Computer Networks最新文献

PrivacyGuard: A hierarchical privacy-preserving framework for IoT-fog-cloud architectures PrivacyGuard：物联网雾云架构的分层隐私保护框架

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-02-02 DOI: 10.1016/j.comnet.2026.112076

Phat T. Tran-Truong , Trung D. Mai , Ha X. Son , Phien Nguyen Ngoc , Bang K. Le , Khanh H. Vo , Ngan N.T. Kim , Triet M. Nguyen , Anh T. Nguyen

Fog computing enables low-latency IoT applications but introduces critical privacy risks when fog nodes are untrusted or compromised. Current privacy-preserving frameworks address either cloud security or basic fog-layer encryption, yet none provide comprehensive user-centric privacy enforcement with fine-grained preference composition for distributed IoT-fog-cloud architectures. However, the integration of fog computing–essential for reducing latency in time-critical IoT applications–introduces significant privacy risks when fog nodes are untrusted or compromised. Existing privacy-preserving frameworks primarily address either cloud security or basic fog-layer encryption, but fail to provide comprehensive, user-centric privacy enforcement that accommodates fine-grained preferences, multi-source data fusion, and regulatory compliance in distributed IoT-fog-cloud architectures. This paper presents PrivacyGuard, a novel four-tier privacy-preserving framework specifically designed for personal IoT data protection where fog infrastructure may be untrusted. PrivacyGuard introduces several key innovations: a dedicated edge layer enabling users to specify hierarchical privacy preferences with exceptions and prohibitions through intuitive interfaces; hierarchical data category and purpose taxonomies supporting fine-grained privacy control while maintaining GDPR compliance; privacy preference composition mechanisms automatically deriving least-privilege policies when fusing multi-source data; Trusted Execution Environment (TEE)-based privacy validation at fog nodes enabling secure computation on encrypted data without exposing sensitive information to potentially malicious operators; and hash-based validation result caching optimized for high-latency rural networks. We demonstrate through emulation that PrivacyGuard achieves sub-100ms single-request P99 latency (97.03ms), with graceful degradation to 2,059ms P99 under 100 concurrent users, 91.7% MITM resistance, and 6.37 ×  cache speedup.

雾计算支持低延迟物联网应用，但当雾节点不受信任或受到损害时，会引入关键的隐私风险。目前的隐私保护框架要么解决云安全问题，要么解决基本的雾层加密问题，但没有一个框架为分布式物联网-雾云架构提供全面的以用户为中心的隐私保护，并提供细粒度偏好组合。然而，雾计算的集成——对于减少时间关键型物联网应用中的延迟至关重要——在雾节点不受信任或受到损害时引入了重大的隐私风险。现有的隐私保护框架主要解决云安全或基本的雾层加密问题，但无法提供全面的、以用户为中心的隐私执行，以适应分布式物联网雾云架构中的细粒度偏好、多源数据融合和法规遵从性。本文介绍了PrivacyGuard，这是一种新颖的四层隐私保护框架，专为雾基础设施可能不受信任的个人物联网数据保护而设计。PrivacyGuard引入了几个关键的创新：一个专用的边缘层，使用户能够通过直观的界面指定具有例外和禁止的分层隐私偏好；分层数据类别和目的分类法支持细粒度隐私控制，同时保持GDPR合规性；多源数据融合时自动生成最小特权策略的隐私偏好组合机制；基于可信执行环境（TEE）的雾节点隐私验证，实现对加密数据的安全计算，而不会将敏感信息暴露给潜在的恶意运营商；以及针对高延迟农村网络优化的基于哈希的验证结果缓存。我们通过仿真证明，PrivacyGuard实现了低于100ms的单请求P99延迟（97.03ms），在100个并发用户下，P99延迟降至2,059ms， MITM阻力91.7%，缓存加速6.37 × 。

{"title":"PrivacyGuard: A hierarchical privacy-preserving framework for IoT-fog-cloud architectures","authors":"Phat T. Tran-Truong , Trung D. Mai , Ha X. Son , Phien Nguyen Ngoc , Bang K. Le , Khanh H. Vo , Ngan N.T. Kim , Triet M. Nguyen , Anh T. Nguyen","doi":"10.1016/j.comnet.2026.112076","DOIUrl":"10.1016/j.comnet.2026.112076","url":null,"abstract":"<div><div>Fog computing enables low-latency IoT applications but introduces critical privacy risks when fog nodes are untrusted or compromised. Current privacy-preserving frameworks address either cloud security or basic fog-layer encryption, yet none provide comprehensive user-centric privacy enforcement with fine-grained preference composition for distributed IoT-fog-cloud architectures. However, the integration of fog computing–essential for reducing latency in time-critical IoT applications–introduces significant privacy risks when fog nodes are untrusted or compromised. Existing privacy-preserving frameworks primarily address either cloud security or basic fog-layer encryption, but fail to provide comprehensive, user-centric privacy enforcement that accommodates fine-grained preferences, multi-source data fusion, and regulatory compliance in distributed IoT-fog-cloud architectures. This paper presents PrivacyGuard, a novel four-tier privacy-preserving framework specifically designed for personal IoT data protection where fog infrastructure may be untrusted. PrivacyGuard introduces several key innovations: a dedicated edge layer enabling users to specify hierarchical privacy preferences with exceptions and prohibitions through intuitive interfaces; hierarchical data category and purpose taxonomies supporting fine-grained privacy control while maintaining GDPR compliance; privacy preference composition mechanisms automatically deriving least-privilege policies when fusing multi-source data; Trusted Execution Environment (TEE)-based privacy validation at fog nodes enabling secure computation on encrypted data without exposing sensitive information to potentially malicious operators; and hash-based validation result caching optimized for high-latency rural networks. We demonstrate through emulation that PrivacyGuard achieves sub-100ms single-request P99 latency (97.03ms), with graceful degradation to 2,059ms P99 under 100 concurrent users, 91.7% MITM resistance, and 6.37 ×  cache speedup.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112076"},"PeriodicalIF":4.6,"publicationDate":"2026-02-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146116731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A botnet detection method for encrypted DNS traffic based on multi-branch knowledge distillation 一种基于多分支知识蒸馏的加密DNS流量僵尸网络检测方法

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-01-28 DOI: 10.1016/j.comnet.2026.112060

Zhipeng Qin , Hanbing Yan , Xiangyu Li , Peng Wang

With advancements in encrypted network communication technologies, botnets increasingly use encrypted DNS traffic to spread covertly and execute attacks. Botnet traffic exhibits diverse and complex behaviors, and detecting botnets within encrypted DNS traffic poses challenges, such as high concealment, low detection efficiency, and difficulties in feature matching. To address these issues, this paper proposes a botnet detection method for encrypted DNS traffic based on multi-branch knowledge distillation. This method utilizes an adaptive feature extraction algorithm to capture encrypted DNS traffic features, applies spatial clustering based on traffic characteristics for multi-classification of botnets, and adopts a multi-level knowledge distillation strategy to develop several specialized botnet detection models. These models operate in parallel, enhancing detection efficiency and accuracy. Experimental results demonstrate that this approach significantly reduces computational complexity while maintaining high precision, improving detection efficiency and real-time capabilities.

随着加密网络通信技术的发展，僵尸网络越来越多地利用加密的DNS流量进行隐蔽传播和攻击。僵尸网络流量行为多样、复杂，在加密DNS流量中检测僵尸网络存在隐蔽性高、检测效率低、特征匹配困难等问题。针对这些问题，本文提出了一种基于多分支知识蒸馏的加密DNS流量僵尸网络检测方法。该方法利用自适应特征提取算法捕获加密DNS流量特征，利用基于流量特征的空间聚类对僵尸网络进行多重分类，并采用多层次知识蒸馏策略建立多个专门的僵尸网络检测模型。这些模型并行运行，提高了检测效率和准确性。实验结果表明，该方法在保持高精度的同时显著降低了计算复杂度，提高了检测效率和实时性。

{"title":"A botnet detection method for encrypted DNS traffic based on multi-branch knowledge distillation","authors":"Zhipeng Qin , Hanbing Yan , Xiangyu Li , Peng Wang","doi":"10.1016/j.comnet.2026.112060","DOIUrl":"10.1016/j.comnet.2026.112060","url":null,"abstract":"<div><div>With advancements in encrypted network communication technologies, botnets increasingly use encrypted DNS traffic to spread covertly and execute attacks. Botnet traffic exhibits diverse and complex behaviors, and detecting botnets within encrypted DNS traffic poses challenges, such as high concealment, low detection efficiency, and difficulties in feature matching. To address these issues, this paper proposes a botnet detection method for encrypted DNS traffic based on multi-branch knowledge distillation. This method utilizes an adaptive feature extraction algorithm to capture encrypted DNS traffic features, applies spatial clustering based on traffic characteristics for multi-classification of botnets, and adopts a multi-level knowledge distillation strategy to develop several specialized botnet detection models. These models operate in parallel, enhancing detection efficiency and accuracy. Experimental results demonstrate that this approach significantly reduces computational complexity while maintaining high precision, improving detection efficiency and real-time capabilities.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"277 ","pages":"Article 112060"},"PeriodicalIF":4.6,"publicationDate":"2026-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146090329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An explainable transformer-based model for phishing email detection: A large language model approach 用于网络钓鱼电子邮件检测的可解释的基于转换器的模型：大型语言模型方法

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-01-28 DOI: 10.1016/j.comnet.2026.112061

Mohammad Amaz Uddin , Md Mahiuddin , Iqbal H. Sarker

Phishing email is a serious cyber threat that tries to deceive users by sending false emails with the intention of stealing confidential information or causing financial harm. Attackers, often posing as trustworthy entities, exploit technological advancements and sophistication to make the detection and prevention of phishing more challenging. Despite extensive academic research, phishing detection remains an ongoing and formidable challenge in the cybersecurity landscape. In this research paper, we present a fine-tuned transformer-based masked language model, RoBERTa (Robustly Optimized BERT Pretraining Approach), for phishing email detection. In the detection process, we employ a phishing email dataset and apply the preprocessing techniques to clean and address the class imbalance issues, thereby enhancing model performance. The results of the experiment demonstrate that our fine-tuned model outperforms traditional machine learning models with an accuracy of 98.45%. To ensure model transparency and user trust, we propose a hybrid explanation approach, LITA (LIME-Transformer Attribution), which integrates the potential of Local Interpretable Model-Agnostic Explanations (LIME) and Transformers Interpret methods. The proposed method provides more consistent and user-friendly insights, mitigating local attribution inconsistencies between the two explanation approaches. Moreover, the study highlights the model’s ability to generate its predictions by presenting positive and negative contribution scores using LIME, Transformers Interpret, and LITA.

网络钓鱼电子邮件是一种严重的网络威胁，它试图通过发送虚假电子邮件来欺骗用户，目的是窃取机密信息或造成经济损失。攻击者通常冒充值得信赖的实体，利用技术的进步和复杂性，使网络钓鱼的检测和预防更具挑战性。尽管进行了广泛的学术研究，网络钓鱼检测仍然是网络安全领域的一个持续而艰巨的挑战。在这篇研究论文中，我们提出了一个微调的基于变压器的屏蔽语言模型RoBERTa（鲁棒优化BERT预训练方法），用于网络钓鱼电子邮件检测。在检测过程中，我们采用网络钓鱼邮件数据集，并应用预处理技术来清理和解决类不平衡问题，从而提高模型的性能。实验结果表明，我们的微调模型优于传统的机器学习模型，准确率达到98.45%。为了确保模型透明度和用户信任，我们提出了一种混合解释方法，LITA (LIME- transformer Attribution)，它集成了局部可解释模型不可知解释（LIME）和变压器解释方法的潜力。提出的方法提供了更一致和用户友好的见解，减轻了两种解释方法之间的局部归因不一致。此外，该研究还强调了该模型通过使用LIME、Transformers Interpret和LITA呈现积极和消极贡献分数来生成预测的能力。

{"title":"An explainable transformer-based model for phishing email detection: A large language model approach","authors":"Mohammad Amaz Uddin , Md Mahiuddin , Iqbal H. Sarker","doi":"10.1016/j.comnet.2026.112061","DOIUrl":"10.1016/j.comnet.2026.112061","url":null,"abstract":"<div><div>Phishing email is a serious cyber threat that tries to deceive users by sending false emails with the intention of stealing confidential information or causing financial harm. Attackers, often posing as trustworthy entities, exploit technological advancements and sophistication to make the detection and prevention of phishing more challenging. Despite extensive academic research, phishing detection remains an ongoing and formidable challenge in the cybersecurity landscape. In this research paper, we present a fine-tuned transformer-based masked language model, RoBERTa (Robustly Optimized BERT Pretraining Approach), for phishing email detection. In the detection process, we employ a phishing email dataset and apply the preprocessing techniques to clean and address the class imbalance issues, thereby enhancing model performance. The results of the experiment demonstrate that our fine-tuned model outperforms traditional machine learning models with an accuracy of 98.45%. To ensure model transparency and user trust, we propose a hybrid explanation approach, LITA (LIME-Transformer Attribution), which integrates the potential of Local Interpretable Model-Agnostic Explanations (LIME) and Transformers Interpret methods. The proposed method provides more consistent and user-friendly insights, mitigating local attribution inconsistencies between the two explanation approaches. Moreover, the study highlights the model’s ability to generate its predictions by presenting positive and negative contribution scores using LIME, Transformers Interpret, and LITA.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"277 ","pages":"Article 112061"},"PeriodicalIF":4.6,"publicationDate":"2026-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146090331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Threshold-based eavesdropper detection for partial intercept-resend attack in noisy BB84 quantum key distribution BB84量子密钥分发中基于阈值的部分拦截重发攻击窃听检测

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-01-26 DOI: 10.1016/j.comnet.2026.112058

Francesco Fiorini, Rosario G. Garroppo, Michele Pagano

Quantum Key Distribution (QKD) protocols are critical for ensuring secure communication against the threats posed by post-quantum technologies. Among these, the BB84 protocol remains the most widely studied and implemented QKD scheme, providing a foundation for secure communication based on the principles of quantum mechanics. This paper investigates the BB84 protocol under a partial intercept-resend attack in a realistic scenario that accounts for system noise. In this context, existing attack detection methods rely on estimating the quantum bit error rate (QBER) in the portion of key bits exchanged over the classical channel to identify the attack. The proposed approach introduces a novel scheme in which the two communicating parties agree on the maximum fraction of shared key bits that can be correctly intercepted by the attacker. This parameter can be configured according to the security requirements of the application. The paper first presents the theoretical model for computing this parameter, which is subsequently used to develop a threshold-based detection method. Unlike other detection methods for intercept-resend attacks, the proposed scheme is independent of the interception density and relies solely on the system noise and the application’s security requirements. Finally, an enhanced version of the Python Quantum Solver library is implemented to test the proposed method using the Qiskit framework. Simulation results demonstrate the high accuracy and very low false negative rate of the proposed method, with a slight degradation in performance observed when the actual interception rate approaches the threshold defined by the security requirements.

量子密钥分发（QKD）协议对于确保安全通信免受后量子技术带来的威胁至关重要。其中，BB84协议仍然是研究和实现最广泛的QKD方案，为基于量子力学原理的安全通信提供了基础。本文在考虑系统噪声的实际情况下，研究了BB84协议在部分拦截重发攻击下的性能。在这种情况下，现有的攻击检测方法依赖于估计在经典信道上交换的密钥比特部分的量子误码率（QBER）来识别攻击。该方法引入了一种新的方案，在该方案中，通信双方对攻击者可以正确截获的共享密钥位的最大比例达成一致。该参数可根据应用的安全需求进行配置。本文首先提出了计算该参数的理论模型，然后利用该模型开发了一种基于阈值的检测方法。与其他拦截重发攻击检测方法不同，该方案不依赖于拦截密度，仅依赖于系统噪声和应用程序的安全需求。最后，实现了Python Quantum Solver库的增强版本，以使用Qiskit框架测试所提出的方法。仿真结果表明，该方法具有较高的准确率和极低的误报率，当实际拦截率接近安全需求定义的阈值时，性能略有下降。

{"title":"Threshold-based eavesdropper detection for partial intercept-resend attack in noisy BB84 quantum key distribution","authors":"Francesco Fiorini, Rosario G. Garroppo, Michele Pagano","doi":"10.1016/j.comnet.2026.112058","DOIUrl":"10.1016/j.comnet.2026.112058","url":null,"abstract":"<div><div>Quantum Key Distribution (QKD) protocols are critical for ensuring secure communication against the threats posed by post-quantum technologies. Among these, the BB84 protocol remains the most widely studied and implemented QKD scheme, providing a foundation for secure communication based on the principles of quantum mechanics. This paper investigates the BB84 protocol under a partial intercept-resend attack in a realistic scenario that accounts for system noise. In this context, existing attack detection methods rely on estimating the quantum bit error rate (QBER) in the portion of key bits exchanged over the classical channel to identify the attack. The proposed approach introduces a novel scheme in which the two communicating parties agree on the maximum fraction of shared key bits that can be correctly intercepted by the attacker. This parameter can be configured according to the security requirements of the application. The paper first presents the theoretical model for computing this parameter, which is subsequently used to develop a threshold-based detection method. Unlike other detection methods for intercept-resend attacks, the proposed scheme is independent of the interception density and relies solely on the system noise and the application’s security requirements. Finally, an enhanced version of the Python Quantum Solver library is implemented to test the proposed method using the Qiskit framework. Simulation results demonstrate the high accuracy and very low false negative rate of the proposed method, with a slight degradation in performance observed when the actual interception rate approaches the threshold defined by the security requirements.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"277 ","pages":"Article 112058"},"PeriodicalIF":4.6,"publicationDate":"2026-01-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146090324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A comprehensive approach for the onboarding, orchestration, and validation of network applications 用于网络应用程序的配置、编排和验证的综合方法

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-01-25 DOI: 10.1016/j.comnet.2026.112057

Rafael Direito , Kostis Trantzas , Jorge Gallego-Madrid , Ana Hermosilla , Diogo Gomes , Christos Tranoris , Rui L.A. Aguiar , Antonio Skarmeta , Spyros Denazis

The advent of 5G and Beyond 5G networks has propelled the development of innovative applications and services that harness network programmability, data from management and control interfaces, and the capabilities of network slicing. However, ensuring these applications function as intended and effectively utilize 5G/B5G capabilities remains a challenge, mainly due to their reliance on complex interactions with control plane Network Functions. This work addresses this issue by proposing a novel architecture to enhance the onboarding, orchestration, and validation of 5G/B5G-capable applications and services, while enabling the creation of application-tailored network slices. By integrating DevOps principles into the NFV ecosystem, the proposed architecture automates workflows for deployment, testing, and validation, while adhering to standardized onboarding models and continuous integration practices. Furthermore, we also address the realization of such architecture into a platform that supports extensive testing across multiple dimensions, including 5G readiness, security, performance, scalability, and availability. Besides introducing such a platform, this work also demonstrates its feasibility through the orchestration and validation of an automotive application that manages virtual On-Board Units within a 5G-enabled environment. The obtained results underscore the effectiveness of the proposed architecture, as well as the performance and scalability of the platform that materializes it. By integrating DevOps principles, our work aids in reducing deployment complexity, automating testing and validation, and enhancing the reliability of next-generation Network Applications, therefore accelerating their time-to-market.

5G和超5G网络的出现推动了创新应用和服务的发展，这些应用和服务利用了网络可编程性、来自管理和控制接口的数据以及网络切片功能。然而，确保这些应用程序按预期运行并有效利用5G/B5G功能仍然是一个挑战，主要是因为它们依赖于与控制平面网络功能的复杂交互。这项工作通过提出一种新的架构来解决这个问题，该架构可以增强支持5G/ b5g的应用和服务的启动、编排和验证，同时支持创建针对应用的网络切片。通过将DevOps原则集成到NFV生态系统中，所建议的体系结构将部署、测试和验证的工作流自动化，同时坚持标准化的入职模型和持续集成实践。此外，我们还解决了将这种架构实现为一个平台的问题，该平台支持跨多个维度的广泛测试，包括5G准备、安全性、性能、可扩展性和可用性。除了介绍这样一个平台之外，这项工作还通过编排和验证一个汽车应用程序来证明其可行性，该应用程序可以在支持5g的环境中管理虚拟车载单元。所获得的结果强调了所提出的体系结构的有效性，以及实现它的平台的性能和可扩展性。通过集成DevOps原则，我们的工作有助于降低部署复杂性，自动化测试和验证，并增强下一代网络应用程序的可靠性，从而加快其上市时间。

{"title":"A comprehensive approach for the onboarding, orchestration, and validation of network applications","authors":"Rafael Direito , Kostis Trantzas , Jorge Gallego-Madrid , Ana Hermosilla , Diogo Gomes , Christos Tranoris , Rui L.A. Aguiar , Antonio Skarmeta , Spyros Denazis","doi":"10.1016/j.comnet.2026.112057","DOIUrl":"10.1016/j.comnet.2026.112057","url":null,"abstract":"<div><div>The advent of 5G and Beyond 5G networks has propelled the development of innovative applications and services that harness network programmability, data from management and control interfaces, and the capabilities of network slicing. However, ensuring these applications function as intended and effectively utilize 5G/B5G capabilities remains a challenge, mainly due to their reliance on complex interactions with control plane Network Functions. This work addresses this issue by proposing a novel architecture to enhance the onboarding, orchestration, and validation of 5G/B5G-capable applications and services, while enabling the creation of application-tailored network slices. By integrating DevOps principles into the NFV ecosystem, the proposed architecture automates workflows for deployment, testing, and validation, while adhering to standardized onboarding models and continuous integration practices. Furthermore, we also address the realization of such architecture into a platform that supports extensive testing across multiple dimensions, including 5G readiness, security, performance, scalability, and availability. Besides introducing such a platform, this work also demonstrates its feasibility through the orchestration and validation of an automotive application that manages virtual On-Board Units within a 5G-enabled environment. The obtained results underscore the effectiveness of the proposed architecture, as well as the performance and scalability of the platform that materializes it. By integrating DevOps principles, our work aids in reducing deployment complexity, automating testing and validation, and enhancing the reliability of next-generation Network Applications, therefore accelerating their time-to-market.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"277 ","pages":"Article 112057"},"PeriodicalIF":4.6,"publicationDate":"2026-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146090328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A survey of learning-based intrusion detection systems for in-vehicle networks 基于学习的车载网络入侵检测系统研究

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-01-23 DOI: 10.1016/j.comnet.2026.112031

Muzun Althunayyan , Amir Javed , Omer Rana

Connected and Autonomous Vehicles (CAVs) have advanced modern transportation by improving the efficiency, safety, and convenience of mobility through automation and connectivity, yet they remain vulnerable to cybersecurity threats, particularly through the insecure Controller Area Network (CAN) bus. Cyberattacks can have devastating consequences in connected vehicles, including the loss of control over critical systems, necessitating robust security solutions. In-vehicle Intrusion Detection Systems (IDSs) offer a promising approach by detecting malicious activities in real time. This survey provides a comprehensive review of state-of-the-art research on learning-based in-vehicle IDSs, focusing on Machine Learning (ML), Deep Learning (DL), and Federated Learning (FL) approaches. Based on the reviewed studies, we critically examine existing IDS approaches, categorising them by the types of attacks they detect-known, unknown, and combined known-unknown attacks-while identifying their limitations. We also review the evaluation metrics used in research, emphasising the need to consider multiple criteria to meet the requirements of safety-critical systems. Additionally, we analyse FL-based IDSs and highlight their limitations. By doing so, this survey helps identify effective security measures, address existing limitations, and guide future research toward more resilient and adaptive protection mechanisms, ensuring the safety and reliability of CAVs.

联网和自动驾驶汽车（cav）通过自动化和连接性提高了交通的效率、安全性和便利性，推动了现代交通的发展，但它们仍然容易受到网络安全威胁，特别是通过不安全的控制器区域网络（CAN）总线。网络攻击可能对联网车辆造成毁灭性后果，包括对关键系统失去控制，因此需要强大的安全解决方案。车载入侵检测系统（ids）通过实时检测恶意活动提供了一种很有前途的方法。本调查对基于学习的车载ids的最新研究进行了全面回顾，重点是机器学习（ML）、深度学习（DL）和联邦学习（FL）方法。在回顾研究的基础上，我们严格检查了现有的IDS方法，根据它们检测到的攻击类型（已知、未知和已知-未知组合攻击）对它们进行了分类，同时确定了它们的局限性。我们还回顾了研究中使用的评估指标，强调需要考虑多个标准以满足安全关键系统的要求。此外，我们分析了基于fl的ids，并强调了它们的局限性。通过这样做，本调查有助于确定有效的安全措施，解决现有的限制，并指导未来研究更具弹性和适应性的保护机制，确保自动驾驶汽车的安全性和可靠性。

{"title":"A survey of learning-based intrusion detection systems for in-vehicle networks","authors":"Muzun Althunayyan , Amir Javed , Omer Rana","doi":"10.1016/j.comnet.2026.112031","DOIUrl":"10.1016/j.comnet.2026.112031","url":null,"abstract":"<div><div>Connected and Autonomous Vehicles (CAVs) have advanced modern transportation by improving the efficiency, safety, and convenience of mobility through automation and connectivity, yet they remain vulnerable to cybersecurity threats, particularly through the insecure Controller Area Network (CAN) bus. Cyberattacks can have devastating consequences in connected vehicles, including the loss of control over critical systems, necessitating robust security solutions. In-vehicle Intrusion Detection Systems (IDSs) offer a promising approach by detecting malicious activities in real time. This survey provides a comprehensive review of state-of-the-art research on learning-based in-vehicle IDSs, focusing on Machine Learning (ML), Deep Learning (DL), and Federated Learning (FL) approaches. Based on the reviewed studies, we critically examine existing IDS approaches, categorising them by the types of attacks they detect-known, unknown, and combined known-unknown attacks-while identifying their limitations. We also review the evaluation metrics used in research, emphasising the need to consider multiple criteria to meet the requirements of safety-critical systems. Additionally, we analyse FL-based IDSs and highlight their limitations. By doing so, this survey helps identify effective security measures, address existing limitations, and guide future research toward more resilient and adaptive protection mechanisms, ensuring the safety and reliability of CAVs.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"277 ","pages":"Article 112031"},"PeriodicalIF":4.6,"publicationDate":"2026-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146090321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Automating bit-level field localization with hybrid neural network 基于混合神经网络的位级场定位自动化

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-01-23 DOI: 10.1016/j.comnet.2026.112041

Tao Huang , Yansong Gao , Yifeng Zheng , Boyu Kuang , Zhidan Yuan , Anmin Fu

Protocol Reverse Engineering (PRE), which can decipher the format specifications of unknown protocols, lays the groundwork for numerous security analysis applications. Network trace-based PRE has emerged as the dominant technology given its ease of implementation. However, its current identification precision is primarily limited to byte-level granularity. While a few advanced methods can achieve precise identification of fine-grained bit-level fields within given bytes, their target byte localization relies heavily on subjective prior domain knowledge and tedious manual labor, significantly restricting their generalizability and adoption. To address these limitations, we propose BitFiL that is an automated bit-level field localization method. BitFiL features a hybrid neural network architecture delicately designed to capture both intra-byte temporal features and inter-byte contextual structural features from known protocol bytes, enabling automated bit-level field localization and consequent field count identification for unknown protocol bytes. Experimental results demonstrate that BitFiL delivers accurate localization performance for bit-level fields in byte-oriented protocols, with robustness against variations in training-validation protocol combinations and training protocol set sizes. Although limited diversity in bit-level field samples may affect the identification accuracy of field counts, the overall prediction deviations remain relatively small, showcasing high accuracy, convergence, and stability.

协议逆向工程（PRE）可以破译未知协议的格式规范，为许多安全分析应用奠定了基础。由于易于实现，基于网络跟踪的PRE已成为主导技术。然而，它目前的识别精度主要限于字节级粒度。虽然一些先进的方法可以在给定字节内实现对细粒度位级字段的精确识别，但它们的目标字节定位严重依赖于主观的先验领域知识和繁琐的人工劳动，严重限制了它们的推广和采用。为了解决这些限制，我们提出了BitFiL，这是一种自动的位级域定位方法。BitFiL采用了一种混合神经网络架构，该架构经过精心设计，可以从已知协议字节中捕获字节内时间特征和字节间上下文结构特征，从而实现自动的位级字段定位和未知协议字节的后续字段计数识别。实验结果表明，BitFiL在面向字节的协议中提供了准确的位级域定位性能，对训练验证协议组合和训练协议集大小的变化具有鲁棒性。尽管位级场样本的有限多样性可能会影响场计数的识别精度，但总体预测偏差仍然相对较小，具有较高的准确性、收敛性和稳定性。

{"title":"Automating bit-level field localization with hybrid neural network","authors":"Tao Huang , Yansong Gao , Yifeng Zheng , Boyu Kuang , Zhidan Yuan , Anmin Fu","doi":"10.1016/j.comnet.2026.112041","DOIUrl":"10.1016/j.comnet.2026.112041","url":null,"abstract":"<div><div>Protocol Reverse Engineering (PRE), which can decipher the format specifications of unknown protocols, lays the groundwork for numerous security analysis applications. Network trace-based PRE has emerged as the dominant technology given its ease of implementation. However, its current identification precision is primarily limited to byte-level granularity. While a few advanced methods can achieve precise identification of fine-grained bit-level fields within given bytes, their target byte localization relies heavily on subjective prior domain knowledge and tedious manual labor, significantly restricting their generalizability and adoption. To address these limitations, we propose BitFiL that is an automated bit-level field localization method. BitFiL features a hybrid neural network architecture delicately designed to capture both intra-byte temporal features and inter-byte contextual structural features from known protocol bytes, enabling automated bit-level field localization and consequent field count identification for unknown protocol bytes. Experimental results demonstrate that BitFiL delivers accurate localization performance for bit-level fields in byte-oriented protocols, with robustness against variations in training-validation protocol combinations and training protocol set sizes. Although limited diversity in bit-level field samples may affect the identification accuracy of field counts, the overall prediction deviations remain relatively small, showcasing high accuracy, convergence, and stability.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"277 ","pages":"Article 112041"},"PeriodicalIF":4.6,"publicationDate":"2026-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146090319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Joint communication and sensing optimization for LEO-Multi-UAV SAGIN: Task offloading, resource allocation and UAV trajectory LEO-Multi-UAV SAGIN联合通信与传感优化：任务卸载、资源分配与UAV轨迹

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-01-23 DOI: 10.1016/j.comnet.2026.112050

Pengya Duan , Wei Huang , Yang Yang , Guiyan Liu , Fei Wang , Yan Wu , Xiongyu Zhong

Space-Air-Ground Integrated Network (SAGIN) is a key architecture for achieving wide-area sensing and communication services. However, the connection between Low Earth Orbit (LEO) satellites and ground devices is constrained by satellite mobility and service angles. Unmanned Aerial Vehicles (UAVs), acting as relay and sensing nodes, can effectively bridge this gap. Nevertheless, under their limited onboard resources, the coupled impacts between UAV trajectory planning and the performance of communication and sensing-especially in scenarios where multi-UAV collaboration extends LEO service coverage-have not been fully investigated. To address these challenges, this paper proposes an integrated sensing and computation offloading architecture for SAGIN, where UAVs perform multi-target sensing while cooperating with LEO satellites to provide communication and computational services. We formulate a joint optimization problem that encompasses user offloading decisions, communication-sensing time allocation, UAV trajectory planning, and computing resource allocation, aiming to minimize long-term service latency. This problem is modeled as a mixed-integer nonlinear program (MINLP). To efficiently solve it, we develop a low-complexity Lyapunov-Benders Optimization (LBO) algorithm based on Lyapunov optimization and generalized Benders decomposition, which decomposes the long-term problem into tractable single-slot subproblems. Simulation results validate that the proposed method outperforms existing benchmarks in service latency, demonstrating its effectiveness in dynamic SAGIN environments.

空间-空地综合网络（SAGIN）是实现广域传感和通信服务的关键体系结构。然而，低地球轨道卫星与地面设备之间的连接受到卫星机动性和服务角度的限制。无人机（uav）作为中继和传感节点，可以有效地弥补这一差距。然而，在有限的机载资源下，无人机轨迹规划与通信和传感性能之间的耦合影响——特别是在多无人机协作扩展LEO服务覆盖的情况下——尚未得到充分研究。为了解决这些挑战，本文提出了一种集成传感和计算卸载的SAGIN体系结构，其中无人机在与LEO卫星合作提供通信和计算服务的同时执行多目标传感。我们制定了一个包含用户卸载决策、通信感知时间分配、无人机轨迹规划和计算资源分配的联合优化问题，旨在最小化长期服务延迟。该问题被建模为一个混合整数非线性规划（MINLP）。为了有效地解决这一问题，我们提出了一种基于Lyapunov优化和广义Benders分解的低复杂度Lyapunov-Benders优化（LBO）算法，将长期问题分解为可处理的单槽子问题。仿真结果验证了该方法在服务延迟方面优于现有基准测试，证明了其在动态SAGIN环境中的有效性。

{"title":"Joint communication and sensing optimization for LEO-Multi-UAV SAGIN: Task offloading, resource allocation and UAV trajectory","authors":"Pengya Duan , Wei Huang , Yang Yang , Guiyan Liu , Fei Wang , Yan Wu , Xiongyu Zhong","doi":"10.1016/j.comnet.2026.112050","DOIUrl":"10.1016/j.comnet.2026.112050","url":null,"abstract":"<div><div>Space-Air-Ground Integrated Network (SAGIN) is a key architecture for achieving wide-area sensing and communication services. However, the connection between Low Earth Orbit (LEO) satellites and ground devices is constrained by satellite mobility and service angles. Unmanned Aerial Vehicles (UAVs), acting as relay and sensing nodes, can effectively bridge this gap. Nevertheless, under their limited onboard resources, the coupled impacts between UAV trajectory planning and the performance of communication and sensing-especially in scenarios where multi-UAV collaboration extends LEO service coverage-have not been fully investigated. To address these challenges, this paper proposes an integrated sensing and computation offloading architecture for SAGIN, where UAVs perform multi-target sensing while cooperating with LEO satellites to provide communication and computational services. We formulate a joint optimization problem that encompasses user offloading decisions, communication-sensing time allocation, UAV trajectory planning, and computing resource allocation, aiming to minimize long-term service latency. This problem is modeled as a mixed-integer nonlinear program (MINLP). To efficiently solve it, we develop a low-complexity Lyapunov-Benders Optimization (LBO) algorithm based on Lyapunov optimization and generalized Benders decomposition, which decomposes the long-term problem into tractable single-slot subproblems. Simulation results validate that the proposed method outperforms existing benchmarks in service latency, demonstrating its effectiveness in dynamic SAGIN environments.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"277 ","pages":"Article 112050"},"PeriodicalIF":4.6,"publicationDate":"2026-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146090318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

FedHome: A federated learning framework for smart home device classification and attack detection by broadband service providers FedHome：宽带服务提供商用于智能家居设备分类和攻击检测的联邦学习框架

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-01-22 DOI: 10.1016/j.comnet.2026.112040

Md Mizanur Rahman , Faycal Bouhafs , Sayed Amir Hoseini , Frank den Hartog

The rise of the Internet of Things (IoT) has led to the integration of various devices into smart homes, significantly increasing the complexity and vulnerability of home networks. Consequent network performance issues often lead to complaints directed at Broadband Service Providers (BSPs), which may arise from either legitimate usage or malicious cyber attacks. BSPs, however, lack visibility into client-side networks, which is partly due to privacy concerns. This makes it hard to identify the true cause of performance problems. While previous research has tackled these challenges using Machine Learning (ML) techniques, few studies have approached the problem from the perspective of BSPs. They need a solution that is scalable, accurate, and privacy-preserving. Existing centralized ML models fail to generalize across these heterogeneous environments and provide low accuracy. We address this gap by introducing a novel Federated Learning (FL) framework for smart home device classification and attack detection. The proposed approach offers a privacy-preserving, scalable framework that can achieve accuracies of more than 80%. This framework can be installed inside the existing resource-constrained home gateways, making it suitable for large-scale deployment by BSPs.

物联网（IoT）的兴起导致各种设备集成到智能家居中，大大增加了家庭网络的复杂性和脆弱性。随之而来的网络性能问题经常导致针对宽带服务提供商（bsp）的投诉，这些投诉可能是由合法使用或恶意网络攻击引起的。然而，bsp缺乏对客户端网络的可见性，这在一定程度上是由于隐私问题。这使得很难确定性能问题的真正原因。虽然以前的研究已经使用机器学习（ML）技术解决了这些挑战，但很少有研究从bsp的角度来解决这个问题。他们需要一种可扩展、准确且保护隐私的解决方案。现有的集中式机器学习模型无法在这些异构环境中进行泛化，并且提供较低的准确性。我们通过引入一种用于智能家居设备分类和攻击检测的新型联邦学习（FL）框架来解决这一差距。所提出的方法提供了一个隐私保护，可扩展的框架，可以实现超过80%的准确性。该框架可以安装在现有资源受限的家庭网关中，使其适合bsp的大规模部署。

{"title":"FedHome: A federated learning framework for smart home device classification and attack detection by broadband service providers","authors":"Md Mizanur Rahman , Faycal Bouhafs , Sayed Amir Hoseini , Frank den Hartog","doi":"10.1016/j.comnet.2026.112040","DOIUrl":"10.1016/j.comnet.2026.112040","url":null,"abstract":"<div><div>The rise of the Internet of Things (IoT) has led to the integration of various devices into smart homes, significantly increasing the complexity and vulnerability of home networks. Consequent network performance issues often lead to complaints directed at Broadband Service Providers (BSPs), which may arise from either legitimate usage or malicious cyber attacks. BSPs, however, lack visibility into client-side networks, which is partly due to privacy concerns. This makes it hard to identify the true cause of performance problems. While previous research has tackled these challenges using Machine Learning (ML) techniques, few studies have approached the problem from the perspective of BSPs. They need a solution that is scalable, accurate, and privacy-preserving. Existing centralized ML models fail to generalize across these heterogeneous environments and provide low accuracy. We address this gap by introducing a novel Federated Learning (FL) framework for smart home device classification and attack detection. The proposed approach offers a privacy-preserving, scalable framework that can achieve accuracies of more than 80%. This framework can be installed inside the existing resource-constrained home gateways, making it suitable for large-scale deployment by BSPs.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"277 ","pages":"Article 112040"},"PeriodicalIF":4.6,"publicationDate":"2026-01-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146090404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ROAR: A resource-optimized adaptive routing protocol for underwater acoustic communication networks 一种资源优化的水声通信网络自适应路由协议

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2026-01-22 DOI: 10.1016/j.comnet.2026.112055

Jinghua He , Jie Tian , Zhanqing Pu , Yunan Zhu , Wei Wang , Haining Huang

Underwater acoustic communication networks (UACNs) face significant challenges such as limited bandwidth, high attenuation, long latency, and time-varying channels. Most existing routing protocols rely on static resource configurations, which limits their performance in dynamic and resource-constrained underwater environments. To address these issues, this paper proposes a Resource-Optimized Adaptive Routing (ROAR) protocol that integrates dynamic relay selection with cross-layer resource optimization. ROAR improves forwarding efficiency by selecting appropriate forward nodes while excluding those with low residual energy. The optimal relay node is selected based on both residual energy and proximity to the destination. ROAR also formulates resource allocation as a multi-objective optimization problem, jointly considering transmission mode, subcarrier spacing, guard interval, and transmission power. The optimization aims to minimize energy consumption, reduce end-to-end delay, and improve bandwidth utilization. This problem is solved in real time using the Non-dominated Sorting Genetic Algorithm II (NSGA-II), combined with the ideal point method, which dynamically adapts the resource configuration to the current network conditions during runtime. Simulation results indicate that ROAR outperforms Q-Learning-Based Energy-Efficient and Lifetime-Extended Adaptive Routing (QELAR), Reinforcement-Learning-Based Routing for Congestion Avoidance (RCAR), and Q-Learning-Based Hierarchical Routing Protocol (QHRP) in terms of average hop count, average end-to-end delay, and packet delivery ratio (PDR), highlighting its effectiveness in resource-constrained UACNs.

水声通信网络（uacn）面临着带宽有限、衰减大、时延长、信道时变等重大挑战。现有的大多数路由协议依赖于静态资源配置，这限制了它们在动态和资源受限的水下环境中的性能。为了解决这些问题，本文提出了一种资源优化自适应路由（ROAR）协议，该协议将动态中继选择与跨层资源优化相结合。ROAR通过选择合适的转发节点，排除剩余能量低的转发节点，提高转发效率。根据剩余能量和距离目的地的远近选择最优中继节点。ROAR还将资源分配作为一个多目标优化问题，综合考虑传输方式、子载波间隔、保护间隔和传输功率。优化的目的是最小化能耗，降低端到端时延，提高带宽利用率。采用非支配排序遗传算法II (non - dominant Sorting Genetic Algorithm II, NSGA-II)，结合理想点法，在运行时根据当前网络状况动态调整资源配置，实时解决了该问题。仿真结果表明，在平均跳数、平均端到端延迟和包交付率（PDR）方面，ROAR优于基于q - learning的节能和寿命扩展自适应路由（QELAR）、基于强化学习的拥塞避免路由（RCAR）和基于q - learning的分层路由协议（QHRP），突出了其在资源受限的uacn中的有效性。

{"title":"ROAR: A resource-optimized adaptive routing protocol for underwater acoustic communication networks","authors":"Jinghua He , Jie Tian , Zhanqing Pu , Yunan Zhu , Wei Wang , Haining Huang","doi":"10.1016/j.comnet.2026.112055","DOIUrl":"10.1016/j.comnet.2026.112055","url":null,"abstract":"<div><div>Underwater acoustic communication networks (UACNs) face significant challenges such as limited bandwidth, high attenuation, long latency, and time-varying channels. Most existing routing protocols rely on static resource configurations, which limits their performance in dynamic and resource-constrained underwater environments. To address these issues, this paper proposes a Resource-Optimized Adaptive Routing (ROAR) protocol that integrates dynamic relay selection with cross-layer resource optimization. ROAR improves forwarding efficiency by selecting appropriate forward nodes while excluding those with low residual energy. The optimal relay node is selected based on both residual energy and proximity to the destination. ROAR also formulates resource allocation as a multi-objective optimization problem, jointly considering transmission mode, subcarrier spacing, guard interval, and transmission power. The optimization aims to minimize energy consumption, reduce end-to-end delay, and improve bandwidth utilization. This problem is solved in real time using the Non-dominated Sorting Genetic Algorithm II (NSGA-II), combined with the ideal point method, which dynamically adapts the resource configuration to the current network conditions during runtime. Simulation results indicate that ROAR outperforms Q-Learning-Based Energy-Efficient and Lifetime-Extended Adaptive Routing (QELAR), Reinforcement-Learning-Based Routing for Congestion Avoidance (RCAR), and Q-Learning-Based Hierarchical Routing Protocol (QHRP) in terms of average hop count, average end-to-end delay, and packet delivery ratio (PDR), highlighting its effectiveness in resource-constrained UACNs.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"277 ","pages":"Article 112055"},"PeriodicalIF":4.6,"publicationDate":"2026-01-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146090330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0