BattleTag/JANUS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: code, paper, small artifacts

Browse Source
This commit is contained in:
BattleTag
2026-05-07 20:47:30 +08:00
commit fae2db8cff
322 changed files with 33159 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

293
paper/references.bib Normal file
View File

@@ -0,0 +1,293 @@
% =============================================================================
% JANUS — Verified BibTeX for intro.md
% Cite-key spelling matches the keys used in paper/intro.md.
% Each entry includes a `url` field linking to the canonical source page so the
% reference can be re-checked without re-searching.
%
% IMPORTANT NOTES (please review before submitting):
%
% * Trend2024: The Trend Micro 2024 "World Tour Survey" reports 51% of
% SOC teams feel overwhelmed by alert volume but does NOT
% state ">90% / 99%" false-positive rates. The 99% figure
% traces to Alahmadi et al., USENIX Security 2022, which
% is included below as @Alahmadi2022. Consider citing
% [Alahmadi2022; Trend2024] together, or replacing.
%
% * ACM-CSur-2024: Tariq et al. is published in ACM Computing Surveys
% Vol. 57(9), April 2025 — not 2024. The cite key is
% preserved per intro.md, but @year is 2025.
%
% * Shafir2026: Venue is IEEE/ACM Transactions on Networking (ToN),
% not IEEE TNSM. Verified via DOI 10.1109/TON.2025.3617580.
%
% * NFAD2021: Kirichenko et al. is NeurIPS 2020 (arXiv 2006.08545),
% not 2021. Cite key preserved per intro.md.
%
% * AE-Unreliable-2025: Bouman & Heskes was *withdrawn* from ICLR 2025;
% cited here as an arXiv preprint (2501.13864).
%
% * NeurIPS24-Reconstruction: The closest NeurIPS 2024 paper on the
% reconstruction-AD identity-mapping limitation is Kim
% et al., "Rethinking Reconstruction-based Graph-Level
% Anomaly Detection". It is graph-level, not generic
% image/tabular. Verify the citation matches your intent.
%
% * Tand2025: Best match for a Taylor & Francis 2025 cross-dataset
% NIDS paper is Connection Science 2025 (HDSE-IDS).
% The "0.100.30 AUROC drop" framing in intro.md is
% primarily supported by Cross2402.10974, not by
% Tand2025 directly.
%
% * rFM2025: arXiv 2508.05461's actual title is "Time-reversed Flow
% Matching with Worst Transport in High-dimensional Latent
% Space for Image Anomaly Detection". Earlier survey
% notes called it "How and Why: Taming Flow Matching..."
% — that title is incorrect. Updated below.
% =============================================================================
% --- Operational pain points (FP rates, alert fatigue) -----------------------
@misc{Trend2024,
author = {{Trend Micro}},
title = {{SOC Around the Clock: World Tour Survey Findings}},
year = {2024},
howpublished = {Trend Micro Research Report},
url = {https://www.trendmicro.com/en_us/research/24/k/world-tour-survey-results.html},
note = {Survey of 2,303 IT security/SOC decision makers; 51\% report
feeling overwhelmed by alert volume.}
}
@inproceedings{Alahmadi2022,
author = {Bushra A. Alahmadi and Louise Axon and Ivan Martinovic},
title = {99\% False Positives: A Qualitative Study of {SOC} Analysts'
Perspectives on Security Alarms},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
pages = {2783--2800},
publisher = {USENIX Association},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/alahmadi}
}
@article{ACM-CSur-2024,
author = {Shahroz Tariq and Mohan Baruwal Chhetri and Surya Nepal and
C{\'e}cile Paris},
title = {Alert Fatigue in Security Operations Centres:
Research Challenges and Opportunities},
journal = {ACM Computing Surveys},
volume = {57},
number = {9},
articleno = {224},
year = {2025},
doi = {10.1145/3723158},
url = {https://dl.acm.org/doi/10.1145/3723158}
}
% --- Cross-dataset NIDS robustness -------------------------------------------
@article{Cross2402.10974,
author = {Marco Cantone and Claudio Marrocco and Alessandro Bria},
title = {On the Cross-Dataset Generalization of Machine Learning
for Network Intrusion Detection},
journal = {arXiv preprint arXiv:2402.10974},
year = {2024},
eprint = {2402.10974},
archivePrefix = {arXiv},
primaryClass = {cs.CR},
url = {https://arxiv.org/abs/2402.10974}
}
@article{Tand2025,
title = {Enhancing generalization of cross-domain intrusion detection:
a heterogeneous deep stacked ensemble approach},
journal = {Connection Science},
publisher = {Taylor \& Francis},
year = {2025},
doi = {10.1080/09540091.2025.2599708},
url = {https://www.tandfonline.com/doi/full/10.1080/09540091.2025.2599708},
note = {Author list to be confirmed from publisher page (publisher
returned 403 to automated fetch).}
}
% --- Reconstruction-based detectors ------------------------------------------
@inproceedings{Kitsune,
author = {Yisroel Mirsky and Tomer Doitshman and Yuval Elovici and
Asaf Shabtai},
title = {{Kitsune}: An Ensemble of Autoencoders for Online Network
Intrusion Detection},
booktitle = {Network and Distributed System Security Symposium (NDSS)},
year = {2018},
eprint = {1802.09089},
archivePrefix = {arXiv},
url = {https://arxiv.org/abs/1802.09089}
}
@inproceedings{MemAE,
author = {Dong Gong and Lingqiao Liu and Vuong Le and Budhaditya Saha and
Moussa Reda Mansour and Svetha Venkatesh and
Anton {van den Hengel}},
title = {Memorizing Normality to Detect Anomaly: Memory-Augmented Deep
Autoencoder for Unsupervised Anomaly Detection},
booktitle = {Proceedings of the IEEE/CVF International Conference on
Computer Vision (ICCV)},
year = {2019},
pages = {1705--1714},
eprint = {1904.02639},
archivePrefix = {arXiv},
url = {https://openaccess.thecvf.com/content_ICCV_2019/html/Gong_Memorizing_Normality_to_Detect_Anomaly_Memory-Augmented_Deep_Autoencoder_for_Unsupervised_ICCV_2019_paper.html}
}
@article{AE-Unreliable-2025,
author = {Roel Bouman and Tom Heskes},
title = {Autoencoders for Anomaly Detection are Unreliable},
journal = {arXiv preprint arXiv:2501.13864},
year = {2025},
eprint = {2501.13864},
archivePrefix = {arXiv},
primaryClass = {cs.LG},
url = {https://arxiv.org/abs/2501.13864},
note = {Withdrawn ICLR 2025 submission;
OpenReview: https://openreview.net/forum?id=X8XQOLjLX6}
}
@inproceedings{NeurIPS24-Reconstruction,
author = {Sunwoo Kim and Soo Yong Lee and Fanchen Bu and Shinhwan Kang and
Kyungho Kim and Jaemin Yoo and Kijung Shin},
title = {Rethinking Reconstruction-based Graph-Level Anomaly Detection:
Limitations and a Simple Remedy},
booktitle = {Advances in Neural Information Processing Systems (NeurIPS)},
year = {2024},
url = {https://openreview.net/forum?id=e2INndPINB}
}
% --- Density-based detectors (NF / Diffusion / GAN) --------------------------
@article{Shafir2026,
author = {Lior Shafir and Raja Giryes and Avishai Wool},
title = {Explainable Anomaly Detection in Network Traffic Using
Normalizing Flows},
journal = {IEEE/ACM Transactions on Networking},
volume = {34},
year = {2026},
doi = {10.1109/TON.2025.3617580},
url = {https://doi.org/10.1109/TON.2025.3617580}
}
@inproceedings{NFAD2021,
author = {Polina Kirichenko and Pavel Izmailov and Andrew Gordon Wilson},
title = {Why Normalizing Flows Fail to Detect Out-of-Distribution Data},
booktitle = {Advances in Neural Information Processing Systems (NeurIPS)},
year = {2020},
eprint = {2006.08545},
archivePrefix = {arXiv},
url = {https://arxiv.org/abs/2006.08545},
note = {NeurIPS 2020 (cite key NFAD2021 retained per intro.md).}
}
@article{ConMD2026,
author = {Xinglin Lian and Yu Zheng and Yan Liu and Fan Zhou and
Chunlei Peng and Xinbo Gao},
title = {Contextual Masking Distillation for Network Traffic Anomaly
Detection},
journal = {IEEE Transactions on Information Forensics and Security},
volume = {21},
pages = {1273--1286},
year = {2026},
doi = {10.1109/TIFS.2026.3655514},
url = {https://ieeexplore.ieee.org/document/11358423/}
}
@article{DMAD2025,
author = {Hui Liu and others},
title = {A Survey on Diffusion Models for Anomaly Detection},
journal = {arXiv preprint arXiv:2501.11430},
year = {2025},
eprint = {2501.11430},
archivePrefix = {arXiv},
primaryClass = {cs.LG},
url = {https://arxiv.org/abs/2501.11430},
note = {Submitted to IJCAI 2025 (per associated GitHub repository);
verify final IJCAI proceedings entry before publication.}
}
@inproceedings{TIPSO-GAN-NDSS2026,
author = {Ernest Akpaku and Jinfu Chen and Joshua Ofoeda},
title = {{TIPSO-GAN}: Malicious Network Traffic Detection Using a Novel
Optimized Generative Adversarial Network},
booktitle = {Network and Distributed System Security Symposium (NDSS)},
year = {2026},
url = {https://www.ndss-symposium.org/ndss-paper/tipso-gan-malicious-network-traffic-detection-using-a-novel-optimized-generative-adversarial-network/}
}
% --- Flow Matching foundations -----------------------------------------------
@inproceedings{Lipman2023,
author = {Yaron Lipman and Ricky T. Q. Chen and Heli Ben-Hamu and
Maximilian Nickel and Matt Le},
title = {Flow Matching for Generative Modeling},
booktitle = {International Conference on Learning Representations (ICLR)},
year = {2023},
eprint = {2210.02747},
archivePrefix = {arXiv},
url = {https://arxiv.org/abs/2210.02747}
}
@article{OT-CFM-Tong2024,
author = {Alexander Tong and Kilian Fatras and Nikolay Malkin and
Guillaume Huguet and Yanlei Zhang and Jarrid Rector-Brooks and
Guy Wolf and Yoshua Bengio},
title = {Improving and Generalizing Flow-Based Generative Models with
Minibatch Optimal Transport},
journal = {Transactions on Machine Learning Research (TMLR)},
year = {2024},
eprint = {2302.00482},
archivePrefix = {arXiv},
url = {https://openreview.net/forum?id=CD9Snc73AW}
}
@inproceedings{Gat-NeurIPS2024,
author = {Itai Gat and Tal Remez and Neta Shaul and Felix Kreuk and
Ricky T. Q. Chen and Gabriel Synnaeve and Yossi Adi and
Yaron Lipman},
title = {Discrete Flow Matching},
booktitle = {Advances in Neural Information Processing Systems (NeurIPS)},
year = {2024},
eprint = {2407.15595},
archivePrefix = {arXiv},
url = {https://openreview.net/forum?id=GTDKo3Sv9p}
}
% --- Flow-Matching anomaly detection (image / tabular) -----------------------
@article{rFM2025,
author = {Liangwei Li and Lin Liu and Hanzhe Liang and Juanxiu Liu and
Jing Zhang and Ruqian Hao and Xiaohui Du and Yong Liu and
Pan Li},
title = {Time-reversed Flow Matching with Worst Transport in
High-dimensional Latent Space for Image Anomaly Detection},
journal = {arXiv preprint arXiv:2508.05461},
year = {2025},
eprint = {2508.05461},
archivePrefix = {arXiv},
primaryClass = {cs.CV},
url = {https://arxiv.org/abs/2508.05461}
}
@inproceedings{TCCM-NeurIPS2025,
author = {Zhong Li and Qi Huang and Yuxuan Zhu and Lincen Yang and
Mohammad Mohammadi Amiri and Niki van Stein and
Matthijs van Leeuwen},
title = {Scalable, Explainable and Provably Robust Anomaly Detection
with One-Step Flow Matching},
booktitle = {Advances in Neural Information Processing Systems (NeurIPS)},
year = {2025},
eprint = {2510.18328},
archivePrefix = {arXiv},
url = {https://arxiv.org/abs/2510.18328}
}