Pub Date : 2026-02-17DOI: 10.1109/TNSE.2026.3665604
Xuexue Qin;Zening Li;Zhengmao Li;Yixun Xue;Xinyue Chang;Jia Su;Xiaolong Jin;Peng Wang;Hongbin Sun
Energy consumption in data centers is growing rapidly in recent years. To realize the economic and flexible operation of data centers, this paper proposes a spatio-temporal coordinated operation strategy of data centers considering virtual storage system (VSS) via two-stage distributionally robust optimization. First, based on the dynamic thermal network of buildings and differentiated demands of cloud users in data centers, a comprehensive operation model with VSS is proposed. Then, considering uncertainties of general load demands from data centers and outdoor temperatures, a fuzzy set is deduced, using an imprecise Dirichlet model derived from historical data. This ensures confidence level satisfaction for uncertain sets of general load and outdoor temperatures. In addition, the spatio-temporal coordinated operation strategy of data centers considering virtual storage system via two-stage distributionally robust optimization that flexibly adjusts conservativeness through uncertainty regulation parameters. Finally, a Dynamic Accuracy Column and Constraint Generation (DA-C&CG) algorithm is developed for solving the proposed strategy. The results indicate that the proposed strategy can effectively enhance operational economics, computing efficiency and resilience by leveraging flexibility in cooling and cloud user loads within suitable server temperatures. Meanwhile, the DA-C&CG algorithm exhibits excellent solution performance.
{"title":"Spatio-Temporal Coordinated Operation Strategy of Data Centers Considering Virtual Storage System via Two-Stage Distributionally Robust Optimization","authors":"Xuexue Qin;Zening Li;Zhengmao Li;Yixun Xue;Xinyue Chang;Jia Su;Xiaolong Jin;Peng Wang;Hongbin Sun","doi":"10.1109/TNSE.2026.3665604","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3665604","url":null,"abstract":"Energy consumption in data centers is growing rapidly in recent years. To realize the economic and flexible operation of data centers, this paper proposes a spatio-temporal coordinated operation strategy of data centers considering virtual storage system (VSS) via two-stage distributionally robust optimization. First, based on the dynamic thermal network of buildings and differentiated demands of cloud users in data centers, a comprehensive operation model with VSS is proposed. Then, considering uncertainties of general load demands from data centers and outdoor temperatures, a fuzzy set is deduced, using an imprecise Dirichlet model derived from historical data. This ensures confidence level satisfaction for uncertain sets of general load and outdoor temperatures. In addition, the spatio-temporal coordinated operation strategy of data centers considering virtual storage system via two-stage distributionally robust optimization that flexibly adjusts conservativeness through uncertainty regulation parameters. Finally, a Dynamic Accuracy Column and Constraint Generation (DA-C&CG) algorithm is developed for solving the proposed strategy. The results indicate that the proposed strategy can effectively enhance operational economics, computing efficiency and resilience by leveraging flexibility in cooling and cloud user loads within suitable server temperatures. Meanwhile, the DA-C&CG algorithm exhibits excellent solution performance.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"7343-7357"},"PeriodicalIF":7.9,"publicationDate":"2026-02-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147440586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper considers a challenging maritime low-altitude surveillance issue, in which, a legitimate monitor UAV intends to overhear a suspicious UAV-vessel link with the help of a jammer UAV. Both the suspicious receiver has the jamming detection ability and the jammer UAV is energy-constrained. To address these challenges, we propose a novel UAV-mounted reconfigurable intelligent surface (RIS) assisted approach, where the RIS is deployed on the jammer UAV to create an additional surveillance channel towards the legitimate UAV. Furthermore, the jammer UAV can also intelligently adjust its power allocation and flight trajectory to covertly disturb the suspicious transmission with the detection thresholds and the energy budgets. In such a setup, we consider a sum eavesdropping rate maximization problem of the legitimate UAV during all time slots. This formulated problem is solved by jointly optimizing the three-dimensional (3D) trajectory of the legitimate UAV, the reflecting phase shifts of the RIS, as well as the 3D trajectory and jamming power of the jammer UAV under the mobility, covertness, and power limitation constraints. We decompose the non-convex design problem into three subproblems and propose an iterative algorithm to find its approximated optimal solution by using the block coordinate descent method. In each iteration, we utilize the successive convex approximation and phase alignment techniques to handle these subproblems. Numerical simulation results are provided to validate the effectiveness and tremendous potential of UAV-mounted RIS in the maritime low-altitude surveillance.
{"title":"UAV-Mounted RIS-Assisted Legitimate Surveillance Over Maritime Low-Altitude Communication Networks","authors":"Wei Wang;Xu Hao;Lei Wu;Feng Zeng;Nan Zhao;Kanapathippillai Cumanan;Emil Björnson","doi":"10.1109/TNSE.2026.3665466","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3665466","url":null,"abstract":"This paper considers a challenging maritime low-altitude surveillance issue, in which, a legitimate monitor UAV intends to overhear a suspicious UAV-vessel link with the help of a jammer UAV. Both the suspicious receiver has the jamming detection ability and the jammer UAV is energy-constrained. To address these challenges, we propose a novel UAV-mounted reconfigurable intelligent surface (RIS) assisted approach, where the RIS is deployed on the jammer UAV to create an additional surveillance channel towards the legitimate UAV. Furthermore, the jammer UAV can also intelligently adjust its power allocation and flight trajectory to covertly disturb the suspicious transmission with the detection thresholds and the energy budgets. In such a setup, we consider a sum eavesdropping rate maximization problem of the legitimate UAV during all time slots. This formulated problem is solved by jointly optimizing the three-dimensional (3D) trajectory of the legitimate UAV, the reflecting phase shifts of the RIS, as well as the 3D trajectory and jamming power of the jammer UAV under the mobility, covertness, and power limitation constraints. We decompose the non-convex design problem into three subproblems and propose an iterative algorithm to find its approximated optimal solution by using the block coordinate descent method. In each iteration, we utilize the successive convex approximation and phase alignment techniques to handle these subproblems. Numerical simulation results are provided to validate the effectiveness and tremendous potential of UAV-mounted RIS in the maritime low-altitude surveillance.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"6944-6957"},"PeriodicalIF":7.9,"publicationDate":"2026-02-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147362304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-02-13DOI: 10.1109/TNSE.2026.3664638
Can Chen;Qinghao Wang;Ning Lu;Wenbo Shi;Zhiquan Liu
Link Flooding Attack (LFA) is a type of distributed denial-of-service attack that isolates the victim area from the network by indirectly overwhelming critical upstream links. This indirect nature forces the victim area to rely on upstream networks for collaborative defense against LFA. For upstream networks, rerouting serves as a rapid and effective defense strategy. However, each rerouting incurs costs for the upstream network, making it reluctant to assist the victim without compensation. Therefore, we propose EcoShield, in which rerouting is regarded as a tradable service and the victim can purchase from relevant networks when needed. To implement EcoShield, we face two challenges: building a collaboration platform to ensure fair service trading and minimizing the victim’s defense expense. To this end, we propose a blockchain-based collaborative architecture for rerouting service trading. Furthermore, we propose a cost-efficient collaborative rerouting scheme toward suspicious source domains, which effectively reduces the number of reroutings required, thereby reducing the victim’s expense. Finally, extensive experiments demonstrate that, while ensuring effective defense performance (with a botnet identification precision above 0.95 and recall above 0.6), EcoShield reduces the defense expense by at least 45% compared with prior works.
{"title":"EcoShield: A More Practical Rerouting-Based Defense Against Link Flooding Attacks","authors":"Can Chen;Qinghao Wang;Ning Lu;Wenbo Shi;Zhiquan Liu","doi":"10.1109/TNSE.2026.3664638","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3664638","url":null,"abstract":"Link Flooding Attack (LFA) is a type of distributed denial-of-service attack that isolates the victim area from the network by indirectly overwhelming critical upstream links. This indirect nature forces the victim area to rely on upstream networks for collaborative defense against LFA. For upstream networks, rerouting serves as a rapid and effective defense strategy. However, each rerouting incurs costs for the upstream network, making it reluctant to assist the victim without compensation. Therefore, we propose EcoShield, in which rerouting is regarded as a tradable service and the victim can purchase from relevant networks when needed. To implement EcoShield, we face two challenges: building a collaboration platform to ensure fair service trading and minimizing the victim’s defense expense. To this end, we propose a blockchain-based collaborative architecture for rerouting service trading. Furthermore, we propose a cost-efficient collaborative rerouting scheme toward suspicious source domains, which effectively reduces the number of reroutings required, thereby reducing the victim’s expense. Finally, extensive experiments demonstrate that, while ensuring effective defense performance (with a botnet identification <italic>precision</i> above 0.95 and <italic>recall</i> above 0.6), EcoShield reduces the defense expense by at least 45% compared with prior works.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"7014-7030"},"PeriodicalIF":7.9,"publicationDate":"2026-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147362307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-02-13DOI: 10.1109/TNSE.2026.3664406
Yurui Zhang;Xuxun Liu;Anfeng Liu
Efficient Medium Access Control (MAC) protocols are essential for reliable and real-time data transmission in Wireless Body Area Networks (WBANs). However, existing solutions, such as the IEEE 802.15.6 standard and other adaptive TDMA protocols, fail to adequately address the inherent challenges of node heterogeneity and network dynamics, which lead to inefficient resource allocation, unreliable emergency handling, and inflexible Quality-of-Service (QoS) provisioning. In this article, we propose a Heterogeneity-Aware Proactive MAC (HAP-MAC) protocol that introduces a novel three-tier holistic framework for resource allocation. Unlike conventional methods reliant on static priorities or slow centralized adaptations, HAP-MAC enables intelligent and autonomous node-state adaptation based on real-time buffer status, delay constraints, and channel quality. It employs a predictive channel access mechanism for microsecond-scale arbitration and a sophisticated multi-dimensional priority framework that comprehensively evaluates traffic characteristics, data volume, buffer conditions, and time sensitivity, thus ensuring precise QoS differentiation for diverse application requirements. Extensive experimental results demonstrate that HAP-MAC delivers significant performance advantages over state-of-the-art protocols in terms of total throughput, packet delivery rate, average delay, and channel utilization. HAP-MAC exhibits a unique ability to simultaneously address node heterogeneity and network dynamics, making it an ideal solution for mission-critical healthcare monitoring applications.
{"title":"Heterogeneity-Aware Proactive MAC for Efficient Resource Allocation in WBANs","authors":"Yurui Zhang;Xuxun Liu;Anfeng Liu","doi":"10.1109/TNSE.2026.3664406","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3664406","url":null,"abstract":"Efficient Medium Access Control (MAC) protocols are essential for reliable and real-time data transmission in Wireless Body Area Networks (WBANs). However, existing solutions, such as the IEEE 802.15.6 standard and other adaptive TDMA protocols, fail to adequately address the inherent challenges of node heterogeneity and network dynamics, which lead to inefficient resource allocation, unreliable emergency handling, and inflexible Quality-of-Service (QoS) provisioning. In this article, we propose a Heterogeneity-Aware Proactive MAC (HAP-MAC) protocol that introduces a novel three-tier holistic framework for resource allocation. Unlike conventional methods reliant on static priorities or slow centralized adaptations, HAP-MAC enables intelligent and autonomous node-state adaptation based on real-time buffer status, delay constraints, and channel quality. It employs a predictive channel access mechanism for microsecond-scale arbitration and a sophisticated multi-dimensional priority framework that comprehensively evaluates traffic characteristics, data volume, buffer conditions, and time sensitivity, thus ensuring precise QoS differentiation for diverse application requirements. Extensive experimental results demonstrate that HAP-MAC delivers significant performance advantages over state-of-the-art protocols in terms of total throughput, packet delivery rate, average delay, and channel utilization. HAP-MAC exhibits a unique ability to simultaneously address node heterogeneity and network dynamics, making it an ideal solution for mission-critical healthcare monitoring applications.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"6843-6854"},"PeriodicalIF":7.9,"publicationDate":"2026-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147299497","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Graph searchable encryption (GSE) for shortest path queries allows users to discover the closest connection between two individuals in encrypted social network graphs, while safeguarding both social data security and the privacy of user queries. The static GSE is commonly favored for its higher efficiency, while it faces significant challenges in resisting query recovery attacks. In contrast, the dynamic GSE is better suited for changing real world, but enhancing its search efficiency remains a formidable challenge. In this paper, we propose the ParallelGSE, a flexible graph partitioning and parallel search framework that supports both dynamic and static encrypted social graphs, striking a balance between query privacy and practical implementation. ParallelGSE partitions the original graph into multiple subgraphs, distributes them across several semi-honest servers, and performs searches in parallel without relying on a trusted server. Formal security reduction demonstrates ParallelGSE is resistant to isomorphic query recovery attacks. Simulated experiments on seven real-world graph datasets validate rationality of graph partition and improvements of storage, computation and communication costs. Especially, compared to the state-of-the-art (SOTA) static PathGES (ACM CCS 2024) and dynamic GraphShield (IEEE TKDE 2022), the search efficiency of static ParallelGSE can be 3 orders of magnitude faster than that of PathGSE, while dynamic ParallelGSE achieves over $20times$ greater search efficiency than GraphShield.
{"title":"ParallelGSE: Efficient and Secure Shortest Path Search on Encrypted Graphs","authors":"Qing Fan;Weixiao Wang;Chuan Zhang;Zhitao Guan;Yong Xie;Ming Lu;Liehuang Zhu","doi":"10.1109/TNSE.2026.3664315","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3664315","url":null,"abstract":"Graph searchable encryption (GSE) for shortest path queries allows users to discover the closest connection between two individuals in encrypted social network graphs, while safeguarding both social data security and the privacy of user queries. The static GSE is commonly favored for its higher efficiency, while it faces significant challenges in resisting query recovery attacks. In contrast, the dynamic GSE is better suited for changing real world, but enhancing its search efficiency remains a formidable challenge. In this paper, we propose the ParallelGSE, a flexible graph partitioning and parallel search framework that supports both dynamic and static encrypted social graphs, striking a balance between query privacy and practical implementation. ParallelGSE partitions the original graph into multiple subgraphs, distributes them across several semi-honest servers, and performs searches in parallel without relying on a trusted server. Formal security reduction demonstrates ParallelGSE is resistant to isomorphic query recovery attacks. Simulated experiments on seven real-world graph datasets validate rationality of graph partition and improvements of storage, computation and communication costs. Especially, compared to the state-of-the-art (SOTA) static PathGES (ACM CCS 2024) and dynamic GraphShield (IEEE TKDE 2022), the search efficiency of static ParallelGSE can be 3 orders of magnitude faster than that of PathGSE, while dynamic ParallelGSE achieves over <inline-formula><tex-math>$20times$</tex-math></inline-formula> greater search efficiency than GraphShield.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"7031-7050"},"PeriodicalIF":7.9,"publicationDate":"2026-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147362232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the widespread adoption of cryptocurrencies, exemplified by Bitcoin, mixing services have been increasingly misused for illicit activities such as fraud, extortion, and money laundering. These services cut off the direct link between input and output addresses to conceal publicly available transaction traces on the blockchain, thereby evading regulatory investigations. In recent years, significant efforts have been made to deanonymize Bitcoin mixing services (BMS). While these efforts have yielded some achievements in service detection, they still face several challenges, such as vague theoretical definitions, coarse-grained identification capabilities, and insufficient labeling information. To address these challenges, this paper formalizes the notion of BMS with a syntax, security model, and goals, providing a universal definition for evaluating service anonymity and detection feasibility. We also propose a fine-grained detection framework for BMS, called BMS-FDET, which leverages heterogeneous Bitcoin transactional networks and multiple attention mechanisms to identify mixing transactions across different services. To improve the model’s detection capabilities and compare performance, a sufficient ground-truth dataset with over 596,200 entries covering more than 15 mixing services is built from extensive data sources. Comprehensive experiments demonstrate the superiority of BMS-FDET over existing methods.
{"title":"Fine-Grained Detection for Bitcoin Mixing Services Using Heterogeneous Representation Learning","authors":"Yan Wu;Jiahang Sun;Zhen Li;Cong Wu;Zhe Guo;Yi Ding;Jun Jin;Jincheng An;Chuan Zhang;Zijian Zhang;Meng Li;Liehuang Zhu","doi":"10.1109/TNSE.2026.3664284","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3664284","url":null,"abstract":"With the widespread adoption of cryptocurrencies, exemplified by Bitcoin, mixing services have been increasingly misused for illicit activities such as fraud, extortion, and money laundering. These services cut off the direct link between input and output addresses to conceal publicly available transaction traces on the blockchain, thereby evading regulatory investigations. In recent years, significant efforts have been made to deanonymize Bitcoin mixing services (BMS). While these efforts have yielded some achievements in service detection, they still face several challenges, such as vague theoretical definitions, coarse-grained identification capabilities, and insufficient labeling information. To address these challenges, this paper formalizes the notion of BMS with a syntax, security model, and goals, providing a universal definition for evaluating service anonymity and detection feasibility. We also propose a fine-grained detection framework for BMS, called BMS-FDET, which leverages heterogeneous Bitcoin transactional networks and multiple attention mechanisms to identify mixing transactions across different services. To improve the model’s detection capabilities and compare performance, a sufficient ground-truth dataset with over 596,200 entries covering more than 15 mixing services is built from extensive data sources. Comprehensive experiments demonstrate the superiority of BMS-FDET over existing methods.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"7069-7083"},"PeriodicalIF":7.9,"publicationDate":"2026-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147362336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Information security and privacy are critical for unmanned aerial vehicles (UAV) based low-altitude networks. To enhance the security of the UAV transmitter, this paper investigates the jammer-assisted UAV covert communication systems with imperfect channel state information (CSI), where a subset of friendly jammers is selected to send artificial noise (AN) to confuse the warden. It is important to jointly optimize the jammer selection and jamming power, as AN sent by friendly jammers will interfere with the warden and receiver, simultaneously. However, existing channel-aware schemes work with a perfect CSI of the transmitter-to-receiver and jammer-to-receiver links, which is impractical in low-altitude networks. Therefore, this paper concerns the imperfect CSI of the transmitter-to-receiver link, and the channel distribution information (CDI) of both the transmitter-to-warden and jammer-related links. First, given the imperfect CSI, the warden's average detection error probability (WADEP) is analyzed. Then, given that WADEP is higher than the covertness constraint, the covert throughput is analytically derived and maximized by jointly optimizing the jammer selection, jamming power, and transmission rate (J-JamSPRImCSI). Since the optimization problem is NP-hard, a two-step Jensen's inequality based algorithm is proposed to provide a heuristic solution (2-Step-JIHA). Numerical results show that the proposed 2-Step-JIHA can provide a near optimal covert throughput with a lower complexity. Moreover, when the CSI is imperfect, compared to the existing channel-aware scheme, the proposed J-JamSPR-ImCSI with 2-Step-JIHA can improve the covert throughput by 54.26$%$, when the covertness constraint is 0.9.
{"title":"Joint Jamming and Transmission Rate Optimization for Multi-Jammer Assisted UAV Covert Communications With Imperfect CSI","authors":"Zhijun Han;Yiqing Zhou;Ningzhe Shi;Jingya Yang;Ling Liu;Jinglin Shi;Shuwu Chen","doi":"10.1109/TNSE.2026.3664087","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3664087","url":null,"abstract":"Information security and privacy are critical for unmanned aerial vehicles (UAV) based low-altitude networks. To enhance the security of the UAV transmitter, this paper investigates the jammer-assisted UAV covert communication systems with imperfect channel state information (CSI), where a subset of friendly jammers is selected to send artificial noise (AN) to confuse the warden. It is important to jointly optimize the jammer selection and jamming power, as AN sent by friendly jammers will interfere with the warden and receiver, simultaneously. However, existing channel-aware schemes work with a perfect CSI of the transmitter-to-receiver and jammer-to-receiver links, which is impractical in low-altitude networks. Therefore, this paper concerns the imperfect CSI of the transmitter-to-receiver link, and the channel distribution information (CDI) of both the transmitter-to-warden and jammer-related links. First, given the imperfect CSI, the warden's average detection error probability (WADEP) is analyzed. Then, given that WADEP is higher than the covertness constraint, the covert throughput is analytically derived and maximized by jointly optimizing the jammer selection, jamming power, and transmission rate (J-JamSPRImCSI). Since the optimization problem is NP-hard, a two-step Jensen's inequality based algorithm is proposed to provide a heuristic solution (2-Step-JIHA). Numerical results show that the proposed 2-Step-JIHA can provide a near optimal covert throughput with a lower complexity. Moreover, when the CSI is imperfect, compared to the existing channel-aware scheme, the proposed J-JamSPR-ImCSI with 2-Step-JIHA can improve the covert throughput by 54.26<inline-formula><tex-math>$%$</tex-math></inline-formula>, when the covertness constraint is 0.9.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"6958-6976"},"PeriodicalIF":7.9,"publicationDate":"2026-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147362393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-02-11DOI: 10.1109/TNSE.2026.3663713
Jiayin Wang;Chang Xu;Liehuang Zhu;Junke Duan
Uncrewed aerial vehicles (UAVs) are increasingly deployed in safety-critical and privacy-sensitive applications, including infrastructure inspection, precision agriculture, emergency response, and on-demand connectivity. However, UAVs' mobility and intermittent connectivity expose them to diverse security threats, making robust yet efficient authentication and key agreement (AKA) essential. We present PSB-UAKA, a Practical and Secure Blockchain-enabled UAV Authentication and Key Agreement scheme. PSB-UAKA combines physical unclonable functions (PUFs) with fuzzy extractors to avoid maintaining a challenge–response pair (CRP) database while improving resilience to device-capture attacks. It further leverages Merkle-tree proofs for lightweight authorization verification and adopts session-bound pseudonym rotation to support unlinkability and tolerate desynchronization. We formalize a UAV-specific threat model and prove session authenticity and key indistinguishability in the Real-or-Random (RoR) framework. Our comparative analysis shows that PSB-UAKA provides roughly 25% broader security coverage than representative baselines, with notable gains in anonymity and desynchronization resilience. Experimental results indicate low computational overhead (below 0.066 ms on user devices and 1.436 ms on UAVs) and up to 54% reduction in UAV-side storage. Finally, extensive NS-3 simulations under realistic mobility and wireless conditions demonstrate lower authentication latency and stable throughput relative to state-of-the-art schemes, suggesting that PSB-UAKA is practical for real-world UAV deployments.
{"title":"Fixing Drone Auth: A Practical and Secure, Blockchain-Enabled UAV Authentication Scheme","authors":"Jiayin Wang;Chang Xu;Liehuang Zhu;Junke Duan","doi":"10.1109/TNSE.2026.3663713","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3663713","url":null,"abstract":"Uncrewed aerial vehicles (UAVs) are increasingly deployed in safety-critical and privacy-sensitive applications, including infrastructure inspection, precision agriculture, emergency response, and on-demand connectivity. However, UAVs' mobility and intermittent connectivity expose them to diverse security threats, making robust yet efficient authentication and key agreement (AKA) essential. We present PSB-UAKA, a <underline>P</u>ractical and <underline>S</u>ecure <underline>B</u>lockchain-enabled <underline>U</u>AV <underline>A</u>uthentication and <underline>K</u>ey <underline>A</u>greement scheme. PSB-UAKA combines physical unclonable functions (PUFs) with fuzzy extractors to avoid maintaining a challenge–response pair (CRP) database while improving resilience to device-capture attacks. It further leverages Merkle-tree proofs for lightweight authorization verification and adopts session-bound pseudonym rotation to support unlinkability and tolerate desynchronization. We formalize a UAV-specific threat model and prove session authenticity and key indistinguishability in the Real-or-Random (RoR) framework. Our comparative analysis shows that PSB-UAKA provides roughly 25% broader security coverage than representative baselines, with notable gains in anonymity and desynchronization resilience. Experimental results indicate low computational overhead (below 0.066 ms on user devices and 1.436 ms on UAVs) and up to 54% reduction in UAV-side storage. Finally, extensive NS-3 simulations under realistic mobility and wireless conditions demonstrate lower authentication latency and stable throughput relative to state-of-the-art schemes, suggesting that PSB-UAKA is practical for real-world UAV deployments.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"7051-7068"},"PeriodicalIF":7.9,"publicationDate":"2026-02-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147362471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper investigates social-aware edge caching in device-to-device (D2D) networks with multiple user equipments (UEs). Each file is encoded hierarchically and divided into multiple layers of sub-files, allowing each UE to cache partial layers and share them with others via D2D links. The system operates in discrete time slots, where contents can be retrieved in the following order: local cache, socially-connected D2D peers, and remote content servers. D2D sharing is restricted to users with social ties, quantified by a multi-attribute model combining interest similarity and social trust. We intend to maximize total backhaul bandwidth savings by jointly optimizing content placement, D2D user pairing, and base station (BS) bandwidth allocation, under constraints on storage capacity, unique pairing, total BS bandwidth, and service delay, etc. Given the NP-hardness of this joint optimization problem, we propose an Improved Constrained Fireworks Algorithm (ICFWA) that efficiently explores the solution space with low complexity and strong global search capability. In the algorithm, each firework or spark represents a feasible solution encompassing the three types of decision variables. Three explosion strategies are designed by modifying one category of variables for local search, and Gaussian mutation simultaneously modifies all variables to enhance global exploration. Simulation results demonstrate that ICFWA exhibits strong convergence performance and significantly outperforms baseline methods in maximizing backhaul bandwidth savings.
{"title":"Swarm Intelligence Based Social-Aware Edge Caching in D2D-Enabled Wireless Networks","authors":"Jianbo Du;Yuting Wang;Jing Jiang;Defeng Ren;Yuan Gao;Geng Sun;Xiaoli Chu","doi":"10.1109/TNSE.2026.3663170","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3663170","url":null,"abstract":"This paper investigates social-aware edge caching in device-to-device (D2D) networks with multiple user equipments (UEs). Each file is encoded hierarchically and divided into multiple layers of sub-files, allowing each UE to cache partial layers and share them with others via D2D links. The system operates in discrete time slots, where contents can be retrieved in the following order: local cache, socially-connected D2D peers, and remote content servers. D2D sharing is restricted to users with social ties, quantified by a multi-attribute model combining interest similarity and social trust. We intend to maximize total backhaul bandwidth savings by jointly optimizing content placement, D2D user pairing, and base station (BS) bandwidth allocation, under constraints on storage capacity, unique pairing, total BS bandwidth, and service delay, etc. Given the NP-hardness of this joint optimization problem, we propose an Improved Constrained Fireworks Algorithm (ICFWA) that efficiently explores the solution space with low complexity and strong global search capability. In the algorithm, each firework or spark represents a feasible solution encompassing the three types of decision variables. Three explosion strategies are designed by modifying one category of variables for local search, and Gaussian mutation simultaneously modifies all variables to enhance global exploration. Simulation results demonstrate that ICFWA exhibits strong convergence performance and significantly outperforms baseline methods in maximizing backhaul bandwidth savings.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"7283-7302"},"PeriodicalIF":7.9,"publicationDate":"2026-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147440525","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bitcoin’s security is based on the assumption that a sufficient amount of benign computing power participates in “mining” new blocks by generating publicly verifiable proofs. The blockchain denial of service (BDoS) attackers generate a valid proof but withhold the whole block, resulting in honest miners stopping the participation service but waiting for the exposure of the new block, and attackers achieving 21% computing power would significantly threaten the security of blockchain applications. We find that the threshold value 21% is based on the assumption that honest miners are only concerned with current short-term benefits, i.e., they have an immediate tendency to stop mining once a BDoS attack occurs and their short-term gains decline. However, similar to the altruistic behavior observed in biological systems, certain blockchain nodes exhibit a form of rational altruism during attacks. When the blockchain system is under threat, these nodes prioritize the long-term stability of the network and choose to continue mining honestly. This phenomenon has not yet been well studied. Motivated by the above observation, we propose a resumption strategy that enables honest miners to resume mining after pausing ($S_{text{CMP}}$) for a while, mitigating BDoS attacks and maintaining blockchain security. Subsequently, we formalize a two-stage evolutionary game model to quantitatively analyze the defensive capacity against BDoS with the $S_{text{CMP}}$ strategy. Theoretical analysis shows that BDoS attackers can only successfully stop blockchain mining when the attacking power and profit factor satisfy a certain condition $text{Cd}_{dead}(gamma,w,alpha _{A},c)$, where our proposed strategy enables the attack mining power threshold to be raised to 33.1% approaching 1/3, which is the upper bound of the byzantine false tolerance. Real-world experimental results also indicate that the Bitcoin system would be subject to a BDoS attack by 2028.
比特币的安全性是基于这样一个假设:通过生成可公开验证的证据,有足够数量的良性计算能力参与“挖掘”新区块。b区块链拒绝服务(BDoS)攻击者生成有效证明,但保留整个区块,导致诚实的矿工停止参与服务,但等待新区块的暴露,攻击者获得21% computing power would significantly threaten the security of blockchain applications. We find that the threshold value 21% is based on the assumption that honest miners are only concerned with current short-term benefits, i.e., they have an immediate tendency to stop mining once a BDoS attack occurs and their short-term gains decline. However, similar to the altruistic behavior observed in biological systems, certain blockchain nodes exhibit a form of rational altruism during attacks. When the blockchain system is under threat, these nodes prioritize the long-term stability of the network and choose to continue mining honestly. This phenomenon has not yet been well studied. Motivated by the above observation, we propose a resumption strategy that enables honest miners to resume mining after pausing ($S_{text{CMP}}$) for a while, mitigating BDoS attacks and maintaining blockchain security. Subsequently, we formalize a two-stage evolutionary game model to quantitatively analyze the defensive capacity against BDoS with the $S_{text{CMP}}$ strategy. Theoretical analysis shows that BDoS attackers can only successfully stop blockchain mining when the attacking power and profit factor satisfy a certain condition $text{Cd}_{dead}(gamma,w,alpha _{A},c)$, where our proposed strategy enables the attack mining power threshold to be raised to 33.1% approaching 1/3, which is the upper bound of the byzantine false tolerance. Real-world experimental results also indicate that the Bitcoin system would be subject to a BDoS attack by 2028.
{"title":"Why Not Wait and See: An Effective BDoS Mitigation Strategy From a Two-Stage Evolutionary Game Perspective","authors":"Qinglin Yang;Boya Wang;Ruixin Huang;Yuan Zhou;Yuan Liu;Zhihong Tian","doi":"10.1109/TNSE.2026.3663284","DOIUrl":"https://doi.org/10.1109/TNSE.2026.3663284","url":null,"abstract":"Bitcoin’s security is based on the assumption that a sufficient amount of benign computing power participates in “mining” new blocks by generating publicly verifiable proofs. The blockchain denial of service (BDoS) attackers generate a valid proof but withhold the whole block, resulting in honest miners stopping the participation service but waiting for the exposure of the new block, and attackers achieving 21% computing power would significantly threaten the security of blockchain applications. We find that the threshold value 21% is based on the assumption that honest miners are only concerned with current short-term benefits, i.e., they have an immediate tendency to stop mining once a BDoS attack occurs and their short-term gains decline. However, similar to the altruistic behavior observed in biological systems, certain blockchain nodes exhibit a form of rational altruism during attacks. When the blockchain system is under threat, these nodes prioritize the long-term stability of the network and choose to continue mining honestly. This phenomenon has not yet been well studied. Motivated by the above observation, we propose a resumption strategy that enables honest miners to resume mining after pausing (<inline-formula><tex-math>$S_{text{CMP}}$</tex-math></inline-formula>) for a while, mitigating BDoS attacks and maintaining blockchain security. Subsequently, we formalize a two-stage evolutionary game model to quantitatively analyze the defensive capacity against BDoS with the <inline-formula><tex-math>$S_{text{CMP}}$</tex-math></inline-formula> strategy. Theoretical analysis shows that BDoS attackers can only successfully stop blockchain mining when the attacking power and profit factor satisfy a certain condition <inline-formula><tex-math>$text{Cd}_{dead}(gamma,w,alpha _{A},c)$</tex-math></inline-formula>, where our proposed strategy enables the attack mining power threshold to be raised to 33.1% approaching 1/3, which is the upper bound of the byzantine false tolerance. Real-world experimental results also indicate that the Bitcoin system would be subject to a BDoS attack by 2028.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"6809-6826"},"PeriodicalIF":7.9,"publicationDate":"2026-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147362316","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: