Computer Networks最新文献

UINT: An intent-based adaptive routing architecture

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2024.110991

Huijie Ma , Yuxiang Ma , Yulei Wu

The exponential growth of smart devices and network scale has led to a rapid increase in network traffic, posing severe challenges to network resource utilisation and transmission efficiency. Intent-based networking (IBN) provides a high-level, automated method for network management. It dramatically simplifies network operations and enhances network flexibility and manageability. However, existing studies mainly focus on applying IBN in certain stages of network management without fully leveraging IBN’s network awareness and automated deployment features to comprehensively optimise network management and traffic forwarding. We propose an architecture for optimising network traffic based on user intents, i.e., UINT, which aims to simplify network management and optimise network traffic forwarding to enhance the Quality of Service (QoS) for end users. The proposed UINT leverages IBN’s automated sensing capabilities to perceive end device users’ network intents, proactively formulating adaptive network traffic forwarding strategies and deploying these strategies to switches before the user’s requested network traffic arrives. When the traffic user requests arrive, it directly matches the flow table for forwarding, eliminating any waiting time. UINT considers the differences in QoS requirements of various traffic and adjusts the traffic forwarding strategy based on network conditions, providing new perspectives and methods for formulating network traffic forwarding strategies. We verify the effectiveness and reliability of UINT in various network environments through experiments. Extensive evaluation experiments indicate the UINT predictor’s effectiveness and the efficacy of its adaptive routing algorithm and dynamic adjustment mechanism in optimising network traffic latency, throughput, and bandwidth.

{"title":"UINT: An intent-based adaptive routing architecture","authors":"Huijie Ma , Yuxiang Ma , Yulei Wu","doi":"10.1016/j.comnet.2024.110991","DOIUrl":"10.1016/j.comnet.2024.110991","url":null,"abstract":"<div><div>The exponential growth of smart devices and network scale has led to a rapid increase in network traffic, posing severe challenges to network resource utilisation and transmission efficiency. Intent-based networking (IBN) provides a high-level, automated method for network management. It dramatically simplifies network operations and enhances network flexibility and manageability. However, existing studies mainly focus on applying IBN in certain stages of network management without fully leveraging IBN’s network awareness and automated deployment features to comprehensively optimise network management and traffic forwarding. We propose an architecture for optimising network traffic based on user intents, i.e., UINT, which aims to simplify network management and optimise network traffic forwarding to enhance the Quality of Service (QoS) for end users. The proposed UINT leverages IBN’s automated sensing capabilities to perceive end device users’ network intents, proactively formulating adaptive network traffic forwarding strategies and deploying these strategies to switches before the user’s requested network traffic arrives. When the traffic user requests arrive, it directly matches the flow table for forwarding, eliminating any waiting time. UINT considers the differences in QoS requirements of various traffic and adjusts the traffic forwarding strategy based on network conditions, providing new perspectives and methods for formulating network traffic forwarding strategies. We verify the effectiveness and reliability of UINT in various network environments through experiments. Extensive evaluation experiments indicate the UINT predictor’s effectiveness and the efficacy of its adaptive routing algorithm and dynamic adjustment mechanism in optimising network traffic latency, throughput, and bandwidth.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110991"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143129159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

UAV deployment in WSN system for emergency/remote area applications

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2024.110977

Hassaan Hydher , Dushantha Nalin K. Jayakody , Kasun T. Hemachandra , Tharaka Samarasinghe

Unmanned aerial vehicles (UAVs)-assisted communication systems are considered as a promising technology in diverse verticals. This paper studies the deployment of UAVs in wireless sensor network (WSN) systems. Considering the energy-constrained nature of the wireless sensors, we have proposed a multi-UAV deployment algorithm that minimizes the maximum power transmitted among the sensor nodes (SN) for given minimum data collection rate, minimum data-transferring rate, maximum power and height constraints. The problem is divided into three subproblems in order to reduce the complexity involved in solving them as a single problem. The subproblems are UAV-SN association, 2D positioning of the UAVs and the altitude optimization of the UAVs. Each subproblem is optimized by fixing other parameters as constant. First, the UAV-SN association is addressed using a customized Gale–Shapley algorithm. Second, the 2D positions of the UAVs are optimized using a modified pattern search algorithm. Third, the altitudes of the UAVs are optimized through a customized inexact line search algorithm. Finally, we proposed a combined optimization algorithm that integrates the approaches of all three subproblems in the suitable hierarchy to provide an optimal or a near-optimal solution. In the combined optimization, the first and second subproblems are iteratively solved until the convergence. After that, the third subproblem is solved independently for each UAV. Moreover, the combined optimization gives the minimum number of UAVs required to serve all the SNs with the given rate and power constraints. The numerical simulation validates the efficacy of our proposed algorithms. The results indicate a significant performance gain compared to the benchmark methods in terms of the number of iterations for convergence, maximum transmission power requirement power and the minimum number of UAV requirements.

{"title":"UAV deployment in WSN system for emergency/remote area applications","authors":"Hassaan Hydher , Dushantha Nalin K. Jayakody , Kasun T. Hemachandra , Tharaka Samarasinghe","doi":"10.1016/j.comnet.2024.110977","DOIUrl":"10.1016/j.comnet.2024.110977","url":null,"abstract":"<div><div>Unmanned aerial vehicles (UAVs)-assisted communication systems are considered as a promising technology in diverse verticals. This paper studies the deployment of UAVs in wireless sensor network (WSN) systems. Considering the energy-constrained nature of the wireless sensors, we have proposed a multi-UAV deployment algorithm that minimizes the maximum power transmitted among the sensor nodes (SN) for given minimum data collection rate, minimum data-transferring rate, maximum power and height constraints. The problem is divided into three subproblems in order to reduce the complexity involved in solving them as a single problem. The subproblems are UAV-SN association, 2D positioning of the UAVs and the altitude optimization of the UAVs. Each subproblem is optimized by fixing other parameters as constant. First, the UAV-SN association is addressed using a customized Gale–Shapley algorithm. Second, the 2D positions of the UAVs are optimized using a modified pattern search algorithm. Third, the altitudes of the UAVs are optimized through a customized inexact line search algorithm. Finally, we proposed a combined optimization algorithm that integrates the approaches of all three subproblems in the suitable hierarchy to provide an optimal or a near-optimal solution. In the combined optimization, the first and second subproblems are iteratively solved until the convergence. After that, the third subproblem is solved independently for each UAV. Moreover, the combined optimization gives the minimum number of UAVs required to serve all the SNs with the given rate and power constraints. The numerical simulation validates the efficacy of our proposed algorithms. The results indicate a significant performance gain compared to the benchmark methods in terms of the number of iterations for convergence, maximum transmission power requirement power and the minimum number of UAV requirements.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110977"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143129202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An intention-driven task offloading strategy based on imitation learning in pervasive edge computing

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2024.110998

Yang Zhang , Shukui Zhang , Qi Zhang , Jianxi Fan

Consider an infrastructure-less wireless network environment (e.g., a land battlefield) in which devices are characterized by varying resource configurations, dynamic mobility, complexity of the generated sensing tasks, and deterministic delay constraints for the processing of these tasks. Solving the associated problem is infeasible on many thin-client mobile or IoT devices. Existing research has not yet addressed the above issues. In this paper, we first analyze the latency problem that arises when offloading tasks to other neighboring devices for processing and model the self-benefit-maximizing task allocation process as a stochastic game. Second, by probing the state information of the available arithmetic resources, we model the problem of minimum Steiner tree (MST)-based task migration as a sequential decision-making process and construct a distribution of activity trajectories formed by the allocation decisions and state changes. Then, based on an expert system demonstration, multiagent imitation learning based on MSTs (MILMST) is proposed. For every task, the MST is used as the decision basis for task offloading based on the agents’ local observations, and the allocation strategy is gradually improved by interacting with the surrounding agents in an online manner. Finally, the superiority of our algorithm is experimentally demonstrated.

{"title":"An intention-driven task offloading strategy based on imitation learning in pervasive edge computing","authors":"Yang Zhang , Shukui Zhang , Qi Zhang , Jianxi Fan","doi":"10.1016/j.comnet.2024.110998","DOIUrl":"10.1016/j.comnet.2024.110998","url":null,"abstract":"<div><div>Consider an infrastructure-less wireless network environment (e.g., a land battlefield) in which devices are characterized by varying resource configurations, dynamic mobility, complexity of the generated sensing tasks, and deterministic delay constraints for the processing of these tasks. Solving the associated problem is infeasible on many thin-client mobile or IoT devices. Existing research has not yet addressed the above issues. In this paper, we first analyze the latency problem that arises when offloading tasks to other neighboring devices for processing and model the self-benefit-maximizing task allocation process as a stochastic game. Second, by probing the state information of the available arithmetic resources, we model the problem of minimum Steiner tree (MST)-based task migration as a sequential decision-making process and construct a distribution of activity trajectories formed by the allocation decisions and state changes. Then, based on an expert system demonstration, multiagent imitation learning based on MSTs (MILMST) is proposed. For every task, the MST is used as the decision basis for task offloading based on the agents’ local observations, and the allocation strategy is gradually improved by interacting with the surrounding agents in an online manner. Finally, the superiority of our algorithm is experimentally demonstrated.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110998"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143129207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhanced detection of obfuscated HTTPS tunnel traffic using heterogeneous information network

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2024.110975

Mengyan Liu, Gaopeng Gou, Gang Xiong, Junzheng Shi, Zhong Guan, Hanwen Miao, Yang Li

HTTPS tunnel-based VPN services are increasingly used for malicious activities, such as remote control and data exfiltration. As detection mechanisms improve, some adversaries employ obfuscation techniques to evade detection. However, existing research mainly focuses on identifying HTTPS tunnel traffic and lacks specific studies on obfuscated traffic. In this paper, we propose HINT, a novel method that transforms HTTPS tunnel traffic detection into a graph node classification problem. Specifically, we construct a heterogeneous information graph to model the connections between clients and the VPN services. To enrich the graph’s semantics, we incorporate distinctive characteristics that are challenging to disguise and encapsulate them into specialized fingerprint nodes. Then we apply a hierarchical attention mechanism to automatically discern the significance of different nodes. Experimental results and extended analysis reveal that by integrating host topology, service statistics, and client traffic features, HINT maintains robust classification power when traffic shaping and padding techniques are employed. It is particularly effective without relying on packet sequences or payload information and maintains high detection capability even with added network noise.

{"title":"Enhanced detection of obfuscated HTTPS tunnel traffic using heterogeneous information network","authors":"Mengyan Liu, Gaopeng Gou, Gang Xiong, Junzheng Shi, Zhong Guan, Hanwen Miao, Yang Li","doi":"10.1016/j.comnet.2024.110975","DOIUrl":"10.1016/j.comnet.2024.110975","url":null,"abstract":"<div><div>HTTPS tunnel-based VPN services are increasingly used for malicious activities, such as remote control and data exfiltration. As detection mechanisms improve, some adversaries employ obfuscation techniques to evade detection. However, existing research mainly focuses on identifying HTTPS tunnel traffic and lacks specific studies on obfuscated traffic. In this paper, we propose HINT, a novel method that transforms HTTPS tunnel traffic detection into a graph node classification problem. Specifically, we construct a heterogeneous information graph to model the connections between clients and the VPN services. To enrich the graph’s semantics, we incorporate distinctive characteristics that are challenging to disguise and encapsulate them into specialized fingerprint nodes. Then we apply a hierarchical attention mechanism to automatically discern the significance of different nodes. Experimental results and extended analysis reveal that by integrating host topology, service statistics, and client traffic features, HINT maintains robust classification power when traffic shaping and padding techniques are employed. It is particularly effective without relying on packet sequences or payload information and maintains high detection capability even with added network noise.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110975"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143129306","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

5G network resilience evaluation mechanism based on Petri Nets

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2024.110950

Wenhao Wu , Xinsheng Ji , Jie Yang , Wei You , Buqing Xue , Deqiang Zhou , Ran Li

As a next-generation mobile communication technology, 5G’s network functions—cloudification, virtualization, and other characteristics enable the network to overcome single-point resource constraints and be deployed flexibly. However, it also exposes more attack surface interfaces to malicious users, who can launch high-traffic Distributed Denial of Service (DDoS) attacks that can seriously affect the resilience of network services. The complexity and dynamics of the 5G system itself make it difficult to capture and measure its resilience. In order to address the issues mentioned above, in this paper, we use Petri Nets to model 5G network systems based on containerized deployment and implement different resilient resource scheduling strategies to mitigate and assess the impact of attack threats on the overall system resilience. By comparing the resilience gains of different resource scheduling strategies in the face of anomalous DDoS attacks, it is effectively demonstrated that adopting appropriate resilient resource scheduling strategies is instructive in reducing the traffic loss caused by DDoS attacks.

{"title":"5G network resilience evaluation mechanism based on Petri Nets","authors":"Wenhao Wu , Xinsheng Ji , Jie Yang , Wei You , Buqing Xue , Deqiang Zhou , Ran Li","doi":"10.1016/j.comnet.2024.110950","DOIUrl":"10.1016/j.comnet.2024.110950","url":null,"abstract":"<div><div>As a next-generation mobile communication technology, 5G’s network functions—cloudification, virtualization, and other characteristics enable the network to overcome single-point resource constraints and be deployed flexibly. However, it also exposes more attack surface interfaces to malicious users, who can launch high-traffic Distributed Denial of Service (DDoS) attacks that can seriously affect the resilience of network services. The complexity and dynamics of the 5G system itself make it difficult to capture and measure its resilience. In order to address the issues mentioned above, in this paper, we use Petri Nets to model 5G network systems based on containerized deployment and implement different resilient resource scheduling strategies to mitigate and assess the impact of attack threats on the overall system resilience. By comparing the resilience gains of different resource scheduling strategies in the face of anomalous DDoS attacks, it is effectively demonstrated that adopting appropriate resilient resource scheduling strategies is instructive in reducing the traffic loss caused by DDoS attacks.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110950"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143129307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

FROG: A Firewall Rule Order Generator for faster packet filtering

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2024.110962

Antonio Coscia, Antonio Maci, Nicola Tamma

The security of computer networks can be achieved using properly configured devices and applications; otherwise, protection technologies may be prone to potential threats. In next-generation firewalls, a common misconfiguration is the inefficient order of rules defining security policies. First-match scanners sequentially compare each incoming packet with the rule list until it is intercepted. Therefore, the most frequent rules should be placed in the top positions to avoid significant service issues due to slow search processes. In addition, rules cannot be placed randomly because the precedence relationships between them must be maintained to ensure the integrity of the policies implemented. Several constrained sorting techniques that take advantage of the rule activation frequencies have been proposed over the years. However, previous studies have not considered certain firewalls, such as PF, which skip rule blocks during scanning to minimize packet-rule comparisons. To address this gap, this paper proposes the Firewall Rule Order Generator (FROG), which produces constraint-compliant rule orders and arranges them in jumpable blocks based on their similarity. Furthermore, FROG is resistant to traffic profile variations, as it does not require prior knowledge of packet distributions for optimal sorting. The experimental results demonstrate that FROG can effectively maximize skipped rules and minimize jumps, thus reducing the computational overhead of the scanner. Moreover, FROG sorted large rule sets faster than state-of-the-art competitors and produced orders that minimized packet-rule comparisons using ClassBench test data.

{"title":"FROG: A Firewall Rule Order Generator for faster packet filtering","authors":"Antonio Coscia, Antonio Maci, Nicola Tamma","doi":"10.1016/j.comnet.2024.110962","DOIUrl":"10.1016/j.comnet.2024.110962","url":null,"abstract":"<div><div>The security of computer networks can be achieved using properly configured devices and applications; otherwise, protection technologies may be prone to potential threats. In next-generation firewalls, a common misconfiguration is the inefficient order of rules defining security policies. First-match scanners sequentially compare each incoming packet with the rule list until it is intercepted. Therefore, the most frequent rules should be placed in the top positions to avoid significant service issues due to slow search processes. In addition, rules cannot be placed randomly because the precedence relationships between them must be maintained to ensure the integrity of the policies implemented. Several constrained sorting techniques that take advantage of the rule activation frequencies have been proposed over the years. However, previous studies have not considered certain firewalls, such as PF, which skip rule blocks during scanning to minimize packet-rule comparisons. To address this gap, this paper proposes the Firewall Rule Order Generator (FROG), which produces constraint-compliant rule orders and arranges them in jumpable blocks based on their similarity. Furthermore, FROG is resistant to traffic profile variations, as it does not require prior knowledge of packet distributions for optimal sorting. The experimental results demonstrate that FROG can effectively maximize skipped rules and minimize jumps, thus reducing the computational overhead of the scanner. Moreover, FROG sorted large rule sets faster than state-of-the-art competitors and produced orders that minimized packet-rule comparisons using ClassBench test data.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110962"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143129441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Attack-data independent defence mechanism against adversarial attacks on ECG signal

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2024.111027

Saifur Rahman, Shantanu Pal, Ahsan Habib, Lei Pan, Chandan Karmakar

Adversarial attacks pose a significant threat to the integrity and reliability of electrocardiogram (ECG) signals, compromising their use in critical applications, e.g., arrhythmia detection and classification. In this paper, we propose an attack-data-independent defence mechanism to effectively mitigate adversarial attacks on ECG signals. Unlike existing defence mechanisms that rely on learning from adversarial samples, our proposed approach operates as a ‘gatekeeper,’ selectively discarding noisy and attack signals while allowing only clean and non-attack ECG signals to be stored in the data layer. This ensures the availability of reliable and high-quality ECG data for subsequent analysis. The proposed defence mechanism not only detects and filters out the attack and noisy ECG signals but also provides robust protection against adversarial attacks, enhancing the integrity and trustworthiness of ECG data for critical applications. To evaluate the effectiveness of our proposal, we conduct experiments using physiologic and synthetic ECG datasets against two well-known attacks: a white-box attack (Fast Gradient Signed Method (FGSM) and Projected Gradient Descent (PGD)) and a black-box attack (HopSkipJump and Boundary). Our experimental results demonstrate the superiority and effectiveness of our approach in defending against adversarial attacks on ECG signals, making it a promising solution for ensuring the security and reliability of ECG-based diagnosis in smart healthcare applications.

{"title":"Attack-data independent defence mechanism against adversarial attacks on ECG signal","authors":"Saifur Rahman, Shantanu Pal, Ahsan Habib, Lei Pan, Chandan Karmakar","doi":"10.1016/j.comnet.2024.111027","DOIUrl":"10.1016/j.comnet.2024.111027","url":null,"abstract":"<div><div>Adversarial attacks pose a significant threat to the integrity and reliability of electrocardiogram (ECG) signals, compromising their use in critical applications, e.g., arrhythmia detection and classification. In this paper, we propose an attack-data-independent defence mechanism to effectively mitigate adversarial attacks on ECG signals. Unlike existing defence mechanisms that rely on learning from adversarial samples, our proposed approach operates as a ‘gatekeeper,’ selectively discarding noisy and attack signals while allowing only clean and non-attack ECG signals to be stored in the data layer. This ensures the availability of reliable and high-quality ECG data for subsequent analysis. The proposed defence mechanism not only detects and filters out the attack and noisy ECG signals but also provides robust protection against adversarial attacks, enhancing the integrity and trustworthiness of ECG data for critical applications. To evaluate the effectiveness of our proposal, we conduct experiments using physiologic and synthetic ECG datasets against two well-known attacks: a white-box attack (Fast Gradient Signed Method (FGSM) and Projected Gradient Descent (PGD)) and a black-box attack (HopSkipJump and Boundary). Our experimental results demonstrate the superiority and effectiveness of our approach in defending against adversarial attacks on ECG signals, making it a promising solution for ensuring the security and reliability of ECG-based diagnosis in smart healthcare applications.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"258 ","pages":"Article 111027"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143177112","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Load balancing routing algorithm of industrial wireless network for digital twin

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2025.111059

Linjie Xiao, Shining Li, Qin Wen, Xiao Liang, Yiming Li, Wanbao Wang, Yuntao Fu

Digital twin is a transformative technology with the power to reshape the future of industries, which enables accurate simulation and optimization of the production process by creating virtual copies of physical entities. Industrial wireless network such as ISA100.11a, as an indispensable communication bridge in digital twin, provides a stable and reliable data transmission pathway for all-element connectivity. However, the access of a large number of nodes increases the risk of network congestion and poses a challenge to the real-time network transmission. Therefore, the intention of our research is to deal with network congestion by establishing a load balancing routing algorithm. First, considering the time-triggered characteristic of industrial scenarios, a directed acyclic graph model is established for multi-periodic communication streams. We analyze the causes of load imbalance in multi-source single-sink topology, and prove that choosing optimal path scheme is an NP-hard problem by generalizing to the multidimensional bin packing problem. Then, we theoretically derive the average load of the hierarchy, establish a loss function characterizing the degree of hierarchical load balancing, and propose a hierarchical load balancing strategy based on the black-winged kite algorithm by establishing a mapping relationship. Finally, a scheduling constraint model is introduced to evaluate the superiority of the proposed algorithm. Experimental validation shows that the proposed algorithm reduces 70.80%, 27.15%, 15.57%, 14.01% in terms of loss function value and 23.52%, 4.71%, 5.19%, 4.64% in terms of total delay as compared to Dijkstra algorithm, Greedy algorithm, Bat algorithm and Deep Q-Networks respectively.

{"title":"Load balancing routing algorithm of industrial wireless network for digital twin","authors":"Linjie Xiao, Shining Li, Qin Wen, Xiao Liang, Yiming Li, Wanbao Wang, Yuntao Fu","doi":"10.1016/j.comnet.2025.111059","DOIUrl":"10.1016/j.comnet.2025.111059","url":null,"abstract":"<div><div>Digital twin is a transformative technology with the power to reshape the future of industries, which enables accurate simulation and optimization of the production process by creating virtual copies of physical entities. Industrial wireless network such as ISA100.11a, as an indispensable communication bridge in digital twin, provides a stable and reliable data transmission pathway for all-element connectivity. However, the access of a large number of nodes increases the risk of network congestion and poses a challenge to the real-time network transmission. Therefore, the intention of our research is to deal with network congestion by establishing a load balancing routing algorithm. First, considering the time-triggered characteristic of industrial scenarios, a directed acyclic graph model is established for multi-periodic communication streams. We analyze the causes of load imbalance in multi-source single-sink topology, and prove that choosing optimal path scheme is an NP-hard problem by generalizing to the multidimensional bin packing problem. Then, we theoretically derive the average load of the hierarchy, establish a loss function characterizing the degree of hierarchical load balancing, and propose a hierarchical load balancing strategy based on the black-winged kite algorithm by establishing a mapping relationship. Finally, a scheduling constraint model is introduced to evaluate the superiority of the proposed algorithm. Experimental validation shows that the proposed algorithm reduces 70.80%, 27.15%, 15.57%, 14.01% in terms of loss function value and 23.52%, 4.71%, 5.19%, 4.64% in terms of total delay as compared to Dijkstra algorithm, Greedy algorithm, Bat algorithm and Deep Q-Networks respectively.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"258 ","pages":"Article 111059"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143177530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SDLoRe: A loss recovery algorithm based on segment detection in lossy RDMA networks

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2024.111019

Shibao Li , Longfei Li , Wei Dou , Yunwu Zhang , Chengzhi Wang , Xuerong Cui , Lianghai Li

Remote Direct Memory Access (RDMA) has emerged as the leading solution for constructing top-performing networks in data centers due to the exceptional traits of low latency, high throughput, and low CPU load. RDMA over Converged Ethernet version 2 (RoCEv2) is the most widely deployed hardware implementation. RoCEv2 enables Priority-based Flow Control (PFC) to ensure lossless network transmission. However, packet loss remains a common issue in data centers nowadays. Go-Back-N is a classic method for loss recovery. But it cannot guarantee the network’s transmission efficiency due to redundant retransmission. Although there are many improved algorithms, their improvements mainly focus on the receiver, and other devices in the network are used to cooperate with it passively. Thus, we propose a loss recovery algorithm based on segment detection named SDLoRe, achieving active and rapid packet loss detection and retransmission recovery. SDLoRe consists of three components: packet tracing at the sender, packet loss detection and notification at the switch, and PSN checking at the receiver. We evaluated SDLoRe’s performance in multiple scenarios through simulation. The results show that SDLoRe can complete the sending task faster than under different congestion control algorithms (DCQCN, HPCC) compared to Go-Back-N and reduce the FCT slowdown by 46.9% and 58.4% respectively at different packet loss rates (0.001, 0.01). We also analyzed the time taken for packet loss detection using normal distribution. The comparison results reveal an average reduction of 47.5%–98.2% with DCQCN and 34.3%–64.6% with HPCC. The statistical results indicate that SDLoRe’s

μ

is always smaller than GBN’s, and

σ

is also smaller in most cases under the same conditions.

{"title":"SDLoRe: A loss recovery algorithm based on segment detection in lossy RDMA networks","authors":"Shibao Li , Longfei Li , Wei Dou , Yunwu Zhang , Chengzhi Wang , Xuerong Cui , Lianghai Li","doi":"10.1016/j.comnet.2024.111019","DOIUrl":"10.1016/j.comnet.2024.111019","url":null,"abstract":"<div><div>Remote Direct Memory Access (RDMA) has emerged as the leading solution for constructing top-performing networks in data centers due to the exceptional traits of low latency, high throughput, and low CPU load. RDMA over Converged Ethernet version 2 (RoCEv2) is the most widely deployed hardware implementation. RoCEv2 enables Priority-based Flow Control (PFC) to ensure lossless network transmission. However, packet loss remains a common issue in data centers nowadays. Go-Back-N is a classic method for loss recovery. But it cannot guarantee the network’s transmission efficiency due to redundant retransmission. Although there are many improved algorithms, their improvements mainly focus on the receiver, and other devices in the network are used to cooperate with it passively. Thus, we propose a loss recovery algorithm based on segment detection named SDLoRe, achieving active and rapid packet loss detection and retransmission recovery. SDLoRe consists of three components: packet tracing at the sender, packet loss detection and notification at the switch, and PSN checking at the receiver. We evaluated SDLoRe’s performance in multiple scenarios through simulation. The results show that SDLoRe can complete the sending task faster than under different congestion control algorithms (DCQCN, HPCC) compared to Go-Back-N and reduce the FCT slowdown by 46.9% and 58.4% respectively at different packet loss rates (0.001, 0.01). We also analyzed the time taken for packet loss detection using normal distribution. The comparison results reveal an average reduction of 47.5%–98.2% with DCQCN and 34.3%–64.6% with HPCC. The statistical results indicate that SDLoRe’s <span><math><mi>μ</mi></math></span> is always smaller than GBN’s, and <span><math><mi>σ</mi></math></span> is also smaller in most cases under the same conditions.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"258 ","pages":"Article 111019"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143177110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Protocol syntax recovery via knowledge transfer

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks

Pub Date : 2025-02-01 DOI: 10.1016/j.comnet.2024.111022

Yanyang Zhao , Zhengxiong Luo , Kai Liang , Feifan Wu , Wenlong Zhang , Heyuan Shi , Yu Jiang

Protocol reverse engineering plays a critical role in many security applications. However, current technologies rely primarily on network trace analysis, which often has syntax-inference limitations. Meanwhile, protocols regularly evolve to improve functionality and address vulnerabilities, adapting to changing needs and technological advances. This evolution has accumulated a wealth of prior knowledge for protocol reverse engineering, but it remains largely untapped and unused.

This paper presents SynRe, a protocol syntax reverse engineering method designed to address the challenge of recovering unknown message formats. SynRe exploits the wealth of prior syntax knowledge accumulated through protocol evolution and the inherent structural change characteristics of binary sequences. The approach first uses a language representation model that incorporates natural language knowledge and prior syntax knowledge of known messages to learn the mapping relationship between protocol semantics and syntax. The method then extracts the inherent structural change characteristics of binary message sequences using bit operations, facilitating the recovery of message syntax.

Our evaluation on five widely used protocol families shows that SynRe achieves encouraging score, significantly outperforming the state-of-the-art methods like Netzob+, Netzob, BinaryInferno, Netplier, and FieldHunter. Furthermore, SynRe achieves higher perfection than the trivial application of the original grammar for the protocols before evolution, demonstrating the effectiveness of knowledge transfer. Meanwhile, the experiments of adapting SynRe on protocol message with different diversity and sizes demonstrate that SynRe is not significantly affected by the size or diversity of the datasets involved.

{"title":"Protocol syntax recovery via knowledge transfer","authors":"Yanyang Zhao , Zhengxiong Luo , Kai Liang , Feifan Wu , Wenlong Zhang , Heyuan Shi , Yu Jiang","doi":"10.1016/j.comnet.2024.111022","DOIUrl":"10.1016/j.comnet.2024.111022","url":null,"abstract":"<div><div>Protocol reverse engineering plays a critical role in many security applications. However, current technologies rely primarily on network trace analysis, which often has syntax-inference limitations. Meanwhile, protocols regularly evolve to improve functionality and address vulnerabilities, adapting to changing needs and technological advances. This evolution has accumulated a wealth of prior knowledge for protocol reverse engineering, but it remains largely untapped and unused.</div><div>This paper presents <span>SynRe</span>, a protocol syntax reverse engineering method designed to address the challenge of recovering unknown message formats. <span>SynRe</span> exploits the wealth of prior syntax knowledge accumulated through protocol evolution and the inherent structural change characteristics of binary sequences. The approach first uses a language representation model that incorporates natural language knowledge and prior syntax knowledge of known messages to learn the mapping relationship between protocol semantics and syntax. The method then extracts the inherent structural change characteristics of binary message sequences using bit operations, facilitating the recovery of message syntax.</div><div>Our evaluation on five widely used protocol families shows that <span>SynRe</span> achieves encouraging score, significantly outperforming the state-of-the-art methods like Netzob+, Netzob, BinaryInferno, Netplier, and FieldHunter. Furthermore, <span>SynRe</span> achieves higher perfection than the trivial application of the original grammar for the protocols before evolution, demonstrating the effectiveness of knowledge transfer. Meanwhile, the experiments of adapting <span>SynRe</span> on protocol message with different diversity and sizes demonstrate that <span>SynRe</span> is not significantly affected by the size or diversity of the datasets involved.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"258 ","pages":"Article 111022"},"PeriodicalIF":4.4,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143177348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0