family":"Davidson","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"What You Need to Know About the WannaCry Ransomware","year":"2017"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2584679"},{"key":"ref5","first-page":"3721","article-title":"Compromised or attacker-owned: A large scale classification and study of hosting domains of malicious URLs","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Silva"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46298-1_30"},{"key":"ref8","first-page":"807","article-title":"Optimized invariant representation of network traffic for detecting unseen malware variants","volume-title":"Proc. 25th USENIX Secur. Symp.","author":"Bartos"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134605"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.50"},{"key":"ref11","first-page":"589","article-title":"ExecScent: Mining for new C&C domains in live networks with adaptive control protocol templates","volume-title":"Proc. 22nd USENIX Secur. Symp.","author":"Nelms"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274710"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.14"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-150"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2994539.2994542"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23153"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2017.20"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.09.001"},{"key":"ref19","first-page":"2938","article-title":"How to backdoor federated learning","volume-title":"Proc. Int. Conf. Artif. Intell. Statist.","author":"Bagdasaryan"},{"key":"ref20","article-title":"Can you really backdoor federated learning?","author":"Sun","year":"2019","journal-title":"arXiv:1911.07963"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/s11704-021-1067-4"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24498"},{"key":"ref23","first-page":"16070","article-title":"Attack of the tails: Yes, you really can backdoor federated learning","volume-title":"Proc. Adv. Neural Inf. Process. Syst. (NeurIPS)","author":"Wang"},{"key":"ref24","volume-title":"Data Exfiltration Techniques","year":"2025"},{"key":"ref25","volume-title":"New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices","author":"Remillano","year":"2019"},{"key":"ref26","volume-title":"HTTP Status Codes Command This Malware How to Control Hacked Systems"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2382590"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/EDCC.2019.00025"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3341105.3373862"},{"key":"ref30","first-page":"26","article-title":"Behavioral clustering of HTTP-based malware and signature generation using malicious network traces","volume-title":"Proc. 7th USENIX Symp. Networked Syst. Design Implement. (NSDI)","author":"Perdisci"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1561\/2200000083"},{"key":"ref33","first-page":"1273","article-title":"Communication-efficient learning of deep networks from decentralized data","volume-title":"Proc. 20th Int. Conf. Artif. Intell. Statist.","volume":"54","author":"McMahan"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.3126\/jiee.v3i1.34327"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1162\/tacl_a_00051"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/1866423.1866434"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS47774.2020.00171"},{"key":"ref38","article-title":"EXpose: A character-level convolutional neural network with embeddings for detecting malicious URLs, file paths and registry keys","author":"Saxe","year":"2017","journal-title":"arXiv:1702.08568"},{"key":"ref39","article-title":"URLNet: Learning a URL representation with deep learning for malicious URL detection","author":"Le","year":"2018","journal-title":"arXiv:1802.03162"},{"key":"ref40","article-title":"Federated Word2 Vec: Leveraging federated learning to encourage collaborative representation learning","author":"Garcia Bernal","year":"2021","journal-title":"arXiv:2105.00831"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/s12530-012-9060-7"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4471-2099-5_1"},{"key":"ref43","first-page":"441","article-title":"Toward optimal active learning through sampling estimation of error reduction","volume-title":"Proc. 18th Int. Conf. Mach. Learn. (ICML)","author":"Roy"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1613\/jair.295"},{"key":"ref45","article-title":"Aladin: Active learning of anomalies to detect intrusions","author":"Stokes","year":"2008"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2013.2292894"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3492546"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2008.17"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/335191.335388"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1162\/089976601750264965"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2733381"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"ref53","first-page":"118","article-title":"Machine learning with adversaries: Byzantine tolerant gradient descent","volume-title":"Proc. Adv. Neural Inf. Process. Syst. (NeurIPS)","volume":"30","author":"Blanchard"},{"key":"ref54","first-page":"3521","article-title":"The hidden vulnerability of distributed learning in byzantium","volume-title":"Proc. 35th Int. Conf. Mach. Learn. (ICML)","author":"Mhamdi"},{"key":"ref55","first-page":"5650","article-title":"Byzantine-robust distributed learning: Towards optimal statistical rates","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Yin"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23156"},{"key":"ref57","first-page":"1415","article-title":"FLAME: Taming backdoors in federated learning","volume-title":"Proc. 31st USENIX Security Symp. (USENIX Security)"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24434"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23386"},{"key":"ref60","article-title":"The circle of life: A large-scale study of the IoT malware lifecycle","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Security)","author":"Alrawi"},{"key":"ref61","volume-title":"Keras","year":"2015"},{"key":"ref62","volume-title":"TensorFlow Federated: Machine Learning on Decentralized Data","year":"2019"},{"key":"ref63","first-page":"45","article-title":"Software framework for topic modelling with large corpora","volume-title":"Proc. LREC Workshop New Challenges NLP Frameworks","author":"\u0158eh\u00e5\u0159ek"},{"key":"ref64","first-page":"634","article-title":"Analyzing federated learning through an adversarial lens","volume-title":"Proc. 36th Int. Conf. Mach. Learn.","author":"Bhagoji"},{"key":"ref65","volume-title":"CosmicDuke Malware Analysis Report"},{"key":"ref66","volume-title":"ThinkPHP Vulnerability Abused By Botnets Hakai and Yowai","author":"Remillano","year":"2019"},{"key":"ref67","volume-title":"New Wave of Attacks Attempting to Exploit Huawei Home Routers"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-86486-6_47"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC49033.2022.9700624"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/DSN-W52860.2021.00034"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2988575"},{"key":"ref72","volume-title":"Nearly Half of Malware Now Use TLS to Conceal Communications"},{"key":"ref73","volume-title":"Understanding the Prevalence of Web Traffic Interception","author":"Bursztein","year":"2017"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"ref75","article-title":"DBA: Distributed backdoor attacks against federated learning","volume-title":"Proc. 8th Int. Conf. Learn. Represent. (ICLR)","author":"Xie"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2025.240603"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-16354-3_77"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/BDCloud.2018.00050"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.25"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2891588"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/3191329"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2021-0062"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2019.00080"},{"key":"ref85","first-page":"1","article-title":"Attack detection using federated learning in medical cyber-physical systems","volume-title":"Proc. Int. Conf. Comput. Commun. Netw. (ICCCN)","author":"Thamilarasu"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/TPS-ISA48467.2019.00020"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1145\/3368926.3369705"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.23233"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.24620"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179362"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11184229.pdf?arnumber=11184229","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:52:43Z","timestamp":1760032363000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11184229\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":90,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3614442","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}