{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T21:28:06Z","timestamp":1771018086758,"version":"3.50.1"},"reference-count":60,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Project of Cloud Information Security Protection Technology","award":["E4GZ030302"],"award-info":[{"award-number":["E4GZ030302"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/tifs.2026.3659398","type":"journal-article","created":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T21:22:27Z","timestamp":1769721747000},"page":"1957-1972","source":"Crossref","is-referenced-by-count":0,"title":["DriftTrace: Combating Concept Drift in Security Applications Through Detection and Explanation"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-3977-106X","authenticated-orcid":false,"given":"Yuedong","family":"Pan","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0566-791X","authenticated-orcid":false,"given":"Lixin","family":"Zhao","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-2705-3826","authenticated-orcid":false,"given":"Tao","family":"Leng","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhexi","family":"Luo","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Sun Yat-sen University, Guangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1710-8881","authenticated-orcid":false,"given":"Lijun","family":"Cai","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5521-4757","authenticated-orcid":false,"given":"Aimin","family":"Yu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dan","family":"Meng","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Deep learning for anomaly detection: A survey","author":"Chalapathy","year":"2019","journal-title":"arXiv:1901.03407"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3336191.3371876"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23204"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM41043.2020.9155278"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/658"},{"key":"ref7","first-page":"257","article-title":"Detecting lateral movement in enterprise computer networks with unsupervised graph AI","volume-title":"Proc. 23rd Int. Symp. Res. Attacks","author":"Bowman"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3208815"},{"key":"ref9","article-title":"EMBER: An open dataset for training static PE malware machine learning models","author":"Anderson","year":"2018","journal-title":"arXiv:1804.04637"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3026018"},{"key":"ref11","first-page":"2343","article-title":"On training robust PDF malware classifiers","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Chen"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2015.103"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2523813"},{"key":"ref15","first-page":"3971","article-title":"Dos and don\u2019ts of machine learning in computer security","volume-title":"Proc. 31th USENIX Secur. Symp.","author":"Arp"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/2517312.2517320"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.25"},{"key":"ref18","first-page":"729","article-title":"TESSERACT: Eliminating experimental bias in malware classification across space and time","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Pendlebury"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00079"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3053371"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3534678.3539145"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2991876"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3055425"},{"key":"ref24","first-page":"2327","article-title":"CADE: Detecting and explaining concept drift samples for security applications","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Yang"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24830"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623609"},{"key":"ref27","first-page":"8","article-title":"An information-theoretic approach to detecting changes in multi-dimensional data streams","volume-title":"Proc. Symp. Interface Statist.","volume":"7","author":"Dasu"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2016.7727176"},{"key":"ref29","article-title":"A baseline for detecting misclassified and out-of-distribution examples in neural networks","author":"Hendrycks","year":"2016","journal-title":"arXiv:1610.02136"},{"key":"ref30","first-page":"1","article-title":"Explaining and harnessing adversarial examples","volume-title":"Proc. 3rd Int. Conf. Learn. Represent.","author":"Goodfellow"},{"key":"ref31","first-page":"5546","article-title":"To trust or not to trust A classifier","volume-title":"Proc. Annu. Conf. Neural Inf. Process. Systems. (NeurIPS)","author":"Jiang"},{"key":"ref32","first-page":"625","article-title":"Transcend: Detecting concept drift in malware classification models","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur.)","author":"Jordaney"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833659"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1002\/sam.11161"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2006.100"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243792"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2016.2526675"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v36i4.20327"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23247"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00094"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.5220\/0006639801080116"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1016\/j.artint.2015.09.009"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2016.0040"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-014-5450-3"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1613\/jair.953"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v38i18.29960"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1126\/science.1127647"},{"key":"ref48","first-page":"9734","article-title":"A benchmark for interpretability methods in deep neural networks","volume-title":"Proc. Annu. Conf. Neural Inf. Process. Systems. (NeurIPS)","author":"Hooker"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/N16-3020"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.11.001"},{"key":"ref51","first-page":"8026","article-title":"PyTorch: An imperative style, high-performance deep learning library","volume-title":"Proc. Annu. Conf. Neural Inf. Process. Systems. (NeurIPS)","author":"Paszke"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/1541880.1541882"},{"key":"ref53","article-title":"An overview of gradient descent optimization algorithms","author":"Ruder","year":"2016","journal-title":"arXiv:1609.04747"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2018\/341"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_12"},{"key":"ref56","volume-title":"Security Alert: New Droidkungfu Variant","author":"Jiang","year":"2011"},{"issue":"11","key":"ref57","first-page":"2579","article-title":"Visualizing data using t-SNE","volume":"9","author":"Maaten","year":"2008","journal-title":"J. Mach. Learn. Res."},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.57"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104122"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/11313711\/11367729.pdf?arnumber=11367729","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T20:48:46Z","timestamp":1771015726000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11367729\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":60,"URL":"https:\/\/doi.org\/10.1109\/tifs.2026.3659398","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}