Journal of Network and Computer Applications最新文献

{"title":"PRAETOR:Packet flow graph and dynamic spatio-temporal graph neural network-based flow table overflow attack detection method","authors":"Kaixi Wang ,&nbsp;Yunhe Cui ,&nbsp;Guowei Shen ,&nbsp;Chun Guo ,&nbsp;Yi Chen ,&nbsp;Qing Qian","doi":"10.1016/j.jnca.2025.104333","DOIUrl":"10.1016/j.jnca.2025.104333","url":null,"abstract":"<div><div>The flow table overflow attack on SDN switches is considered to be a destructive attack in SDN. By exhausting the computing and storage resources of SDN switches, this attack severely disrupts the normal communication functions of SDN networks. Graph neural networks are now being employed to detect flow table overflow attacks in SDN. When a flow graph is constructed, flow features are commonly utilized as nodes to represent the characteristics of flow table overflow attacks. However, a graph solely relying on these nodes and attributes may not fully encompass all the nuances of the flow table overflow attack. Additionally, GNN model may be difficult in capturing the graph information between different flow graphs over time, thus decreasing the detection accuracy of packet flow graph. To address these issues, we introduce PRAETOR, a detection method for flow table overflow attacks that leverages a packet flow graph and a dynamic spatio-temporal graph neural network. More particularly, The PaFlo-Graph algorithm and the EGST model are introduced by PRAETOR. The PaFlo-Graph algorithm generates a packet flow graph for each flow. It utilizes packet information to construct the graph with more detail, thereby better reflecting the characteristics of flow table overflow attacks. The EGST model is a dynamic spatio-temporal graph convolutional network designed to detect flow table overflow attacks by analyzing packet flow graphs. Experiments were conducted under two network topologies, where we used tcpreplay to replay packets from the bigFlow dataset to simulate SDN network flow. We also employed sFlow to sample packet features. Based on the sampled data, two datasets were constructed, each containing 1,760 network flows. For each packet, eight key features were extracted to represent its characteristics. The evaluation metrics include TPR, TNR, accuracy, precision, recall, F1-score, confusion matrix, ROC curves, and PR curves. Experimental results show that the proposed PaFlo-Graph algorithm generates more detailed flow graphs compared to KNN and CRAM, resulting in an average improvement of 6.49% in accuracy and 8.7% in precision. Furthermore, the overall detection framework, PRAETOR, achieves detection accuracies of 99.66% and 99.44% on Topo1 and Topo2, respectively. The precision scores reach 99.32% and 99.72%, and the F1-scores are 99.57% and 100%, respectively, indicating superior detection performance compared to other methods.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104333"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145121251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ST-MemA: Leveraging Swin Transformer and memory-enhanced LSTM for encrypted traffic classification","authors":"Zhiyuan Li ,&nbsp;Yujie Jin","doi":"10.1016/j.jnca.2025.104329","DOIUrl":"10.1016/j.jnca.2025.104329","url":null,"abstract":"<div><div>Traffic classification is essential for effective intrusion detection and network management. However, with the pervasive use of encryption technologies, traditional machine learning-based and deep learning-based methods often fall short in capturing the fine-grained details in encrypted traffic. To address these limitations, we propose a memory-enhanced LSTM model based on Swin Transformer for multi-class encrypted traffic classification. Our approach first reconstructs raw encrypted traffic by converting each flow into single-channel images. A hierarchical attention network, incorporating both byte-level and packet-level attention, then performs comprehensive feature extraction on these traffic images. The resulting feature maps are subsequently classified to identify traffic flow categories. By combining the long-term dependency capabilities of LSTM with the Swin Transformer’s strengths in feature extraction, our model effectively captures global features across diverse traffic types. Furthermore, we enhance LSTM with memory attention, enabling the model to focus on more fine-grained information. Experimental results on three public datasets—USTC-TFC2016, ISCX-VPN2016, and CIC-IoT2022 show that our model, ST-MemA, improves the classification accuracy to 99.43%, 98.96% and 98.21% and <span><math><msub><mrow><mi>F</mi></mrow><mrow><mn>1</mn></mrow></msub></math></span>-score to 0.9936, 0.9826 and 0.9746, respectively. The results also demonstrate that our proposed model outperforms current state-of-the-art models in classification accuracy and computational efficiency.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104329"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145094148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fault-tolerant 3-D topology construction of UAV-BSs for full coverage of users with different QoS demands","authors":"Xijian Luo ,&nbsp;Jun Xie ,&nbsp;Liqin Xiong ,&nbsp;Yaqun Liu ,&nbsp;Yuan He","doi":"10.1016/j.jnca.2025.104332","DOIUrl":"10.1016/j.jnca.2025.104332","url":null,"abstract":"<div><div>Deploying Unmanned aerial vehicle mounted base stations (UAV-BSs) in post-disaster areas or battlefields, where the ground infrastructures are missing or destroyed, can quickly restore communication coverage. Due to the unstable and hostile properties of the environments, the ability to maintain the connectivity of the UAV-BSs network should be considered. In this paper, we study the deployment of UAV-BSs to provide full coverage for users with different quality of service (QoS) demands. The objective is to minimize the number of UAV-BSs under the constraints of user demands and UAV-BS service abilities. Besides, in absence of ground base stations, we also aim to construct a bi-connected topology for the UAV-BS network. However, the formulated problem, as a special instance of the geometric disk cover (GDC) problem, is NP-hard. To tackle this problem, we propose a heuristic algorithm, named Improved QoS-Prior Coverage and bi-Connectivity (IQP2C), by separately solving the user coverage and bi-connected topology construction subproblems. Firstly, IQP2C provides full coverage for users with minimum covering UAVs. Then, we propose an altitude-cluster-based method extending from the 2-D Hamilton cycle to construct bi-connectivity for the UAV-BS network. Simulation results validate the effectiveness of IQP2C in meeting different QoS demands and constructing fault-tolerant topology. Moreover, IQP2C outperforms other baselines in terms of minimized number of UAV-BSs for user coverage, minimized number of UAV-BSs for bi-connectivity as well as running time.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104332"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145094146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Artificial intelligence-enhanced zero-knowledge proofs for privacy-preserving digital forensics in cloud environments","authors":"Khizar Hameed ,&nbsp;Faiqa Maqsood ,&nbsp;Zhenfei Wang","doi":"10.1016/j.jnca.2025.104331","DOIUrl":"10.1016/j.jnca.2025.104331","url":null,"abstract":"<div><div>This paper proposed an Artificial Intelligence (AI) enhanced Zero Knowledge Proofs (ZKPs) based comprehensive framework used to improve security, privacy, scalability and efficiency in forensic investigations for the multi-cloud environment, a growing concern for cybersecurity and digital forensics domains. With the growing invulnerability of data storage and inefficient processing in cloud computing landscapes, forensic investigations confront privacy preservation, data integrity, and interoperability issues amongst various cloud providers. Despite existing frameworks, there are few adaptive solutions that holistically solve these challenges. To address such issues and challenges, we propose a suite of frameworks, including an Adaptive Multi-Cloud Forensic Integration Framework (A-MCFIF), Multi-Factor Access Control Framework (MACF), Adaptive ZKP Optimization Framework (AZOF), and Privacy Enhanced Data Security Framework (PDSF) to bridge this gap. Incorporating AI-enhanced ZKP and Multi-Factor Authentication (MFA), these frameworks secure data and improve the efficiency of proof generation and verification while meeting privacy regulations such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). Our extensive evaluation of the proposed framework included computing efficiency, memory consumption, data handling efficiency, scalability, overall performance, and cost-effectiveness. We also analyse verification latency to assess the framework’s real-time processing capabilities, which overcome existing solutions. Furthermore, our research includes cloud-specific threat models such as insider threats and data breaches and shows the benefits of the proposed framework for counteracting these risks by proving mathematical and empirical security against privacy breaches. Finally, we bring new insights and contribute to the development of secure, privacy-compliant, and efficient forensic processes, which are elaborated as a comprehensive solution for more reconstructive forensic initiatives in increasingly sophisticated cloud environments.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104331"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145121250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FlowTracker: A refined and versatile data plane measurement approach","authors":"Xinyue Jiang ,&nbsp;Chunming Wu ,&nbsp;Zhengyan Zhou ,&nbsp;Di Wang ,&nbsp;Dezhang Kong ,&nbsp;Muhammad Khurram Khan ,&nbsp;Xuan Liu","doi":"10.1016/j.jnca.2025.104334","DOIUrl":"10.1016/j.jnca.2025.104334","url":null,"abstract":"<div><div>To acquire per-hop flow level information, existing works have made significant contributions to offloading network measurement onto data center switches. Despite this, they still pose challenges due to increasingly complex measurement tasks and massive network traffic. In this paper, we introduce FlowTracker, a flow measurement primitive in the data plane. Our key innovation is a hash-based data structure with constant size and collision resolution, which allows fine-grained and real-time monitoring of various flow statistics. We have fully implemented a FlowTracker prototype on a testbed and used real-world packet traces to evaluate its performance. The results demonstrate FlowTracker’s efficiency under different measurement tasks. For example, with <span><math><mo>∼</mo></math></span>0.5 MB of memory, FlowTracker can accurately estimate 98% heavy hitter out of 25K flows, with an average relative error of 1.28%. It also achieves 92.27% higher accuracy in packet delay estimation and 121.83% higher flow set coverage compared to competitors with only 64 KB of memory. Furthermore, FlowTracker imposes minimal overhead, requiring just <span><math><mo>∼</mo></math></span>0.04% extra bandwidth for large-scale network processing. With these capabilities, FlowTracker can provide network operators with deep insights and efficient flow control of their networks.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"244 ","pages":"Article 104334"},"PeriodicalIF":8.0,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145134833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secure and efficient data collaboration in cloud computing: Flexible delegation via hierarchical attribute-based signature","authors":"Wenrui Jiang,&nbsp;Yongjian Liao,&nbsp;Qishan Gao,&nbsp;Han Xu,&nbsp;Hongwei Wang","doi":"10.1016/j.jnca.2025.104328","DOIUrl":"10.1016/j.jnca.2025.104328","url":null,"abstract":"<div><div>Data collaboration allows multiple parties to jointly share and modify data stored in the cloud server. As unauthorized users may create or modify the shared data as they want by tampering with requests sent by authorized users to replace them with what the unauthorized users want to send, secure data collaboration in cloud computing requires data integrity protection of requests and precise privilege verification of users. However, while maintaining data integrity, it is difficult for current signature schemes to achieve the following demands: fine-grained access control, high scalability, a flexible and controllable hierarchical delegation mechanism, and efficient signing and verification. Therefore, we designed a scalable and flexible hierarchical attribute-based signature (HABS) model and proposed a signing policy HABS construction using the linear secret sharing scheme to construct an access structure. Furthermore, we proved the unforgeability of our HABS scheme in the standard model. We also analyzed and tested the performance of our HABS scheme and related scheme, and we found that our scheme has less signing computation consumption in large-scale systems with complex policies. Finally, we provided a specified application scenario of HABS used in data collaboration based on cloud computing.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104328"},"PeriodicalIF":8.0,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145094149","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"C-PFL: A committee-based personalized federated learning framework","authors":"Lifan Pan ,&nbsp;Hao Guo ,&nbsp;Wanxin Li","doi":"10.1016/j.jnca.2025.104327","DOIUrl":"10.1016/j.jnca.2025.104327","url":null,"abstract":"<div><div>Federated Learning (FL) is an emerging machine learning paradigm that enables multiple parties to train a shared model while preserving data privacy collaboratively. However, malicious clients pose a significant threat to FL systems. This interference not only deteriorates model performance but also exacerbates the unfairness of the global model caused by data heterogeneity, leading to inconsistent performance across clients. We propose C-PFL, a committee-based personalized FL framework that improves both robustness and personalization. In contrast to prior approaches such as FedProto (which relies on the exchange of class prototypes), Ditto (which employs regularization between global and local models), and FedBABU (which freezes the classifier head during federated training), C-PFL introduces two principal innovations. C-PFL adopts a split-model design, updating only a shared backbone during global training while fine-tuning a personalized head locally. A dynamic committee of high-contribution clients validates submitted updates without public data, filtering low-quality or adversarial contributions before aggregation. Experiments on MNIST, Fashion-MNIST, CIFAR-10, CIFAR-100, and AGNews show that C-PFL outperforms six state-of-the-art personalized FL baselines by up to 2.89% in non-adversarial settings, and by as much as 6.96% under 40% malicious clients. These results demonstrate C-PFL’s ability to sustain high accuracy and stability across diverse non-IID scenarios, even with significant adversarial participation.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104327"},"PeriodicalIF":8.0,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145094150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hybrid connectivity-oriented efficient shielding for robustness enhancement in large-scale networks","authors":"Wei Wei ,&nbsp;Jie Huang ,&nbsp;Qinghui Zhang ,&nbsp;Tao Ma ,&nbsp;Peng Li","doi":"10.1016/j.jnca.2025.104325","DOIUrl":"10.1016/j.jnca.2025.104325","url":null,"abstract":"<div><div>Network infrastructure protection is critical for ensuring robustness against attacks and failures, yet existing approaches fundamentally limit their scope by addressing either node or edge vulnerabilities in isolation — an unrealistic assumption given real-world scenarios where both element types may fail simultaneously. Our work makes three key advances beyond current state-of-the-art: First, we introduce the novel concept of hybrid connectivity as a unified robustness metric that properly accounts for concurrent node-edge failures, demonstrating through theoretical analysis that traditional single-element metrics require prohibitively high connectivity thresholds. Second, we develop the first practical solution for large-scale networks via our hybrid cut-tree mapping algorithm, which employs an extended node cut formulation with dynamic programming to identify all vulnerable node-edge combinations in linear time — a dramatic complexity reduction from the exponential scaling of existing linear programming methods. Third, we prove and exploit a fundamental structural property that shielding any edge spanning tree plus leaf edges guarantees target hybrid connectivity, enabling our edge spanning tree algorithm to deliver near-optimal solutions at unprecedented scale. Experimental validation confirms our approach maintains 100% protection effectiveness (with no more than 6% cost overhead versus optimal) in small graphs while achieving 99.9% protection coverage in large-scale networks — outperforming all existing heuristics in protection cost while providing a <span><math><mrow><mn>1</mn><msup><mrow><mn>0</mn></mrow><mrow><mn>5</mn></mrow></msup></mrow></math></span> times speedup over traditional methods.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104325"},"PeriodicalIF":8.0,"publicationDate":"2025-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145093955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"5G slicing under the hood: An in-depth analysis of 5G RAN features and configurations","authors":"André Perdigão,&nbsp;José Quevedo,&nbsp;Rui L. Aguiar","doi":"10.1016/j.jnca.2025.104298","DOIUrl":"10.1016/j.jnca.2025.104298","url":null,"abstract":"<div><div>There has been extensive discussion on the benefits and improvements that 5G networks can bring to industry operations, particularly with network slicing. However, to fully realize network slices, it is essential to thoroughly understand the mechanisms available within a 5G network that can be used to adapt network performance. This paper surveys and describes existing 5G network configurations and assesses the performance impact of several configurations using a real-world commercial standalone (SA) 5G network, bringing the challenges between purely theoretical mathematical models into realizations with existing equipment. The paper discusses how these features impact communication performance according to industrial requirements.</div><div>The survey describes and demonstrates the performance impact of various 5G configurations, enabling readers to understand the capabilities of current 5G networks and learn how to leverage 5G technology to enhance industrial operations. This knowledge is also crucial to fully realize network slices tailored to industrial requirements.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104298"},"PeriodicalIF":8.0,"publicationDate":"2025-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145059766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reinforcement learning based mobile charging sequence scheduling algorithm for optimal stochastic event detection in wireless rechargeable sensor networks","authors":"Jinglin Li ,&nbsp;Haoran Wang ,&nbsp;Sen Zhang ,&nbsp;Peng-Yong Kong ,&nbsp;Wendong Xiao","doi":"10.1016/j.jnca.2025.104301","DOIUrl":"10.1016/j.jnca.2025.104301","url":null,"abstract":"<div><div>Mobile charging provides a new way for energy replenishment in Wireless Rechargeable Sensor Network (WRSN), where the Mobile Charger (MC) is employed for charging sensor nodes sequentially according to the mobile charging sequence scheduling result. Event detection is an essential application of WRSN, but when the events occur stochastically, Mobile Charging Sequence Scheduling for Optimal Stochastic Event Detection (MCSS-OSED) is difficult and challenging, and the non-deterministic detection property of the sensor makes MCSS-OSED complicated further. This paper proposes a novel Multistage Exploration Q-learning Algorithm (MEQA) for MCSS-OSED based on reinforcement learning. In MEQA, MC is taken as the agent to explore the space of the mobile charging sequences via the interactions with the environment for the optimal Quality of Event Detection (QED) evaluated by both considering the sensing probability of the sensor and the probability that events may occur in the monitoring region. Particularly, a new multistage exploration policy is designed for MC to improve the exploration efficiency by selecting the current suboptimal actions with a certain probability, and a novel reward function is presented to evaluate the MC charging action according to the real-time detection contribution of the sensor. Simulation results show that MEQA is efficient for MCSS-OSED and superior to the existing classical algorithms.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104301"},"PeriodicalIF":8.0,"publicationDate":"2025-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145120317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}