Computer Networks最新文献

Microservice architecture is a service-oriented paradigm that enables the decomposition of cumbersome monolithic-based software systems. Using microservice design principles, it is possible to develop flexible, scalable, reusable, and loosely coupled software that could be containerized and deployed in a distributed edge/cloud environment. The flexible deployment of microservices in an edge environment increases system performance in terms due to dynamic service function placement and chaining possibly resulting in latency reduction, fault tolerance, scalability, efficient resource utilization, cost reduction, and energy consumption reduction. On the other hand, virtualization and containerization of microservices add processing and communication overheads. Therefore, to evaluate end-to-end microservices-based system performance, we need to have an end-to-end mathematical formulation of the overall microservice-based network system. Incorporating the virtualization overhead, here we provide end-to-end mathematical formulation considering system parameters: latency, throughput, computational resource usage, and energy consumption. We then evaluate the formulation in a testbed environment with the Microservice-based SDN (MSN) framework that decomposes the Software-defined Networking (SDN) controller in microservices with Docker Container. The final result validates the presented mathematical modeling of the system’s dynamic behavior which can be used to design a microservice-based system.

The Internet of Things (IoT) paradigm is assumed to be a major component in the present and future Internet, with forecasts claiming a humongous number of devices connected in the near future, and applications fields spanning from agriculture, to healthcare. Despite this, the standardization efforts have not yet resulted in widely adopted standards, and the market is fragmented into multiple solutions both at physical and communication protocol levels. Moreover, IoT systems exacerbate the usual test bed limitations, e.g., scalability (very large number of devices), hardware compatibility, space, and price. Due to the above problems, simulation tools become an extremely interesting tool for studying IoT systems both for academia (new algorithms), standardization (new protocols), and industry (what-if analysis). In this paper we will discuss what are the most relevant features and models that a simulation tool like ns-3 should prioritize to enable the above-mentioned needs from academia, standardization, and industry, and if they are achievable in the short, medium, or long term.

Packet classification is widely used in network infrastructures and is the key technique that supports security and other functions. The real-time nature of network services naturally demands high classification speed, while the emerging SDN makes rule changes more flexible, thus placing higher demands on the performance of rule update in classification schemes. In this paper, Learning Tuple(LT) is proposed to achieve high classification performance for packets while maintaining the high update characteristics of tuple space-based schemes. Specifically, to solve the issue of excessive tuples and rule overlap due to merging tuples, LT iteratively divides the space by using rule overlap and hash collisions as negative feedback and applies a reinforcement learning algorithm, SARSA, at each level to ensure its reasonableness. Efficient space partitioning guides the construction of tuples, and an excellent rule mapping method called PLR is designed, which improves classification performance. Experimental results demonstrate that compared with classic and advanced classification schemes TSS, TupleMerge, MultilayerTuple, PartitionSort, HybridTSS, and TupleTree, LT achieves average classification performance improvements of 9.23x, 1.74x, 1.45x, 2.85x, 1.37x and 1.25x, as well as average update performance improvements of 1.83x, 6.75x, 1.22x, 6.16x, 1.21x, 10.66x, respectively.

Network traffic classification is the basis of many network security applications and has received significant attention in the field of cyberspace security. Existing research on deep traffic analysis typically involves converting traffic data into images to extract spatial traffic features using Convolutional Neural Networks (CNNs). However, this approach ignores the semantic differences and details in the various packet structures. In this paper, we propose an MLP-Mixer based multi-view multi-label neural network for network traffic classification. Compared with the existing CNN-based methods, our method adopts the MLP-Mixer structure, which is more in line with the structure of the packet than the conventional convolution operation. In our method, one packet is divided into the packet header and the packet payload, together with the flow statistics of the packet as input from different views. We utilize a multi-label setting to learn different scenarios simultaneously to improve the classification performance by exploiting the correlations between different scenarios. We conduct experiments on three public datasets, and the experimental results show that our method can achieve superior performance. Code is available at https://github.com/ZxuanDang/MV-ML-traffic-classification.

Federated Learning (FL) is proposed to train a machine learning model for clients with different training data. During the training of FL, a centralized server is usually employed to aggregate local models from clients iteratively. The aggregation process suffers from Byzantine attacks, where clients’ models could be maliciously modified by attackers to degrade the training performance. Existing defense aggregation solutions use distances or angles between different gradients to identify and eliminate malicious models from clients. However, they do not work well due to the high dimensional property of the machine learning model. Distance-based solutions cannot effectively identify attackers when the gradient direction of the model is maliciously tampered with. Angle-based solutions face the issue of low model accuracy for large models. In this paper, we propose Convolutional Kernel Angle-based Defense Aggregation (CKADA) to improve defense performance under various Byzantine attacks. The key of CKADA is to use the angle between convolutional kernels as the attack detection metric because the obtuse angle indicates the wrong training direction. CKADA calculates the angle between a client’s convolutional kernel gradients and the server’s convolutional kernel gradients as the attacker detection metric and eliminates convolutional kernel gradients of clients that create an obtuse angle to mitigate the impact of attackers on the model. We evaluate the performance of CKADA using AlexNet, ResNet-50, and GoogLeNet under two typical attacks. Simulation results show that CKADA mitigates the impact of Byzantine attacks and outperforms existing angle-based solutions and distance-based solutions by improving inference accuracy up to 67% and 89% respectively.

Deep learning is a crucial research area in network security, particularly when it comes to detecting network attacks. While some deep learning algorithms have shown promising results in distinguishing between normal and abnormal traffic, identifying different types of imbalanced anomalous traffic data is still a challenging task at present. To enhance the detection performance of unbalanced anomalous flows, we propose a new intrusion detection architecture based on a variational auto-encoder (VAE) and generative adversarial networks (GAN) in this research. Firstly, we present the VAE-WGAN model, which combines the advantages of VAE and GAN and enables us to generate data with predefined labels to balance the original training dataset. In the intrusion detection phase, we use a hybrid neural network model based on stacked Long Short-Term Memory (LSTM) and Multi-Scale Convolutional Neural Network (MSCNN). Stacked LSTM and MSCNN networks can extract network characteristics at different depths and scales, and subsequent feature fusion is used to increase network attack detection rates. Finally, the results from the NSL-KDD and AWID datasets indicate that the proposed network intrusion detection model improves the accuracy of network attack detection. The model outperforms other existing intrusion detection approaches in terms of accuracy, precision, recall, and f1-score, obtaining 83.45% accuracy and 83.69% f1-score on the NSL-KDD dataset. Moreover, it attains an accuracy and f1-score exceeding 98.9% on the AWID dataset.

As the telecommunications industry embarks on the transition to Sixth-Generation (6G) networks, this paper examines the integration of Non-Terrestrial Networks (NTN), and in particular satellite backhauling, in the context of Fifth-Generation (5G) systems. The Integrated Access and Backhaul (IAB) technology, conceived as a wireless terrestrial backhauling system in the Next Generation Radio Access Network (NG-RAN), has been identified as a possible enabler for the integration of satellite nodes. Despite the work already done in this direction, the combination of IAB architectures with satellite nodes operating in both the access and backhaul side requires further evaluations on feasibility and limitations for networks integrating Low Earth Orbit (LEO) and Geostationary Earth Orbit (GEO) satellites. To this end, this work contributes providing insights on background technologies, as well as a detailed analysis of the issues and challenges arising from such integration and a definition of use cases to support narrow-band and broadband services. Furthermore, the design and implementation of a simulation tool is proposed for a performance evaluation in terms of registration time, link capacity, single-hop and end-to-end delay. Results show that the integration turns out to be feasible, even if with strong constraints coming from the satellite system rather than the IAB usage itself. Indeed, the earth-satellite link in LEO systems has a significant impact on the packet delivery time due to the discontinuous coverage. In case of GEO satellite instead, a non-terrestrial backhaul link could limit the performance of the whole system, especially at lower elevation angles.

This paper investigates an unmanned aerial vehicle (UAV) assisted amplify-and-forward relaying, where a full-duplex (FD) fixed-wing UAV employs a time-division multiple access scheduling protocol to provide relay services for multiple source–destination user pairs. With the aim of maximizing energy efficiency (EE) of the system, a joint optimization problem is studied so as to jointly fulfill the communication scheduling of multiple user pairs, the transmit power control and the trajectory design of the UAV. Since the optimization variables of the problem are coupled, it is non-convex and hence hard to solve directly. To this end, the initial problem is decomposed into three subproblems corresponding to the optimization of communication scheduling, and transmit power and trajectory of the UAV, respectively. The three subproblems are solved by utilizing the linear programming, the successive convex approximation (SCA), and the Dinkelbach’s algorithm. Then an iterative algorithm based on the block coordinate descent technique is proposed to tackle the joint optimization problem by optimizing the three blocks of variables alternately. Simulation results demonstrate that the proposed algorithm converges efficiently, and the EE of the joint optimization scheme can be significantly improved compared to the benchmark schemes.

In unmanned aerial vehicles (UAV)-assisted Internet of Things (IoT), emergencies can lead to changes in the status of ground sensor networks. This necessitates UAV-assisted IoT systems to possess the capability to dynamically respond to changes in the status of the ground sensor network. Therefore, this paper proposes a UAV scheduling scheme based on regional coordination (USRC). In this scheme, we divide the ground sensor network into task sub-regions according to the deployment of base stations. Then, we introduce a scheduling relationship pairing algorithm to determine the scheduling relationships between task sub-regions and UAV resources that need to be scheduled for each sub-region. Based on this, a dynamic path planning algorithm is designed to synchronize the planning of cross-region flight paths and intra-region flight paths for UAVs. Experimental results have demonstrated that the proposed scheme can efficiently respond to changes in the status of the ground sensor network by scheduling UAVs from sub-regions with abundant resources to those with scarce resources. Compared to other schemes, our scheme exhibits superior performance in reducing the age of information (AoI) and packet loss rate.

The increasing demand for higher data rates and improved energy efficiency (EE) in next-generation wireless networks necessitates the optimized selection of multiple-access and coordination techniques. A hybrid joint transmission (JT)-coordinated multi-point (CoMP) enabled orthogonal multiple access (OMA)/non-orthogonal multiple access (NOMA) technique, combining the spectral efficiency (SE) and capacity benefits of CoMP NOMA with the interference mitigation of CoMP OMA, offers a highly adaptable solution for future wireless networks. This paper studies the joint optimization of CoMP/non-CoMP selection, OMA/NOMA selection, power allocation, and user pairing, with the objective of maximizing the EE in the network. A Dynamic CoMP user selection with energy-efficient adaptive multiple access (DCEAMA) algorithm to solve the formulated problem is proposed. Our Monte Carlo simulations show that the DCEAMA surpasses both the pure CoMP OMA and CoMP NOMA schemes in terms of EE, with an average increase of 38% and 26% respectively. We compare our heuristic technique to an exhaustive search strategy to evaluate its efficiency. The findings indicate that our strategy produces comparable EE across various power levels with reduced computational complexity.