{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T15:51:34Z","timestamp":1774540294811,"version":"3.50.1"},"reference-count":81,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2025,8,1]],"date-time":"2025-08-01T00:00:00Z","timestamp":1754006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,8,1]],"date-time":"2025-08-01T00:00:00Z","timestamp":1754006400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,8,1]],"date-time":"2025-08-01T00:00:00Z","timestamp":1754006400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100005153","name":"China National Funds for Distinguished Young Scientists","doi-asserted-by":"publisher","award":["62425201"],"award-info":[{"award-number":["62425201"]}],"id":[{"id":"10.13039\/501100005153","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62132011"],"award-info":[{"award-number":["62132011"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U22B2031"],"award-info":[{"award-number":["U22B2031"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"Science Fund for Creative Research Groups of the National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62221003"],"award-info":[{"award-number":["62221003"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Netw."],"published-print":{"date-parts":[[2025,8]]},"DOI":"10.1109\/ton.2025.3546735","type":"journal-article","created":{"date-parts":[[2025,3,24]],"date-time":"2025-03-24T14:01:19Z","timestamp":1742824879000},"page":"1630-1645","source":"Crossref","is-referenced-by-count":2,"title":["<i>\u201cOne Model Fits All Nodes\u201d<\/i>: Neuron Activation Pattern Analysis-Based Attack Traffic Detection Framework for P2P Networks"],"prefix":"10.1109","volume":"33","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-6437-9551","authenticated-orcid":false,"given":"Songsong","family":"Xu","sequence":"first","affiliation":[{"name":"Department of Computer Science and Technology, Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chuanpu","family":"Fu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology, Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8776-8730","authenticated-orcid":false,"given":"Qi","family":"Li","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2587-8517","authenticated-orcid":false,"given":"Ke","family":"Xu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology, Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","first-page":"2783","article-title":"99% false positives: A qualitative study of SOC analysts\u2019 perspectives on security alarms","volume-title":"Proc. 31st USENIX Secur. Symp. (USENIX Secur.)","author":"Alahmadi"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.29"},{"key":"ref3","first-page":"3971","article-title":"Dos and don\u2019ts of machine learning in computer security","volume-title":"Proc. 31st USENIX Secur. Symp. (USENIX Secur.)","author":"Arp"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24347"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24067"},{"key":"ref6","first-page":"807","article-title":"Optimized invariant representation of network traffic for detecting unseen malware variants","volume-title":"Proc. 25th USENIX Secur. Symp.","author":"Bartos"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354230"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420969"},{"key":"ref9","volume-title":"A Peer-to-Peer Electronic Cash System","year":"2022"},{"key":"ref10","first-page":"209","article-title":"Off-path TCP exploits: Global rate limit considered dangerous","volume-title":"Proc. 25th USENIX Secur. Symp. (USENIX Secur.)","author":"Cao"},{"key":"ref11","volume-title":"CIC, FlowMeter: A Network Traffic Flow Generator and Analyser","year":"2022"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179464"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1810.04805"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560604"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363226"},{"key":"ref17","first-page":"605","article-title":"ZMap: Fast internet-wide scanning and its security applications","volume-title":"Proc. 22nd USENIX Secur. Symp. (USENIX Secur.)","author":"Durumeric"},{"key":"ref18","first-page":"65","article-title":"An internet-wide view of internet-wide scanning","volume-title":"Proc. 23rd USENIX Conf. Secur. Symp.","author":"Durumeric"},{"key":"ref19","volume-title":"Ethereum: A Secure Decentralised Generalised Transaction Ledger","year":"2022"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3152937"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417884"},{"key":"ref22","first-page":"2619","article-title":"Off-path network traffic manipulation via revitalized ICMP redirect attacks","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Feng"},{"key":"ref23","first-page":"1126","article-title":"Model-agnostic meta-learning for fast adaptation of deep networks","volume-title":"Proc. 34th Int. Conf. Mach. Learn.","volume":"70","author":"Finn"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484585"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23080"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2022.3195871"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616631"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417277"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484747"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484589"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/j.pneurobio.2012.07.004"},{"key":"ref33","first-page":"129","article-title":"Eclipse attacks on Bitcoin\u2019s peer-to-peer network","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Heilman"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24465"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484758"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560609"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00079"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516719"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131383"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.19"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/ICBC51069.2021.9461119"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2022.3173598"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV51070.2023.00371"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354239"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355590"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/863955.863966"},{"key":"ref48","first-page":"1","article-title":"Online hyperparameter meta-learning with hypergradient distillation","volume-title":"Proc. ICLR","author":"Lee"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363224"},{"key":"ref50","first-page":"3829","article-title":"Jaqen: A high-performance switch-native approach for detecting and mitigating volumetric DDoS attacks with programmable switches","volume-title":"Proc. USENIX Secur. Symp.","author":"Liu"},{"key":"ref51","first-page":"1","article-title":"On a new class of pulsing denial-of-service attacks and the defense","volume-title":"Proc. NDSS","author":"Luo"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3486219"},{"key":"ref53","first-page":"1029","article-title":"Scalable scanning and automatic classification of TLS padding Oracle vulnerabilities","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Merget"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23204"},{"key":"ref55","first-page":"1025","article-title":"WebWitness: Investigating, categorizing, and mitigating malware download paths","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Nelms"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1038\/nm.4433"},{"key":"ref57","first-page":"1341","article-title":"Platforms in everything: Analyzing ground-truth data on the anatomy and economics of bullet-proof hosting","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur.)","author":"Noroozian"},{"key":"ref58","first-page":"2039","article-title":"Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale","volume-title":"Proc. 29th USENIX Security Symp.","author":"Oest"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/3485983.3494861"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355595"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23105"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484568"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/3555050.3569129"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24301"},{"key":"ref65","first-page":"513","article-title":"Re-architecting traffic analysis with neural network interface cards","volume-title":"Proc. 19th USENIX Symp. Netw. Syst. Design Implement. (NSDI)","author":"Siracusano"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM41043.2020.9155278"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/2413176.2413217"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24208"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00027"},{"key":"ref71","first-page":"1253","article-title":"On the routing-aware peering against network-eclipse attacks in Bitcoin","volume-title":"Proc. Secur. USENIX","author":"Tran"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485385"},{"key":"ref73","first-page":"4337","article-title":"Xnids: Explaining deep learning-based network intrusion detection systems for active intrusion responses","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur.)","author":"Wei"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/3544216.3544268"},{"key":"ref75","volume-title":"Ethereum Eclipse Attacks","author":"W\u00fcst","year":"2022"},{"key":"ref76","first-page":"2039","article-title":"NetWarden: Mitigating network covert channels while preserving performance","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur.)","author":"Xing"},{"key":"ref77","first-page":"2327","article-title":"CADE: Detecting and explaining concept drift samples for security applications","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Yang"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24007"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2805600"},{"key":"ref80","first-page":"6203","article-title":"NetBeacon: An efficient design of intelligent network data plane","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur.)","author":"Zhou"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/3386367.3431311"}],"container-title":["IEEE Transactions on Networking"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10723154\/11131549\/10937110.pdf?arnumber=10937110","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T00:52:11Z","timestamp":1755910331000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10937110\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8]]},"references-count":81,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/ton.2025.3546735","relation":{},"ISSN":["2998-4157"],"issn-type":[{"value":"2998-4157","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8]]}}}