Journal of Network and Computer Applications最新文献_第4页

Understanding the Wi-Fi and VR streaming interplay: A comprehensible simulation and experimental study 了解Wi-Fi和VR流媒体的相互作用：一个可理解的模拟和实验研究

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-14 DOI: 10.1016/j.jnca.2025.104391

Boris Bellalta, Miguel Casasnovas, Ferran Maura, Alejandro Rodríguez, Juan S. Marquerie, Pablo L. García, Francesc Wilhelmi, Josep Blat

This paper evaluates the performance of Wi-Fi networks for interactive Virtual Reality (VR) streaming with adaptive bitrate control. It focuses on the interaction between VR traffic characteristics and Wi-Fi link-layer mechanisms, studying how this relationship impacts key performance indicators such as throughput, latency, and user scalability. We begin by outlining the architecture, operation, traffic patterns, and performance demands of cloud/edge split-rendering VR systems. Then, using simulations, we investigate both single-user scenarios — examining the effects of modulation and coding schemes (MCSs) and user-to-access point (AP) distance on bitrate sustainability and latency — and multi-user scenarios, assessing how many concurrent VR users a single AP can support. Results show that the use of adaptive bitrate (ABR) streaming, as exemplified by our NeSt-VR algorithm, significantly outperforms constant bitrate (CBR) approaches, enhancing user capacity and resilience to changing channel propagation conditions. To validate the simulation findings, we conduct an experimental evaluation using Rooms, an open-source eXtended Reality (XR) content creation platform. The experimental results closely match the simulations, reinforcing the conclusion that adaptive bitrate control substantially improves Wi-Fi’s ability to support reliable, multiuser interactive VR streaming.

本文评估了具有自适应比特率控制的交互式虚拟现实（VR）流的Wi-Fi网络的性能。它侧重于VR流量特征与Wi-Fi链路层机制之间的交互，研究这种关系如何影响吞吐量、延迟和用户可扩展性等关键性能指标。我们首先概述了云/边缘分割渲染VR系统的架构、操作、流量模式和性能需求。然后，通过模拟，我们研究了单用户场景（检查调制和编码方案（MCSs）和用户到接入点（AP）距离对比特率可持续性和延迟的影响）和多用户场景（评估单个AP可以支持多少并发VR用户）。结果表明，使用自适应比特率（ABR）流，如我们的NeSt-VR算法所示，显著优于恒定比特率（CBR）方法，增强了用户容量和对不断变化的信道传播条件的弹性。为了验证模拟结果，我们使用开源扩展现实（XR）内容创建平台Rooms进行了实验评估。实验结果与模拟结果非常吻合，强化了自适应比特率控制大大提高Wi-Fi支持可靠的多用户交互式VR流的能力的结论。

{"title":"Understanding the Wi-Fi and VR streaming interplay: A comprehensible simulation and experimental study","authors":"Boris Bellalta, Miguel Casasnovas, Ferran Maura, Alejandro Rodríguez, Juan S. Marquerie, Pablo L. García, Francesc Wilhelmi, Josep Blat","doi":"10.1016/j.jnca.2025.104391","DOIUrl":"10.1016/j.jnca.2025.104391","url":null,"abstract":"<div><div>This paper evaluates the performance of Wi-Fi networks for interactive Virtual Reality (VR) streaming with adaptive bitrate control. It focuses on the interaction between VR traffic characteristics and Wi-Fi link-layer mechanisms, studying how this relationship impacts key performance indicators such as throughput, latency, and user scalability. We begin by outlining the architecture, operation, traffic patterns, and performance demands of cloud/edge split-rendering VR systems. Then, using simulations, we investigate both single-user scenarios — examining the effects of modulation and coding schemes (MCSs) and user-to-access point (AP) distance on bitrate sustainability and latency — and multi-user scenarios, assessing how many concurrent VR users a single AP can support. Results show that the use of adaptive bitrate (ABR) streaming, as exemplified by our NeSt-VR algorithm, significantly outperforms constant bitrate (CBR) approaches, enhancing user capacity and resilience to changing channel propagation conditions. To validate the simulation findings, we conduct an experimental evaluation using Rooms, an open-source eXtended Reality (XR) content creation platform. The experimental results closely match the simulations, reinforcing the conclusion that adaptive bitrate control substantially improves Wi-Fi’s ability to support reliable, multiuser interactive VR streaming.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104391"},"PeriodicalIF":8.0,"publicationDate":"2025-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Privacy-preserving trajectory data publication: A distributed approach without trusted servers 保护隐私的轨迹数据发布：没有可信服务器的分布式方法

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-14 DOI: 10.1016/j.jnca.2025.104388

Jong Wook Kim , Beakcheol Jang

The widespread adoption of mobile devices, coupled with the rapid advancement of GPS and positioning technologies, has led to a significant increase in the collection of trajectory data. This trajectory data serves as a critical resource for numerous applications, leading to an increasing demand for its sharing and publication. However, the sensitive nature of trajectory data poses significant privacy risks, necessitating the development of privacy-preserving publication schemes. Differential privacy (DP) has emerged as a leading approach for protecting individual trajectories during data publication, but many existing approaches rely on a trusted central server, an assumption that is unrealistic in practical settings. In this paper, we present DistTraj, a novel distributed framework for privacy-preserving trajectory data publishing that eliminates the need for a trusted central server. The proposed framework leverages a distributed clustering scheme to generalize trajectories without relying on a centralized trusted server. To improve the effectiveness of DP in this decentralized setting, we propose a method to establish a tighter bound on the global sensitivity of the DP mechanism within the clustering process. Through extensive experiments on real-world datasets, we demonstrate that the proposed DistTraj framework, even without relying on a trusted central server, achieves performance comparable to state-of-the-art central server-based methods. These results show that DistTraj successfully balances privacy preservation and data utility in decentralized environments, where trusting a central server is impractical or infeasible.

移动设备的广泛采用，加上GPS和定位技术的快速发展，导致了轨道数据收集的显著增加。这些轨迹数据是许多应用程序的关键资源，导致对其共享和发布的需求不断增加。然而，轨迹数据的敏感性带来了重大的隐私风险，需要开发保护隐私的发布方案。差分隐私（DP）已成为数据发布期间保护个人轨迹的主要方法，但许多现有方法依赖于可信的中央服务器，这一假设在实际设置中是不现实的。在本文中，我们提出了DistTraj，这是一种新颖的分布式框架，用于保护隐私的轨迹数据发布，消除了对可信中央服务器的需求。提出的框架利用分布式集群方案来泛化轨迹，而不依赖于集中式可信服务器。为了提高这种分散环境下DP的有效性，我们提出了一种在聚类过程中对DP机制的全局敏感性建立更严格约束的方法。通过对真实世界数据集的广泛实验，我们证明了所提出的DistTraj框架，即使不依赖于可信的中央服务器，也可以实现与最先进的基于中央服务器的方法相当的性能。这些结果表明，DistTraj在去中心化环境中成功地平衡了隐私保护和数据效用，在去中心化环境中，信任中央服务器是不切实际或不可行的。

{"title":"Privacy-preserving trajectory data publication: A distributed approach without trusted servers","authors":"Jong Wook Kim , Beakcheol Jang","doi":"10.1016/j.jnca.2025.104388","DOIUrl":"10.1016/j.jnca.2025.104388","url":null,"abstract":"<div><div>The widespread adoption of mobile devices, coupled with the rapid advancement of GPS and positioning technologies, has led to a significant increase in the collection of trajectory data. This trajectory data serves as a critical resource for numerous applications, leading to an increasing demand for its sharing and publication. However, the sensitive nature of trajectory data poses significant privacy risks, necessitating the development of privacy-preserving publication schemes. Differential privacy (DP) has emerged as a leading approach for protecting individual trajectories during data publication, but many existing approaches rely on a trusted central server, an assumption that is unrealistic in practical settings. In this paper, we present DistTraj, a novel distributed framework for privacy-preserving trajectory data publishing that eliminates the need for a trusted central server. The proposed framework leverages a distributed clustering scheme to generalize trajectories without relying on a centralized trusted server. To improve the effectiveness of DP in this decentralized setting, we propose a method to establish a tighter bound on the global sensitivity of the DP mechanism within the clustering process. Through extensive experiments on real-world datasets, we demonstrate that the proposed DistTraj framework, even without relying on a trusted central server, achieves performance comparable to state-of-the-art central server-based methods. These results show that DistTraj successfully balances privacy preservation and data utility in decentralized environments, where trusting a central server is impractical or infeasible.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104388"},"PeriodicalIF":8.0,"publicationDate":"2025-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531184","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Dynamic searchable symmetric encryption with efficient conjunctive query and non-interactive real deletion 具有高效联合查询和非交互式实删除的动态可搜索对称加密

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104387

Zhengwei Ren , Pei He , Rongwei Yu , Li Deng , Yan Tong , Shiwei Xu

Dynamic searchable symmetric encryption (DSSE) enables users to perform update and search operations over encrypted data on cloud servers. However, many DSSE schemes are unable to efficiently perform conjunctive queries containing multiple keywords, limiting their search capabilities. Those DSSE schemes supporting conjunctive query fail to achieve real deletion, affecting the efficiencies of subsequent searches. In this paper, we propose a DSSE scheme supporting conjunctive query and non-interactive real deletion simultaneously. For a conjunctive query containing multiple keywords, we adjust the positions of these keywords so that the keyword contained by the least number of document(s) is at the forefront of the conjunctive query. The document(s) containing this keyword are then located, and on the basis of the document(s) the remaining keywords are checked to obtain the final search result. Moreover, cuckoo filter is adopted to store the ciphertext to be searched, making the conjunctive query efficient. We deploy two search databases on the cloud server to achieve non-interactive real deletion. Benefiting from these two databases, the deleted ciphertext will be physically removed from the cloud server with no impact on subsequent searches, improving search efficiencies of subsequent searches. Our scheme only utilizes a few hash functions and a pseudorandom function, while the forward privacy and backward privacy are still achieved. We conduct a formal security analysis and extensive experimental evaluations, showing that our scheme has efficiency advantages in both update and search processes.

动态可搜索对称加密（DSSE）使用户能够对云服务器上的加密数据执行更新和搜索操作。然而，许多DSSE方案无法有效地执行包含多个关键字的连接查询，限制了它们的搜索能力。支持连接查询的DSSE方案无法实现真正的删除，影响后续搜索的效率。本文提出了一种同时支持联合查询和非交互式实删除的DSSE方案。对于包含多个关键字的连接查询，我们调整这些关键字的位置，以便由最少数量的文档包含的关键字位于连接查询的最前面。然后找到包含此关键字的文档，并在该文档的基础上检查其余关键字以获得最终搜索结果。此外，采用杜鹃滤波器存储待搜索的密文，提高了连接查询的效率。我们在云服务器上部署两个搜索数据库，实现非交互式的真实删除。得益于这两个数据库，删除的密文将从云服务器上物理移除，不会影响后续搜索，提高后续搜索的搜索效率。我们的方案只使用了几个哈希函数和一个伪随机函数，同时仍然实现了前向隐私和后向隐私。我们进行了正式的安全性分析和广泛的实验评估，表明我们的方案在更新和搜索过程中都具有效率优势。

{"title":"Dynamic searchable symmetric encryption with efficient conjunctive query and non-interactive real deletion","authors":"Zhengwei Ren , Pei He , Rongwei Yu , Li Deng , Yan Tong , Shiwei Xu","doi":"10.1016/j.jnca.2025.104387","DOIUrl":"10.1016/j.jnca.2025.104387","url":null,"abstract":"<div><div>Dynamic searchable symmetric encryption (DSSE) enables users to perform update and search operations over encrypted data on cloud servers. However, many DSSE schemes are unable to efficiently perform conjunctive queries containing multiple keywords, limiting their search capabilities. Those DSSE schemes supporting conjunctive query fail to achieve real deletion, affecting the efficiencies of subsequent searches. In this paper, we propose a DSSE scheme supporting conjunctive query and non-interactive real deletion simultaneously. For a conjunctive query containing multiple keywords, we adjust the positions of these keywords so that the keyword contained by the least number of document(s) is at the forefront of the conjunctive query. The document(s) containing this keyword are then located, and on the basis of the document(s) the remaining keywords are checked to obtain the final search result. Moreover, cuckoo filter is adopted to store the ciphertext to be searched, making the conjunctive query efficient. We deploy two search databases on the cloud server to achieve non-interactive real deletion. Benefiting from these two databases, the deleted ciphertext will be physically removed from the cloud server with no impact on subsequent searches, improving search efficiencies of subsequent searches. Our scheme only utilizes a few hash functions and a pseudorandom function, while the forward privacy and backward privacy are still achieved. We conduct a formal security analysis and extensive experimental evaluations, showing that our scheme has efficiency advantages in both update and search processes.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104387"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Task scheduling of cloud computing system by frilled lizard optimization with time varying expansion mixed function oscillation and horned lizard camouflage strategy 基于时变扩展混合函数振荡的褶边蜥蜴优化和角蜥蜴伪装策略的云计算系统任务调度

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104386

Hao-Ming Song, Si-Wen Zhang, Jie-Sheng Wang, Cheng Xing, Yu-Feng Sun, Yu-Cai Wang, Xiao-Fei Sui

With the increasing complexity and scale of cloud computing systems, task scheduling optimization has become critical for improving resource utilization, enhancing service reliability, and reducing overall energy consumption. Traditional swarm intelligence algorithms often struggle to achieve an effective balance between global exploration and local exploitation, leading to premature convergence or sub-optimal solutions, particularly in large-scale and high-dimensional problem scenarios. To address these challenges, this study proposes a Time Varying Mixed Function Frilled Lizard Optimization algorithm (TMCFLO) that incorporates a horned lizard-inspired camouflage strategy to increase population diversity and prevent premature convergence, alongside a novel mixed function oscillation mechanism, combining sine, cosine, power, logarithm, and Gaussian functions, to enhance local search precision and convergence efficiency. A time-varying expansion factor is further introduced to dynamically regulate oscillation amplitude, ensuring adaptive adjustment of search behavior throughout the optimization process. Extensive evaluations on the CEC 2022 benchmark set demonstrate that TMCFLO outperforms classical algorithms, including PSO, ACO, WOA, AOA, POA, ZOA, HO, RLLPSO and IHBA, achieving up to 26 percent improvement in optimization accuracy. In practical cloud computing task scheduling experiments with 1500 and 3000 tasks, TMCFLO achieves the lowest single task energy consumption of 0.2196, the lowest total energy consumption of 658.80, and the highest energy efficiency of 4.5569, confirming its effectiveness, scalability, and energy-efficient superiority for complex cloud scheduling problems.

随着云计算系统复杂度和规模的不断提高，优化任务调度对于提高资源利用率、增强业务可靠性、降低整体能耗具有重要意义。传统的群体智能算法往往难以实现全局探索和局部开发之间的有效平衡，导致过早收敛或次优解决方案，特别是在大规模和高维问题场景中。为了解决这些挑战，本研究提出了一种时变混合函数褶边蜥蜴优化算法（TMCFLO），该算法结合了角蜥蜴的伪装策略来增加种群多样性并防止早熟收敛，以及一种新的混合函数振荡机制，结合了正弦、余弦、幂、对数和高斯函数，以提高局部搜索精度和收敛效率。进一步引入时变扩展因子来动态调节振荡幅度，保证在整个优化过程中搜索行为的自适应调整。对CEC 2022基准集的广泛评估表明，TMCFLO优于经典算法，包括PSO， ACO， WOA， AOA， POA， ZOA， HO， RLLPSO和IHBA，优化精度提高了26%。在1500任务和3000任务的实际云计算任务调度实验中，TMCFLO的单任务能耗最低为0.2196，总能耗最低为658.80，能效最高为4.5569，验证了其在复杂云调度问题上的有效性、可扩展性和节能优势。

{"title":"Task scheduling of cloud computing system by frilled lizard optimization with time varying expansion mixed function oscillation and horned lizard camouflage strategy","authors":"Hao-Ming Song, Si-Wen Zhang, Jie-Sheng Wang, Cheng Xing, Yu-Feng Sun, Yu-Cai Wang, Xiao-Fei Sui","doi":"10.1016/j.jnca.2025.104386","DOIUrl":"10.1016/j.jnca.2025.104386","url":null,"abstract":"<div><div>With the increasing complexity and scale of cloud computing systems, task scheduling optimization has become critical for improving resource utilization, enhancing service reliability, and reducing overall energy consumption. Traditional swarm intelligence algorithms often struggle to achieve an effective balance between global exploration and local exploitation, leading to premature convergence or sub-optimal solutions, particularly in large-scale and high-dimensional problem scenarios. To address these challenges, this study proposes a Time Varying Mixed Function Frilled Lizard Optimization algorithm (TMCFLO) that incorporates a horned lizard-inspired camouflage strategy to increase population diversity and prevent premature convergence, alongside a novel mixed function oscillation mechanism, combining sine, cosine, power, logarithm, and Gaussian functions, to enhance local search precision and convergence efficiency. A time-varying expansion factor is further introduced to dynamically regulate oscillation amplitude, ensuring adaptive adjustment of search behavior throughout the optimization process. Extensive evaluations on the CEC 2022 benchmark set demonstrate that TMCFLO outperforms classical algorithms, including PSO, ACO, WOA, AOA, POA, ZOA, HO, RLLPSO and IHBA, achieving up to 26 percent improvement in optimization accuracy. In practical cloud computing task scheduling experiments with 1500 and 3000 tasks, TMCFLO achieves the lowest single task energy consumption of 0.2196, the lowest total energy consumption of 658.80, and the highest energy efficiency of 4.5569, confirming its effectiveness, scalability, and energy-efficient superiority for complex cloud scheduling problems.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104386"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145528948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Design, implementation, and performance evaluation of a high-performance and high-precision NetFlow/IPFIX flow-monitoring system on a P4 hardware switch 基于P4硬件交换机的高性能高精度NetFlow/IPFIX流量监控系统的设计、实现及性能评估

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104385

Shie-Yuan Wang , Tzu-Ching Lin

High-performance and high-precision flow monitoring is a crucial function for network management, network bandwidth usage accounting and billing, network security, network forensics, and other important tasks. Nowadays, many commercial switches/routers provide either sFlow, NetFlow, or IPFIX scheme for monitoring the flows traversing a network. sFlow is a scheme widely supported by many switches/routers due to its using a sampling-based method, which greatly reduces the CPU processing load on a switch/router and the network bandwidth required to transmit flow data to a remote collector. However, many small flows may go undetected and the estimated flow data (e.g., the packet count and byte count) for detected flows can significantly deviate from their ground truth.

NetFlow, which is Cisco Systems’ proprietary technology, does not use a sampling-based method by default. Instead, it tries to collect complete and correct flow data for every flow. However, as the link speed and the flow arrival rate continue to increase, NetFlow also provides a sampling-based option to reduce the CPU utilization of the switch/router. Because NetFlow is proprietary, an Internet Engineering Task Force (IETF) working group has defined IPFIX as an open flow information export protocol based on NetFlow Version 9. The requirements for IPFIX are defined in the RFC 3917 standards. Basically, IPFIX is the same as NetFlow Version 9.

Due to its high demand on the CPU of the switch/router, currently NetFlow is supported only on very high-end switches/routers and its design and implementation on these commercial switches/routers are not published in the literature. In this paper, we design and implement a high-performance and high-precision NetFlow/IPFIX system on a Programming Protocol-independent Packet Processors (P4) hardware switch. Based on a 20 Gbps playback of a packet trace gathered on an Internet backbone link, experimental results show that our novel method significantly outperforms the typical design and implementation method of NetFlow/IPFIX on a P4 hardware switch. For example, for the number of detected flows during the trace period, our method outperforms the typical method by a factor of 5.72. As for the number of flows whose packet and byte counts are correctly counted, our method outperforms the typical method by a factor of 8.57.

高性能、高精度的流量监控是网络管理、网络带宽计费、网络安全、网络取证等重要任务的关键功能。目前，许多商用交换机/路由器提供sFlow、NetFlow或IPFIX方案来监控流经网络的流量。sFlow是一种被许多交换机/路由器广泛支持的方案，因为它使用了基于采样的方法，大大降低了交换机/路由器的CPU处理负载和将流数据传输到远程采集器所需的网络带宽。然而，许多小流可能未被检测到，并且检测到的流的估计流数据（例如，数据包计数和字节计数）可能会明显偏离其基本事实。NetFlow是思科系统的专利技术，默认情况下不使用基于采样的方法。相反，它试图为每个流收集完整和正确的流量数据。然而，随着链路速度和流量到达率的不断增加，NetFlow还提供了一个基于采样的选项，以降低交换机/路由器的CPU利用率。由于NetFlow是专有的，互联网工程任务组（IETF）工作组已经将IPFIX定义为基于NetFlow Version 9的开放流量信息导出协议。对IPFIX的要求在RFC 3917标准中有定义。基本上，IPFIX与NetFlow Version 9相同。由于NetFlow对交换机/路由器CPU的要求很高，目前NetFlow只支持在非常高端的交换机/路由器上，其在这些商用交换机/路由器上的设计和实现没有在文献中发表。在本文中，我们设计并实现了一个基于P4 （Programming Protocol-independent Packet Processors）硬件交换机的高性能、高精度NetFlow/IPFIX系统。实验结果表明，该方法明显优于典型的NetFlow/IPFIX在P4硬件交换机上的设计和实现方法。例如，对于跟踪期间检测到的流的数量，我们的方法比典型方法的性能高出5.72倍。对于正确计算数据包和字节计数的流的数量，我们的方法比典型方法的性能高出8.57倍。

{"title":"Design, implementation, and performance evaluation of a high-performance and high-precision NetFlow/IPFIX flow-monitoring system on a P4 hardware switch","authors":"Shie-Yuan Wang , Tzu-Ching Lin","doi":"10.1016/j.jnca.2025.104385","DOIUrl":"10.1016/j.jnca.2025.104385","url":null,"abstract":"<div><div>High-performance and high-precision flow monitoring is a crucial function for network management, network bandwidth usage accounting and billing, network security, network forensics, and other important tasks. Nowadays, many commercial switches/routers provide either sFlow, NetFlow, or IPFIX scheme for monitoring the flows traversing a network. sFlow is a scheme widely supported by many switches/routers due to its using a sampling-based method, which greatly reduces the CPU processing load on a switch/router and the network bandwidth required to transmit flow data to a remote collector. However, many small flows may go undetected and the estimated flow data (e.g., the packet count and byte count) for detected flows can significantly deviate from their ground truth.</div><div>NetFlow, which is Cisco Systems’ proprietary technology, does not use a sampling-based method by default. Instead, it tries to collect complete and correct flow data for every flow. However, as the link speed and the flow arrival rate continue to increase, NetFlow also provides a sampling-based option to reduce the CPU utilization of the switch/router. Because NetFlow is proprietary, an Internet Engineering Task Force (IETF) working group has defined IPFIX as an open flow information export protocol based on NetFlow Version 9. The requirements for IPFIX are defined in the RFC 3917 standards. Basically, IPFIX is the same as NetFlow Version 9.</div><div>Due to its high demand on the CPU of the switch/router, currently NetFlow is supported only on very high-end switches/routers and its design and implementation on these commercial switches/routers are not published in the literature. In this paper, we design and implement a high-performance and high-precision NetFlow/IPFIX system on a Programming Protocol-independent Packet Processors (P4) hardware switch. Based on a 20 Gbps playback of a packet trace gathered on an Internet backbone link, experimental results show that our novel method significantly outperforms the typical design and implementation method of NetFlow/IPFIX on a P4 hardware switch. For example, for the number of detected flows during the trace period, our method outperforms the typical method by a factor of 5.72. As for the number of flows whose packet and byte counts are correctly counted, our method outperforms the typical method by a factor of 8.57.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104385"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145528949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SIoV-IDS: SDN-enabled zero-trust framework for explainable intrusion detection in IoVs using Variational Autoencoders and EX-LSTM SIoV-IDS：支持sdn的零信任框架，用于iov中使用变分自编码器和EX-LSTM的可解释入侵检测

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104389

Muddasar Laghari , Yuanchang Zhong , Muhammad Junaid Tahir , Muhammad Adil

In response to cyber attacks targeting the Internet of Vehicles (IoV) ecosystem, we propose SIoV-DS, a secure framework addressing inter-vehicle communication, intra-vehicle networks, and infrastructure threats using a zero-trust approach. Vehicle data is first encoded with a Variational Autoencoder (V-AE) to mitigate inference attacks, then analyzed by an Extended Long Short-Term Memory (EX-LSTM) detector capable of identifying diverse attacks, including Denial of Service (DoS), spoofing, and malware. For interpretability, Shapley Additive Explanations (SHAP) provide insights into EX-LSTM decisions, assisting Security Operations Center (SOC) analysts. SIoV-DS is deployed over a Software-Defined Networking (SDN) architecture to ensure scalability. Evaluations on CIC-IoV2024 and Edge-IIoTset2022 datasets demonstrate high accuracy (99.78% and 95.01%, respectively), while inference-time analysis confirms feasibility for real-time detection, effectively securing the IoV ecosystem against advanced cyber threats.

为了应对针对车联网（IoV）生态系统的网络攻击，我们提出了SIoV-DS，这是一个使用零信任方法解决车际通信、车内网络和基础设施威胁的安全框架。车辆数据首先使用变分自动编码器（V-AE）进行编码，以减轻推理攻击，然后通过扩展长短期记忆（EX-LSTM）检测器进行分析，该检测器能够识别各种攻击，包括拒绝服务（DoS），欺骗和恶意软件。在可解释性方面，Shapley加性解释（SHAP）提供了对EX-LSTM决策的见解，协助安全运营中心（SOC）分析师。SIoV-DS通过软件定义网络（SDN）架构部署，以确保可扩展性。对CIC-IoV2024和Edge-IIoTset2022数据集的评估表明，该方法具有较高的准确率（分别为99.78%和95.01%），而推断时间分析证实了实时检测的可行性，有效地保护了车联网生态系统免受高级网络威胁。

{"title":"SIoV-IDS: SDN-enabled zero-trust framework for explainable intrusion detection in IoVs using Variational Autoencoders and EX-LSTM","authors":"Muddasar Laghari , Yuanchang Zhong , Muhammad Junaid Tahir , Muhammad Adil","doi":"10.1016/j.jnca.2025.104389","DOIUrl":"10.1016/j.jnca.2025.104389","url":null,"abstract":"<div><div>In response to cyber attacks targeting the Internet of Vehicles (IoV) ecosystem, we propose <strong>SIoV-DS</strong>, a secure framework addressing inter-vehicle communication, intra-vehicle networks, and infrastructure threats using a zero-trust approach. Vehicle data is first encoded with a <em>Variational Autoencoder (V-AE)</em> to mitigate inference attacks, then analyzed by an <em>Extended Long Short-Term Memory (EX-LSTM)</em> detector capable of identifying diverse attacks, including Denial of Service (DoS), spoofing, and malware. For interpretability, <em>Shapley Additive Explanations (SHAP)</em> provide insights into EX-LSTM decisions, assisting Security Operations Center (SOC) analysts. SIoV-DS is deployed over a <em>Software-Defined Networking (SDN)</em> architecture to ensure scalability. Evaluations on <em>CIC-IoV2024</em> and <em>Edge-IIoTset2022</em> datasets demonstrate high accuracy (99.78% and 95.01%, respectively), while inference-time analysis confirms feasibility for real-time detection, effectively securing the IoV ecosystem against advanced cyber threats.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104389"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Optimal multi-access edge computing system deployment in private 5G networks for multi-story construction sites 面向多层建筑工地专用网的多址边缘计算系统优化部署

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104384

Shi-Yu Zhang , Chun-Cheng Lin , Zhen-Yin Annie Chen , Der-Jiunn Deng

Driven by the swift progression of smart construction, the number of sensors and smart devices on construction sites has increased dramatically, posing new challenges to data processing and communications. However, conventional cloud computing framework can hardly meet the requirement for processing enormous real-time data from construction sites, while existing approaches to deploying multi-access edge computing (MEC) servers overlooked the energy usage of MEC servers, as well as the unique physical and network security requirements within the multi-story structure of complex construction sites. Therefore, this work presents a mathematical programming model for private 5G network MEC systems on smart construction sites considering installation, connectivity, energy consumption, security maintenance, and cybersecurity; and further solve it with a hybrid metaheuristic approach that combines simplified harmony search (SHS) and variable neighborhood search (VNS) algorithms. The deployment of private 5G network edge computing servers and base stations is recognized as an NP-hard problem, where conventional mathematical models may fall short in finding practical, optimal solutions. Our proposed hybrid algorithm integrates the global search capability of SHS with the local search efficiency of VNS to comprehensively explore the solution space, providing a robust yet implementable method for complex optimization. The efficacy of this approach is validated through experimental evaluations in real-world construction site scenarios, demonstrating notable advantages in solution quality, stability, energy consumption, and overall cost reduction. Results show that the proposed algorithm significantly minimizes costs related to installation, security maintenance, and data protection, fulfilling diverse constraints effectively and making it a promising solution of deploying the MEC systems in private 5G networks for smart construction sites.

在智能建筑快速发展的推动下，建筑工地的传感器和智能设备数量急剧增加，对数据处理和通信提出了新的挑战。然而，传统的云计算框架很难满足处理建筑工地海量实时数据的需求，而现有的多接入边缘计算（MEC）服务器部署方法忽视了MEC服务器的能耗，以及复杂建筑工地多层结构中独特的物理和网络安全需求。因此，本文提出了智能建筑工地专用5G网络MEC系统的数学规划模型，考虑了安装、连接、能耗、安全维护和网络安全；并进一步采用简化和谐搜索（SHS）和可变邻域搜索（VNS）算法相结合的混合元启发式方法进行求解。私有5G网络边缘计算服务器和基站的部署被认为是一个np难题，传统的数学模型可能无法找到实用的最佳解决方案。我们提出的混合算法将SHS的全局搜索能力与VNS的局部搜索效率相结合，全面探索解空间，为复杂优化提供了一种鲁棒且可实现的方法。该方法的有效性通过实际施工现场场景的实验评估得到验证，在解决方案质量、稳定性、能耗和总体成本降低方面显示出显著优势。结果表明，该算法显著降低了与安装、安全维护和数据保护相关的成本，有效地满足了各种约束条件，使其成为智能建筑工地专用5G网络中部署MEC系统的有希望的解决方案。

{"title":"Optimal multi-access edge computing system deployment in private 5G networks for multi-story construction sites","authors":"Shi-Yu Zhang , Chun-Cheng Lin , Zhen-Yin Annie Chen , Der-Jiunn Deng","doi":"10.1016/j.jnca.2025.104384","DOIUrl":"10.1016/j.jnca.2025.104384","url":null,"abstract":"<div><div>Driven by the swift progression of smart construction, the number of sensors and smart devices on construction sites has increased dramatically, posing new challenges to data processing and communications. However, conventional cloud computing framework can hardly meet the requirement for processing enormous real-time data from construction sites, while existing approaches to deploying multi-access edge computing (MEC) servers overlooked the energy usage of MEC servers, as well as the unique physical and network security requirements within the multi-story structure of complex construction sites. Therefore, this work presents a mathematical programming model for private 5G network MEC systems on smart construction sites considering installation, connectivity, energy consumption, security maintenance, and cybersecurity; and further solve it with a hybrid metaheuristic approach that combines simplified harmony search (SHS) and variable neighborhood search (VNS) algorithms. The deployment of private 5G network edge computing servers and base stations is recognized as an NP-hard problem, where conventional mathematical models may fall short in finding practical, optimal solutions. Our proposed hybrid algorithm integrates the global search capability of SHS with the local search efficiency of VNS to comprehensively explore the solution space, providing a robust yet implementable method for complex optimization. The efficacy of this approach is validated through experimental evaluations in real-world construction site scenarios, demonstrating notable advantages in solution quality, stability, energy consumption, and overall cost reduction. Results show that the proposed algorithm significantly minimizes costs related to installation, security maintenance, and data protection, fulfilling diverse constraints effectively and making it a promising solution of deploying the MEC systems in private 5G networks for smart construction sites.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104384"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Edge-AI: A systematic review on architectures, applications, and challenges Edge-AI：对架构、应用和挑战的系统回顾

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-08 DOI: 10.1016/j.jnca.2025.104375

Himanshu Gauttam , Garima Nain , K.K. Pattanaik , Paulo Mendes

The evolution of computing technologies and the generation of massive amounts of data fueled the development of Artificial Intelligence (AI), specifically Deep Learning (DL), solutions to extract key patterns from data, and the generation of insights and knowledge useful to achieve optimized service execution. Traditional cloud-based execution of DL solutions faces several challenges, such as latency, data privacy, and reliability, while trying to meet service requirements. In contrast, the limited computing and storage resources on the edge pose daunting challenges in executing resource-intensive DL solutions closer to the customer. This scenario led to the birth of an interdisciplinary research field named Edge-AI or Edge-Intelligence, aiming to mitigate the limitations of cloud and edge-based DL executions. In this context, this work proposes a reference layered Edge-AI framework to ensure the successful deployment of the Edge-Intelligence paradigm, encompassing three novel layers for the optimization of edge infrastructure, edge inference, and edge training. The work presents a detailed investigation and analysis of the schemes centered around the above-listed layers of the proposed Edge-AI framework. Furthermore, this work discusses potential application domains for Edge-AI, delving into a set of potential limitations, and ending up identifying future research directions in terms of Edge-AI infrastructure deployment, inference and training, which are functionalities needed to deploy and use robust, sustainable, and efficient intelligent edge networks.

计算技术的发展和大量数据的产生推动了人工智能（AI）的发展，特别是深度学习（DL），从数据中提取关键模式的解决方案，以及对实现优化服务执行有用的见解和知识的产生。传统的基于云的深度学习解决方案在试图满足服务需求的同时面临着一些挑战，如延迟、数据隐私和可靠性。相比之下，边缘有限的计算和存储资源在执行更接近客户的资源密集型深度学习解决方案时构成了艰巨的挑战。这种情况导致了一个名为Edge-AI或Edge-Intelligence的跨学科研究领域的诞生，旨在减轻云和基于边缘的深度学习执行的局限性。在此背景下，本工作提出了一个参考分层边缘人工智能框架，以确保边缘智能范式的成功部署，该框架包括三个新的层，用于优化边缘基础设施、边缘推理和边缘训练。这项工作对围绕拟议的边缘人工智能框架的上述层的方案进行了详细的调查和分析。此外，本工作还讨论了edge - ai的潜在应用领域，深入研究了一系列潜在的限制，并最终确定了edge - ai基础设施部署、推理和训练方面的未来研究方向，这些都是部署和使用强大、可持续和高效的智能边缘网络所需的功能。

{"title":"Edge-AI: A systematic review on architectures, applications, and challenges","authors":"Himanshu Gauttam , Garima Nain , K.K. Pattanaik , Paulo Mendes","doi":"10.1016/j.jnca.2025.104375","DOIUrl":"10.1016/j.jnca.2025.104375","url":null,"abstract":"<div><div>The evolution of computing technologies and the generation of massive amounts of data fueled the development of <em>Artificial Intelligence</em> (AI), specifically <em>Deep Learning</em> (DL), solutions to extract key patterns from data, and the generation of insights and knowledge useful to achieve optimized service execution. Traditional cloud-based execution of DL solutions faces several challenges, such as latency, data privacy, and reliability, while trying to meet service requirements. In contrast, the limited computing and storage resources on the edge pose daunting challenges in executing resource-intensive DL solutions closer to the customer. This scenario led to the birth of an interdisciplinary research field named Edge-AI or Edge-Intelligence, aiming to mitigate the limitations of cloud and edge-based DL executions. In this context, this work proposes a reference layered Edge-AI framework to ensure the successful deployment of the Edge-Intelligence paradigm, encompassing three novel layers for the optimization of edge infrastructure, edge inference, and edge training. The work presents a detailed investigation and analysis of the schemes centered around the above-listed layers of the proposed Edge-AI framework. Furthermore, this work discusses potential application domains for Edge-AI, delving into a set of potential limitations, and ending up identifying future research directions in terms of Edge-AI infrastructure deployment, inference and training, which are functionalities needed to deploy and use robust, sustainable, and efficient intelligent edge networks.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104375"},"PeriodicalIF":8.0,"publicationDate":"2025-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145461584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A comprehensive study of the 6LoWSD protocol architecture with respect to scalability and mobility for SDN-enabled IoT networks 针对支持sdn的物联网网络的可扩展性和移动性，全面研究6LoWSD协议架构

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-06 DOI: 10.1016/j.jnca.2025.104370

Wanbanker Khongbuh , Goutam Saha

The Internet of Things (IoT) and software-defined networks (SDN) have opened up new opportunities for innovation. Many of the limitations of the IoT system can be rectified with the SDN concepts. Thus, the combination of SDN and IoT has tremendous potential in various application domains. As the number of IoT devices is increasing with time, the scalability issues need to be further improved. Another significant challenge in IoT environments is mobility. Maintaining seamless mobility and persistent connectivity for IoT devices operating over large-scale or geographically dispersed environments presents a significant research challenge. But scalability and mobility are complex challenges. Developing scalable, mobile, and adaptive network architectures is crucial for SDN-enabled IoT ecosystems. Using SDN-enabled IoT networks, we introduced a comprehensive approach to address these challenges. Here, a new protocol based on OpenFlow of SDN and 6LoWPAN of the IoT system, namely, 6LoWSD has been proposed. In this investigation, emphasis has been placed on techniques on how the proposed 6LoWSD can improve scalability and mobility issues. In this study, experiments with the proposed protocol were performed using physical devices and a simulated platform. The results were compared with the 6LoWPAN counterpart and were found to be satisfactory.

物联网（IoT）和软件定义网络（SDN）为创新提供了新的机遇。物联网系统的许多局限性可以通过SDN概念得到纠正。因此，SDN与物联网的结合在各个应用领域具有巨大的潜力。随着物联网设备的数量随着时间的推移而增加，可扩展性问题需要进一步改善。物联网环境中的另一个重大挑战是移动性。为在大规模或地理分散的环境中运行的物联网设备保持无缝移动性和持久连接是一项重大的研究挑战。但可扩展性和移动性是复杂的挑战。开发可扩展、移动和自适应的网络架构对于支持sdn的物联网生态系统至关重要。使用支持sdn的物联网网络，我们引入了一种全面的方法来应对这些挑战。在此，基于SDN的OpenFlow和物联网系统的6LoWPAN，提出了一种新的协议，即6LoWSD。在本调查中，重点放在建议的6LoWSD如何改善可伸缩性和移动性问题的技术上。在本研究中，使用物理设备和模拟平台对所提出的协议进行了实验。结果与6LoWPAN相比较，发现是令人满意的。

{"title":"A comprehensive study of the 6LoWSD protocol architecture with respect to scalability and mobility for SDN-enabled IoT networks","authors":"Wanbanker Khongbuh , Goutam Saha","doi":"10.1016/j.jnca.2025.104370","DOIUrl":"10.1016/j.jnca.2025.104370","url":null,"abstract":"<div><div>The Internet of Things (IoT) and software-defined networks (SDN) have opened up new opportunities for innovation. Many of the limitations of the IoT system can be rectified with the SDN concepts. Thus, the combination of SDN and IoT has tremendous potential in various application domains. As the number of IoT devices is increasing with time, the scalability issues need to be further improved. Another significant challenge in IoT environments is mobility. Maintaining seamless mobility and persistent connectivity for IoT devices operating over large-scale or geographically dispersed environments presents a significant research challenge. But scalability and mobility are complex challenges. Developing scalable, mobile, and adaptive network architectures is crucial for SDN-enabled IoT ecosystems. Using SDN-enabled IoT networks, we introduced a comprehensive approach to address these challenges. Here, a new protocol based on OpenFlow of SDN and 6LoWPAN of the IoT system, namely, 6LoWSD has been proposed. In this investigation, emphasis has been placed on techniques on how the proposed 6LoWSD can improve scalability and mobility issues. In this study, experiments with the proposed protocol were performed using physical devices and a simulated platform. The results were compared with the 6LoWPAN counterpart and were found to be satisfactory.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104370"},"PeriodicalIF":8.0,"publicationDate":"2025-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145461588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Towards IT/OT integration in industry digitalization: A comprehensive survey 工业数字化中的IT/OT融合：综合调查

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-04 DOI: 10.1016/j.jnca.2025.104373

Riccardo Venanzi, Giuseppe Di Modica, Luca Foschini, Paolo Bellavista

According to both academic and industry perspectives, the Fourth Industrial Revolution has brought about a paradigm shift in the manufacturing sector enabling companies to enhance their competitiveness in the global market. To achieve this goal, manufacturing companies will need to undertake a deep digital transformation, primarily by introducing advanced Information Technology (IT) into traditionally less digitalized departments, such as shop floors, where Operational Technology (OT) currently dominate. For the full achievement of Industry 4.0 revolution objectives, practitioners believe in the strong requirement of a progressive and tight integration between IT and OT departments. In the depicted scenario, communication technologies are expected to play a pivotal role in facilitating the integration process, but other more recent and advanced IT have also proven helpful. In particular, the topic of IT/OT integration has attracted significant attention from various research communities that have sought to identify both the opportunities and challenges associated with its implementation. Although some good surveys of those works have appeared in the literature, to the best of our knowledge, no comprehensive review has yet been conducted that is fully dedicated to the topic of IT/OT convergence. In this paper, we propose a holistic approach to examine the various dimensions of IT/OT integration, which we classify into five interconnected realms, Communication, IT-Driven Support to OT, Human Centricity, Advanced Industrial Control Systems, and cybersecurity. Furthermore, we develop a realm-oriented taxonomy to organize the surveyed works in a structured manner, offering readers a clear overview of the current state of the literature, along with insights into unexplored opportunities and future directions for IT/OT integration.

从学术界和产业界的角度来看，第四次工业革命带来了制造业的范式转变，使企业能够提高在全球市场上的竞争力。为了实现这一目标，制造企业将需要进行深度数字化转型，主要是通过将先进的信息技术（IT）引入传统上数字化程度较低的部门，例如车间，而运营技术（OT）目前在这些部门中占主导地位。为了全面实现工业4.0革命的目标，从业者相信IT和OT部门之间的渐进和紧密集成的强烈需求。在所描述的场景中，通信技术有望在促进集成过程中发挥关键作用，但其他最新和更先进的IT也被证明是有用的。特别是，IT/OT集成的主题已经引起了各种研究团体的极大关注，这些研究团体试图确定与其实施相关的机遇和挑战。尽管文献中已经出现了一些对这些作品的良好调查，但据我们所知，还没有进行全面的审查，完全致力于IT/OT融合的主题。在本文中，我们提出了一种整体方法来检查IT/OT集成的各个维度，我们将其分为五个相互关联的领域，通信，IT驱动的OT支持，以人为本，先进工业控制系统和网络安全。此外，我们开发了一个面向领域的分类法，以结构化的方式组织调查的作品，为读者提供了文献当前状态的清晰概述，以及对IT/OT集成未开发机会和未来方向的见解。

{"title":"Towards IT/OT integration in industry digitalization: A comprehensive survey","authors":"Riccardo Venanzi, Giuseppe Di Modica, Luca Foschini, Paolo Bellavista","doi":"10.1016/j.jnca.2025.104373","DOIUrl":"10.1016/j.jnca.2025.104373","url":null,"abstract":"<div><div>According to both academic and industry perspectives, the Fourth Industrial Revolution has brought about a paradigm shift in the manufacturing sector enabling companies to enhance their competitiveness in the global market. To achieve this goal, manufacturing companies will need to undertake a deep digital transformation, primarily by introducing advanced Information Technology (IT) into traditionally less digitalized departments, such as shop floors, where Operational Technology (OT) currently dominate. For the full achievement of Industry 4.0 revolution objectives, practitioners believe in the strong requirement of a progressive and tight integration between IT and OT departments. In the depicted scenario, communication technologies are expected to play a pivotal role in facilitating the integration process, but other more recent and advanced IT have also proven helpful. In particular, the topic of IT/OT integration has attracted significant attention from various research communities that have sought to identify both the opportunities and challenges associated with its implementation. Although some good surveys of those works have appeared in the literature, to the best of our knowledge, no comprehensive review has yet been conducted that is fully dedicated to the topic of IT/OT convergence. In this paper, we propose a holistic approach to examine the various dimensions of IT/OT integration, which we classify into five interconnected realms, Communication, IT-Driven Support to OT, Human Centricity, Advanced Industrial Control Systems, and cybersecurity. Furthermore, we develop a realm-oriented taxonomy to organize the surveyed works in a structured manner, offering readers a clear overview of the current state of the literature, along with insights into unexplored opportunities and future directions for IT/OT integration.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104373"},"PeriodicalIF":8.0,"publicationDate":"2025-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145441548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0