Computer Networks最新文献

The advent of Wi-Fi in the 1990s stimulated the creation of Community networks (CNs), a new networking paradigm deployed and maintained by their users. The non-profit and grassroots self-organization of CNs has shown significant potential in enhancing communication technologies grounded in ethical values, transcending mere Internet expansion to contribute to broader social impacts. Since its conception, hundreds of CNs have been deployed worldwide. However, many have faltered, primarily due to a lack of solid economic models and legal setup. This paper presents Expansió Xarxa Oberta (eXO) association, a commons Internet Service Provider (ISP). In contrast to commercial ISPs, eXO follows the same grassroots principles of CNs. Establishing a commons-based ISP is challenging, yet it is a key component for the sustainability and success of CNs. Therefore, our paper aims to dissect the complexity of a commons ISP by explaining eXO, a pioneering example that has already been in production for more than 14 years. To the best of our knowledge, this is the first time that a commons ISP is described in all its components.

To describe eXO, we have proceeded in two parts. In the first one, we delineate the organizational structure, economics, funding mechanisms, activities, legal framework, and infrastructure. To gain more insight on eXO, in the second part, we conduct a technical analysis of traffic data collected from eXO’s core router, elucidating subscriber usage patterns. Our study encompasses various subscriber categories, including regular and financially subsidized users, Wi-Fi and optical fiber access, and traffic characteristics such as volume, TCP/UDP usage, services accessed, and traffic distribution across countries.

In this article, we propose a combination of multiple aerial reconfigurable intelligent surfaces (ARISs) with an aerial relay (AR) for improving the performance of multiple users adopting the non-orthogonal multiple access (NOMA) scheme. In particular, two groups of ARIS are utilized, one for aiding ground-to-air (G2A) communication and another one for aiding air-to-ground (A2G) communication. Mathematical formulas of outage probability (OP), throughput, and achievable capacity (AC) of every user in the proposed ARISs-AR-NOMA network are derived over the Nakagami-$m$ channel. The propagation environment recommended for the fifth generation and beyond (5G/B5G) is applied to enhance the practical behavior of the proposed network. To confirm the performance enhancement, we compare the OP, throughput, and AC of the proposed system with the conventional AR-NOMA network (i.e., without ARISs). Numerical illustrations demonstrate the great benefits of the proposed ARISs-AR-NOMA network, its transmit power is dramatically lower than that of the conventional network. Moreover, the throughput and AC of the proposed network are considerably higher than the conventional network’s. Based on the effect of key parameters and network behaviors, various effective solutions are recommended to enhance the performance of the proposed ARISs-AR-NOMA network.

The explosive growth of the interconnected vehicle network creates vast amounts of data within individual vehicles, offering exciting opportunities to develop advanced applications. FL (Federated Learning) is a game-changer for vehicular networks, enabling powerful distributed data processing across vehicles to build intelligent applications while promoting collaborative training and safeguarding data privacy. However, recent research has exposed a critical vulnerability in FL: poisoning attacks, where malicious actors can manipulate data, labels, or models to subvert the system. Despite its advantages, deploying FL in dynamic vehicular environments with a multitude of distributed vehicles presents unique challenges. One such challenge is the potential for a significant number of malicious actors to tamper with data. We propose a hierarchical FL framework for vehicular networks to address these challenges, promising lower latency and coverage. We also present a defense mechanism, LFGuard, which employs a detection system to pinpoint malicious vehicles. It then excludes their local models from the aggregation stage, significantly reducing their influence on the final outcome. We evaluate LFGuard against state-of-the-art techniques using the three popular benchmark datasets in a heterogeneous environment. Results illustrate LFGuard outperforms prior studies in thwarting targeted label-flipping attacks with more than 5% improvement in the global model accuracy, 12% in the source class recall, and a 6% reduction in the attack success rate while maintaining high model utility.

The transmission of data packets from satellites to Earth Stations (ESs) is the last hop of satellite network routing. As the final stage of packet transmission, the use of different scheduling strategies directly affects the throughput of the satellite network. Traditionally, researchers have attempted to enhance network performance by investigating inter-satellite routing protocols or inter-satellite data offloading strategies. However, these approaches have failed to address scheduling issues in the last hop of large-scale Low Earth Orbit (LEO) constellations. In this paper, we present the first Cooperative Last-Hop Scheduling (CLHS) strategy for routing in large-scale LEO constellations based on a bidirectional communication domain. In this strategy, we first utilize the bidirectional communication domain to determine the communication ranges of satellites and ESs. Subsequently, an information flow is established to interact with ESs and satellites. The ESs receive and reconstruct the Information Matrix (IM) from the information flow. Moreover, we propose the Maximum Decision Value Priority (MDVP) algorithm, which takes the reconstructed IM as input and computes the scheduling commands for satellites within the communication range of the ESs. To address the issue of multiple ESs simultaneously scheduling the same satellite, we introduce the Collision Avoidance Algorithm (CAA). Finally, to enhance the data packet transmission efficiency of the scheduled satellites, we propose the Weighted First-In-First-Out (WFIFO) algorithm, which is specifically designed for satellite packet dequeuing. We validate the CLHS through simulations on two satellite constellations: the first-generation Starlink constellation with 4409 satellites and the GW-2 constellation with 6912 satellites. The results show that CLHS can achieve better network throughput than traditional strategies. CLHS provides a novel method of scheduling the last hop in large-scale satellite constellations.

The core of programmable switches is the flexible data plane, composed of multiple programmable pipelines in existing programmable switches. These pipelines are isolated from each other and cannot share state and data. However, most of network monitoring systems ignore this condition and implicitly assume that the switch has only a single pipeline. This results in an inaccurate measurement and high communication overhead with the practical switch. To tackle this problem, we propose MpScope, a general multi-pipeline monitoring framework, which centers around the control plane, supporting accurate and efficient network monitoring. Specifically, MpScope combines the switch’s data plane and control plane to achieve comprehensive network monitoring of the whole switch scope. The control plane aggregates the statistical results from multiple pipelines and tunes the monitoring module residing in the different pipelines in the data plane dynamically. The data plane is responsible for real-time traffic measurement and statistic reports. Its behaviors can be adjusted periodically with the instructions from the control plane. Two typical monitoring applications, i.e., heavy hitter detection and distinct counting, are developed with MpScope to validate the effectiveness of multi-pipeline monitoring. Experiments show that MpScope significantly reduces communication overhead compared to the static threshold scheme while maintaining high detection accuracy over time.

In the dynamic field of Vehicle Edge Computing (VEC), the demand for intelligent vehicular systems to process vast amounts of data is escalating, driven by advancements in autonomous driving and real-time navigation technologies. Optimizing service latency and minimizing transmission costs are crucial for enhancing the performance of vehicular networks. Traditional service caching strategies, which largely rely on the popularity of individual services, often fail to account for the intricate interdependencies between services. The oversight can result in redundant data transfers and inefficient use of storage resources. In response, our paper introduces a novel approach to service combination caching within a heterogeneous computational framework comprising vehicles, edge servers, and the cloud. Our strategy focuses on minimizing user wait times and data transmission costs during task execution, while adhering to the caching budget constraints of service providers. Key contributions include the development of an Improved Density Peak Clustering (IDPC) algorithm to facilitate cooperative clustering among edge servers and the design of a Service Combination Caching Strategy (SCCS). The SCCS approach reduces caching costs by categorizing servers, forming efficient clusters, and strategically allocating storage. Simulation results demonstrate that the method outperforms existing strategies by significantly decreasing task execution delays and transmission costs, thereby greatly enhancing the quality of service in vehicular applications.

With the significant increase in mobile users connected to the wireless network, coupled with the escalating energy consumption and the risk of network saturation, the search for resource management has become paramount. Managing several access points throughout a whole region is hugely relevant in this context. Moreover, a wireless network must keep its Service Level Agreement, regardless of the number of connected users. With that in mind, in this work, we propose four prediction models that allow one to predict the number of connected users on a wireless network. Once the number of users has been predicted, the network resources can be properly allocated, minimizing the number of active access points. We investigate the use of Particle Swarm Optimization and Genetic Algorithms to hyper-parameterize a Multilayer Perceptron neural network and a Decision Tree. We evaluate our proposal using a campus-based wireless network dataset with more than 20,000 connected users. As a result, our model can considerably improve network performance by intelligently allocating the number of access points, thereby addressing concerns related to energy consumption and network saturation. The results have shown an average accuracy of 95.18%, managing to save network resources effectively.

The Third Generation Partnership Project (3GPP) recently introduced the fifth-generation (5G) new radio (NR) sidelink to enable vehicle-to-everything (V2X) communications supporting advanced safety services. Nevertheless, improvements over the previous generation still pose challenges to meet the reliability and latency requirements of V2X communications, particularly in the allocation of distributed resources, i.e., Mode 2. In Mode 2, vehicles autonomously select radio resources for their message transmissions and can maintain the selected resources for a given reservation period to efficiently handle periodic data traffic. However, potential collisions during this period may remain undetected due to half-duplex communications and unacknowledged broadcast transmissions, resulting in persistent message losses and posing a threat to road safety. This paper aims to improve the 5G NR-V2X sidelink for systems beyond 5G-Advanced by exploiting full-duplex transceivers. We propose a novel medium access control (MAC) scheme where vehicles can detect collisions while transmitting, dynamically adapt the collision detection threshold according to the measured channel load, and react to detected collisions through appropriate resource reselection and retransmission procedures. Extensive simulations conducted under various settings show that this MAC scheme brings substantial performance gains in terms of reliability and latency, compared to the current legacy Mode 2 procedure and a benchmark full-duplex scheme from the literature.

Recent years have seen substantial advancements in Internet technology along with environmental changes, which have led to the emergence of various security issues. There is also a trend of explosive growth in applications that encrypt network traffic for various types of services. Therefore, the classification of applications within encrypted traffic represents an important research issue for both secure network management and efficient bandwidth management. In such encrypted traffic, the payload itself is encrypted, and it is no longer viable to classify applications based on signatures extracted from plaintext. Most applications in public datasets for encrypted traffic classification are collected with the same IP address and port number, which makes the 5-tuple information a strong identifier. However, this 5-tuple contains many characteristics related to both the traffic collection environment and user-specific traits, rather than intrinsic features of the applications themselves. Therefore, when addressing the problem of encrypted traffic application classification, it is advisable to utilize header information excluding the 5-tuple and payload. Therefore, this paper proposes a novel service type and application classification system based on the Bidirectional Encoding Representation Transformer (BERT), which utilizes packet header information from encrypted traffic. The proposed system ensures the accuracy and generalization performance of the classification model by using only the header information from traffic packets, excluding the 5-tuple and payload. Further, to preserve the characteristics and semantic meaning of an encrypted traffic packet, sentences embedded with 2-byte tokens were used as input for BERT. The proposed system was designed to exclude labeling information from all sentences during the pre-training phase before proceeding with training. Fine-tuning was then conducted to align the system with the objectives of the service type and application classification. This experiment utilized the publicly available ISCX VPN-nonVPN dataset, and the proposed model achieved remarkable accuracy in the key performance measure, i.e., F1-scores, with values of 99.24 % in service type classification and 98.74 % in application classification. This capability can be used in maintaining the confidentiality of encrypted traffic, network security monitoring, Quality of Service (QoS), and traffic management in complex IT environments.

Insider threat detection has been a significant topic in recent years. However, as network technology develops, the intranet becomes more complex. Therefore, simply matching attack patterns or using traditional machine learning methods (Logistic Regression, Gaussian-NB, Random Forest, etc.) does not work well. On the other hand, the graph structure can better adapt to intranet data, thus graph-based insider threat detection methods have become mainstream. In order to study the design and effectiveness of graph-based insider threat detection, in this paper, we conduct a systematic and comprehensive survey of existing related research. Specifically, we provide a framework and a taxonomy based on the detection process, classifying existing work from three aspects: data collection, graph construction, and graph anomaly detection. We conduct a quantitative analysis of existing representative graph methods and find that the models with more information have better performance. In particular, we discuss the scalability of existing methods to large-scale networks and their feasibility in real environments. Based on the survey results, we propose 7 pain points in this field and provide specific future research directions. Our survey will provide future researchers with a complete solution.