{"id":"https://openalex.org/W4417227621","doi":"https://doi.org/10.1109/tifs.2026.3683279","title":"Exposing the Ghost in the Transformer: Abnormal Detection for Large Language Models via Hidden State Forensics","display_name":"Exposing the Ghost in the Transformer: Abnormal Detection for Large Language Models via Hidden State Forensics","publication_year":2026,"publication_date":"2026-01-01","ids":{"openalex":"https://openalex.org/W4417227621","doi":"https://doi.org/10.1109/tifs.2026.3683279"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2026.3683279","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2026.3683279","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2504.00446","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Shide Zhou","orcid":"https://orcid.org/0009-0003-7891-8946"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Shide Zhou","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0003-7891-8946","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000432413","display_name":"Kailong Wang","orcid":"https://orcid.org/0000-0002-3977-6573"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kailong Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0002-3977-6573","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007329669","display_name":"Ling Shi","orcid":"https://orcid.org/0000-0002-6771-8258"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Ling Shi","raw_affiliation_strings":["Nanyang Technological University, Nanyang, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-2023-0247","affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Nanyang, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"last","author":{"id":null,"display_name":"Haoyu Wang","orcid":"https://orcid.org/0000-0003-1100-8633"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoyu Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0003-1100-8633","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.01291932,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"21","issue":null,"first_page":"4074","last_page":"4089"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.24150000512599945,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.24150000512599945,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.11299999803304672,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.09799999743700027,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.8822000026702881},{"id":"https://openalex.org/keywords/safer","display_name":"SAFER","score":0.4611000120639801},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.4521999955177307},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4375999867916107},{"id":"https://openalex.org/keywords/trustworthiness","display_name":"Trustworthiness","score":0.41440001130104065},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.40700000524520874},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.38760000467300415},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.3513999879360199}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.8822000026702881},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7519000172615051},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7300000190734863},{"id":"https://openalex.org/C2776654903","wikidata":"https://www.wikidata.org/wiki/Q2601463","display_name":"SAFER","level":2,"score":0.4611000120639801},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.4521999955177307},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4375999867916107},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.41440001130104065},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.40700000524520874},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.38760000467300415},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.3513999879360199},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.3393999934196472},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.3124000132083893},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.3100000023841858},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.3010999858379364},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.29820001125335693},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2971999943256378},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.27900001406669617},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.27410000562667847},{"id":"https://openalex.org/C66024118","wikidata":"https://www.wikidata.org/wiki/Q1122506","display_name":"Computational model","level":2,"score":0.2551000118255615},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2547999918460846},{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.25}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/tifs.2026.3683279","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2026.3683279","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:2504.00446","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2504.00446","pdf_url":"https://arxiv.org/pdf/2504.00446","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2504.00446","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2504.00446","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2504.00446","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2504.00446","pdf_url":"https://arxiv.org/pdf/2504.00446","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4417227621.pdf","grobid_xml":"https://content.openalex.org/works/W4417227621.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0,138],"widespread":[1,45],"adoption":[2],"of":[3,87,135,140,153,178,190],"Large":[4],"Language":[5],"Models":[6],"(LLMs)":[7],"in":[8,64,90,111,144,165],"critical":[9],"applications":[10],"has":[11],"introduced":[12],"severe":[13],"reliability":[14],"and":[15,30,47,104,161],"security":[16,88,152,195],"risks,":[17],"as":[18,26],"LLMs":[19,65],"remain":[20],"vulnerable":[21],"to":[22,42,60,118,149],"notorious":[23],"threats":[24,89],"such":[25],"hallucinations,":[27],"jailbreak":[28],"attacks,":[29],"backdoor":[31],"exploits.":[32],"These":[33],"vulnerabilities":[34],"have":[35],"been":[36],"weaponized":[37],"by":[38],"malicious":[39],"actors,":[40],"leading":[41],"unauthorized":[43],"access,":[44],"misinformation,":[46],"compromised":[48],"LLM-embedded":[49],"system":[50],"integrity.":[51],"In":[52],"this":[53,141],"work,":[54],"we":[55,76],"introduce":[56],"a":[57,78,85,136,146,183],"novel":[58,120],"approach":[59],"detecting":[61],"abnormal":[62,179],"behaviors":[63],"via":[66],"hidden":[67],"state":[68],"forensics.":[69],"By":[70,168],"systematically":[71],"inspecting":[72],"layer-specific":[73],"activation":[74],"patterns,":[75],"develop":[77],"general":[79],"framework":[80],"that":[81,172],"can":[82,173],"efficiently":[83],"identify":[84],"range":[86],"real-time":[91,170],"without":[92],"imposing":[93],"prohibitive":[94],"computational":[95,125],"costs.":[96],"Extensive":[97],"experiments":[98],"indicate":[99],"detection":[100,171],"accuracies":[101],"exceeding":[102],"95%":[103],"consistently":[105],"robust":[106],"performance":[107],"across":[108],"multiple":[109],"models":[110],"most":[112],"scenarios,":[113],"while":[114],"preserving":[115],"the":[116,124,151,157,176,188],"ability":[117],"detect":[119],"attacks":[121],"effectively.":[122],"Furthermore,":[123],"overhead":[126],"remains":[127],"minimal,":[128],"with":[129],"detector":[130],"inference":[131],"taking":[132],"merely":[133],"fractions":[134],"second.":[137],"significance":[139],"work":[142],"lies":[143],"proposing":[145],"promising":[147],"strategy":[148],"reinforce":[150],"LLM-integrated":[154],"systems,":[155],"paving":[156],"way":[158],"for":[159],"safer":[160],"more":[162],"reliable":[163],"deployment":[164],"high-stakes":[166],"domains.":[167],"enabling":[169],"also":[174],"support":[175],"mitigation":[177],"behaviors,":[180],"it":[181],"represents":[182],"meaningful":[184],"step":[185],"toward":[186],"ensuring":[187],"trustworthiness":[189],"AI":[191],"systems":[192],"amid":[193],"rising":[194],"challenges.":[196]},"counts_by_year":[],"updated_date":"2026-04-28T06:04:28.489925","created_date":"2025-10-10T00:00:00"}