Pub Date : 2025-11-14DOI: 10.1109/TNSE.2025.3632560
Zijian Bao;Debiao He;Qi Feng;Min Luo
Group signatures provide anonymity for signers while allowing a group manager to reveal identities when necessary. However, traditional schemes lack mechanisms to automatically enforce protocol compliance, requiring trusted authorities to detect and penalize violations. This paper introduces Self-Enforcing Group Signatures (SEGS), a novel cryptographic primitive that maintains the anonymity of group signatures while incorporating automatic self-enforcement properties. SEGS ensures that if a group member signs two messages that share the same address but have different payloads—referred to as colliding messages—then anyone can efficiently extract the member's secret signing key from the two signatures without trusted intervention. We demonstrate SEGS's practical utility through a privacy-preserving voting application that prevents double voting while maintaining anonymity. Experimental evaluation on computational cost, signature size, and smart contract performance confirms the practicality of our SEGS and voting system. Our work bridges the gap between passive detection and active enforcement in anonymous authentication systems, offering a new direction for self-enforcing cryptographic protocols.
组签名为签名者提供匿名性,同时允许组管理器在必要时显示身份。然而,传统方案缺乏自动执行协议遵从性的机制,需要可信的权威机构来检测和惩罚违规行为。本文介绍了一种新的加密原语SEGS (self-enforcement Group signature),它在保持群签名的匿名性的同时结合了自动自我执行的特性。SEGS确保,如果一个组成员签署了共享相同地址但具有不同有效负载的两条消息(称为冲突消息),那么任何人都可以在没有可信干预的情况下有效地从两个签名中提取成员的秘密签名密钥。我们通过一个保护隐私的投票应用程序来演示SEGS的实际用途,该应用程序可以在保持匿名的同时防止重复投票。对计算成本、签名大小和智能合约性能的实验评估证实了我们的SEGS和投票系统的实用性。我们的工作弥合了匿名认证系统中被动检测和主动执行之间的差距,为自我执行加密协议提供了新的方向。
{"title":"SEGS: Self-Enforcing Group Signature for Voting Systems","authors":"Zijian Bao;Debiao He;Qi Feng;Min Luo","doi":"10.1109/TNSE.2025.3632560","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3632560","url":null,"abstract":"Group signatures provide anonymity for signers while allowing a group manager to reveal identities when necessary. However, traditional schemes lack mechanisms to automatically enforce protocol compliance, requiring trusted authorities to detect and penalize violations. This paper introduces Self-Enforcing Group Signatures (SEGS), a novel cryptographic primitive that maintains the anonymity of group signatures while incorporating automatic self-enforcement properties. SEGS ensures that if a group member signs two messages that share the same address but have different payloads—referred to as <italic>colliding messages</i>—then anyone can efficiently extract the member's secret signing key from the two signatures without trusted intervention. We demonstrate SEGS's practical utility through a privacy-preserving voting application that prevents double voting while maintaining anonymity. Experimental evaluation on computational cost, signature size, and smart contract performance confirms the practicality of our SEGS and voting system. Our work bridges the gap between passive detection and active enforcement in anonymous authentication systems, offering a new direction for self-enforcing cryptographic protocols.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3625-3644"},"PeriodicalIF":7.9,"publicationDate":"2025-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145778159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To better capture real-world epidemic dynamics, it is essential to develop models that incorporate diverse, realistic factors. In this study, we propose a coupled disease-information spreading model on multiplex networks that simultaneously accounts for three critical dimensions: media influence, higher-order interactions, and population mobility. This integrated framework enables a systematic analysis of synergistic spreading mechanisms under practical constraints and facilitates the exploration of effective epidemic containment strategies. Our results show that both mass media dissemination and higher-order network structures contribute to suppressing disease transmission by enhancing public awareness. However, the containment effect of higher-order interactions weakens as the order of simplices increases. We also explore the influence of subpopulation characteristics, revealing that increasing inter-subpopulation connectivity in a connected metapopulation network leads to lower disease prevalence under moderate disease transmission rates. Furthermore, guiding individuals to migrate toward less accessible or more isolated subpopulations is shown to effectively mitigate epidemic spread. These findings offer valuable insights for designing targeted and adaptive intervention strategies in complex epidemic settings.
{"title":"Modeling Coupled Epidemic-Information Dynamics via Reaction-Diffusion Processes on Multiplex Networks with Media and Mobility Effects","authors":"Guangyuan Mei;Yao Cai;Su-Su Zhang;Ying Huang;Chuang Liu;Xiu-Xiu Zhan","doi":"10.1109/TNSE.2025.3632506","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3632506","url":null,"abstract":"To better capture real-world epidemic dynamics, it is essential to develop models that incorporate diverse, realistic factors. In this study, we propose a coupled disease-information spreading model on multiplex networks that simultaneously accounts for three critical dimensions: media influence, higher-order interactions, and population mobility. This integrated framework enables a systematic analysis of synergistic spreading mechanisms under practical constraints and facilitates the exploration of effective epidemic containment strategies. Our results show that both mass media dissemination and higher-order network structures contribute to suppressing disease transmission by enhancing public awareness. However, the containment effect of higher-order interactions weakens as the order of simplices increases. We also explore the influence of subpopulation characteristics, revealing that increasing inter-subpopulation connectivity in a connected metapopulation network leads to lower disease prevalence under moderate disease transmission rates. Furthermore, guiding individuals to migrate toward less accessible or more isolated subpopulations is shown to effectively mitigate epidemic spread. These findings offer valuable insights for designing targeted and adaptive intervention strategies in complex epidemic settings.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3369-3390"},"PeriodicalIF":7.9,"publicationDate":"2025-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145778125","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-13DOI: 10.1109/TNSE.2025.3632296
Muhammad Adil;Tie Qiu;Xiaobo Zhou;Prabhat Kumar;Danish Javeed
The integration of ubiquitous 5G cellular networks with deterministic Ethernet, such as Time-Sensitive Networking (TSN), is essential for future industrial applications, offering high flexibility and strict determinism. A key challenge in this integration is the dynamic mapping of TSN traffic to 5G QoS profiles, especially given the diverse QoS requirements across flows. While existing methods based on static mapping or approximations can be effective under stable conditions, they fail to adapt to fluctuating network loads and evolving QoS demands, leading to delays and inaccurate profile selection. To overcome these limitations, we propose DQMARS — a Dynamic QoS Mapping Approach with Resource Slicing. In DQMARS, 5G QoS resources are partitioned into $n$ resource slices aligned with TSN traffic types. Each resource slice is associated with multiple 5G QoS profiles and supports flexible selection based on flow-level QoS requirements at admission time. Within each slice, a Bayesian-optimized learning model leveraging feature and attention transformers is employed for dynamic mapping. This model identifies the most appropriate QoS profile for each TSN traffic flow by evaluating multiple QoS attributes, such as bandwidth, packet delay budget, and packet error rate. We evaluate DQMARS across various industrial scenarios, achieving a mapping accuracy exceeding 99% and minimal delay averaging $1.63 times 10^{-3}$ ms per traffic flow. Compared to state-of-the-art methods, our approach significantly reduces mapping delay while exhibiting superior adaptability to dynamic network conditions, making it highly suitable for time-critical industrial applications.
{"title":"Dynamic QoS Mapping in Integrated 5G-TSN Networks With Programmable Resource Slicing","authors":"Muhammad Adil;Tie Qiu;Xiaobo Zhou;Prabhat Kumar;Danish Javeed","doi":"10.1109/TNSE.2025.3632296","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3632296","url":null,"abstract":"The integration of ubiquitous 5G cellular networks with deterministic Ethernet, such as Time-Sensitive Networking (TSN), is essential for future industrial applications, offering high flexibility and strict determinism. A key challenge in this integration is the dynamic mapping of TSN traffic to 5G QoS profiles, especially given the diverse QoS requirements across flows. While existing methods based on static mapping or approximations can be effective under stable conditions, they fail to adapt to fluctuating network loads and evolving QoS demands, leading to delays and inaccurate profile selection. To overcome these limitations, we propose DQMARS — a <italic>Dynamic QoS Mapping Approach with Resource Slicing</i>. In DQMARS, 5G QoS resources are partitioned into <inline-formula><tex-math>$n$</tex-math></inline-formula> resource slices aligned with TSN traffic types. Each resource slice is associated with multiple 5G QoS profiles and supports flexible selection based on flow-level QoS requirements at admission time. Within each slice, a Bayesian-optimized learning model leveraging feature and attention transformers is employed for dynamic mapping. This model identifies the most appropriate QoS profile for each TSN traffic flow by evaluating multiple QoS attributes, such as bandwidth, packet delay budget, and packet error rate. We evaluate DQMARS across various industrial scenarios, achieving a mapping accuracy exceeding 99% and minimal delay averaging <inline-formula><tex-math>$1.63 times 10^{-3}$</tex-math></inline-formula> ms per traffic flow. Compared to state-of-the-art methods, our approach significantly reduces mapping delay while exhibiting superior adaptability to dynamic network conditions, making it highly suitable for time-critical industrial applications.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3516-3533"},"PeriodicalIF":7.9,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145778128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-11DOI: 10.1109/TNSE.2025.3631526
Ratun Rahman;Sina Shaham;Dinh C. Nguyen
Anomaly detection has a significant impact on applications such as video surveillance, medical diagnostics, and industrial monitoring, where anomalies frequently depend on context and anomaly-labeled data are limited. Quantum machine learning (QML) offers powerful tools for effectively processing high-dimensional data, but centralized QML systems face considerable challenges, including data privacy concerns and the need for massive quantum resources at a single node. Quantum federated learning (QFL) overcomes these concerns by distributing model training among several quantum clients, consequently eliminating the requirement for centralized quantum storage and processing.However, in real-life quantum networks, clients frequently differ in terms of hardware capabilities, circuit designs, noise levels, and how classical data is encoded or preprocessed into quantum states. These differences create inherent heterogeneity across clientsnot just in their data distributions, but also in their quantum processing behaviors. As a result, training a single global model becomes ineffective, especially when clients handle imbalanced or non-identically distributed (non-IID) data.To address this, we propose a new framework called personalized quantum federated learning (PQFL) for anomaly detection. PQFL enhances local model training at quantum clients using parameterized quantum circuits and classical optimizers, while introducing a quantum-centric personalization strategy that adapts each client's model to its own hardware characteristics and data representation. This balances local customization with global coordination.Extensive experiments show that PQFL significantly improves anomaly detection accuracy under diverse and realistic conditions. Compared to state-of-the-art methods, PQFL reduces false errors by up to 23%, and achieves gains of 24.2% in AUROC and 20.5% in AUPR, highlighting its effectiveness and scalability in practical quantum federated settings.
{"title":"Toward Personalized Quantum Federated Learning for Anomaly Detection","authors":"Ratun Rahman;Sina Shaham;Dinh C. Nguyen","doi":"10.1109/TNSE.2025.3631526","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3631526","url":null,"abstract":"Anomaly detection has a significant impact on applications such as video surveillance, medical diagnostics, and industrial monitoring, where anomalies frequently depend on context and anomaly-labeled data are limited. Quantum machine learning (QML) offers powerful tools for effectively processing high-dimensional data, but centralized QML systems face considerable challenges, including data privacy concerns and the need for massive quantum resources at a single node. Quantum federated learning (QFL) overcomes these concerns by distributing model training among several quantum clients, consequently eliminating the requirement for centralized quantum storage and processing.However, in real-life quantum networks, clients frequently differ in terms of hardware capabilities, circuit designs, noise levels, and how classical data is encoded or preprocessed into quantum states. These differences create inherent heterogeneity across clientsnot just in their data distributions, but also in their quantum processing behaviors. As a result, training a single global model becomes ineffective, especially when clients handle imbalanced or non-identically distributed (non-IID) data.To address this, we propose a new framework called personalized quantum federated learning (PQFL) for anomaly detection. PQFL enhances local model training at quantum clients using parameterized quantum circuits and classical optimizers, while introducing a quantum-centric personalization strategy that adapts each client's model to its own hardware characteristics and data representation. This balances local customization with global coordination.Extensive experiments show that PQFL significantly improves anomaly detection accuracy under diverse and realistic conditions. Compared to state-of-the-art methods, PQFL reduces false errors by up to 23%, and achieves gains of 24.2% in AUROC and 20.5% in AUPR, highlighting its effectiveness and scalability in practical quantum federated settings.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3335-3350"},"PeriodicalIF":7.9,"publicationDate":"2025-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145729386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
How to enable personalized objective and privacy protection on the user side while ensuring the model scalability, is quite challenging for the electricity and carbon (E&C) market at the distribution level. This paper proposes a user-side E&C market mechanism capable of accommodating heterogeneous distributed energy resources (DERs), whose personalized objectives are achieved by user-side self-decision and privacy-preserving procedures. Specifically, transactive operation models of multiple heterogeneous DERs are constructed, including the rarely unexplored metroway, charging station for aggregated electric vehicles, photovoltaic units, carbon emission units, and load aggregators. To keep in line with carbon emission reality on the user side, direct carbon emission models of six high-carbon enterprises are separately proposed. Further, a personalized federated learning algorithm with stochastic control variable (pFedScv) is proposed to deliver an efficient solution for the E&C market mechanism, which integrates a reinforcement learning algorithm called weighted twin-delayed deep deterministic policy gradient actor-critic network. Case studies on a real-world dataset show that the proposed E&C market mechanism can achieve a good trade-off between user-side trading costs and overall social welfare. The proposed pFedScv algorithm outperforms traditional federated learning algorithms in terms of convergence, stationarity, and computational performance.
{"title":"Federated User Self-Decision Mechanism for Coupled Electricity and Carbon Market Considering Differentiated Objectives of Heterogeneous DERs","authors":"Zhaobin Wei;Huiming Chen;Haotang Li;Haoqiang Liu;Le Zhang;Jichun Liu;Alberto Borghetti;Hong Yan;C. C. Chan","doi":"10.1109/TNSE.2025.3631872","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3631872","url":null,"abstract":"How to enable personalized objective and privacy protection on the user side while ensuring the model scalability, is quite challenging for the electricity and carbon (E&C) market at the distribution level. This paper proposes a user-side E&C market mechanism capable of accommodating heterogeneous distributed energy resources (DERs), whose personalized objectives are achieved by user-side self-decision and privacy-preserving procedures. Specifically, transactive operation models of multiple heterogeneous DERs are constructed, including the rarely unexplored metroway, charging station for aggregated electric vehicles, photovoltaic units, carbon emission units, and load aggregators. To keep in line with carbon emission reality on the user side, direct carbon emission models of six high-carbon enterprises are separately proposed. Further, a personalized federated learning algorithm with stochastic control variable (pFedScv) is proposed to deliver an efficient solution for the E&C market mechanism, which integrates a reinforcement learning algorithm called weighted twin-delayed deep deterministic policy gradient actor-critic network. Case studies on a real-world dataset show that the proposed E&C market mechanism can achieve a good trade-off between user-side trading costs and overall social welfare. The proposed pFedScv algorithm outperforms traditional federated learning algorithms in terms of convergence, stationarity, and computational performance.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3596-3610"},"PeriodicalIF":7.9,"publicationDate":"2025-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145778191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-11DOI: 10.1109/TNSE.2025.3631484
Eugene T. Y. Ang;Yong Sheng Soh
An essential aspect of effective policymaking is to regularly consider the population’s response or feedback towards a newly introduced policy. These can come in the form of population surveys or feedback channels, and they provide a simple way to understand the ground sentiment towards a new policy. Conventional surveying methods implicitly assume that opinions are static; in reality, opinions are often dynamic – the population will discuss and debate these newly introduced policies among themselves, and in the process form new opinions. In this paper, we pose the following set of questions: Can we understand the dynamics of opinions towards a new policy within the population? Specifically, can we quantify the evolution of opinions over the course of interaction? How are these changes affected by the topological structure of the underlying network describing the relationship among the population? We investigate these questions using a model where the policymaker is able to select a subset of population to which a policy is initially revealed to. By selecting the subset of respondents judiciously, the policymaker controls the degree of discussion that can take place among the population. Under this model, we quantify the changes in opinions between the empirically observed data post-discussion and its distribution pre-discussion, in terms of the number of selected respondents, as well as the number of connections each respondent has within the population network. We conduct a series of numerical experiments over synthetic data and real-world networks. Our work aims to address the challenges associated with network topology and social interactions, and provide policymakers with a quantitative lens to assess policy effectiveness in the face of resource constraints and network complexities.
{"title":"Evaluating Policy Effects Through Opinion Dynamics and Network Sampling","authors":"Eugene T. Y. Ang;Yong Sheng Soh","doi":"10.1109/TNSE.2025.3631484","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3631484","url":null,"abstract":"An essential aspect of effective policymaking is to regularly consider the population’s response or feedback towards a newly introduced policy. These can come in the form of population surveys or feedback channels, and they provide a simple way to understand the ground sentiment towards a new policy. Conventional surveying methods implicitly assume that opinions are static; in reality, opinions are often dynamic – the population will discuss and debate these newly introduced policies among themselves, and in the process form new opinions. In this paper, we pose the following set of questions: Can we understand the dynamics of opinions towards a new policy within the population? Specifically, can we quantify the evolution of opinions over the course of interaction? How are these changes affected by the topological structure of the underlying network describing the relationship among the population? We investigate these questions using a model where the policymaker is able to select a subset of population to which a policy is initially revealed to. By selecting the subset of respondents judiciously, the policymaker controls the degree of discussion that can take place among the population. Under this model, we quantify the changes in opinions between the empirically observed data post-discussion and its distribution pre-discussion, in terms of the number of selected respondents, as well as the number of connections each respondent has within the population network. We conduct a series of numerical experiments over synthetic data and real-world networks. Our work aims to address the challenges associated with network topology and social interactions, and provide policymakers with a quantitative lens to assess policy effectiveness in the face of resource constraints and network complexities.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3645-3661"},"PeriodicalIF":7.9,"publicationDate":"2025-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145778312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Next generation Radio Access Networks (RANs) introduce programmability, intelligence, and near real-time control through intelligent controllers, enabling enhanced security within the RAN and across broader 5G/6G infrastructures. This paper presents a comprehensive survey highlighting opportunities, challenges, and research gaps for Large Language Model (LLM)-assisted explainable (XAI) Intrusion Detection Systems (IDS) in future RAN environments. Motivated by this, we propose an LLM interpretable anomaly detection system leveraging multivariate time series Key Performance Measures (KPMs), extracted from E2 nodes, within the Near Real-Time RAN Intelligent Controller (Near-RT RIC). A sequence classification model is trained to identify malicious User Equipment (UE) behavior based on these KPMs. To enhance transparency, we apply post-hoc local explainability methods such as LIME and SHAP to interpret individual predictions. Furthermore, LLMs are employed to convert technical explanations into natural-language insights accessible to non-expert users. Experimental results on real 5G network KPMs demonstrate that our framework achieves high detection accuracy (macro F1-score $>$ 0.96) while delivering actionable and interpretable outputs.
下一代无线接入网络(RAN)通过智能控制器引入可编程性、智能和近实时控制,从而增强了RAN内部和更广泛的5G/6G基础设施的安全性。本文对未来RAN环境中大型语言模型(LLM)辅助可解释(XAI)入侵检测系统(IDS)的机遇、挑战和研究差距进行了全面调查。基于此,我们提出了一种LLM可解释的异常检测系统,该系统利用从近实时RAN智能控制器(Near- Real-Time RAN Intelligent Controller, Near- rt RIC)中E2节点提取的多变量时间序列关键性能度量(kpi)。基于这些kpi,训练序列分类模型来识别恶意用户设备(UE)行为。为了提高透明度,我们采用了事后局部可解释性方法,如LIME和SHAP来解释个体预测。此外,法学硕士被用来将技术解释转换为非专业用户可以访问的自然语言见解。在真实5G网络kpi上的实验结果表明,我们的框架在提供可操作和可解释的输出的同时实现了高检测精度(宏观f1得分$>$ 0.96)。
{"title":"AI-on-RAN for Cyber Defense: An XAI-LLM Framework for Interpretable Anomaly Detection","authors":"Sotiris Chatzimiltis;Mohammad Shojafar;Mahdi Boloursaz Mashhadi;Rahim Tafazolli","doi":"10.1109/TNSE.2025.3629983","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3629983","url":null,"abstract":"Next generation Radio Access Networks (RANs) introduce programmability, intelligence, and near real-time control through intelligent controllers, enabling enhanced security within the RAN and across broader 5G/6G infrastructures. This paper presents a comprehensive survey highlighting opportunities, challenges, and research gaps for Large Language Model (LLM)-assisted explainable (XAI) Intrusion Detection Systems (IDS) in future RAN environments. Motivated by this, we propose an LLM interpretable anomaly detection system leveraging multivariate time series Key Performance Measures (KPMs), extracted from E2 nodes, within the Near Real-Time RAN Intelligent Controller (Near-RT RIC). A sequence classification model is trained to identify malicious User Equipment (UE) behavior based on these KPMs. To enhance transparency, we apply post-hoc local explainability methods such as LIME and SHAP to interpret individual predictions. Furthermore, LLMs are employed to convert technical explanations into natural-language insights accessible to non-expert users. Experimental results on real 5G network KPMs demonstrate that our framework achieves high detection accuracy (macro F1-score <inline-formula><tex-math>$>$</tex-math></inline-formula> 0.96) while delivering actionable and interpretable outputs.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3301-3319"},"PeriodicalIF":7.9,"publicationDate":"2025-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145729302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rapid growth of Internet-of-Things (IoT) devices in enterprise and industrial networks presents significant challenges for device behavior analysis and security. Existing machine learning models for IoT traffic classification face limitations. Shallow models, relying on manually engineered features, struggle to capture complex, nonlinear patterns and generalize across diverse environments. Deep pre-trained models, such as transformers, demand extensive preprocessing and significant computational resources, making them less practical for real-time inference in resource-constrained environments. This paper proposes a lightweight, real-time deep learning model based on convolutional neural networks (CNNs) that classifies IoT traffic using structured flow sequences, providing an efficient and reliable solution. Our contributions are threefold: (1) We develop a novel structure of flow data sequences that represents IoT network behavior as a fixed-size matrix, capturing flow metadata, packet timing, direction, and raw payloads. This flexible structure ensures adaptability to diverse IoT environments and enables the classification of a wide variety of devices. We publicly release our structured dataset derived from real traffic traces. (2) We propose a convolutional neural network (CNN) architecture that captures both intra-flow and inter-flow patterns, providing an efficient solution for real-time IoT traffic classification. We evaluate three traffic inference strategies across four performance metrics, namely accuracy, coverage, computational cost, and traffic selectivity, demonstrating the method's effectiveness for real-time IoT traffic analysis. (3) We incorporate interpretability techniques, specifically confidence scores and Shapley values, to assess and enhance the trustworthiness of predictions. These insights refine the predictions, yielding a 4% boost in macro-averaged F1-score. They also significantly reduce high-confidence misclassifications to one-fifth when applied to real IoT traffic traces.
{"title":"Real-Time and Trustworthy Classification of IoT Traffic Using Lightweight Deep Learning","authors":"Arunan Sivanathan;Deepak Mishra;Sushmita Ruj;Natasha Fernandes;Quan Z. Sheng;Minh Tran;Ben Luo;Daniel Coscia;Gustavo Batista;Hassan Habibi Gharakaheili","doi":"10.1109/TNSE.2025.3628913","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3628913","url":null,"abstract":"The rapid growth of Internet-of-Things (IoT) devices in enterprise and industrial networks presents significant challenges for device behavior analysis and security. Existing machine learning models for IoT traffic classification face limitations. Shallow models, relying on manually engineered features, struggle to capture complex, nonlinear patterns and generalize across diverse environments. Deep pre-trained models, such as transformers, demand extensive preprocessing and significant computational resources, making them less practical for real-time inference in resource-constrained environments. This paper proposes a lightweight, real-time deep learning model based on convolutional neural networks (CNNs) that classifies IoT traffic using structured flow sequences, providing an efficient and reliable solution. Our contributions are threefold: (1) We develop a novel structure of flow data sequences that represents IoT network behavior as a fixed-size matrix, capturing flow metadata, packet timing, direction, and raw payloads. This flexible structure ensures adaptability to diverse IoT environments and enables the classification of a wide variety of devices. We publicly release our structured dataset derived from real traffic traces. (2) We propose a convolutional neural network (CNN) architecture that captures both intra-flow and inter-flow patterns, providing an efficient solution for real-time IoT traffic classification. We evaluate three traffic inference strategies across four performance metrics, namely accuracy, coverage, computational cost, and traffic selectivity, demonstrating the method's effectiveness for real-time IoT traffic analysis. (3) We incorporate interpretability techniques, specifically confidence scores and Shapley values, to assess and enhance the trustworthiness of predictions. These insights refine the predictions, yielding a 4% boost in macro-averaged F1-score. They also significantly reduce high-confidence misclassifications to one-fifth when applied to real IoT traffic traces.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3256-3273"},"PeriodicalIF":7.9,"publicationDate":"2025-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145729338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-05DOI: 10.1109/TNSE.2025.3629133
Pengfei Zhang;Junhuai Li;Dong Ding;Huaijun Wang;Kan Wang;Xiaofan Wang
Accurate and efficient cellular traffic prediction is crucial for enhancing the user quality of experience in mobile networks. However, this task faces significant challenges due to the dynamic complexity of spatial-temporal connections. Existing studies primarily focus on global spatial features while neglecting geographical relationships between base stations and overlooking local spatial-temporal dependencies during feature fusion. To address these limitations, we propose SA-GCN—a novel multi-dimensional feature fusion self-attention graph convolutional network that leverages base station topology, dynamic spatial-temporal characteristics, and traffic aggregation effects. SA-GCN enhances prediction accuracy by synergistically fusing static geographical features with dynamic spatio-temporal patterns driven by user mobility and holiday events. The model comprises two key components: 1) Spatial transformers with graph convolution and enhanced self-attention that capture static and dynamic spatial features through gated fusion and 2) Temporal transformers modeling non-stationary dependencies via self-attention. Multiple spatial-temporal blocks are connected via skip connections for deep feature fusion, while a densely connected convolutional module extracts local dependencies. Extensive experiments on real-world datasets demonstrate SA-GCN's superior performance over state-of-the-art methods.
{"title":"A Spatial-Temporal Graph Convolutional Network With Self-Attention for City-Level Cellular Network Traffic Prediction","authors":"Pengfei Zhang;Junhuai Li;Dong Ding;Huaijun Wang;Kan Wang;Xiaofan Wang","doi":"10.1109/TNSE.2025.3629133","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3629133","url":null,"abstract":"Accurate and efficient cellular traffic prediction is crucial for enhancing the user quality of experience in mobile networks. However, this task faces significant challenges due to the dynamic complexity of spatial-temporal connections. Existing studies primarily focus on global spatial features while neglecting geographical relationships between base stations and overlooking local spatial-temporal dependencies during feature fusion. To address these limitations, we propose SA-GCN—a novel multi-dimensional feature fusion self-attention graph convolutional network that leverages base station topology, dynamic spatial-temporal characteristics, and traffic aggregation effects. SA-GCN enhances prediction accuracy by synergistically fusing static geographical features with dynamic spatio-temporal patterns driven by user mobility and holiday events. The model comprises two key components: 1) Spatial transformers with graph convolution and enhanced self-attention that capture static and dynamic spatial features through gated fusion and 2) Temporal transformers modeling non-stationary dependencies via self-attention. Multiple spatial-temporal blocks are connected via skip connections for deep feature fusion, while a densely connected convolutional module extracts local dependencies. Extensive experiments on real-world datasets demonstrate SA-GCN's superior performance over state-of-the-art methods.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3285-3300"},"PeriodicalIF":7.9,"publicationDate":"2025-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145729415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Graph anomaly detection (GAD) plays an important role in improving public safety and product quality and has attracted a great deal of interest in recent years. Although a wide range of progress has been achieved recently, the following challenges still remain: (1) abnormal nodes mixed in the normal node subgraph and (2) global-consistency filtering to different features. To overcome these challenges, we propose AGFNN, a novel adaptive graph filtering neural network designed to handle diverse mixed local patterns and feature variations, thereby improving model fitting from both the node and feature perspectives. Specifically, to enhance the discriminative capacity of the node representation, channel-wise feature adaptive filtering is proposed to learn a specific filter for each feature in a progressive way, which first performs multi-frequency filtering and then adaptively captures the importance of different frequency components for each feature. Meanwhile, to better fit the complex local subgraphs, the node's preference for multi-frequency information can be self-adjusted by learning node-aware bias, which is also equal to learning a specific filter for each node. Extensive experiments on real-world graph datasets demonstrate that AGFNN outperforms the state-of-the-art methods.
{"title":"Adaptive Graph Filtering Neural Network for Graph Anomaly Detection","authors":"Zhizhe Liu;Shuai Zheng;Yeyu Yan;Zhenfeng Zhu;Yao Zhao","doi":"10.1109/TNSE.2025.3629084","DOIUrl":"https://doi.org/10.1109/TNSE.2025.3629084","url":null,"abstract":"Graph anomaly detection (GAD) plays an important role in improving public safety and product quality and has attracted a great deal of interest in recent years. Although a wide range of progress has been achieved recently, the following challenges still remain: (1) abnormal nodes mixed in the normal node subgraph and (2) global-consistency filtering to different features. To overcome these challenges, we propose AGFNN, a novel adaptive graph filtering neural network designed to handle diverse mixed local patterns and feature variations, thereby improving model fitting from both the node and feature perspectives. Specifically, to enhance the discriminative capacity of the node representation, channel-wise feature adaptive filtering is proposed to learn a specific filter for each feature in a progressive way, which first performs multi-frequency filtering and then adaptively captures the importance of different frequency components for each feature. Meanwhile, to better fit the complex local subgraphs, the node's preference for multi-frequency information can be self-adjusted by learning node-aware bias, which is also equal to learning a specific filter for each node. Extensive experiments on real-world graph datasets demonstrate that AGFNN outperforms the state-of-the-art methods.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"13 ","pages":"3274-3284"},"PeriodicalIF":7.9,"publicationDate":"2025-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145729323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: