The rapid proliferation of Internet of Things (IoT) in healthcare has transformed the management of Electronic Health Records (EHRs), but also introduced critical challenges in secure retrieval, dynamic revocation, and verifiable integrity over encrypted data. Existing Searchable Encryption (SE) and Attribute-Based Searchable Encryption (ABSE) models remain limited: 1) most support only exact or prefix keyword matching and cannot handle flexible wildcard or substring queries common in medical search; 2) revocation is coarse-grained, often requiring costly key redistribution or ciphertext re-encryption; and 3) integrity verification either incurs heavy blockchain overhead or exposes access structures, undermining privacy. To address these gaps, we propose MK-WISE, a secure and efficient multi-keyword wildcard ABSE framework for IoT–EHR systems. MK-WISE integrates an Index–Wildcard Tree (IWT) with Substring Bloom Filters (SBF) to enable expressive wildcard and substring queries, employs a puncturable PRF–based revocation workflow with edge-local enforcement, hierarchical key updates, and optional blockchain anchoring, and incorporates homomorphic MACs for lightweight correctness and completeness verification. Security analysis proves that MK-WISE achieves confidentiality, keyword privacy, unlinkability, and revocability under standard assumptions. Experimental results demonstrate that MK-WISE significantly outperforms state-of-the-art schemes in trapdoor generation, search scalability, and revocation cost, achieving millisecond-level revocation without user disruption. These results highlight MK-WISE as a practical and comprehensive solution for privacy-preserving EHR retrieval in IoT-enabled healthcare.
{"title":"MK-WISE: Secure and Efficient Multi-Keyword Wildcard ABSE With Keyword-Level Revocation for Device–Edge–Cloud EHRs Data Sharing","authors":"Somchart Fugkeaw;Kittipat Tangtanawirut;Pakapon Rattanasrisuk;Archawit Changtor","doi":"10.1109/TNSM.2026.3657982","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3657982","url":null,"abstract":"The rapid proliferation of Internet of Things (IoT) in healthcare has transformed the management of Electronic Health Records (EHRs), but also introduced critical challenges in secure retrieval, dynamic revocation, and verifiable integrity over encrypted data. Existing Searchable Encryption (SE) and Attribute-Based Searchable Encryption (ABSE) models remain limited: 1) most support only exact or prefix keyword matching and cannot handle flexible wildcard or substring queries common in medical search; 2) revocation is coarse-grained, often requiring costly key redistribution or ciphertext re-encryption; and 3) integrity verification either incurs heavy blockchain overhead or exposes access structures, undermining privacy. To address these gaps, we propose MK-WISE, a secure and efficient multi-keyword wildcard ABSE framework for IoT–EHR systems. MK-WISE integrates an Index–Wildcard Tree (IWT) with Substring Bloom Filters (SBF) to enable expressive wildcard and substring queries, employs a puncturable PRF–based revocation workflow with edge-local enforcement, hierarchical key updates, and optional blockchain anchoring, and incorporates homomorphic MACs for lightweight correctness and completeness verification. Security analysis proves that MK-WISE achieves confidentiality, keyword privacy, unlinkability, and revocability under standard assumptions. Experimental results demonstrate that MK-WISE significantly outperforms state-of-the-art schemes in trapdoor generation, search scalability, and revocation cost, achieving millisecond-level revocation without user disruption. These results highlight MK-WISE as a practical and comprehensive solution for privacy-preserving EHR retrieval in IoT-enabled healthcare.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2295-2311"},"PeriodicalIF":5.4,"publicationDate":"2026-01-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-23DOI: 10.1109/TNSM.2026.3657419
Xiujun Xu;Qi Wang;Qingshan Wang;Yinlong Xu
Federated learning (FL), as a newly-developing technique, brings the advantage of organizing multiple participants to learn together, while avoiding the leakage of their privacy information. Contract theory provides an effective incentive mechanism to encourage participants to participate in FL. Existing contract-based incentive mechanisms consider participants’ types but ignore the different contributions of participants within the same type during the training. This paper first introduces a metric, reputation, to evaluate the contribution of participants in each iteration, and then proposes a hybrid contract mechanism consisting of a short-term contract and a long-term contract. Only the participants with reputations higher than a pre-defined threshold can sign the long-term contract. We formulate the solution of the long-term contract mechanism as an optimization problem with constraints. We further simplify the constraints of the long-term contract optimization problem, and theoretically analyze the correctness of the simplification to greatly reduce its computational complexity. We prove that the model owner achieves more profit with the hybrid contract mechanism. Simulations with the MNIST dataset show that the long-term contract improves the model accuracy by at least 5% compared with the existing contracts. Furthermore, compared with the short-term contract, participants signing the long-term contract are granted more rewards.
{"title":"Contract-Based Incentive Mechanism for Long-Term Participation in Federated Learning","authors":"Xiujun Xu;Qi Wang;Qingshan Wang;Yinlong Xu","doi":"10.1109/TNSM.2026.3657419","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3657419","url":null,"abstract":"Federated learning (FL), as a newly-developing technique, brings the advantage of organizing multiple participants to learn together, while avoiding the leakage of their privacy information. Contract theory provides an effective incentive mechanism to encourage participants to participate in FL. Existing contract-based incentive mechanisms consider participants’ types but ignore the different contributions of participants within the same type during the training. This paper first introduces a metric, reputation, to evaluate the contribution of participants in each iteration, and then proposes a hybrid contract mechanism consisting of a short-term contract and a long-term contract. Only the participants with reputations higher than a pre-defined threshold can sign the long-term contract. We formulate the solution of the long-term contract mechanism as an optimization problem with constraints. We further simplify the constraints of the long-term contract optimization problem, and theoretically analyze the correctness of the simplification to greatly reduce its computational complexity. We prove that the model owner achieves more profit with the hybrid contract mechanism. Simulations with the MNIST dataset show that the long-term contract improves the model accuracy by at least 5% compared with the existing contracts. Furthermore, compared with the short-term contract, participants signing the long-term contract are granted more rewards.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2367-2380"},"PeriodicalIF":5.4,"publicationDate":"2026-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-23DOI: 10.1109/TNSM.2026.3656973
Zhenyang Guo;Jin Cao;XiongPeng Ren;Yuchen Zhou;Lifu Cheng;Peijie Yin;Hui Li
Currently, Unmanned Aerial Vehicles (UAV) groups can quickly build a multi-hop transmission network, which have been widely utilized in emergency communication scenarios to perform search and rescue, environmental monitoring, personnel positioning, rapid networking, etc. In such emergency rescue situations, strict demands on real-time communication, security, and minimal resource consumption become paramount. Higher requirements for security, bandwidth, and real-time performance necessitate a secure and lightweight data transmission protocol. Additionally, due to the lack of personnel supervision in these scenarios, the probability of malicious nodes increases. Therefore, it is essential to quickly and proximally block malicious nodes’ data to prevent it from affecting subsequent network propagation, and to accurately identify the malicious nodes. To address these issues, in this paper, we propose a traceable, lightweight, and secure data transmission protocol for UAV multi-hop networks in emergency rescue scenarios. The proposed protocol can verify the integrity of data transmitted by a large number of nodes in real time, detect erroneous transmissions, and trace malicious users. Experimental results show that our protocol consistently outperforms the comparison schemes in terms of computational overhead. Moreover, in scenarios involving smaller groups (m = 5) and fewer hops (n = 4), it exhibits significantly lower communication bandwidth overhead than the reference methods. Security analysis using BAN logic and the formal verification tool Scyther indicates that the proposed scheme meets security requirements. Additionally, comparative analysis results demonstrate that the proposed scheme is highly effective and outperforms other related schemes under the unique constraints of emergency rescue scenarios, where rapid, secure decision-making and data transmission are critical.
{"title":"LDST-UAVS: A Lightweight Data Secure Transmission Protocol for Unmanned Aerial Vehicle Swarms in Emergency Rescue Scenarios","authors":"Zhenyang Guo;Jin Cao;XiongPeng Ren;Yuchen Zhou;Lifu Cheng;Peijie Yin;Hui Li","doi":"10.1109/TNSM.2026.3656973","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3656973","url":null,"abstract":"Currently, Unmanned Aerial Vehicles (UAV) groups can quickly build a multi-hop transmission network, which have been widely utilized in emergency communication scenarios to perform search and rescue, environmental monitoring, personnel positioning, rapid networking, etc. In such emergency rescue situations, strict demands on real-time communication, security, and minimal resource consumption become paramount. Higher requirements for security, bandwidth, and real-time performance necessitate a secure and lightweight data transmission protocol. Additionally, due to the lack of personnel supervision in these scenarios, the probability of malicious nodes increases. Therefore, it is essential to quickly and proximally block malicious nodes’ data to prevent it from affecting subsequent network propagation, and to accurately identify the malicious nodes. To address these issues, in this paper, we propose a traceable, lightweight, and secure data transmission protocol for UAV multi-hop networks in emergency rescue scenarios. The proposed protocol can verify the integrity of data transmitted by a large number of nodes in real time, detect erroneous transmissions, and trace malicious users. Experimental results show that our protocol consistently outperforms the comparison schemes in terms of computational overhead. Moreover, in scenarios involving smaller groups (m = 5) and fewer hops (n = 4), it exhibits significantly lower communication bandwidth overhead than the reference methods. Security analysis using BAN logic and the formal verification tool Scyther indicates that the proposed scheme meets security requirements. Additionally, comparative analysis results demonstrate that the proposed scheme is highly effective and outperforms other related schemes under the unique constraints of emergency rescue scenarios, where rapid, secure decision-making and data transmission are critical.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2258-2279"},"PeriodicalIF":5.4,"publicationDate":"2026-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-22DOI: 10.1109/TNSM.2026.3656925
Fekri Saleh;Abraham O. Fapojuwo;Diwakar Krishnamurthy
Smart city applications require diverse fifth generation network services with stringent performance and isolation requirements, necessitating scalable and efficient network slicing mechanisms. This paper proposes a novel framework for flow-based network slicing in edge cloud environments, termed virtual edge (vEdge). The framework leverages virtual medium access control addresses to identify flows at the data link layer (Layer 2), achieving robust flow-based slice isolation and efficient resource management. The proposed solution integrates a vEdge software module within the software defined networking controller to create, manage, and isolate network slices for both Third Generation Partnership Project (3GPP) and non-3GPP devices. By isolating traffic at Layer 2, the framework simplifies address matching and eliminates the computational overhead associated with deep packet inspection at upper layers (e.g., Layer 3/4 or Layer 7). The proposed vEdge further provides customizable flow-based network slices, each managed by a dedicated controller, providing self-contained virtual networks tailored to diverse applications within the smart city sector. Experimental evaluations demonstrate the efficacy of vEdge in enhancing network performance, achieving a 30% reduction in latency compared to flow-based network slicing that uses non-Layer 2 parameters to identify flows.
{"title":"vEdge: Flow-Based Network Slicing for Smart Cities in Edge Cloud Environments","authors":"Fekri Saleh;Abraham O. Fapojuwo;Diwakar Krishnamurthy","doi":"10.1109/TNSM.2026.3656925","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3656925","url":null,"abstract":"Smart city applications require diverse fifth generation network services with stringent performance and isolation requirements, necessitating scalable and efficient network slicing mechanisms. This paper proposes a novel framework for flow-based network slicing in edge cloud environments, termed virtual edge (vEdge). The framework leverages virtual medium access control addresses to identify flows at the data link layer (Layer 2), achieving robust flow-based slice isolation and efficient resource management. The proposed solution integrates a vEdge software module within the software defined networking controller to create, manage, and isolate network slices for both Third Generation Partnership Project (3GPP) and non-3GPP devices. By isolating traffic at Layer 2, the framework simplifies address matching and eliminates the computational overhead associated with deep packet inspection at upper layers (e.g., Layer 3/4 or Layer 7). The proposed vEdge further provides customizable flow-based network slices, each managed by a dedicated controller, providing self-contained virtual networks tailored to diverse applications within the smart city sector. Experimental evaluations demonstrate the efficacy of vEdge in enhancing network performance, achieving a 30% reduction in latency compared to flow-based network slicing that uses non-Layer 2 parameters to identify flows.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2104-2115"},"PeriodicalIF":5.4,"publicationDate":"2026-01-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146082111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-21DOI: 10.1109/TNSM.2026.3656605
Marija Gajić;Marcin Bosk;Stanislav Lange;Thomas Zinner
5G and beyond provides connectivity for a variety of heterogeneous, often mission-critical services, placing stringent performance requirements on these systems. Providing satisfactory Quality of Experience (QoE) for diverse, coexisting applications prompts the network operators to enforce application-aware, efficient resource allocation schemes that can improve user-satisfaction, efficiency, and system utilization. For these purposes, QoS Flows and network slicing have been identified as key enablers. Those concepts move away from economy of scale, towards a fine-grained slice and flow handling with customized resource control for each application, application type, or slice. This work is particularly focused on transport slicing, where the shift towards fine-grained resource control has important implications for how network resources are scaled and optimally allocated. These aspects have been largely ignored in the existing literature. Furthermore, while capacity has been recognized as a key resource, selecting the appropriate queue size, granularity of the resource allocation scheme, and their relations with the number of clients are often neglected in the process of resource dimensioning. To address these shortcomings, we perform an in-depth evaluation of the effects that impact factors have on the overall QoE and system utilization using the OMNeT++ simulator. We show the optimization potential for QoE and resource utilization, and further formulate guidelines for efficient and QoE-aware resource allocation.
{"title":"QoE-Aware Transport Slicing Configuration: Improving Application Performance in Beyond-5G Networks","authors":"Marija Gajić;Marcin Bosk;Stanislav Lange;Thomas Zinner","doi":"10.1109/TNSM.2026.3656605","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3656605","url":null,"abstract":"5G and beyond provides connectivity for a variety of heterogeneous, often mission-critical services, placing stringent performance requirements on these systems. Providing satisfactory Quality of Experience (QoE) for diverse, coexisting applications prompts the network operators to enforce application-aware, efficient resource allocation schemes that can improve user-satisfaction, efficiency, and system utilization. For these purposes, QoS Flows and network slicing have been identified as key enablers. Those concepts move away from economy of scale, towards a fine-grained slice and flow handling with customized resource control for each application, application type, or slice. This work is particularly focused on transport slicing, where the shift towards fine-grained resource control has important implications for how network resources are scaled and optimally allocated. These aspects have been largely ignored in the existing literature. Furthermore, while capacity has been recognized as a key resource, selecting the appropriate queue size, granularity of the resource allocation scheme, and their relations with the number of clients are often neglected in the process of resource dimensioning. To address these shortcomings, we perform an in-depth evaluation of the effects that impact factors have on the overall QoE and system utilization using the OMNeT++ simulator. We show the optimization potential for QoE and resource utilization, and further formulate guidelines for efficient and QoE-aware resource allocation.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2116-2134"},"PeriodicalIF":5.4,"publicationDate":"2026-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146082206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-20DOI: 10.1109/TNSM.2026.3656378
Qian Yang;Suoping Li;Jaafar Gaber;Sa Yang
Dynamic spectrum access (DSA) is one of the pivotal technologies that is widely recognized to be able to cope with the massive demand for limited spectrum resources by massive data in 5G/B5G networks. To address spectrum fragmentation and sharing in 5G/B5G cognitive radio ad hoc networks (CRAHNs), based on the DSA technique, this paper proposes an optimal matched channel selection strategy with finite buffer (OMCS-FB). In the OMCS-FB, a cognitive user (CU) with the transmission request selects the channel whose idle time optimally matches its transmission time rather than selecting the channel with the longest idle time; if the CU fails to access the channel, the CU enters the buffer and waits for the next transmission opportunity. A $(mathrm {K}+1)$ -layer continuous-time Markov chain (CTMC) with the number of primary users (PUs) and CUs in primary channels and the number of CUs in the buffer as 3-D metrics is established, which can effectively portray the activity behavior of users and the occupancy states of primary channels under the OMCS-FB. The CTMC rate steady-state equations are then solved using the successive over-relaxation (SOR) iterative algorithm to obtain the system steady-state probability distributions and performance metrics. The results show that the OMCS-FB effectively suppresses spectrum fragmentation of the MAC layer in the time dimension and enables efficient spectrum sharing among CUs and PUs, as verified by Monte Carlo simulation.
{"title":"An Optimal Matching Channel Selection Strategy Based on (K+1)-Layer 3-D CTMC for Suppressing Spectrum Fragmentation in 5G/B5G Cognitive Radio Ad Hoc Networks","authors":"Qian Yang;Suoping Li;Jaafar Gaber;Sa Yang","doi":"10.1109/TNSM.2026.3656378","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3656378","url":null,"abstract":"Dynamic spectrum access (DSA) is one of the pivotal technologies that is widely recognized to be able to cope with the massive demand for limited spectrum resources by massive data in 5G/B5G networks. To address spectrum fragmentation and sharing in 5G/B5G cognitive radio ad hoc networks (CRAHNs), based on the DSA technique, this paper proposes an optimal matched channel selection strategy with finite buffer (OMCS-FB). In the OMCS-FB, a cognitive user (CU) with the transmission request selects the channel whose idle time optimally matches its transmission time rather than selecting the channel with the longest idle time; if the CU fails to access the channel, the CU enters the buffer and waits for the next transmission opportunity. A <inline-formula> <tex-math>$(mathrm {K}+1)$ </tex-math></inline-formula>-layer continuous-time Markov chain (CTMC) with the number of primary users (PUs) and CUs in primary channels and the number of CUs in the buffer as 3-D metrics is established, which can effectively portray the activity behavior of users and the occupancy states of primary channels under the OMCS-FB. The CTMC rate steady-state equations are then solved using the successive over-relaxation (SOR) iterative algorithm to obtain the system steady-state probability distributions and performance metrics. The results show that the OMCS-FB effectively suppresses spectrum fragmentation of the MAC layer in the time dimension and enables efficient spectrum sharing among CUs and PUs, as verified by Monte Carlo simulation.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2223-2243"},"PeriodicalIF":5.4,"publicationDate":"2026-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175668","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Compared to 4G, the designed authentication and key agreement protocol for 5G communication (5G-AKA) offers better security. State-of-the-art shows that various protocols indicate the flaws in the 5G-AKA and suggest solutions primarily for the desynchronization attack, traceability attack, and perfect forward secrecy. However, most authentication protocols fail to facilitate the device stolen attack and are expensive; they also do not consider the prominent security issues such as post-compromise security and non-repudiation. Considering the above demerits of these protocols and the necessity to offer additional security, a provably secure lightweight 5G-AKA multi-factor authentication protocol relying on an extendable output function is proposed. The security of the proposed work has been confirmed informally and formally (ROR logic, GNY logic, and Scyther tool) to ensure that the proposed work handles all types of attacks and offers additional security features, such as post-compromise features and non-repudiation. Furthermore, we compute the performance of the proposed work and compare it with its counterparts to show that our work is less costly and more suitable for lightweight devices than others in terms of computational, communication, storage, and energy consumption cost.
{"title":"A Provably Secure Lightweight Three-Factor 5G-AKA Authentication Protocol Relying on an Extendable Output Function","authors":"Awaneesh Kumar Yadav;An Braeken;Madhusanka Liyanage","doi":"10.1109/TNSM.2026.3656167","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3656167","url":null,"abstract":"Compared to 4G, the designed authentication and key agreement protocol for 5G communication (5G-AKA) offers better security. State-of-the-art shows that various protocols indicate the flaws in the 5G-AKA and suggest solutions primarily for the desynchronization attack, traceability attack, and perfect forward secrecy. However, most authentication protocols fail to facilitate the device stolen attack and are expensive; they also do not consider the prominent security issues such as post-compromise security and non-repudiation. Considering the above demerits of these protocols and the necessity to offer additional security, a provably secure lightweight 5G-AKA multi-factor authentication protocol relying on an extendable output function is proposed. The security of the proposed work has been confirmed informally and formally (ROR logic, GNY logic, and Scyther tool) to ensure that the proposed work handles all types of attacks and offers additional security features, such as post-compromise features and non-repudiation. Furthermore, we compute the performance of the proposed work and compare it with its counterparts to show that our work is less costly and more suitable for lightweight devices than others in terms of computational, communication, storage, and energy consumption cost.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2396-2414"},"PeriodicalIF":5.4,"publicationDate":"2026-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-19DOI: 10.1109/TNSM.2026.3655704
Xiaofeng Liu;Naigong Zheng;Fuliang Li
Although Software-Defined Network (SDN) has gained popularity in real-world deployments for its flexible management paradigm, its centralized control principle leads to various known performance issues. In this paper, we propose SDN-Mirror, a novel generalized delay analytical model based on network calculus, to interpret how the performance is affected and to illustrate how to accelerate the performance as well. We first elaborate the impact of parameters on packet forwarding delay in SDN, including device capacity, flow features and cache size. Then, building upon the analysis, we establish SDN-Mirror, which acts like a mirror, capable of not only precisely representing the relation between packet forwarding delay and each parameter but also verifying the effectiveness of optimization policies. At last, we evaluate SDN-Mirror by quantifying how each parameter affects the forwarding delay under different table matching states. We also verify a performance improvement policy with the optimized SDN-Mirror and experiment results show that packet forwarding delays of kernel space matching flow, userspace matching flow and unmatched flow can be reduced by 39.8%, 20.7% and 13.2%, respectively.
{"title":"Don’t Let SDN Obsolete: Interpreting Software-Defined Networks With Network Calculus","authors":"Xiaofeng Liu;Naigong Zheng;Fuliang Li","doi":"10.1109/TNSM.2026.3655704","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3655704","url":null,"abstract":"Although Software-Defined Network (SDN) has gained popularity in real-world deployments for its flexible management paradigm, its centralized control principle leads to various known performance issues. In this paper, we propose SDN-Mirror, a novel generalized delay analytical model based on network calculus, to interpret how the performance is affected and to illustrate how to accelerate the performance as well. We first elaborate the impact of parameters on packet forwarding delay in SDN, including device capacity, flow features and cache size. Then, building upon the analysis, we establish SDN-Mirror, which acts like a mirror, capable of not only precisely representing the relation between packet forwarding delay and each parameter but also verifying the effectiveness of optimization policies. At last, we evaluate SDN-Mirror by quantifying how each parameter affects the forwarding delay under different table matching states. We also verify a performance improvement policy with the optimized SDN-Mirror and experiment results show that packet forwarding delays of kernel space matching flow, userspace matching flow and unmatched flow can be reduced by 39.8%, 20.7% and 13.2%, respectively.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2092-2103"},"PeriodicalIF":5.4,"publicationDate":"2026-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146082138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-19DOI: 10.1109/TNSM.2026.3656015
Xinshuo Wang;Lei Liu;Baihua Chen;Yifei Li
Congestion control (CC) is essential for achieving ultra-low latency, high bandwidth, and network stability in high-speed networks. However, modern high-performance RDMA networks, crucial for distributed applications, face significant performance degradation due to limitations of existing CC schemes. Most conventional approaches rely on congestion notification signals that must traverse the queuing data path before congestion signals can be sent back to the sender, causing delayed responses and severe performance collapse. This study proposes Explicit Notification Congestion Control (ENCC), a novel high-speed CC mechanism that achieves low latency, high throughput, and strong network stability. ENCC employs switches to directly notify the sender of precise link load information and avoid notification signal queuing. This allows precise sender-side rate control and queue regulation. ENCC also ensures fairness and easy deployment in hardware. We implement ENCC based on FPGA network interface cards and programmable switches. Evaluation results show that ENCC achieves substantial throughput improvements over representative baseline algorithms, with gains of up to $16.6times $ in representative scenarios, while incurring minimal additional latency.
{"title":"ENCC: Explicit Notification Congestion Control in RDMA","authors":"Xinshuo Wang;Lei Liu;Baihua Chen;Yifei Li","doi":"10.1109/TNSM.2026.3656015","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3656015","url":null,"abstract":"Congestion control (CC) is essential for achieving ultra-low latency, high bandwidth, and network stability in high-speed networks. However, modern high-performance RDMA networks, crucial for distributed applications, face significant performance degradation due to limitations of existing CC schemes. Most conventional approaches rely on congestion notification signals that must traverse the queuing data path before congestion signals can be sent back to the sender, causing delayed responses and severe performance collapse. This study proposes Explicit Notification Congestion Control (ENCC), a novel high-speed CC mechanism that achieves low latency, high throughput, and strong network stability. ENCC employs switches to directly notify the sender of precise link load information and avoid notification signal queuing. This allows precise sender-side rate control and queue regulation. ENCC also ensures fairness and easy deployment in hardware. We implement ENCC based on FPGA network interface cards and programmable switches. Evaluation results show that ENCC achieves substantial throughput improvements over representative baseline algorithms, with gains of up to <inline-formula> <tex-math>$16.6times $ </tex-math></inline-formula> in representative scenarios, while incurring minimal additional latency.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2415-2427"},"PeriodicalIF":5.4,"publicationDate":"2026-01-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-15DOI: 10.1109/TNSM.2026.3654889
Apurba Adhikary;Avi Deb Raha;Yu Qiao;Md. Shirajum Munir;Mrityunjoy Gain;Zhu Han;Choong Seon Hong
This paper proposes an AI framework that leverages integrated sensing and communication (ISAC), aided by the age of sensing (AoS) to ensure the timely location updates of the users for a holographic MIMO (HMIMO)-assisted base station (BS)-enabled wireless network. The AI-driven framework aims to achieve optimized power allocation for efficient beamforming by activating the minimal number of grids from the HMIMO BS for serving the users. An optimization problem is formulated to maximize the sensing utility function, aiming to maximize the communication signal-to-interference-plus-noise ratio (SINR${_{c}}$ ) of the received signals and beam-pattern gains to improve the sensing SINR of reflected echo signals, which in turn maximizes the achievable rate of users. A novel AI-driven framework is presented to tackle the formulated NP-hard problem that divides it into two problems: a sensing problem and a power allocation problem. The sensing problem is solved by employing a variational autoencoder (VAE)-based mechanism that obtains the sensing information leveraging AoS, which is used for the location update. Subsequently, a deep deterministic policy gradient-based deep reinforcement learning scheme is devised to allocate the desired power by activating the required grids based on the sensing information achieved with the VAE-based mechanism. Simulation results demonstrate the superior performance of the proposed AI framework compared to advantage actor-critic and deep Q-network-based methods, achieving a cumulative average SINR${_{c}}$ improvement of 8.5 dB and 10.27 dB, and a cumulative average achievable rate improvement of 21.59 bps/Hz and 4.22 bps/Hz, respectively. Therefore, our proposed AI-driven framework guarantees efficient power allocation for holographic beamforming through ISAC schemes leveraging AoS.
{"title":"Age of Sensing Empowered Holographic ISAC Framework for nextG Wireless Networks: A VAE and DRL Approach","authors":"Apurba Adhikary;Avi Deb Raha;Yu Qiao;Md. Shirajum Munir;Mrityunjoy Gain;Zhu Han;Choong Seon Hong","doi":"10.1109/TNSM.2026.3654889","DOIUrl":"https://doi.org/10.1109/TNSM.2026.3654889","url":null,"abstract":"This paper proposes an AI framework that leverages integrated sensing and communication (ISAC), aided by the age of sensing (AoS) to ensure the timely location updates of the users for a holographic MIMO (HMIMO)-assisted base station (BS)-enabled wireless network. The AI-driven framework aims to achieve optimized power allocation for efficient beamforming by activating the minimal number of grids from the HMIMO BS for serving the users. An optimization problem is formulated to maximize the sensing utility function, aiming to maximize the communication signal-to-interference-plus-noise ratio (SINR<inline-formula> <tex-math>${_{c}}$ </tex-math></inline-formula>) of the received signals and beam-pattern gains to improve the sensing SINR of reflected echo signals, which in turn maximizes the achievable rate of users. A novel AI-driven framework is presented to tackle the formulated NP-hard problem that divides it into two problems: a sensing problem and a power allocation problem. The sensing problem is solved by employing a variational autoencoder (VAE)-based mechanism that obtains the sensing information leveraging AoS, which is used for the location update. Subsequently, a deep deterministic policy gradient-based deep reinforcement learning scheme is devised to allocate the desired power by activating the required grids based on the sensing information achieved with the VAE-based mechanism. Simulation results demonstrate the superior performance of the proposed AI framework compared to advantage actor-critic and deep Q-network-based methods, achieving a cumulative average SINR<inline-formula> <tex-math>${_{c}}$ </tex-math></inline-formula> improvement of 8.5 dB and 10.27 dB, and a cumulative average achievable rate improvement of 21.59 bps/Hz and 4.22 bps/Hz, respectively. Therefore, our proposed AI-driven framework guarantees efficient power allocation for holographic beamforming through ISAC schemes leveraging AoS.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"2325-2349"},"PeriodicalIF":5.4,"publicationDate":"2026-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: