Pub Date : 2025-11-19DOI: 10.1109/TNSM.2025.3634742
Keke Zheng;Mai Zhang;Mimi Qian;Waiming Lau;Lin Cui
Detecting the top-k heaviest items in network traffic is fundamental to traffic engineering, congestion control, and security analytics. Controller-side solutions suffer from high communication latency and heavy resource overhead, motivating the migration of this task to programmable data planes (PDP). However, PDP hardware (e.g., Tofino ASIC) offers only a few megabytes of on-chip SRAM per pipeline stage and supports neither loops nor complex arithmetic, making accurate top-k detection highly challenging. This paper proposes sketchPro, a novel sketch-based solution that employs a probabilistic update scheme to retain large items, enabling accurate top-k identification on PDP with minimal memory. sketchPro dynamically adjusts the probability of updates based on the current statistical size of the items and the frequency of hash collisions, thus allowing sketchPro to effectively detect top-k items. We have implemented sketchPro on PDP, including P4 software switch (i.e., BMv2) and hardware switch (Intel Tofino ASIC). Extensive evaluation results demonstrate that sketchPro can achieve more than 95% precision with only 10KB of memory.
{"title":"sketchPro: Identifying Top-k Items Based on Probabilistic Update on Programmable Data Plane","authors":"Keke Zheng;Mai Zhang;Mimi Qian;Waiming Lau;Lin Cui","doi":"10.1109/TNSM.2025.3634742","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3634742","url":null,"abstract":"Detecting the top-k heaviest items in network traffic is fundamental to traffic engineering, congestion control, and security analytics. Controller-side solutions suffer from high communication latency and heavy resource overhead, motivating the migration of this task to programmable data planes (PDP). However, PDP hardware (e.g., Tofino ASIC) offers only a few megabytes of on-chip SRAM per pipeline stage and supports neither loops nor complex arithmetic, making accurate top-k detection highly challenging. This paper proposes sketchPro, a novel sketch-based solution that employs a probabilistic update scheme to retain large items, enabling accurate top-k identification on PDP with minimal memory. sketchPro dynamically adjusts the probability of updates based on the current statistical size of the items and the frequency of hash collisions, thus allowing sketchPro to effectively detect top-k items. We have implemented sketchPro on PDP, including P4 software switch (i.e., BMv2) and hardware switch (Intel Tofino ASIC). Extensive evaluation results demonstrate that sketchPro can achieve more than 95% precision with only 10KB of memory.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"803-813"},"PeriodicalIF":5.4,"publicationDate":"2025-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145852515","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-19DOI: 10.1109/TNSM.2025.3635529
Hoda Sedighi;Fetahi Wuhib;Roch H. Glitho
The growing demand for computational power in cloud computing has made Graphics Processing Units (GPUs) essential for providing substantial computational capacity. Efficiently allocating GPU resources is crucial due to their high cost. Additionally, it’s necessary to consider cloud environment characteristics, such as dynamic workloads, multi-tenancy, and requirements like isolation. One key challenge is efficiently allocating GPU resources while maintaining isolation and adapting to dynamic workload fluctuations. Another challenge is ensuring scheduling maintains fairness between tenants while meeting task requirements (e.g., completion deadlines). While existing approaches have addressed each challenge individually, none have tackled both challenges simultaneously. This is especially important in dynamic environments where applications continuously request and release GPU resources. This paper introduces a new dynamic GPU resource allocation method, incorporating fair and requirement-aware task scheduling. We present a novel algorithm that leverages the multitasking capabilities of GPUs supported by both hardware and software. The algorithm schedules tasks and continuously reassesses resource allocation as new tasks arrive to ensure fairness. Simultaneously, it adjusts allocations to maintain isolation and satisfy task requirements. Experimental results indicate that our proposed algorithm offers several advantages over existing state-of-the-art solutions. It reduces GPU resource usage by 88% and significantly decreases task completion times.
{"title":"Dynamic Task Scheduling and Adaptive GPU Resource Allocation in the Cloud","authors":"Hoda Sedighi;Fetahi Wuhib;Roch H. Glitho","doi":"10.1109/TNSM.2025.3635529","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3635529","url":null,"abstract":"The growing demand for computational power in cloud computing has made Graphics Processing Units (GPUs) essential for providing substantial computational capacity. Efficiently allocating GPU resources is crucial due to their high cost. Additionally, it’s necessary to consider cloud environment characteristics, such as dynamic workloads, multi-tenancy, and requirements like isolation. One key challenge is efficiently allocating GPU resources while maintaining isolation and adapting to dynamic workload fluctuations. Another challenge is ensuring scheduling maintains fairness between tenants while meeting task requirements (e.g., completion deadlines). While existing approaches have addressed each challenge individually, none have tackled both challenges simultaneously. This is especially important in dynamic environments where applications continuously request and release GPU resources. This paper introduces a new dynamic GPU resource allocation method, incorporating fair and requirement-aware task scheduling. We present a novel algorithm that leverages the multitasking capabilities of GPUs supported by both hardware and software. The algorithm schedules tasks and continuously reassesses resource allocation as new tasks arrive to ensure fairness. Simultaneously, it adjusts allocations to maintain isolation and satisfy task requirements. Experimental results indicate that our proposed algorithm offers several advantages over existing state-of-the-art solutions. It reduces GPU resource usage by 88% and significantly decreases task completion times.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1112-1127"},"PeriodicalIF":5.4,"publicationDate":"2025-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145929297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-19DOI: 10.1109/TNSM.2025.3635028
Nguyen Phuc Tran;Oscar Delgado;Brigitte Jaumard
Ensuring the highest levels of performance and reliability for customized services in fifth-generation (5G) and beyond (B5G) networks requires the automation of resource management within network slices. In this paper, we propose PCLANSA, a proactive closed-loop algorithm that dynamically allocates and scales resources to meet the demands of diverse applications in real time for an end-to-end (E2E) network slice. In our experiment, PCLANSA was evaluated to ensure that each virtual network function is allocated the resources it requires, thereby maximizing efficiency and minimizing waste. This goal is achieved through the intelligent scaling of virtual network functions. The benefits of PCLANSA have been demonstrated across various network slice types, including eMBB, mMTC, uRLLC, and VoIP. This finding indicates the potential for substantial gains in resource utilization and cost savings, with the possibility of reducing over-provisioning by up to 54.85%.
{"title":"Proactive Service Assurance in 5G and B5G Networks: A Closed-Loop Algorithm for End-to-End Network Slices","authors":"Nguyen Phuc Tran;Oscar Delgado;Brigitte Jaumard","doi":"10.1109/TNSM.2025.3635028","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3635028","url":null,"abstract":"Ensuring the highest levels of performance and reliability for customized services in fifth-generation (5G) and beyond (B5G) networks requires the automation of resource management within network slices. In this paper, we propose <sc>PCLANSA</small>, a proactive closed-loop algorithm that dynamically allocates and scales resources to meet the demands of diverse applications in real time for an end-to-end (E2E) network slice. In our experiment, <sc>PCLANSA</small> was evaluated to ensure that each virtual network function is allocated the resources it requires, thereby maximizing efficiency and minimizing waste. This goal is achieved through the intelligent scaling of virtual network functions. The benefits of <sc>PCLANSA</small> have been demonstrated across various network slice types, including eMBB, mMTC, uRLLC, and VoIP. This finding indicates the potential for substantial gains in resource utilization and cost savings, with the possibility of reducing over-provisioning by up to 54.85%.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"668-680"},"PeriodicalIF":5.4,"publicationDate":"2025-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145852505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The reliance on Network Function Virtualization (NFV) and Software-Defined Network (SDN) introduces a wide variety of security risks in Service Function Chain (SFC), necessitating the implementation of automated security measures to safeguard ongoing service delivery. To address the security risks faced by online SFCs and the shortcomings of traditional manual configuration, we introduce Intent-Based Networking (IBN) for the first time to propose an automatic security enhancement method through embedding Network Security Functions (NSFs). However, the diverse security requirements and performance requirements of SFCs pose significant challenges to the translation from intents to NSF embedding schemes, which manifest in two main aspects. In the logical orchestration stage, NSF composition consisting of NSF sets and their logical embedding locations will significantly impact the security effect. So security intent language model, a formalized method, is proposed to express the security intents. Additionally, NSF Embedding Model Generation Algorithm (EMGA) is designed to determine NSF composition by utilizing NSF capability label model and NSF collaboration model, where NSF composition can be further formulated as NSF embedding model. In the physical embedding stage, the differentiated service requirements among SFCs result in NSF embedded model obtained by EMGA being a multi-objective optimization problem with variable objectives. Therefore, Adaptive Security-aware Embedding Algorithm (ASEA) featuring adaptive link weight mapping mechanism is proposed to solve the optimal NSF embedding schemes. This enables the automatic translation of security intents into NSF embedding schemes, ensuring that both security requirements are met and service performance is guaranteed. We develop the system instance to verify the feasibility of intent translation solution, and massive evaluations demonstrate that ASEA algorithm has better performance compared with the existing works in the diverse requirement scenarios.
对NFV (Network Function Virtualization)和SDN (Software-Defined Network)技术的依赖给SFC (Service Function Chain)带来了各种各样的安全风险,需要实施自动化的安全措施来保障持续的业务交付。针对在线sfc面临的安全风险和传统手工配置的不足,本文首次引入基于意图的网络(IBN),提出了一种通过嵌入网络安全功能(nsf)实现自动安全增强的方法。然而,sfc不同的安全需求和性能需求给从意图到NSF嵌入方案的转换带来了重大挑战,主要表现在两个方面。在逻辑编排阶段,由NSF集合组成的NSF组合及其逻辑嵌入位置将显著影响安全效果。为此,提出了一种形式化的安全意图表达方法——安全意图语言模型。设计了NSF嵌入模型生成算法(EMGA),利用NSF能力标签模型和NSF协作模型确定NSF组成,其中NSF组成可进一步表述为NSF嵌入模型。在物理嵌入阶段,sfc之间服务需求的差异导致EMGA得到的NSF嵌入模型是一个多目标变目标优化问题。为此,提出了基于自适应链路权重映射机制的自适应安全感知嵌入算法(ASEA)来求解最优的NSF嵌入方案。自动将安全意图转换为NSF嵌入方案,既能满足安全需求,又能保证业务性能。我们开发了系统实例来验证意图转换解决方案的可行性,大量的评估表明,在不同的需求场景下,ASEA算法比现有的工作具有更好的性能。
{"title":"Intent-Based Automatic Security Enhancement Method Toward Service Function Chain","authors":"Deqiang Zhou;Xinsheng Ji;Wei You;Hang Qiu;Yu Zhao;Mingyan Xu","doi":"10.1109/TNSM.2025.3635228","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3635228","url":null,"abstract":"The reliance on Network Function Virtualization (NFV) and Software-Defined Network (SDN) introduces a wide variety of security risks in Service Function Chain (SFC), necessitating the implementation of automated security measures to safeguard ongoing service delivery. To address the security risks faced by online SFCs and the shortcomings of traditional manual configuration, we introduce Intent-Based Networking (IBN) for the first time to propose an automatic security enhancement method through embedding Network Security Functions (NSFs). However, the diverse security requirements and performance requirements of SFCs pose significant challenges to the translation from intents to NSF embedding schemes, which manifest in two main aspects. In the logical orchestration stage, NSF composition consisting of NSF sets and their logical embedding locations will significantly impact the security effect. So security intent language model, a formalized method, is proposed to express the security intents. Additionally, NSF Embedding Model Generation Algorithm (EMGA) is designed to determine NSF composition by utilizing NSF capability label model and NSF collaboration model, where NSF composition can be further formulated as NSF embedding model. In the physical embedding stage, the differentiated service requirements among SFCs result in NSF embedded model obtained by EMGA being a multi-objective optimization problem with variable objectives. Therefore, Adaptive Security-aware Embedding Algorithm (ASEA) featuring adaptive link weight mapping mechanism is proposed to solve the optimal NSF embedding schemes. This enables the automatic translation of security intents into NSF embedding schemes, ensuring that both security requirements are met and service performance is guaranteed. We develop the system instance to verify the feasibility of intent translation solution, and massive evaluations demonstrate that ASEA algorithm has better performance compared with the existing works in the diverse requirement scenarios.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1043-1060"},"PeriodicalIF":5.4,"publicationDate":"2025-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145852522","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-12DOI: 10.1109/TNSM.2025.3632162
Yuanpeng Zheng;Tiankui Zhang;Rong Huang;Yapeng Wang
Mobile edge computing (MEC) facilitates high reliability and low-latency applications by bringing computation and data storage closer to end-users. Intelligent computing is an important application of MEC, where computing resources are used to solve intelligent task-related problems based on task requirements. However, efficiently offloading computing and allocating resources for intelligent tasks in MEC systems is a challenging problem due to complex interactions between task requirements and MEC resources. To address this challenge, we investigate joint computing offloading and resource allocation for classification intelligence tasks (CITs) in MEC systems. Our goal is to optimize system utility by jointly considering computing accuracy and task delay to achieve maximum utility of our system. We focus on CITs and formulate an optimization problem that considers task characteristics including the accuracy requirements and the parallel computing capabilities in MEC systems. To solve the proposed problem, we decompose it into three subproblems: subcarrier allocation, computing capacity allocation and compression offloading. We use successive convex approximation and convex optimization method to derive optimized feasible solutions for the subcarrier allocation, offloading variable, computing capacity allocation, and compression ratio. Based on our solutions, we design an efficient joint computing offloading and resource allocation algorithm for CITs in MEC systems. Our simulation demonstrates that the proposed algorithm significantly improves the performance by 16.4% on average and achieves a flexible trade-off between system revenue and cost considering CITs compared with benchmarks.
{"title":"Joint Computing Offloading and Resource Allocation for Classification Intelligence Tasks in MEC Systems","authors":"Yuanpeng Zheng;Tiankui Zhang;Rong Huang;Yapeng Wang","doi":"10.1109/TNSM.2025.3632162","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3632162","url":null,"abstract":"Mobile edge computing (MEC) facilitates high reliability and low-latency applications by bringing computation and data storage closer to end-users. Intelligent computing is an important application of MEC, where computing resources are used to solve intelligent task-related problems based on task requirements. However, efficiently offloading computing and allocating resources for intelligent tasks in MEC systems is a challenging problem due to complex interactions between task requirements and MEC resources. To address this challenge, we investigate joint computing offloading and resource allocation for classification intelligence tasks (CITs) in MEC systems. Our goal is to optimize system utility by jointly considering computing accuracy and task delay to achieve maximum utility of our system. We focus on CITs and formulate an optimization problem that considers task characteristics including the accuracy requirements and the parallel computing capabilities in MEC systems. To solve the proposed problem, we decompose it into three subproblems: subcarrier allocation, computing capacity allocation and compression offloading. We use successive convex approximation and convex optimization method to derive optimized feasible solutions for the subcarrier allocation, offloading variable, computing capacity allocation, and compression ratio. Based on our solutions, we design an efficient joint computing offloading and resource allocation algorithm for CITs in MEC systems. Our simulation demonstrates that the proposed algorithm significantly improves the performance by 16.4% on average and achieves a flexible trade-off between system revenue and cost considering CITs compared with benchmarks.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1086-1099"},"PeriodicalIF":5.4,"publicationDate":"2025-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145929619","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the surging demand for data-intensive applications, ensuring seamless content delivery in Satellite-Terrestrial Integrated Networks (STINs) is crucial, especially for remote users. Dynamic Ad Insertion (DAI) enhances monetization and user experience, while Mobile Edge Computing (MEC) in STINs enables distributed content caching and ad insertion. However, satellite mobility and time-varying topologies cause service disruptions, while excessive or poorly placed ads risk user disengagement, impacting revenue. This paper proposes a novel framework that jointly addresses three challenges: (i) service continuity- and topology-aware content caching to adapt to STIN dynamics, (ii) Distributed DAI (D-DAI) that minimizes feeder link load and storage overhead by avoiding redundant ad-variant content storage through distributed ad stitching, and (iii) revenue-aware content distribution that explicitly models user disengagement due to ad overload to balance monetization and user satisfaction. We formulate the problem as two hierarchical Integer Linear Programming (ILP) optimizations: one content caching that aims to maximize cache hit rate and another optimizing content distribution with DAI to maximize revenue, minimize end-user costs, and enhance user experience. We develop greedy algorithms for fast initialization and a Binary Particle Swarm Optimization (BPSO)–based strategy for enhanced performance. Simulation results demonstrate that the proposed approach achieves over a 4.5% increase in revenue and reduces cache retrieval delay by more than 39% compared to the benchmark algorithms.
{"title":"Revenue-Aware Seamless Content Distribution in Satellite-Terrestrial Integrated Networks","authors":"Haftay Gebreslasie Abreha;Ilora Maity;Youssouf Drif;Christos Politis;Symeon Chatzinotas","doi":"10.1109/TNSM.2025.3629810","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3629810","url":null,"abstract":"With the surging demand for data-intensive applications, ensuring seamless content delivery in Satellite-Terrestrial Integrated Networks (STINs) is crucial, especially for remote users. Dynamic Ad Insertion (DAI) enhances monetization and user experience, while Mobile Edge Computing (MEC) in STINs enables distributed content caching and ad insertion. However, satellite mobility and time-varying topologies cause service disruptions, while excessive or poorly placed ads risk user disengagement, impacting revenue. This paper proposes a novel framework that jointly addresses three challenges: (i) service continuity- and topology-aware content caching to adapt to STIN dynamics, (ii) Distributed DAI (D-DAI) that minimizes feeder link load and storage overhead by avoiding redundant ad-variant content storage through distributed ad stitching, and (iii) revenue-aware content distribution that explicitly models user disengagement due to ad overload to balance monetization and user satisfaction. We formulate the problem as two hierarchical Integer Linear Programming (ILP) optimizations: one content caching that aims to maximize cache hit rate and another optimizing content distribution with DAI to maximize revenue, minimize end-user costs, and enhance user experience. We develop greedy algorithms for fast initialization and a Binary Particle Swarm Optimization (BPSO)–based strategy for enhanced performance. Simulation results demonstrate that the proposed approach achieves over a 4.5% increase in revenue and reduces cache retrieval delay by more than 39% compared to the benchmark algorithms.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1128-1144"},"PeriodicalIF":5.4,"publicationDate":"2025-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11230879","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145852529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-06DOI: 10.1109/TNSM.2025.3629529
Muhammad Ashar Tariq;Malik Muhammad Saad;Dongkyun Kim
The evolution of 5G technology towards 5G-Advanced has introduced advanced vehicular applications with stringent Quality-of-Service (QoS) requirements. Addressing these demands necessitates intelligent resource management within the standard 3GPP network slicing framework. This paper proposes a novel resource management scheme leveraging a Deep Deterministic Policy Gradient (DDPG) algorithm implemented in the Network Slice Subnet Management Function (NSSMF). The scheme dynamically allocates resources to network slices based on real-time traffic demands while maintaining compatibility with existing infrastructure, ensuring cost-effectiveness. The proposed framework features a two-level architecture: the gNodeB optimizes slice-level resource allocation at the upper level, and vehicles reserve resources dynamically at the lower level using the 3GPP Semi-Persistent Scheduling (SPS) mechanism. Evaluation in a realistic, trace-based vehicular environment demonstrates the scheme’s superiority over traditional approaches, achieving higher Packet Delivery Ratio (PDR), improved Spectral Efficiency (SE), and adaptability under varying vehicular densities. These results underscore the potential of the proposed solution in meeting the QoS demands of critical 5G-Advanced vehicular applications.
{"title":"DDPG-Based Resource Management in Network Slicing for 5G-Advanced V2X Services","authors":"Muhammad Ashar Tariq;Malik Muhammad Saad;Dongkyun Kim","doi":"10.1109/TNSM.2025.3629529","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3629529","url":null,"abstract":"The evolution of 5G technology towards 5G-Advanced has introduced advanced vehicular applications with stringent Quality-of-Service (QoS) requirements. Addressing these demands necessitates intelligent resource management within the standard 3GPP network slicing framework. This paper proposes a novel resource management scheme leveraging a Deep Deterministic Policy Gradient (DDPG) algorithm implemented in the Network Slice Subnet Management Function (NSSMF). The scheme dynamically allocates resources to network slices based on real-time traffic demands while maintaining compatibility with existing infrastructure, ensuring cost-effectiveness. The proposed framework features a two-level architecture: the gNodeB optimizes slice-level resource allocation at the upper level, and vehicles reserve resources dynamically at the lower level using the 3GPP Semi-Persistent Scheduling (SPS) mechanism. Evaluation in a realistic, trace-based vehicular environment demonstrates the scheme’s superiority over traditional approaches, achieving higher Packet Delivery Ratio (PDR), improved Spectral Efficiency (SE), and adaptability under varying vehicular densities. These results underscore the potential of the proposed solution in meeting the QoS demands of critical 5G-Advanced vehicular applications.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1061-1075"},"PeriodicalIF":5.4,"publicationDate":"2025-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145852518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Enhanced system capacity is one of 5G goals. This will lead to massive heterogeneous devices in mobile networks. Mobile devices that lack basic security capability have chipset, operating system or software vulnerability. Attackers can perform Advanced Persistent Threat (APT) Attack for specific device models. In this paper, we propose an Adaptive Target Device Model Identification Attack (ATDMIA) that provides the prior knowledge for exploiting baseband vulnerability to perform targeted attacks. We discovered Globally Unique Temporary Identity (GUTI) Reuse in Evolved Packet Switching Fallback (EPSFB) and Leakage of User Equipment (UE) Capability vulnerability. Utilizing silent calls, an attacker can capture and correlate the signaling traces of the target subscriber from air interface within a specific geographic area. In addition, we design an adaptive identification algorithm which utilizes both invisible and explicit features of UE capability information to efficiently identify device models. We conducted an empirical study using 105 commercial devices, including network configuration, attack efficiency, time overhead and open-world evaluation experiments. The experimental results showed that ATDMIA can accurately correlate the EPSFB signaling traces of target victim and effectively identify the device model or manufacturer.
{"title":"Adaptive Target Device Model Identification Attack in 5G Mobile Network","authors":"Shaocong Feng;Baojiang Cui;Junsong Fu;Meiyi Jiang;Shengjia Chang","doi":"10.1109/TNSM.2025.3626804","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3626804","url":null,"abstract":"Enhanced system capacity is one of 5G goals. This will lead to massive heterogeneous devices in mobile networks. Mobile devices that lack basic security capability have chipset, operating system or software vulnerability. Attackers can perform Advanced Persistent Threat (APT) Attack for specific device models. In this paper, we propose an Adaptive Target Device Model Identification Attack (ATDMIA) that provides the prior knowledge for exploiting baseband vulnerability to perform targeted attacks. We discovered Globally Unique Temporary Identity (GUTI) Reuse in Evolved Packet Switching Fallback (EPSFB) and Leakage of User Equipment (UE) Capability vulnerability. Utilizing silent calls, an attacker can capture and correlate the signaling traces of the target subscriber from air interface within a specific geographic area. In addition, we design an adaptive identification algorithm which utilizes both invisible and explicit features of UE capability information to efficiently identify device models. We conducted an empirical study using 105 commercial devices, including network configuration, attack efficiency, time overhead and open-world evaluation experiments. The experimental results showed that ATDMIA can accurately correlate the EPSFB signaling traces of target victim and effectively identify the device model or manufacturer.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1028-1042"},"PeriodicalIF":5.4,"publicationDate":"2025-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145852524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Low-rate Denial of Service (LDoS) attacks use short, regular bursts of traffic to exploit vulnerabilities in network protocols. They are a major threat to network security, especially in Software-Defined Networking (SDN) frameworks. These attacks are challenging to detect and mitigate because of their low traffic volume, making it impossible to distinguish them from normal traffic. We propose a real-time LDoS attack detection and mitigation framework that can protect SDN. The framework incorporates a detection module that uses a deep learning model, such as a Generative Adversarial Network (GAN), to identify the attack. An efficient mitigation module follows detection, employing mechanisms to identify and filter harmful flows in real time. Deploying the framework into SDN controllers guarantees compliance with OpenFlow standards, thereby avoiding the necessity for additional hardware. Experimental results demonstrate that the proposed system achieves a detection accuracy of over 99.98% with an average response time of 8.58 s, significantly outperforming traditional LDoS detection approaches. This study presents a scalable, real-time methodology to enhance SDN resilience against LDoS attacks.
{"title":"Generative Adversarial Networks Based Low-Rate Denial of Service Attack Detection and Mitigation in Software-Defined Networks","authors":"Manjuluri Anil Kumar;Balaprakasa Rao Killi;Eiji Oki","doi":"10.1109/TNSM.2025.3625278","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3625278","url":null,"abstract":"Low-rate Denial of Service (LDoS) attacks use short, regular bursts of traffic to exploit vulnerabilities in network protocols. They are a major threat to network security, especially in Software-Defined Networking (SDN) frameworks. These attacks are challenging to detect and mitigate because of their low traffic volume, making it impossible to distinguish them from normal traffic. We propose a real-time LDoS attack detection and mitigation framework that can protect SDN. The framework incorporates a detection module that uses a deep learning model, such as a Generative Adversarial Network (GAN), to identify the attack. An efficient mitigation module follows detection, employing mechanisms to identify and filter harmful flows in real time. Deploying the framework into SDN controllers guarantees compliance with OpenFlow standards, thereby avoiding the necessity for additional hardware. Experimental results demonstrate that the proposed system achieves a detection accuracy of over 99.98% with an average response time of 8.58 s, significantly outperforming traditional LDoS detection approaches. This study presents a scalable, real-time methodology to enhance SDN resilience against LDoS attacks.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"925-939"},"PeriodicalIF":5.4,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145852545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-24DOI: 10.1109/TNSM.2025.3625404
Anurag Dutta;Sangita Roy;Rajat Subhra Chakraborty
In modern automobiles, a Controller Area Network (CAN) bus facilitates communication among all electronic control units for critical safety functions, including steering, braking, and fuel injection. However, due to the lack of security features, it may be vulnerable to malicious bus traffic-based attacks that cause the automobile to malfunction. Such malicious bus traffic can be the result of either external fabricated messages or direct injection through the on-board diagnostic port, highlighting the need for an effective intrusion detection system to efficiently identify suspicious network flows and potential intrusions. This work introduces Residually Interconnected and Superimposed Kolmogorov-Arnold Networks (RISK-4-Auto), a set of four deep neural network architectures for intrusion detection targeting in-vehicle network traffic classification. RISK-4-Auto models, when applied on three hexadecimally identifiable sequence-based open-source datasets (collected through direct injection in the on-board diagnostic port), outperform six state-of-the-art vehicular network intrusion detection systems (as per their accuracies) by $approx 1.0163$ % for all-class classification and $approx 2.5535$ % on focused (single-class) malicious flow detection. Additionally, RISK-4-Auto enjoys a significantly lower overhead than existing state-of-the-art models, and is suitable for real-time deployment in resource-constrained automotive environments.
{"title":"RISK-4-Auto: Residually Interconnected and Superimposed Kolmogorov-Arnold Networks for Automotive Network Traffic Classification","authors":"Anurag Dutta;Sangita Roy;Rajat Subhra Chakraborty","doi":"10.1109/TNSM.2025.3625404","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3625404","url":null,"abstract":"In modern automobiles, a Controller Area Network (CAN) bus facilitates communication among all electronic control units for critical safety functions, including steering, braking, and fuel injection. However, due to the lack of security features, it may be vulnerable to malicious bus traffic-based attacks that cause the automobile to malfunction. Such malicious bus traffic can be the result of either external fabricated messages or direct injection through the on-board diagnostic port, highlighting the need for an effective intrusion detection system to efficiently identify suspicious network flows and potential intrusions. This work introduces Residually Interconnected and Superimposed Kolmogorov-Arnold Networks (<sc>RISK-4-Auto</small>), a set of four deep neural network architectures for intrusion detection targeting in-vehicle network traffic classification. <sc>RISK-4-Auto</small> models, when applied on three hexadecimally identifiable sequence-based open-source datasets (collected through direct injection in the on-board diagnostic port), outperform six state-of-the-art vehicular network intrusion detection systems (as per their accuracies) by <inline-formula> <tex-math>$approx 1.0163$ </tex-math></inline-formula>% for all-class classification and <inline-formula> <tex-math>$approx 2.5535$ </tex-math></inline-formula>% on focused (single-class) malicious flow detection. Additionally, <sc>RISK-4-Auto</small> enjoys a significantly lower overhead than existing state-of-the-art models, and is suitable for real-time deployment in resource-constrained automotive environments.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"23 ","pages":"1076-1085"},"PeriodicalIF":5.4,"publicationDate":"2025-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145852546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: