Computer Networks最新文献

Through extensive research and standardization efforts, mobile networks have rapidly evolved, offering improved services and allowing the establishment of new use cases, such as autonomous vehicles, smart cities, Industry 4.0, among others. While 5G networks have brought advancements that can support a broad spectrum of such new use cases, the requirements imposed by time-critical services as the eXtended Reality (XR) and Cloud Gaming (CG) applications still remain a challenge. Next generation networks are envisioned to adopt technologies that will allow them to surpass such barriers. Open Radio Access Network (RAN), utilizing the disaggregation paradigm, stands out as a pivotal technology thanks to its potential to endow the network with flexibility, automation, and intelligence. In fact, Open RAN is considered as one of the key enabling technologies for XR and CG applications. However, disaggregation of the RAN may result in bottlenecks in the links connecting the various parts of the network, like the Open Fronthaul link, especially when considering time-critical traffic. In this paper, we perform an analysis of the impact that the Open Fronthaul capacity limitations can have in the XR and CG traffic under 3GPP defined scenarios. Moreover, to address these limitations, we implement and extend a Fronthaul Control mechanism combined with modulation compression, using the open-source ns-3 based 5G-LENA network simulator. Results showcase that the Open Fronthaul capacity limitation can drastically reduce the performance of the XR and CG applications, and demonstrate the necessity for such mechanisms to be employed in order to meet their requirements in terms of latency and throughput.

Unmanned aerial vehicles, initially developed for military use, have evolved to play vital roles in civilian applications including photography, agriculture, disaster management, and delivery services. Their agility, precision, and ad-hoc formation make them indispensable, particularly in time-sensitive tasks such as search-and-rescue missions. However, the widespread use of UAVs has raised security concerns, including unauthorized access, cyberattacks, and physical threats. In addition, the dynamic nature of these networks provides adversaries with opportunities to exploit node failures leading to potential data breaches. To address these risks, implementing robust security measures such as authentication, encryption, physical security, and proactive monitoring is essential even amidst the inherent resource limitations faced by UAVs. This paper proposes a lightweight authentication and key agreement protocol for multi-UAV networks, incorporating physically unclonable technology for securing the data sent over the network. The protocol also addresses security risks during UAV failures and the unauthorized access to data. The scheme has been validated using the Scyther simulation tool, with the PUF implemented on the Xilinx FPGA platform. An informal security analysis is also presented that demonstrates its adherence to security requirements. Additionally, the performance of the proposed scheme is compared with state-of-the-art approaches by evaluating network latency in terms of computational and communication costs, affirming its effectiveness in resource-constrained applications.

The centralized management of IPsec Security Associations (SAs) by using Software Defined Network (SDN) paradigm has been already explored and standardized. Datacenters are some of the scenarios where the dynamic establishment of IPsec security associations among network nodes has been deemed relevant. In these scenarios, where nodes do not support protocols like IKEv2, applying solutions where the generation and distribution of keys for IPsec are delegated to the SDN controller. However, these scenarios have the issue that the controller itself generates the IPsec keys for the nodes, posing a higher risk to the system’s security in case the controller is compromised. For these scenarios, it would be necessary to define solutions that allow the distribution of this cryptographic material securely, while maintaining the capacity restrictions established by the nodes. To solve this risk, we propose the generation of the IPsec keys using key distribution through the Diffie–Hellman algorithm in such a manner, that the controller will never have access to the IPsec SAs session keys used by the network nodes, mitigating the aforementioned problem. In concrete, our approach makes the nodes responsible for generating their own Diffie–Hellman public and private keypair, while the controller is only in charge of distributing the public keys to the rest of nodes, as well as other parameters needed to install the IPsec SAs. As we will analyze, the distribution of the public keys will be enough to allow the network nodes to generate the session keys. This work presents the design, implementation and validation of this IPsec management solution based on Diffie–Hellman in SDN environments using asymmetric key distribution for negotiating encryption and integrity keys, focusing on the performance in key generation and installation of IPsec SAs.

In disaster-stricken areas monitoring, management, search, and rescue operations, unmanned aerial vehicles (UAVs) play a crucial role in disaster management and emergency communication due to their high mobility. To efficiently coordinate and plan UAVs and their carried sensor and base station resources, synchronization is essential to establish consistency, laying the foundation for high-level demands. In such scenarios, synchronization relies on request–response (RR) or publish–subscribe (PS) forms of information exchange. Existing research in the field typically focuses on higher-level applications and selects either RR or PS synchronization, thereby overlooking the potential advantages that could be gained from combining both methods to meet synchronization requirements. We propose a resource synchronization method based on the Data Distribution Service (DDS) and a linear time complexity subscription mechanism tailored to specific query demands, which considers the pros and cons of the above two information exchange forms and the bottom-layer network topology. Experimental results using open-source simulation tools demonstrate that the proposed method adapts to scene requirements and decreases bandwidth by at least 21.2% and packet rate by at least 3.7% compared to different baseline methods across three topologies, while satisfying delay and query success rate requirements. Furthermore, the method maintains robust performance in the face of dynamic changes in network topology, showcasing its robustness.

This paper considers multiple cache-enabled end-users connected to multiple servers through a linear network. We also prevent an external eavesdropper from obtaining any information about the original files in cache-aided networks. The eavesdropper does not exist in the placement phase. He can analyze and capture the multi-cast messages in the content delivery phase. He receives a single linear combination derived from each multi-cast message. Hence, we only consider the security of the delivery phase. Our work generalizes the secure caching problem with one server to a multi-server setup. A secure centralized multi-server coded caching scenario is considered, and closed-form coding delay and secret shared key storage expression are provided. Regarding our security guarantee, we show that the delivery phase does not reveal any information to the eavesdropper in terms of the mutual information metric. We analyze the system’s performance in terms of coding delay and guarantee the security of our scheme using the mutual information metric. Numerical evaluations verify that security incurs a negligible cost in terms of memory usage when the number of files and users increases, i.e., the secure and insecure bounds almost coincide. Also, we numerically show that our proposed scheme outperforms the secure coded caching problem with one server.

While machine learning progress is advancing the detection of malicious URLs, advanced Transformers applied to URLs face difficulties in extracting local information, character-level information, and structural relationships. To address these challenges, we propose a novel approach for malicious URL detection, named TransURL, that is implemented by co-training the character-aware Transformer with three feature modules—Multi-Layer Encoding, Multi-Scale Feature Learning, and Spatial Pyramid Attention. This special Transformer allows TransURL to extract embeddings that contain character-level information from URL token sequences, with three feature modules contributing to the fusion of multi-layer Transformer encodings and the capture of multi-scale local details and structural relationships. The proposed method is evaluated across several challenging scenarios, including class imbalance learning, multi-classification, cross-dataset testing, and adversarial sample attacks. The experimental results demonstrate a significant improvement compared to the best previous methods. For instance, it achieved a peak F1-score improvement of 40% in class-imbalanced scenarios, and exceeded the best baseline result by 14.13% in accuracy in adversarial attack scenarios. Additionally, we conduct a case study where our method accurately identifies all 30 active malicious web pages, whereas two pior SOTA methods miss 4 and 7 malicious web pages respectively. The codes and data are available at: https://github.com/Vul-det/TransURL/.

Clock synchronization, built on the classical two-way message exchange scheme, is the key prerequisite for the normal operation of time-sensitive networking (TSN). In practical TSN, the imperfect oscillator caused by environmental changes leads to clock parameters drift. Moreover, synchronization errors accumulate in multi-hop networks, making it difficult for nodes at the edge of the network to achieve precise synchronization performance. Additionally, in some industrial and vehicular scenarios, the energy consumption and complexity of clock synchronization are important factors that need to be considered. To address these problems, this paper proposes a cooperative synchronization clock offset and clock skew joint tracking algorithm based on fast Unscented Kalman filter (FUKF). To further reduce the computation and energy consumption caused by clock synchronization, we introduce randomized singular value decomposition and timestamp-free exchange. The former uses small sub-matrices approximations to replace extremely high-dimensional matrices, reducing computational time in the update stage of the UKF. The latter reduces energy consumption by setting response intervals at the receiving end, eliminating the need for timestamp exchange during the synchronization process. Therefore, this algorithm can achieve long-term synchronization without requiring excessive computational and communication overhead. The results show that the proposed method, while maintaining accuracy unchanged, reduced the running time by 20% to 90% as the number of observations increased, thus verifying the effectiveness of the algorithm.

Live broadcasts have become one of the most popular forms of entertainment. Quality of user Experience (QoE) is a vital quantitative criterion for evaluating user satisfaction while watching live broadcasts, and it is positively correlated with the increase in the income of Internet Service Providers (ISPs). Video stalling identification plays a crucial role in the evaluation of QoE. However, encrypted live streaming hides video content, which makes identifying video stalling challenging. Existing studies primarily detect video stalling in a fixed time interval and focus on high-dimensional features. However, the capacity of the client byte buffer is dynamic, resulting in the stalling and non-stalling existing in a certain and fixed stalling time. In addition, the handling time of abundant features causes further latency. We propose Truncation of Dynamic Bytes and non-linear Integrated Modification based on Double Buffers ($D{B}^2$) to identify video stalling under HTTP-FLV protocol in various network conditions and live types. We pull real-time video to get client buffer parameters and build a dynamic mapping based on the double buffer between network packets and the video playing states. This allows a more objective and precise evaluation of video stalling. We design a new network feature by creating a non-linear relationship between network packets and the client buffer. This is achieved by combining non-linear convergent distribution with basic traffic features. The feature is fed into a lightweight machine learning model to train the classifier, achieving low processing latency and high identification accuracy. The experimental results show that $D{B}^2$ can achieve 98.91% stalling identification accuracy with 1.256 ms operation time in a mixture of live video types, outperforming state-of-the-art techniques.

We seek the best traffic allocation scheme for the edge–cloud networking subject to SD-WAN architecture and burstable billing. First, we formulate a family of quantile-based integer programming problems for a fixed network topology with random parameters describing the traffic demands. Then, to overcome the difficulty caused by the discrete feature, we generalize the Gumbel-softmax reparameterization method to induce an unconstrained continuous optimization problem as a regularized continuation of the discrete problem. Finally, we introduce the Gumbel-softmax sampling neural network to solve optimization problems via unsupervised learning. The neural network structure reflects the edge–cloud networking topology and is trained to minimize the expectation of the cost function for unconstrained continuous optimization problems. The trained network works as an efficient traffic allocation scheme sampler, outperforming the random strategy in feasibility and cost value. Besides testing the quality of the output allocation scheme, we examine the generalization property of the network by increasing the time steps and the number of users. We also feed the solution to existing integer optimization solvers as initial conditions and verify the warm-starts can accelerate the short-time iteration process. The framework is general, and the decoupled feature of the random neural networks is adequate for practical implementations.

We present a comprehensive dataset collected from an Open-RAN (O-RAN) deployment in our OpenIreland testbed, aimed at facilitating advanced research in Radio Access Network (RAN). The dataset includes RAN measurements from users engaged in diverse traffic classes such as Web Browsing, Voice over IP (VoIP), Internet of Things (IoT), and Video Streaming, as well as malignant traffic classes including DDoS Ripper, DoS Hulk, and Slow Loris attacks. These measurements encompass various mobility patterns, including Static, Pedestrian, Train, Car, and Bus users. While Wi-Fi datasets, including probe requests, Wi-Fi fingerprints, and signal strengths, are common in the literature, and mobile networks present abundant research opportunities with billions of global subscribers, datasets with RAN Key Performance Indicator (KPI) measurements are relatively rare. This scarcity is particularly notable in the context of O-RAN networks, which have been scrutinized for higher potential vulnerability compared to single-vendor solutions. Our work addresses this gap by collecting and publicly sharing a dataset rich in RAN KPIs from our O-RAN deployment. We utilized this dataset to classify different traffic classes for the detection of service-level attacks. Beyond its immediate use for attack detection, the dataset is versatile, supporting research in intrusion detection, network protection strategies, and numerous other RAN-related challenges. By offering extensive performance metrics, this dataset enables researchers to explore issues like power consumption, Channel Quality Indicator (CQI)/Modulation and Coding Scheme (MCS) optimization, resource management, cell characterization, and more. We believe that this dataset will significantly advance the development of robust, efficient, and secure RAN solutions.