Annals of Telecommunications最新文献

With the rise of online chess, the increasing prevalence of automated chess bots, and recent high-profile cheating controversies, there is growing interest in developing effective methods for detecting bots in chess. Current approaches in this domain largely depend on analyzing player history, detecting anomalies, and conducting engine analysis to identify bot-like behavior after a game has concluded. However, these post-hoc techniques struggle to adapt to real-time detection scenarios, such as those required in dynamic cybersecurity contexts. This paper introduces a novel challenge: detecting bots during an ongoing game, enabling adaptive strategies based on the real-time identification of an opponent’s behavior. It further proposes an autonomic system leveraging self-adaptive properties to address this challenge as well as discussing the application of this bot detection to other domains.

Artificial intelligence (AI)-based intrusion detection systems (IDSs) markedly advance network security by leveraging machine learning (ML) and deep learning (DL) models for accurate, adaptive threat detection. Their main drawback, however, is an inherent “black-box” character that impedes trust, traceability, and regulatory compliance. To overcome this limitation, we propose an efficient explainable-AI (XAI) framework that enhances both robustness and interpretability. The two-stage process first couples a statistical selector (ANOVA) with global SHAP scores to retain only the ten most informative features, an approximately 70% dimensionality reduction, then retrains a lightweight XGBoost detector whose decisions are explained locally by SHAP and LIME. Cross-validating the two explanation modalities adds a reliability check absent from earlier hybrids, while the inclusion of a time-efficiency evaluation for explanation generation provides a new performance dimension that prior XAI-IDS studies have not addressed. To our knowledge, this is the first framework to jointly apply dual-stage statistical–model-based feature selection and SHAP–LIME cross-validation in IDS, enabling near-real-time explainability without sacrificing accuracy. Comprehensive experiments on three representative traces, CIC-DDoS2019 (legacy IP DDoS), CICIoT2023 (IoT malware), and 5 G PFCP (control-plane attacks), confirm the framework’s versatility: it sustains an F1 Score of at least 99 % while accelerating LIME explanation time from 36 to 4.9 s, an 87 % speed-up. These results demonstrate that high detection accuracy and transparent, near-real-time interpretability can be achieved simultaneously in modern IDS deployments.

Network traffic monitoring for security threat detection and network performance management is challenging due to the encryption of most communications. This article addresses the problem of identifying network applications associated with Transport Layer Security (TLS) connections. The evaluation of three primary approaches to classifying TLS-encrypted traffic was carried out: fingerprinting methods, Server Name Indication (SNI)–based identification, and machine learning–based classifiers. Each method has its own strengths and limitations: fingerprinting relies on a regularly updated database of known hashes, SNI is vulnerable to obfuscation or missing information, and AI techniques such as machine learning require sufficient labeled training data. A comparison of these methods highlights the challenges of identifying individual applications, as the TLS properties are significantly shared between applications. Nevertheless, even when identifying a collection of candidate applications, a valuable insight into network monitoring can be gained, and this can be achieved with high accuracy by all the methods considered. To facilitate further research in this area, a novel publicly available dataset of TLS communications has been created, with the communications annotated for popular desktop and mobile applications. Furthermore, the results of three different approaches to refine TLS traffic classification based on a combination of basic classifiers and context are presented. Finally, practical use cases are proposed, and future research directions are identified to further improve application identification methods.

Handoffs are common in wireless networks with high device density. Since the IEEE 802.11 standard does not specify the criteria for initiating these handoffs, their implementation varies by manufacturer. Most current solutions rely on the Received Signal Strength Indicator (RSSI) as a key performance metric, which often leads to unstable associations—a phenomenon often referred to as the “ping-pong” effect. To address this effect, we propose EWMAX and NDIST, two RSSI filtering mechanisms designed to enhance association stability with minimal delay in handoff triggering. Comparative tests demonstrate that both EWMAX and NDIST improve stability without significantly increasing delay. However, a comprehensive evaluation reveals that EWMAX dominates the majority of results on the Pareto frontier, often generating the best solutions. Specifically, EWMAX matched NDIST in stability and outperformed it with a 24.64% reduction in delay, demonstrating superior performance in the evaluated scenario.

Machine learning(ML) has emerged as a fundamental element of innovation in several industries, providing unparalleled powers in data processing, decision-making, and automation. The growing use of ML systems has presented considerable security and privacy challenges, especially in resource-limited contexts such as IoT devices and edge computing platforms. This work examines lightweight security and privacy-preserving solutions designed to mitigate these vulnerabilities, emphasizing both cryptographic and non-cryptographic methods. The work presents a detailed classification of security vulnerabilities aimed at ML systems, encompassing data poisoning, adversarial attacks, model inversion, and training data breaches. It assesses cryptographic methods, including homomorphic encryption and safe multi-party computation, alongside non-cryptographic strategies such as differential privacy, defensive distillation, and federated learning. The work delineates significant obstacles, including processing overhead, adversarial robustness, scalability, and interaction with legacy systems, and proposes specific countermeasures to address these concerns. Additionally, the work integrates empirical evaluations and comparative benchmarks to guide practical deployment and indicates future research areas, highlighting the necessity for scalable cryptographic methodologies, sophisticated adversarial defenses, and interdisciplinary approaches to augment machine learning security and privacy. This article seeks to reconcile stringent security requirements with practical deployment limitations by offering actionable insights and novel methodologies, hence enabling the secure and dependable utilization of ML systems across many applications.

Enabling the coexistence of multiple services on the same NFV-MEC network is challenging due to conflicting resource requirements, virtualization overhead, and potential processing failures, all within the strict resource constraints of the NFV-MEC node. Additionally, the critical nature of URLLC services often necessitates service prioritization, which can adversely impact the performance of eMBB applications. This paper addresses these challenges by designing a continuous-time Markov chain (CTMC)-based model that incorporates these features to analyze resource allocation for multiple coexisting services in an NFV-MEC system. Extensive analyses of energy consumption, availability, response time, and memory consumption are conducted across various system configurations. Results reveal that higher loads of URLLC services decrease system availability and increase response times for both service types. The study also finds that an increase in the number of containers does not necessarily lead to a proportional increase in energy consumption, and energy and memory consumption exhibit similar patterns due to their common usage during setup and active processing states. While increasing buffer size slightly improves service availability with minimal impact on energy consumption (as buffered requests do not use resources while in the queue), it negatively affects service response times.

Given the widespread adoption of video conferencing platforms in recent years, the quality of the provided service has become crucial. The exchange of data, including audio and video, among participants in a video conference relies on a series of mechanisms and protocols that must operate properly to prevent communication degradation. This study examines the behavior of WebRTC-based video conferencing platforms when subjected to bandwidth restrictions. In this investigation, an analysis is carried out on Elos and Google Meet platforms using a cross-layer indicator-based approach to evaluate the quality of service of video conferencing applications. The results suggest that the platforms employ distinct approaches to handle scenarios of limited network capacity. By considering user mobility, our investigation allows to assess the quality of service delivered by each platform when subjected to varying network performance conditions within a videoconferencing session.

Detecting significant statistical changes in time series data, such as change points and anomalies, is crucial for various applications, including computer network performance monitoring. Despite the availability of many detection algorithms, applying these techniques to real-world data remains a challenging topic due to their distinct effectiveness in different domains. This study focuses on identifying change points and anomalies in throughput and latency time series data from residential networks, emphasizing online methods. We evaluate well-established methods like Shewhart, EWMA, and CUSUM, which are simple to implement, and identify their limitations in real-world scenarios. We propose simple modifications to these classical methods to enhance their effectiveness when applied to data from network measurements. Furthermore, we introduce a new and flexible method, based on the concept of weighted voting. It is designed to detect change points while providing useful information to assess confidence in the results. Our methods were evaluated on two datasets: one we collected using the NDT protocol in Brazil and another from the publicly available Shao Dataset, which includes labeled time series of latency. We discuss the limitations of traditional methods, the effectiveness of our proposed approaches, and how to apply those for real-time network quality monitoring.