{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T02:37:23Z","timestamp":1768963043125,"version":"3.49.0"},"reference-count":35,"publisher":"Association for Computing Machinery (ACM)","issue":"1","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2026,1,31]]},"abstract":"\n Cross-domain communication systems are important in multiple areas such as smart factories and automatic driving. Derived from real-life scenarios, each domain has a local network and accesses the public network via a central server, which makes it easy to manage the local network and protect entities in the domain. Based on this, a cross-domain communication system follows the \u201c\n device-server-server-device<\/jats:italic>\n \u201d pattern. For each communication session, there are two steps: authentication and communication. The authentication phase helps two parties to build a secure communication channel. If the server is compromised, the authentication request can be sent to the attacker and then the attacker can impersonate the original receiver. As a result, it is necessary to effectively solve this server-compromise case. Further, anomaly detection is required to monitor the behaviors of entities in domains. Current deep learning solutions deploy autoencoder-based models to reconstruct input data and then detect anomalies. However, they feed raw input data into the models, which makes it hard to reconstruct evolving data streams.\n <\/jats:p>\n In this work, we focus on the detection of compromised entities for cross-domain communication systems. Specifically, we split the problem into two parts: the server-compromise case in the authentication phase and anomaly detection for the whole system. Toward the server-compromise case, we propose a blockchain-based \u201cdouble verification\u201d scheme to prevent the server from making decisions on its own. Specifically, nodes in the blockchain network evaluate submitted records using the public key infrastructure. Meanwhile, the distributed nature of blockchain allows us to deploy more machines as verifiers to monitor the behavior of servers. For anomaly detection, we propose to feed the degree of change of items instead of raw item values into deep learning models, which is more adaptive to evolving data streams. We propose to use the linear combination of historical data and recent data to compute the degree of change. Finally, we analyze the security properties of the proposed system and evaluate the proposed anomaly detection method using real datasets. We build a simple cross-domain communication system using the Fabric framework to simulate the \u201cdouble verification\u201d scheme and the proposed anomaly detection method achieves around 0.11 accuracy improvement on average.<\/jats:p>","DOI":"10.1145\/3748819","type":"journal-article","created":{"date-parts":[[2025,7,17]],"date-time":"2025-07-17T14:29:49Z","timestamp":1752762589000},"page":"1-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Detection of Compromised Entities in Cross-Domain Communication Systems"],"prefix":"10.1145","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6875-5691","authenticated-orcid":false,"given":"Shiqing","family":"Li","sequence":"first","affiliation":[{"name":"Illinois Advanced Research Center at Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4436-9200","authenticated-orcid":false,"given":"Utku","family":"Tefek","sequence":"additional","affiliation":[{"name":"Illinois Advanced Research Center at Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3290-2514","authenticated-orcid":false,"given":"Ertem","family":"Esiner","sequence":"additional","affiliation":[{"name":"Illinois Advanced Research Center at Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6040-6865","authenticated-orcid":false,"given":"Zbigniew","family":"Kalbarczyk","sequence":"additional","affiliation":[{"name":"University of Illinois Urbana-Champaign, Urbana, Illinois, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3016-0270","authenticated-orcid":false,"given":"Deming","family":"Chen","sequence":"additional","affiliation":[{"name":"University of Illinois Urbana-Champaign, Urbana, Illinois, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,1,20]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"publisher","DOI":"10.3389\/fcomp.2021.563060"},{"key":"e_1_3_3_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/3190508.3190538"},{"key":"e_1_3_3_4_2","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450023"},{"key":"e_1_3_3_5_2","first-page":"22","article-title":"Ethereum white paper","volume":"1","author":"Buterin Vitalik","year":"2013","unstructured":"Vitalik Buterin. 2013. Ethereum white paper. GitHub Repository 1, (2013), 22\u201323.","journal-title":"GitHub Repository"},{"key":"e_1_3_3_6_2","first-page":"173","article-title":"Practical byzantine fault tolerance","volume":"99","author":"Castro Miguel","year":"1999","unstructured":"Miguel Castro and Barbara Liskov. 1999. Practical byzantine fault tolerance. In Proceedings of the 3rd Symposium on Operating Systems Design And Implementation, Vol. 99, 173\u2013186.","journal-title":"Proceedings of the 3rd Symposium on Operating Systems Design And Implementation"},{"key":"e_1_3_3_7_2","unstructured":"China Everbright Bank. 2024. Blockchain Forfaiting Transaction Platform. Retrieved August 29 2024 from http:\/\/www.cebbank.com\/site\/ceb_homepage33\/corporate_banking1\/trade_finance47\/146085353\/index.html"},{"key":"e_1_3_3_8_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-15-6198-6_20"},{"key":"e_1_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2014.2345382"},{"key":"e_1_3_3_10_2","unstructured":"GE. 2024. Brilliant Manufacturing from GE Digital. Retrieved August 29 2024 from https:\/\/www.ge.com\/digital\/sites\/default\/files\/download_assets\/Brilliant-Manufacturing-Solutions-for-Conveyor-and-Assembly-Operations.pdf"},{"key":"e_1_3_3_11_2","first-page":"2712","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Guha Sudipto","year":"2016","unstructured":"Sudipto Guha, Nina Mishra, Gourav Roy, and Okke Schrijvers. 2016. Robust random cut forest based anomaly detection on streams. In Proceedings of the International Conference on Machine Learning. PMLR, 2712\u20132721."},{"key":"e_1_3_3_12_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Kim Ki Hyun","year":"2019","unstructured":"Ki Hyun Kim, Sangwoo Shim, Yongsub Lim, Jongseob Jeon, Jeongwoo Choi, Byungchan Kim, and Andre S. Yoon. 2019. Rapp: Novelty detection with reconstruction along projection pathway. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_3_13_2","first-page":"392","volume-title":"Proceedings of the International Conference on Very Large Data Bases","author":"Knox Edwin M.","year":"1998","unstructured":"Edwin M. Knox and Raymond T. Ng. 1998. Algorithms for mining distancebased outliers in large datasets. In Proceedings of the International Conference on Very Large Data Bases. Citeseer, 392\u2013403."},{"key":"e_1_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.1023\/A:1008354106356"},{"key":"e_1_3_3_15_2","unstructured":"Chieh-Hsin Lai Dongmian Zou and Gilad Lerman. 2019. Robust subspace recovery layer for unsupervised anomaly detection. arXiv:1904.00152. Retrieved from https:\/\/arxiv.org\/abs\/1904.00152"},{"key":"e_1_3_3_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2016.0040"},{"issue":"12","key":"e_1_3_3_17_2","first-page":"2346","article-title":"Learning under concept drift: A review","volume":"31","author":"Lu Jie","year":"2018","unstructured":"Jie Lu, Anjin Liu, Fan Dong, Feng Gu, Joao Gama, and Guangquan Zhang. 2018. Learning under concept drift: A review. IEEE Transactions on Knowledge and Data Engineering 31, 12, (2018), 2346\u20132363.","journal-title":"IEEE Transactions on Knowledge and Data Engineering"},{"key":"e_1_3_3_18_2","unstructured":"Pankaj Malhotra Anusha Ramakrishnan Gaurangi Anand Lovekesh Vig Puneet Agarwal and Gautam Shroff. 2016. LSTM-based encoder-decoder for multi-sensor anomaly detection. arXiv:1607.00148. Retrieved from https:\/\/arxiv.org\/abs\/1607.00148"},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"e_1_3_3_20_2","doi-asserted-by":"publisher","DOI":"10.1145\/3219819.3220022"},{"key":"e_1_3_3_21_2","unstructured":"Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. Retrieved from https:\/\/bitcoin.org\/"},{"key":"e_1_3_3_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/3219819.3220042"},{"key":"e_1_3_3_23_2","doi-asserted-by":"publisher","DOI":"10.5555\/3024719.3024758"},{"key":"e_1_3_3_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2021.3089462"},{"key":"e_1_3_3_25_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10618-020-00698-5"},{"key":"e_1_3_3_26_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.snb.2012.01.074"},{"key":"e_1_3_3_27_2","article-title":"Blockchain-based lightweight message authentication for edge-assisted cross-domain industrial internet of things","author":"Wang Fengqun","year":"2024","unstructured":"Fengqun Wang, Jie Cui, Qingyang Zhang, Debiao He, Chengjie Gu, and Hong Zhong. 2024. Blockchain-based lightweight message authentication for edge-assisted cross-domain industrial internet of things. IEEE Transactions on Dependable and Secure Computing 21, 4 (Jul.\u2013Aug. 2024), 1587\u20131604.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_3_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3372806"},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2022.3180357"},{"key":"e_1_3_3_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2022.3146929"},{"key":"e_1_3_3_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3107443"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/3394486.3403171"},{"key":"e_1_3_3_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/3534678.3539348"},{"key":"e_1_3_3_34_2","first-page":"1100","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Zhai Shuangfei","year":"2016","unstructured":"Shuangfei Zhai, Yu Cheng, Weining Lu, and Zhongfei Zhang. 2016. Deep structured energy based models for anomaly detection. In Proceedings of the International Conference on Machine Learning. PMLR, 1100\u20131109."},{"key":"e_1_3_3_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2022.3176192"},{"key":"e_1_3_3_36_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Zong Bo","year":"2018","unstructured":"Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Daeki Cho, and Haifeng Chen. 2018. Deep autoencoding Gaussian mixture model for unsupervised anomaly detection. In Proceedings of the International Conference on Learning Representations."}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3748819","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T13:47:24Z","timestamp":1768916844000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3748819"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,20]]},"references-count":35,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,1,31]]}},"alternative-id":["10.1145\/3748819"],"URL":"https:\/\/doi.org\/10.1145\/3748819","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"value":"2378-962X","type":"print"},{"value":"2378-9638","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,20]]},"assertion":[{"value":"2024-10-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-07-08","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-01-20","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}