Seong-Su Yoon, Dong-Hyuk Shin, Ieck-Chae Euom^*

CMES-Computer Modeling in Engineering & Sciences, Vol.145, No.2, pp. 2683-2706, 2025, DOI:10.32604/cmes.2025.071577 - 26 November 2025

Abstract With the continuous expansion of digital infrastructures, malicious behaviors in host systems have become increasingly sophisticated, often spanning multiple processes and employing obfuscation techniques to evade detection. Audit logs, such as Sysmon, offer valuable insights; however, existing approaches typically flatten event sequences or rely on generic graph models, thereby discarding the natural parent-child process hierarchy that is critical for analyzing multiprocess attacks. This paper proposes a structure-aware threat detection framework that transforms audit logs into a unified two-dimensional (2D) spatio-temporal representation, where process hierarchy is modeled as the spatial axis and event chronology as the More >

Yang Liu^1,2,*, Zhiyuan Lin¹, Yuxi Zhang¹, Lin Jiang^1,*, Xuan Wang^1,3

CMES-Computer Modeling in Engineering & Sciences, Vol.138, No.2, pp. 1713-1729, 2024, DOI:10.32604/cmes.2023.030468 - 17 November 2023

Abstract Ethereum, currently the most widely utilized smart contracts platform, anchors the security of myriad smart contracts upon its own robustness. Its foundational peer-to-peer network facilitates a dependable node connection mechanism, whereas an efficient data-sharing protocol constitutes as the bedrock of Blockchain network security. In this paper, we propose NodeHunter, an Ethereum network detector implemented through the application of simulation technology, which is capable of aggregating all node records within the network and the interconnectedness between them. Utilizing this connection information, NodeHunter can procure more comprehensive insights for network status analysis compared to preceding detection methodologies. More >

Ouyang Liu, Kun Li^*, Ziwei Yin, Deyun Gao, Huachun Zhou

Intelligent Automation & Soft Computing, Vol.37, No.3, pp. 2955-2977, 2023, DOI:10.32604/iasc.2023.039995 - 11 September 2023

Abstract Due to the many types of distributed denial-of-service attacks (DDoS) attacks and the large amount of data generated, it becomes a challenge to manage and apply the malicious behavior knowledge generated by DDoS attacks. We propose a malicious behavior knowledge base framework for DDoS attacks, which completes the construction and application of a multi-domain malicious behavior knowledge base. First, we collected malicious behavior traffic generated by five mainstream DDoS attacks. At the same time, we completed the knowledge collection mechanism through data pre-processing and dataset design. Then, we designed a malicious behavior category graph and… More >