Pub Date : 2025-12-22DOI: 10.1109/TNSM.2025.3646778
Xi Liu;Jun Liu;Weidong Li
Vehicle computing has emerged as a promising paradigm for delivering time-sensitive computing services to Internet of Things applications. Intelligent vehicles (IVs) offer onboard computing and sensing capabilities for delivering a wide range of services. In this paper, we propose a dynamic adaptability service model that leverages the swift mobility of vehicles to adjust the distribution of IVs to users’ dynamically changing locations. There are two types of areas in our model: the user area and the parking area. The former is where services are provided, while the latter serves as the preparation zone for backup IVs. IVs in the parking area are dispatched to service areas, where existing vehicle resources cannot meet user demand, and they return to the parking area after delivering the service. Multiple users share sensing resources, and our model allocates the costs among them. To ensure strategy-proofness, we introduce the concepts of no additional cost and allocation stability. We propose a strategy-proof cost-sharing mechanism for dynamic adaptability service. The proposed mechanism achieves no positive transfers, voluntary participation, individual rationality, consumer sovereignty, budget balance, no additional costs, and allocation stability. Moreover, the proposed mechanism’s approximation performance is analyzed. We further use comprehensive simulations to verify the effectiveness and efficiency of the proposed mechanism.
{"title":"Strategy-Proof Cost-Sharing Mechanism for Dynamic Adaptability Service in Vehicle Computing","authors":"Xi Liu;Jun Liu;Weidong Li","doi":"10.1109/TNSM.2025.3646778","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3646778","url":null,"abstract":"Vehicle computing has emerged as a promising paradigm for delivering time-sensitive computing services to Internet of Things applications. Intelligent vehicles (IVs) offer onboard computing and sensing capabilities for delivering a wide range of services. In this paper, we propose a dynamic adaptability service model that leverages the swift mobility of vehicles to adjust the distribution of IVs to users’ dynamically changing locations. There are two types of areas in our model: the user area and the parking area. The former is where services are provided, while the latter serves as the preparation zone for backup IVs. IVs in the parking area are dispatched to service areas, where existing vehicle resources cannot meet user demand, and they return to the parking area after delivering the service. Multiple users share sensing resources, and our model allocates the costs among them. To ensure strategy-proofness, we introduce the concepts of no additional cost and allocation stability. We propose a strategy-proof cost-sharing mechanism for dynamic adaptability service. The proposed mechanism achieves no positive transfers, voluntary participation, individual rationality, consumer sovereignty, budget balance, no additional costs, and allocation stability. Moreover, the proposed mechanism’s approximation performance is analyzed. We further use comprehensive simulations to verify the effectiveness and efficiency of the proposed mechanism.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1942-1959"},"PeriodicalIF":5.4,"publicationDate":"2025-12-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145982313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper addresses network slicing in a large-scale Multi-Access Edge Computing (MEC)-enabled Radio Access Network (RAN) comprising heterogeneous edge nodes with varying computing and storage resource capacities. These resources are dynamically allocated to slice requests and released when the service of a slice request is completed. Our objective is to optimize the resource allocation for each admitted arriving slice request, considering its demands for computing and storage resources, to maximize the long-run average Earning Before Interest and Taxes (EBIT) of the MEC slicing system. We formulate the optimization problem as a Restless Multi-Armed Bandit (RMAB)-based resource allocation problem with a nonlinear cost rate function. To solve this, we introduce a new policy called Prioritizing-the-Future-Approximated earning per request (PFA) where for each admitted slice request, we always prioritize the allocation of the resource combination that gives the highest achievable earning, considering the future effects of this allocation. PFA is designed to be scalable and applicable to large-scale networks. We numerically demonstrate the superior performance of PFA in maximizing long-run average EBIT through simulations, comparing it with two baseline policies, at various cases of parameter values. Moreover, our findings offer insights for network operators in resource allocation policy selection.
{"title":"Network Slicing in MEC-Based RANs With Nonlinear Cost Rate Functions","authors":"Jiahe Xu;Jing Fu;Bige Yang;Zengfu Wang;Jingjin Wu;Xinyu Wang;Moshe Zukerman","doi":"10.1109/TNSM.2025.3646478","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3646478","url":null,"abstract":"This paper addresses network slicing in a large-scale Multi-Access Edge Computing (MEC)-enabled Radio Access Network (RAN) comprising heterogeneous edge nodes with varying computing and storage resource capacities. These resources are dynamically allocated to slice requests and released when the service of a slice request is completed. Our objective is to optimize the resource allocation for each admitted arriving slice request, considering its demands for computing and storage resources, to maximize the long-run average Earning Before Interest and Taxes (EBIT) of the MEC slicing system. We formulate the optimization problem as a Restless Multi-Armed Bandit (RMAB)-based resource allocation problem with a nonlinear cost rate function. To solve this, we introduce a new policy called Prioritizing-the-Future-Approximated earning per request (PFA) where for each admitted slice request, we always prioritize the allocation of the resource combination that gives the highest achievable earning, considering the future effects of this allocation. PFA is designed to be scalable and applicable to large-scale networks. We numerically demonstrate the superior performance of PFA in maximizing long-run average EBIT through simulations, comparing it with two baseline policies, at various cases of parameter values. Moreover, our findings offer insights for network operators in resource allocation policy selection.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1989-2005"},"PeriodicalIF":5.4,"publicationDate":"2025-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146026417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traffic analysis plays a pivotal role in network management. However, despite the prevalence of encryption, attackers are still able to deduce privacy elements such as user behavior and OS identification through advanced learning-based methods that exploit side-channel features. Existing defense strategies, which manipulate feature distribution to evade traffic analyzers, are often hampered by the need for impractical decoder deployment across all routes in symmetric framework methods. Moreover, reversing feature distribution modifications to real-time traffic, especially through dummy packet crafting or padding, is a complex task. In response to these challenges, we propose Veil, a novel and practical defender designed to protect live connections against encrypted network traffic analyzers. Leveraging an asymmetric deployment structure, Veil is capable of reconstructing live streams at the packet-block level, thereby allowing for seamless deployment on any connection node while enforcing transmission constraints. By employing a traffic-customized DQN framework, Veil not only reverses statistical feature perturbations back to the traffic space but also directs the distribution towards a target class. Extensive experiments conducted on real-world datasets validate the efficacy of Veil in efficiently evading analyzers in both targeted and untargeted modes, outperforming existing defense mechanisms. Notably, Veil addresses the key issues of impractical decoder deployment and complex real-time traffic manipulation, offering a more viable solution for network traffic privacy protection. The source code is publicly available at https://github.com/SecTeamPolaris/Veil, facilitating further research and application in the field of network security.
{"title":"Online Traffic Camouflage Against Network Analyzers via Deep Reinforcement Learning","authors":"Wenhao Li;Jie Chen;Zhaoxuan Li;Shuai Wang;Huamin Jin;Xiao-Yu Zhang","doi":"10.1109/TNSM.2025.3646259","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3646259","url":null,"abstract":"Traffic analysis plays a pivotal role in network management. However, despite the prevalence of encryption, attackers are still able to deduce privacy elements such as user behavior and OS identification through advanced learning-based methods that exploit side-channel features. Existing defense strategies, which manipulate feature distribution to evade traffic analyzers, are often hampered by the need for impractical decoder deployment across all routes in symmetric framework methods. Moreover, reversing feature distribution modifications to real-time traffic, especially through dummy packet crafting or padding, is a complex task. In response to these challenges, we propose <monospace>Veil</monospace>, a novel and practical defender designed to protect live connections against encrypted network traffic analyzers. Leveraging an asymmetric deployment structure, <monospace>Veil</monospace> is capable of reconstructing live streams at the packet-block level, thereby allowing for seamless deployment on any connection node while enforcing transmission constraints. By employing a traffic-customized DQN framework, <monospace>Veil</monospace> not only reverses statistical feature perturbations back to the traffic space but also directs the distribution towards a target class. Extensive experiments conducted on real-world datasets validate the efficacy of <monospace>Veil</monospace> in efficiently evading analyzers in both targeted and untargeted modes, outperforming existing defense mechanisms. Notably, <monospace>Veil</monospace> addresses the key issues of impractical decoder deployment and complex real-time traffic manipulation, offering a more viable solution for network traffic privacy protection. The source code is publicly available at <uri>https://github.com/SecTeamPolaris/Veil</uri>, facilitating further research and application in the field of network security.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1927-1941"},"PeriodicalIF":5.4,"publicationDate":"2025-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145982182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-18DOI: 10.1109/TNSM.2025.3645305
Lei Zhang;Wanting Su;Qin Ni;Jiawangnan Lu;Bin Chen
With the evolution of mobile networks towards Artificial Intelligence as a Service (AIaaS), generative radio maps not only need to reflect the signal strength distribution in specific areas, but also possess the capability of proactive prediction. However, due to the rapid updates in urban infrastructure and the network iterations, crafting radio maps in complex urban environments represents a substantial challenge. In this paper, a multi-output framework for generating radio maps in real multi-building scenarios is proposed, based on Reference Signal Received Power (RSRP) and Reference Signal Received Quality (RSRQ) extracted from actual urban and suburban Measurement Reports (MRs). Specifically, An image encoding method integrating environmental features and base station system information is designed, while considering the sector antenna characteristics in actual communication environments. Then, a multi-output Conditional Wasserstein Generative Adversarial Network (CWGAN) is constructed for image conversion, and the radio maps are generated by learning the mapping from environmental & system information to RSRP & RSRQ radio maps, on the basis of image encoding that incorporates the physical laws of radio propagation. By calculating the priority of communication link gains at receiving points, it provides generative networks with reliable theoretical basis and conditional information, for serving cells and first neighboring cells. Experimental results show that the root mean square errors (RMSE) of the proposed method for RSRP / RSRQ of serving and neighboring cells are 1.7821 / 2.2251 and 0.8108 / 1.5121, which demonstrates the proposed method outperforms the baseline results. Simultaneously radio maps generation endows the cellular network with a certain “prophetic” capability, significantly enhancing the live service experience.
{"title":"GAN4RM: A CWGAN-Based Framework for Radio Maps Generation in Real Cellular Networks","authors":"Lei Zhang;Wanting Su;Qin Ni;Jiawangnan Lu;Bin Chen","doi":"10.1109/TNSM.2025.3645305","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3645305","url":null,"abstract":"With the evolution of mobile networks towards Artificial Intelligence as a Service (AIaaS), generative radio maps not only need to reflect the signal strength distribution in specific areas, but also possess the capability of proactive prediction. However, due to the rapid updates in urban infrastructure and the network iterations, crafting radio maps in complex urban environments represents a substantial challenge. In this paper, a multi-output framework for generating radio maps in real multi-building scenarios is proposed, based on Reference Signal Received Power (RSRP) and Reference Signal Received Quality (RSRQ) extracted from actual urban and suburban Measurement Reports (MRs). Specifically, An image encoding method integrating environmental features and base station system information is designed, while considering the sector antenna characteristics in actual communication environments. Then, a multi-output Conditional Wasserstein Generative Adversarial Network (CWGAN) is constructed for image conversion, and the radio maps are generated by learning the mapping from environmental & system information to RSRP & RSRQ radio maps, on the basis of image encoding that incorporates the physical laws of radio propagation. By calculating the priority of communication link gains at receiving points, it provides generative networks with reliable theoretical basis and conditional information, for serving cells and first neighboring cells. Experimental results show that the root mean square errors (RMSE) of the proposed method for RSRP / RSRQ of serving and neighboring cells are 1.7821 / 2.2251 and 0.8108 / 1.5121, which demonstrates the proposed method outperforms the baseline results. Simultaneously radio maps generation endows the cellular network with a certain “prophetic” capability, significantly enhancing the live service experience.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1329-1341"},"PeriodicalIF":5.4,"publicationDate":"2025-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145929419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-18DOI: 10.1109/TNSM.2025.3645463
Shuyi Liu;Yuang Chen;Zhengze Li;Fangyu Zhang;Hancheng Lu;Xiaobo Guo;Lizhe Liu
Segment Routing over IPv6 (SRv6) gives operators explicit path control and alleviates network congestion, making it a compelling technique for traffic engineering (TE). Yet two practical hurdles slow adoption. First, a one-shot upgrade of every traditional device is prohibitively expensive, so operators must prioritize which devices to upgrade. Second, the Segment Routing Header (SRH) increases packet size; if TE algorithms ignore this overhead, they will underestimate link load and may cause congestion in practice. We address both challenges with DRL-TE, an algorithm that couples deep reinforcement learning (DRL) with a lightweight local search (LS) step to minimize the network’s maximum link utilization (MLU). DRL-TE first identifies the smallest set of critical devices whose upgrade yields the largest drop in MLU, enabling hybrid IP/SRv6 networks to approach optimal performance with minimal investment. It then computes SRH-aware routes, and the DRL agent, augmented by a fast LS refinement, rapidly reduces MLU even under traffic variation. Experiments on an 11-node hardware testbed and three larger simulated topologies show that upgrading about 30% of devices allows DRL-TE to match fully upgraded networks and reduce MLU by up to 34% compared with existing algorithms. DRL-TE also maintains high performance under link failures and traffic variations, offering a cost-effective and robust path toward incremental SRv6 deployment.
{"title":"Segment Routing Header (SRH)-Aware Traffic Engineering in Hybrid IP/SRv6 Networks With Deep Reinforcement Learning","authors":"Shuyi Liu;Yuang Chen;Zhengze Li;Fangyu Zhang;Hancheng Lu;Xiaobo Guo;Lizhe Liu","doi":"10.1109/TNSM.2025.3645463","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3645463","url":null,"abstract":"Segment Routing over IPv6 (SRv6) gives operators explicit path control and alleviates network congestion, making it a compelling technique for traffic engineering (TE). Yet two practical hurdles slow adoption. First, a one-shot upgrade of every traditional device is prohibitively expensive, so operators must prioritize which devices to upgrade. Second, the Segment Routing Header (SRH) increases packet size; if TE algorithms ignore this overhead, they will underestimate link load and may cause congestion in practice. We address both challenges with DRL-TE, an algorithm that couples deep reinforcement learning (DRL) with a lightweight local search (LS) step to minimize the network’s maximum link utilization (MLU). DRL-TE first identifies the smallest set of critical devices whose upgrade yields the largest drop in MLU, enabling hybrid IP/SRv6 networks to approach optimal performance with minimal investment. It then computes SRH-aware routes, and the DRL agent, augmented by a fast LS refinement, rapidly reduces MLU even under traffic variation. Experiments on an 11-node hardware testbed and three larger simulated topologies show that upgrading about 30% of devices allows DRL-TE to match fully upgraded networks and reduce MLU by up to 34% compared with existing algorithms. DRL-TE also maintains high performance under link failures and traffic variations, offering a cost-effective and robust path toward incremental SRv6 deployment.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1260-1275"},"PeriodicalIF":5.4,"publicationDate":"2025-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145929552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-17DOI: 10.1109/TNSM.2025.3645079
Yali Yuan;Ruolin Ma;Jian Ge;Guang Cheng
This paper introduces an innovative blind flow watermarking framework on the basis of Invertible Neural Network (INN) called IFW, which aims to solve the problem of suboptimal encoder-decoder coupling in existing end-to-end watermarking architectures. The framework tightly couples the encoder and decoder to achieve highly consistent feature mapping using the same parameters, thus effectively avoiding redundant feature embedding. In addition, this paper adopts the INN to implement watermarking, which supports forward encoding and backward decoding, and the watermark extraction is completely dependent on the embedding algorithm without the need for the original network flow. This feature enables both the embedding and the blind extraction of watermarks simultaneously. Extensive experiments demonstrate that the proposed IFW method achieves a watermark extraction accuracy exceeding 96.6% and maintains a stable K-S test p-value above 0.85 in both simulated and real-world Tor traffic environments. These results indicate a clear advantage over mainstream baselines, highlighting the method’s ability to jointly ensure robustness and invisibility, as well as its strong potential for real-world deployment.
{"title":"Robust and Invisible Flow Watermarking With Invertible Neural Network for Traffic Tracking","authors":"Yali Yuan;Ruolin Ma;Jian Ge;Guang Cheng","doi":"10.1109/TNSM.2025.3645079","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3645079","url":null,"abstract":"This paper introduces an innovative blind flow watermarking framework on the basis of Invertible Neural Network (INN) called IFW, which aims to solve the problem of suboptimal encoder-decoder coupling in existing end-to-end watermarking architectures. The framework tightly couples the encoder and decoder to achieve highly consistent feature mapping using the same parameters, thus effectively avoiding redundant feature embedding. In addition, this paper adopts the INN to implement watermarking, which supports forward encoding and backward decoding, and the watermark extraction is completely dependent on the embedding algorithm without the need for the original network flow. This feature enables both the embedding and the blind extraction of watermarks simultaneously. Extensive experiments demonstrate that the proposed IFW method achieves a watermark extraction accuracy exceeding 96.6% and maintains a stable K-S test p-value above 0.85 in both simulated and real-world Tor traffic environments. These results indicate a clear advantage over mainstream baselines, highlighting the method’s ability to jointly ensure robustness and invisibility, as well as its strong potential for real-world deployment.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1381-1394"},"PeriodicalIF":5.4,"publicationDate":"2025-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145929426","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-17DOI: 10.1109/TNSM.2025.3645449
Ioannis Dimolitsas;Maria Diamanti;Stefanos Voikos;Symeon Papavassiliou
The evolution toward sixth-generation (6G) networks necessitates integrated resource management solutions to address the interdependencies between network segments, such as Radio Access Network (RAN) and Edge Cloud (EC) infrastructures. Unified management of network and compute fabrics is crucial for achieving seamless service delivery, end-to-end power efficiency, and delay guarantees, while resiliency becomes a key enabler for adapting to various application demands and diverse network segment conditions. In this context, this paper proposes a unified framework for dependable wireless EC networks that jointly addresses the problems of RAN selection and Service Function Chain (SFC) embedding to minimize the total power consumption across network segments under end-to-end delay SFC deployment constraints. The framework iteratively solves these problems, considering the interdependencies between RAN ingress points and the EC network resource constraints. To deal with the high dimensionality of the considered parameters and achieve timely and scalable decision-making, a coalition formation game optimizes RAN selection, while a delay-aware heuristic approach undertakes the power-efficient embedding of multiple SFCs within the EC network. Simulation results demonstrate the framework’s efficiency in reducing power consumption compared to segment-specific approaches, highlighting the importance of cross-segment dependencies. Also, the adaptability of the proposed unified modeling and the framework’s scalability are demonstrated, ensuring resilient performance under varying network parameter settings.
{"title":"Resilient RAN Selection and SFC Deployment in Dependable Wireless Edge Cloud Networks","authors":"Ioannis Dimolitsas;Maria Diamanti;Stefanos Voikos;Symeon Papavassiliou","doi":"10.1109/TNSM.2025.3645449","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3645449","url":null,"abstract":"The evolution toward sixth-generation (6G) networks necessitates integrated resource management solutions to address the interdependencies between network segments, such as Radio Access Network (RAN) and Edge Cloud (EC) infrastructures. Unified management of network and compute fabrics is crucial for achieving seamless service delivery, end-to-end power efficiency, and delay guarantees, while resiliency becomes a key enabler for adapting to various application demands and diverse network segment conditions. In this context, this paper proposes a unified framework for dependable wireless EC networks that jointly addresses the problems of RAN selection and Service Function Chain (SFC) embedding to minimize the total power consumption across network segments under end-to-end delay SFC deployment constraints. The framework iteratively solves these problems, considering the interdependencies between RAN ingress points and the EC network resource constraints. To deal with the high dimensionality of the considered parameters and achieve timely and scalable decision-making, a coalition formation game optimizes RAN selection, while a delay-aware heuristic approach undertakes the power-efficient embedding of multiple SFCs within the EC network. Simulation results demonstrate the framework’s efficiency in reducing power consumption compared to segment-specific approaches, highlighting the importance of cross-segment dependencies. Also, the adaptability of the proposed unified modeling and the framework’s scalability are demonstrated, ensuring resilient performance under varying network parameter settings.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1312-1328"},"PeriodicalIF":5.4,"publicationDate":"2025-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145929553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-10DOI: 10.1109/TNSM.2025.3642315
Chang Chen;Guoyu Yang;Dawei Zhang;Wei Wang;Qi Chen;Jin Li
The widespread deployment of Internet of Things (IoT) devices has driven their segmentation into distinct trust domains for the purpose of governance, creating a critical need for secure cross-domain authentication (CDA). CDA must preserve both anonymity and traceability of device identities to enable trustworthy data exchange. However, existing approaches, while exploring this trade-off, remain vulnerable to single points of failure and Sybil attacks—threats that are especially severe for unattended and resource-constrained devices. In this paper, we propose a Self-Sovereign and Supervised Cross-domain authentication scheme (S3Cross) to tackle these issues. The main building block we designed is a pseudonym management scheme (PMS) that allows devices to generate and use pseudonyms without relying on a trusted party. Although devices has full control of their identities, PMS still ensures traceability, Sybil resistance, and revocability. We define the formal security models of PMS, instantiate it under two different approaches, namely group signature (S3Cross-GS) and zero-knowledge succinct non-interactive arguments of knowledge (zkSNARKs, S3Cross-ZK), and present security proofs for our proposal. We implemented and evaluated S3Cross. The result shows that our scheme achieves an effective trade-off between security and efficiency.
{"title":"S3Cross: Blockchain-Based Cross-Domain Authentication With Self-Sovereign and Supervised Identity Management","authors":"Chang Chen;Guoyu Yang;Dawei Zhang;Wei Wang;Qi Chen;Jin Li","doi":"10.1109/TNSM.2025.3642315","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3642315","url":null,"abstract":"The widespread deployment of Internet of Things (IoT) devices has driven their segmentation into distinct trust domains for the purpose of governance, creating a critical need for secure cross-domain authentication (CDA). CDA must preserve both anonymity and traceability of device identities to enable trustworthy data exchange. However, existing approaches, while exploring this trade-off, remain vulnerable to single points of failure and Sybil attacks—threats that are especially severe for unattended and resource-constrained devices. In this paper, we propose a Self-Sovereign and Supervised Cross-domain authentication scheme (S3Cross) to tackle these issues. The main building block we designed is a pseudonym management scheme (PMS) that allows devices to generate and use pseudonyms without relying on a trusted party. Although devices has full control of their identities, PMS still ensures traceability, Sybil resistance, and revocability. We define the formal security models of PMS, instantiate it under two different approaches, namely group signature (S3Cross-GS) and zero-knowledge succinct non-interactive arguments of knowledge (zkSNARKs, S3Cross-ZK), and present security proofs for our proposal. We implemented and evaluated S3Cross. The result shows that our scheme achieves an effective trade-off between security and efficiency.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1217-1231"},"PeriodicalIF":5.4,"publicationDate":"2025-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145929580","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Industrial Internet of Things (IIoT) leverages Federated Learning (FL) for distributed model training while preserving data privacy, and meta-computing enhances FL by optimizing and integrating distributed computing resources, improving efficiency and scalability. Efficient IIoT operations require a trade-off between model quality and training latency. Consequently, a primary challenge of FL in IIoT is to optimize overall system performance by balancing model quality and training latency. This paper designs a satisfaction function that accounts for data size, Age of Information (AoI), and training latency for meta-computing. Additionally, the satisfaction function is incorporated into the utility function to incentivize IIoT nodes to participate in model training. We model the utility functions of servers and nodes as a two-stage Stackelberg game and employ a deep reinforcement learning approach to learn the Stackelberg equilibrium. This approach ensures balanced rewards and enhances the applicability of the incentive scheme for IIoT. Simulation results demonstrate that, under the same budget constraints, the proposed incentive scheme improves utility by at least 23.7% compared to existing FL schemes without compromising model accuracy.
工业物联网(IIoT)利用联邦学习(FL)进行分布式模型训练,同时保护数据隐私,元计算通过优化和集成分布式计算资源、提高效率和可扩展性来增强联邦学习。高效的工业物联网操作需要在模型质量和训练延迟之间进行权衡。因此,人工智能在工业物联网中的主要挑战是通过平衡模型质量和训练延迟来优化整体系统性能。本文设计了一个考虑数据大小、信息时代(Age of Information, AoI)和元计算训练延迟的满意度函数。此外,在效用函数中加入满意度函数,激励IIoT节点参与模型训练。我们将服务器和节点的效用函数建模为两阶段Stackelberg博弈,并采用深度强化学习方法来学习Stackelberg均衡。这种方法确保了平衡的奖励,并增强了激励方案对工业物联网的适用性。仿真结果表明,在相同的预算约束下,与现有的FL方案相比,所提出的激励方案在不影响模型精度的情况下,提高了至少23.7%的效用。
{"title":"Meta-Computing Enhanced Federated Learning in IIoT: Satisfaction-Aware Incentive Scheme via DRL-Based Stackelberg Game","authors":"Xiaohuan Li;Shaowen Qin;Xin Tang;Jiawen Kang;Jin Ye;Zhonghua Zhao;Yusi Zheng;Dusit Niyato","doi":"10.1109/TNSM.2025.3642395","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3642395","url":null,"abstract":"The Industrial Internet of Things (IIoT) leverages Federated Learning (FL) for distributed model training while preserving data privacy, and meta-computing enhances FL by optimizing and integrating distributed computing resources, improving efficiency and scalability. Efficient IIoT operations require a trade-off between model quality and training latency. Consequently, a primary challenge of FL in IIoT is to optimize overall system performance by balancing model quality and training latency. This paper designs a satisfaction function that accounts for data size, Age of Information (AoI), and training latency for meta-computing. Additionally, the satisfaction function is incorporated into the utility function to incentivize IIoT nodes to participate in model training. We model the utility functions of servers and nodes as a two-stage Stackelberg game and employ a deep reinforcement learning approach to learn the Stackelberg equilibrium. This approach ensures balanced rewards and enhances the applicability of the incentive scheme for IIoT. Simulation results demonstrate that, under the same budget constraints, the proposed incentive scheme improves utility by at least 23.7% compared to existing FL schemes without compromising model accuracy.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1356-1368"},"PeriodicalIF":5.4,"publicationDate":"2025-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145929652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-08DOI: 10.1109/TNSM.2025.3640095
Narendra K. Dewangan;Preeti Chandrakar
Blockchain is increasingly used in industrial, financial, and IoT settings for secure and auditable transaction processing; however, existing leader election and consensus methods, such as PBFT, Raft, and reputation-based schemes, suffer from static leadership, unfair vote distribution, and limited scalability. To address these gaps, we propose VLSA (Vote-based Leader Selection Algorithm), a decentralized rotation-based mechanism that ensures fairness in leader election, and MPoAh (Modified Proof-of-Authentication), a lightweight consensus protocol tailored for multi-party signatures. Our implementation, built with Python, CouchDB, and Ed25519 cryptography, achieves a 35% reduction in signature and verification latency and a 30% decrease in on-chain storage compared to state-of-the-art approaches. Simulation further shows 95% packet delivery, average authentication latency of 12 ms, and ledger throughput of 250 tx/s. These results demonstrate that the proposed system enables democratic participation in consensus, supports deployment on resource-constrained devices, and strengthens resistance against insider and Sybil attacks, thereby advancing secure and scalable blockchain-based authentication.
{"title":"VLSA: Voting-Based Leader Selection Algorithm for Multi-Party Signature Blockchain Transactions","authors":"Narendra K. Dewangan;Preeti Chandrakar","doi":"10.1109/TNSM.2025.3640095","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3640095","url":null,"abstract":"Blockchain is increasingly used in industrial, financial, and IoT settings for secure and auditable transaction processing; however, existing leader election and consensus methods, such as PBFT, Raft, and reputation-based schemes, suffer from static leadership, unfair vote distribution, and limited scalability. To address these gaps, we propose VLSA (Vote-based Leader Selection Algorithm), a decentralized rotation-based mechanism that ensures fairness in leader election, and MPoAh (Modified Proof-of-Authentication), a lightweight consensus protocol tailored for multi-party signatures. Our implementation, built with Python, CouchDB, and Ed25519 cryptography, achieves a 35% reduction in signature and verification latency and a 30% decrease in on-chain storage compared to state-of-the-art approaches. Simulation further shows 95% packet delivery, average authentication latency of 12 ms, and ledger throughput of 250 tx/s. These results demonstrate that the proposed system enables democratic participation in consensus, supports deployment on resource-constrained devices, and strengthens resistance against insider and Sybil attacks, thereby advancing secure and scalable blockchain-based authentication.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1395-1405"},"PeriodicalIF":5.4,"publicationDate":"2025-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145929618","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: