% ============================================================================= % JANUS — Verified BibTeX for intro.md % Cite-key spelling matches the keys used in paper/intro.md. % Each entry includes a `url` field linking to the canonical source page so the % reference can be re-checked without re-searching. % % IMPORTANT NOTES (please review before submitting): % % * Trend2024: The Trend Micro 2024 "World Tour Survey" reports 51% of % SOC teams feel overwhelmed by alert volume but does NOT % state ">90% / 99%" false-positive rates. The 99% figure % traces to Alahmadi et al., USENIX Security 2022, which % is included below as @Alahmadi2022. Consider citing % [Alahmadi2022; Trend2024] together, or replacing. % % * ACM-CSur-2024: Tariq et al. is published in ACM Computing Surveys % Vol. 57(9), April 2025 — not 2024. The cite key is % preserved per intro.md, but @year is 2025. % % * Shafir2026: Venue is IEEE/ACM Transactions on Networking (ToN), % not IEEE TNSM. Verified via DOI 10.1109/TON.2025.3617580. % % * NFAD2021: Kirichenko et al. is NeurIPS 2020 (arXiv 2006.08545), % not 2021. Cite key preserved per intro.md. % % * AE-Unreliable-2025: Bouman & Heskes was *withdrawn* from ICLR 2025; % cited here as an arXiv preprint (2501.13864). % % * NeurIPS24-Reconstruction: The closest NeurIPS 2024 paper on the % reconstruction-AD identity-mapping limitation is Kim % et al., "Rethinking Reconstruction-based Graph-Level % Anomaly Detection". It is graph-level, not generic % image/tabular. Verify the citation matches your intent. % % * Tand2025: Best match for a Taylor & Francis 2025 cross-dataset % NIDS paper is Connection Science 2025 (HDSE-IDS). % The "0.10–0.30 AUROC drop" framing in intro.md is % primarily supported by Cross2402.10974, not by % Tand2025 directly. % % * rFM2025: arXiv 2508.05461's actual title is "Time-reversed Flow % Matching with Worst Transport in High-dimensional Latent % Space for Image Anomaly Detection". Earlier survey % notes called it "How and Why: Taming Flow Matching..." % — that title is incorrect. Updated below. % ============================================================================= % --- Operational pain points (FP rates, alert fatigue) ----------------------- @misc{Trend2024, author = {{Trend Micro}}, title = {{SOC Around the Clock: World Tour Survey Findings}}, year = {2024}, howpublished = {Trend Micro Research Report}, url = {https://www.trendmicro.com/en_us/research/24/k/world-tour-survey-results.html}, note = {Survey of 2,303 IT security/SOC decision makers; 51\% report feeling overwhelmed by alert volume.} } @inproceedings{Alahmadi2022, author = {Bushra A. Alahmadi and Louise Axon and Ivan Martinovic}, title = {99\% False Positives: A Qualitative Study of {SOC} Analysts' Perspectives on Security Alarms}, booktitle = {31st USENIX Security Symposium (USENIX Security 22)}, year = {2022}, pages = {2783--2800}, publisher = {USENIX Association}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/alahmadi} } @article{ACM-CSur-2024, author = {Shahroz Tariq and Mohan Baruwal Chhetri and Surya Nepal and C{\'e}cile Paris}, title = {Alert Fatigue in Security Operations Centres: Research Challenges and Opportunities}, journal = {ACM Computing Surveys}, volume = {57}, number = {9}, articleno = {224}, year = {2025}, doi = {10.1145/3723158}, url = {https://dl.acm.org/doi/10.1145/3723158} } % --- Cross-dataset NIDS robustness ------------------------------------------- @article{Cross2402.10974, author = {Marco Cantone and Claudio Marrocco and Alessandro Bria}, title = {On the Cross-Dataset Generalization of Machine Learning for Network Intrusion Detection}, journal = {arXiv preprint arXiv:2402.10974}, year = {2024}, eprint = {2402.10974}, archivePrefix = {arXiv}, primaryClass = {cs.CR}, url = {https://arxiv.org/abs/2402.10974} } @article{Tand2025, title = {Enhancing generalization of cross-domain intrusion detection: a heterogeneous deep stacked ensemble approach}, journal = {Connection Science}, publisher = {Taylor \& Francis}, year = {2025}, doi = {10.1080/09540091.2025.2599708}, url = {https://www.tandfonline.com/doi/full/10.1080/09540091.2025.2599708}, note = {Author list to be confirmed from publisher page (publisher returned 403 to automated fetch).} } % --- Reconstruction-based detectors ------------------------------------------ @inproceedings{Kitsune, author = {Yisroel Mirsky and Tomer Doitshman and Yuval Elovici and Asaf Shabtai}, title = {{Kitsune}: An Ensemble of Autoencoders for Online Network Intrusion Detection}, booktitle = {Network and Distributed System Security Symposium (NDSS)}, year = {2018}, eprint = {1802.09089}, archivePrefix = {arXiv}, url = {https://arxiv.org/abs/1802.09089} } @inproceedings{MemAE, author = {Dong Gong and Lingqiao Liu and Vuong Le and Budhaditya Saha and Moussa Reda Mansour and Svetha Venkatesh and Anton {van den Hengel}}, title = {Memorizing Normality to Detect Anomaly: Memory-Augmented Deep Autoencoder for Unsupervised Anomaly Detection}, booktitle = {Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV)}, year = {2019}, pages = {1705--1714}, eprint = {1904.02639}, archivePrefix = {arXiv}, url = {https://openaccess.thecvf.com/content_ICCV_2019/html/Gong_Memorizing_Normality_to_Detect_Anomaly_Memory-Augmented_Deep_Autoencoder_for_Unsupervised_ICCV_2019_paper.html} } @article{AE-Unreliable-2025, author = {Roel Bouman and Tom Heskes}, title = {Autoencoders for Anomaly Detection are Unreliable}, journal = {arXiv preprint arXiv:2501.13864}, year = {2025}, eprint = {2501.13864}, archivePrefix = {arXiv}, primaryClass = {cs.LG}, url = {https://arxiv.org/abs/2501.13864}, note = {Withdrawn ICLR 2025 submission; OpenReview: https://openreview.net/forum?id=X8XQOLjLX6} } @inproceedings{NeurIPS24-Reconstruction, author = {Sunwoo Kim and Soo Yong Lee and Fanchen Bu and Shinhwan Kang and Kyungho Kim and Jaemin Yoo and Kijung Shin}, title = {Rethinking Reconstruction-based Graph-Level Anomaly Detection: Limitations and a Simple Remedy}, booktitle = {Advances in Neural Information Processing Systems (NeurIPS)}, year = {2024}, url = {https://openreview.net/forum?id=e2INndPINB} } % --- Density-based detectors (NF / Diffusion / GAN) -------------------------- @article{Shafir2026, author = {Lior Shafir and Raja Giryes and Avishai Wool}, title = {Explainable Anomaly Detection in Network Traffic Using Normalizing Flows}, journal = {IEEE/ACM Transactions on Networking}, volume = {34}, year = {2026}, doi = {10.1109/TON.2025.3617580}, url = {https://doi.org/10.1109/TON.2025.3617580} } @inproceedings{NFAD2021, author = {Polina Kirichenko and Pavel Izmailov and Andrew Gordon Wilson}, title = {Why Normalizing Flows Fail to Detect Out-of-Distribution Data}, booktitle = {Advances in Neural Information Processing Systems (NeurIPS)}, year = {2020}, eprint = {2006.08545}, archivePrefix = {arXiv}, url = {https://arxiv.org/abs/2006.08545}, note = {NeurIPS 2020 (cite key NFAD2021 retained per intro.md).} } @article{ConMD2026, author = {Xinglin Lian and Yu Zheng and Yan Liu and Fan Zhou and Chunlei Peng and Xinbo Gao}, title = {Contextual Masking Distillation for Network Traffic Anomaly Detection}, journal = {IEEE Transactions on Information Forensics and Security}, volume = {21}, pages = {1273--1286}, year = {2026}, doi = {10.1109/TIFS.2026.3655514}, url = {https://ieeexplore.ieee.org/document/11358423/} } @article{DMAD2025, author = {Hui Liu and others}, title = {A Survey on Diffusion Models for Anomaly Detection}, journal = {arXiv preprint arXiv:2501.11430}, year = {2025}, eprint = {2501.11430}, archivePrefix = {arXiv}, primaryClass = {cs.LG}, url = {https://arxiv.org/abs/2501.11430}, note = {Submitted to IJCAI 2025 (per associated GitHub repository); verify final IJCAI proceedings entry before publication.} } @inproceedings{TIPSO-GAN-NDSS2026, author = {Ernest Akpaku and Jinfu Chen and Joshua Ofoeda}, title = {{TIPSO-GAN}: Malicious Network Traffic Detection Using a Novel Optimized Generative Adversarial Network}, booktitle = {Network and Distributed System Security Symposium (NDSS)}, year = {2026}, url = {https://www.ndss-symposium.org/ndss-paper/tipso-gan-malicious-network-traffic-detection-using-a-novel-optimized-generative-adversarial-network/} } % --- Flow Matching foundations ----------------------------------------------- @inproceedings{Lipman2023, author = {Yaron Lipman and Ricky T. Q. Chen and Heli Ben-Hamu and Maximilian Nickel and Matt Le}, title = {Flow Matching for Generative Modeling}, booktitle = {International Conference on Learning Representations (ICLR)}, year = {2023}, eprint = {2210.02747}, archivePrefix = {arXiv}, url = {https://arxiv.org/abs/2210.02747} } @article{OT-CFM-Tong2024, author = {Alexander Tong and Kilian Fatras and Nikolay Malkin and Guillaume Huguet and Yanlei Zhang and Jarrid Rector-Brooks and Guy Wolf and Yoshua Bengio}, title = {Improving and Generalizing Flow-Based Generative Models with Minibatch Optimal Transport}, journal = {Transactions on Machine Learning Research (TMLR)}, year = {2024}, eprint = {2302.00482}, archivePrefix = {arXiv}, url = {https://openreview.net/forum?id=CD9Snc73AW} } @inproceedings{Gat-NeurIPS2024, author = {Itai Gat and Tal Remez and Neta Shaul and Felix Kreuk and Ricky T. Q. Chen and Gabriel Synnaeve and Yossi Adi and Yaron Lipman}, title = {Discrete Flow Matching}, booktitle = {Advances in Neural Information Processing Systems (NeurIPS)}, year = {2024}, eprint = {2407.15595}, archivePrefix = {arXiv}, url = {https://openreview.net/forum?id=GTDKo3Sv9p} } % --- Flow-Matching anomaly detection (image / tabular) ----------------------- @article{rFM2025, author = {Liangwei Li and Lin Liu and Hanzhe Liang and Juanxiu Liu and Jing Zhang and Ruqian Hao and Xiaohui Du and Yong Liu and Pan Li}, title = {Time-reversed Flow Matching with Worst Transport in High-dimensional Latent Space for Image Anomaly Detection}, journal = {arXiv preprint arXiv:2508.05461}, year = {2025}, eprint = {2508.05461}, archivePrefix = {arXiv}, primaryClass = {cs.CV}, url = {https://arxiv.org/abs/2508.05461} } @inproceedings{TCCM-NeurIPS2025, author = {Zhong Li and Qi Huang and Yuxuan Zhu and Lincen Yang and Mohammad Mohammadi Amiri and Niki van Stein and Matthijs van Leeuwen}, title = {Scalable, Explainable and Provably Robust Anomaly Detection with One-Step Flow Matching}, booktitle = {Advances in Neural Information Processing Systems (NeurIPS)}, year = {2025}, eprint = {2510.18328}, archivePrefix = {arXiv}, url = {https://arxiv.org/abs/2510.18328} }