Journal of Network and Computer Applications最新文献_第4页

Community detection via core node identification and local label diffusion with GraphSAGE boundary refinement in complex networks 复杂网络中基于核心节点识别和GraphSAGE边界细化的局部标签扩散的社区检测

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-24 DOI: 10.1016/j.jnca.2025.104399

Asgarali Bouyer , Pouya Shahgholi , Bahman Arasteh , Amin Golzari Oskouei , Xiaoyang Liu

Community detection is a vital task in social network analysis, enabling the extraction of hidden structures and relationships. However, existing diffusion-based local community detection algorithms often depend on similarity-based scoring, which frequently failing to identify influential core nodes for expanding label. To address these shortcomings, we propose the local detecting and structuring communities (LDSC) method that integrates structural and relational insights with graph-based metrics and deep learning for refined community detection. LDSC uniquely stands out by combining Local Influence (LI) and Adaptive Absorbing Strength (AAS) metrics with GraphSAGE-based boundary refinement and adaptive community merging, tackling persistent challenges like scalability, boundary ambiguity, and structural cohesion unmet by prior methods. The method unfolds in four key phases: (1) Core Node Detection, employing a distinctive metric fusing LI and AAS to identify structurally significant nodes; (2) Label Diffusion, dynamically propagating labels from core nodes to neighbors for precise community formation; (3) Boundary Node Reassignment, using GraphSAGE to resolve ambiguities; and (4) Adaptive Community Merging, using an innovative local merging strategy to enhance cohesion. Evaluations on synthetic LFR benchmarks and real-world networks (e.g., Karate, Dolphins, DBLP, Amazon, LiveJournal, Orkut) demonstrate LDSC's superiority over baseline methods (e.g., LPA, CNM, WalkTrap, Louvain) and state-of-the-art approaches (e.g., Leiden, Infomap, LSMD, CLD_GE, FluidC, LCDR, LS), achieving perfect NMI/ARI (1.0) in Karate and Dolphins, top NMI in LiveJournal (0.92) and Orkut (0.65), average scores of 0.85 NMI and 0.75 ARI, and >15 % NMI improvement in large-scale networks like DBLP, showcasing unmatched accuracy, stability, and efficiency.

社区检测是社会网络分析中的一项重要任务，它可以提取隐藏的结构和关系。然而，现有的基于扩散的局部社区检测算法往往依赖于基于相似度的评分，往往无法识别有影响力的核心节点来扩展标签。为了解决这些缺点，我们提出了局部检测和构建社区（LDSC）方法，该方法将结构和关系洞察力与基于图的度量和深度学习相结合，以实现精细的社区检测。LDSC通过将局部影响（LI）和自适应吸收强度（AAS）指标与基于graphsage的边界细化和自适应社区合并相结合，独特地脱颖而出，解决了先前方法无法解决的可扩展性、边界模糊和结构内聚等持续挑战。该方法分为四个关键阶段：(1)核心节点检测，采用融合LI和AAS的独特度量来识别结构上重要的节点；(2)标签扩散，将标签从核心节点动态传播到相邻节点，以精确形成社区；(3)边界节点重新分配，使用GraphSAGE解决歧义；(4)适应性社区合并，采用创新的局部合并策略增强凝聚力。对合成LFR基准和现实世界网络（例如，空手道、海豚、DBLP、亚马逊、LiveJournal、Orkut）的评估表明，LDSC优于基线方法（例如，LPA、CNM、WalkTrap、Louvain）和最先进的方法（例如，Leiden、Infomap、LSMD、CLD_GE、FluidC、LCDR、LS），在空手道和海豚中实现了完美的NMI/ARI(1.0)，在LiveJournal（0.92）和Orkut（0.65）中实现了最高的NMI，平均得分为0.85 NMI和0.75 ARI。在DBLP等大型网络中，NMI提高了15%，展示了无与伦比的准确性、稳定性和效率。

{"title":"Community detection via core node identification and local label diffusion with GraphSAGE boundary refinement in complex networks","authors":"Asgarali Bouyer , Pouya Shahgholi , Bahman Arasteh , Amin Golzari Oskouei , Xiaoyang Liu","doi":"10.1016/j.jnca.2025.104399","DOIUrl":"10.1016/j.jnca.2025.104399","url":null,"abstract":"<div><div>Community detection is a vital task in social network analysis, enabling the extraction of hidden structures and relationships. However, existing diffusion-based local community detection algorithms often depend on similarity-based scoring, which frequently failing to identify influential core nodes for expanding label. To address these shortcomings, we propose the local detecting and structuring communities (LDSC) method that integrates structural and relational insights with graph-based metrics and deep learning for refined community detection. LDSC uniquely stands out by combining Local Influence (LI) and Adaptive Absorbing Strength (AAS) metrics with GraphSAGE-based boundary refinement and adaptive community merging, tackling persistent challenges like scalability, boundary ambiguity, and structural cohesion unmet by prior methods. The method unfolds in four key phases: (1) Core Node Detection, employing a distinctive metric fusing LI and AAS to identify structurally significant nodes; (2) Label Diffusion, dynamically propagating labels from core nodes to neighbors for precise community formation; (3) Boundary Node Reassignment, using GraphSAGE to resolve ambiguities; and (4) Adaptive Community Merging, using an innovative local merging strategy to enhance cohesion. Evaluations on synthetic LFR benchmarks and real-world networks (e.g., Karate, Dolphins, DBLP, Amazon, LiveJournal, Orkut) demonstrate LDSC's superiority over baseline methods (e.g., LPA, CNM, WalkTrap, Louvain) and state-of-the-art approaches (e.g., Leiden, Infomap, LSMD, CLD_GE, FluidC, LCDR, LS), achieving perfect NMI/ARI (1.0) in Karate and Dolphins, top NMI in LiveJournal (0.92) and Orkut (0.65), average scores of 0.85 NMI and 0.75 ARI, and >15 % NMI improvement in large-scale networks like DBLP, showcasing unmatched accuracy, stability, and efficiency.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104399"},"PeriodicalIF":8.0,"publicationDate":"2025-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145593083","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ARProof: A cross-protocol approach to detect and mitigate ARP-spoofing attacks in smart home networks ARProof：一种在智能家庭网络中检测和减轻arp欺骗攻击的跨协议方法

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-24 DOI: 10.1016/j.jnca.2025.104396

Md Mizanur Rahman , Faycal Bouhafs , Sayed Amir Hoseini , Frank den Hartog

Smart homes are increasingly vulnerable to cyberattacks that lead to network instability, causing homeowners to lodge complaints with their Broadband Service Providers (BSPs). Therefore, effective and timely detection of cyberattacks is crucial for both customers and BSPs. Address Resolution Protocol (ARP) spoofing is one of the most common attacks that can facilitate larger and more severe follow-up attacks. Unfortunately, there are currently no methods that can effectively detect and mitigate ARP spoofing in smart homes from a BSP’s perspective. Current Machine Learning (ML)-based methods often rely on a single dataset from a controlled lab environment designed to mimic a single home, assuming that the results will generalize to all smart homes. Our findings indicate that this assumption is flawed. They are also unsuitable for smart homes from a BSP’s perspective, as they require custom applications, introduce additional overhead, and often rely on the injection of probing traffic into the network. To address these issues, we developed an algorithm that can detect ARP spoofing in smart home networks, regardless of the network structure or connected devices. It uses a cross-protocol strategy by correlating ARP packets with Dynamic Host Configuration Protocol (DHCP) messages to validate address bindings. We evaluated our method using four public datasets and two real-world testbeds, achieving 100% detection accuracy in all scenarios. In addition, the algorithm requires only little computational overhead, confirming its suitability for use by BSPs to detect and mitigate ARP spoofing attacks in smart homes.

智能家居越来越容易受到网络攻击，导致网络不稳定，导致房主向他们的宽带服务提供商（bsp）投诉。因此，有效、及时地检测网络攻击对客户和bsp都至关重要。ARP （Address Resolution Protocol）欺骗是一种最常见的攻击方式，它可以引发更大规模、更严重的后续攻击。不幸的是，从BSP的角度来看，目前还没有方法可以有效地检测和减轻智能家居中的ARP欺骗。当前基于机器学习（ML）的方法通常依赖于来自受控实验室环境的单个数据集，该环境旨在模拟单个家庭，并假设结果将推广到所有智能家庭。我们的发现表明，这种假设是有缺陷的。从BSP的角度来看，它们也不适合智能家居，因为它们需要定制应用程序，引入额外的开销，并且通常依赖于向网络注入探测流量。为了解决这些问题，我们开发了一种算法，可以检测智能家庭网络中的ARP欺骗，无论网络结构或连接的设备如何。它使用跨协议策略，通过将ARP报文与DHCP （Dynamic Host Configuration Protocol）消息关联来验证地址绑定。我们使用四个公共数据集和两个真实世界的测试平台来评估我们的方法，在所有场景下都实现了100%的检测准确率。此外，该算法只需要很少的计算开销，证实了bsp使用它来检测和减轻智能家居中的ARP欺骗攻击的适用性。

{"title":"ARProof: A cross-protocol approach to detect and mitigate ARP-spoofing attacks in smart home networks","authors":"Md Mizanur Rahman , Faycal Bouhafs , Sayed Amir Hoseini , Frank den Hartog","doi":"10.1016/j.jnca.2025.104396","DOIUrl":"10.1016/j.jnca.2025.104396","url":null,"abstract":"<div><div>Smart homes are increasingly vulnerable to cyberattacks that lead to network instability, causing homeowners to lodge complaints with their Broadband Service Providers (BSPs). Therefore, effective and timely detection of cyberattacks is crucial for both customers and BSPs. Address Resolution Protocol (ARP) spoofing is one of the most common attacks that can facilitate larger and more severe follow-up attacks. Unfortunately, there are currently no methods that can effectively detect and mitigate ARP spoofing in smart homes from a BSP’s perspective. Current Machine Learning (ML)-based methods often rely on a single dataset from a controlled lab environment designed to mimic a single home, assuming that the results will generalize to all smart homes. Our findings indicate that this assumption is flawed. They are also unsuitable for smart homes from a BSP’s perspective, as they require custom applications, introduce additional overhead, and often rely on the injection of probing traffic into the network. To address these issues, we developed an algorithm that can detect ARP spoofing in smart home networks, regardless of the network structure or connected devices. It uses a cross-protocol strategy by correlating ARP packets with Dynamic Host Configuration Protocol (DHCP) messages to validate address bindings. We evaluated our method using four public datasets and two real-world testbeds, achieving 100% detection accuracy in all scenarios. In addition, the algorithm requires only little computational overhead, confirming its suitability for use by BSPs to detect and mitigate ARP spoofing attacks in smart homes.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"246 ","pages":"Article 104396"},"PeriodicalIF":8.0,"publicationDate":"2025-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145593077","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Data evacuation optimization using multi-objective reinforcement learning 基于多目标强化学习的数据疏散优化

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-19 DOI: 10.1016/j.jnca.2025.104390

Xiaole Li , Yinghui Jiang , Xing Wang , Jiuru Wang , Lei Gao , Shanwen Yi

After some disaster occurs, rapid data evacuation among cloud data centers is of great importance. Data evacuation optimization is a two-stage process including destination selection and flow scheduling. These two stages are related to each other, while evacuation efficiency is affected by evacuation distance, bandwidth allocation ratio, and total amount of evacuation flow at the same time. The mutual constraints among multiple factors make it difficult to find or approximate the optimal solution via single-objective optimization. This paper proposes a new two-stage data evacuation strategy using multi-objective reinforcement learning, with evacuation flow optimization as the central optimization objective across both stages. In the first stage, it simultaneously minimizes total path length and maximizes the total available bandwidth to determine source–destination pair for every evacuation transfer. In the second stage, it simultaneously allocates proportional bandwidth and maximizes the total amount of evacuation flow to find path and allocate bandwidth for every evacuation transfer. Reward function is set based on classifying candidate sets to search for optimal solution while ensuring that feasible solutions are obtained. Chebyshev scalarization function is used to evaluate action rewards and optimize action selection process. Performance comparison is implemented with state-of-the-art algorithms based on different data volumes and network scales. Simulation result demonstrates that the new strategy outperforms other algorithms with higher evacuation efficiency, good convergence and robustness.

在灾难发生后，云数据中心之间的快速数据疏散是非常重要的。数据疏散优化是一个包括目的地选择和流量调度两个阶段的过程。这两个阶段是相互关联的，疏散效率同时受到疏散距离、带宽分配比例和疏散流量总量的影响。多因素之间的相互约束使得单目标优化很难找到或逼近最优解。本文提出了一种新的基于多目标强化学习的两阶段数据疏散策略，并将疏散流优化作为两阶段的中心优化目标。在第一阶段，它同时最小化总路径长度和最大化总可用带宽，以确定每次疏散传输的源-目的对。第二阶段，在分配比例带宽的同时，使疏散流总量最大化，为每个疏散转移寻找路径并分配带宽。在对候选集进行分类的基础上设置奖励函数，在保证获得可行解的前提下寻找最优解。采用切比雪夫标量函数对行动奖励进行评价，优化行动选择过程。基于不同的数据量和网络规模，使用最先进的算法实现性能比较。仿真结果表明，该策略具有较高的疏散效率、较好的收敛性和鲁棒性。

{"title":"Data evacuation optimization using multi-objective reinforcement learning","authors":"Xiaole Li , Yinghui Jiang , Xing Wang , Jiuru Wang , Lei Gao , Shanwen Yi","doi":"10.1016/j.jnca.2025.104390","DOIUrl":"10.1016/j.jnca.2025.104390","url":null,"abstract":"<div><div>After some disaster occurs, rapid data evacuation among cloud data centers is of great importance. Data evacuation optimization is a two-stage process including destination selection and flow scheduling. These two stages are related to each other, while evacuation efficiency is affected by evacuation distance, bandwidth allocation ratio, and total amount of evacuation flow at the same time. The mutual constraints among multiple factors make it difficult to find or approximate the optimal solution via single-objective optimization. This paper proposes a new two-stage data evacuation strategy using multi-objective reinforcement learning, with evacuation flow optimization as the central optimization objective across both stages. In the first stage, it simultaneously minimizes total path length and maximizes the total available bandwidth to determine source–destination pair for every evacuation transfer. In the second stage, it simultaneously allocates proportional bandwidth and maximizes the total amount of evacuation flow to find path and allocate bandwidth for every evacuation transfer. Reward function is set based on classifying candidate sets to search for optimal solution while ensuring that feasible solutions are obtained. Chebyshev scalarization function is used to evaluate action rewards and optimize action selection process. Performance comparison is implemented with state-of-the-art algorithms based on different data volumes and network scales. Simulation result demonstrates that the new strategy outperforms other algorithms with higher evacuation efficiency, good convergence and robustness.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104390"},"PeriodicalIF":8.0,"publicationDate":"2025-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145560057","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Verkle-Accumulator-Based Multiple State Verifiable and Updatable (VA-MSVU) scheme for blockchain 基于verk累加器的区块链多状态可验证和可更新（VA-MSVU）方案

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-14 DOI: 10.1016/j.jnca.2025.104392

Shangping Wang, Juanjuan Ma, Qi Huang, Xiaoling Xie

As the application scope of blockchain technology continues to expand, challenges arise in the state verification of blockchain systems based on account models. Traditionally, Merkle Patricia Tries are used to maintain the state of the world, and the verification of a specific data block needs to be verified step by step up to the root node, which guarantees the data integrity, but in large-scale systems, problems such as low efficiency of verification and updating, insufficient security, and increased storage demand still occur, which affects the performance of blockchain networks. In this paper, we propose a Verkle-Accumulator-Based Multiple State Verifiable and Updatable (VA-MSVU) scheme for blockchain. The scheme integrates Verkle tree (VT), Verkle accumulator (VA), KZG polynomial commitment, and aggregated proofs to verify the integrity of multiple account states in batches. By mapping account states to the VT, our approach enhances security, reduces the size of state data, and improves both verification speed and update efficiency. Simulation results show that the VA-MSVU scheme has smaller proof size and faster verification speed than the existing stored data structure, demonstrating the advantages of the VA-MSVU scheme in terms of simplicity and efficiency. For verifying multiple account states, the aggregated proofs of the scheme have significant advantages over KZG polynomial commitment and single-point proof, excelling in proof size, verification and update rate. In addition, by adjusting the branching factor in Verkle tree, a trade-off between computational overhead and communication is achieved to improve the adaptability of the system to different network scenarios.

随着区块链技术应用范围的不断扩大，基于账户模型的区块链系统状态验证出现了挑战。传统上使用Merkle Patricia Tries来维护世界的状态，特定数据块的验证需要逐级验证到根节点，保证了数据的完整性，但在大规模系统中，仍然会出现验证更新效率低、安全性不足、存储需求增加等问题，影响区块链网络的性能。在本文中，我们提出了一种基于verle - accumulator的区块链多状态可验证和可更新（VA-MSVU）方案。该方案集成了Verkle树（VT）、Verkle累加器（VA）、KZG多项式承诺和聚合证明，以批量验证多个账户状态的完整性。通过将帐户状态映射到VT，我们的方法增强了安全性，减少了状态数据的大小，并提高了验证速度和更新效率。仿真结果表明，与现有存储的数据结构相比，VA-MSVU方案具有更小的证明尺寸和更快的验证速度，证明了VA-MSVU方案在简单和高效方面的优势。对于验证多账户状态，该方案的聚合证明比KZG多项式承诺和单点证明具有显著的优势，在证明大小、验证和更新速度方面都具有优势。此外，通过调整Verkle树的分支因子，实现了计算开销和通信之间的平衡，提高了系统对不同网络场景的适应性。

{"title":"Verkle-Accumulator-Based Multiple State Verifiable and Updatable (VA-MSVU) scheme for blockchain","authors":"Shangping Wang, Juanjuan Ma, Qi Huang, Xiaoling Xie","doi":"10.1016/j.jnca.2025.104392","DOIUrl":"10.1016/j.jnca.2025.104392","url":null,"abstract":"<div><div>As the application scope of blockchain technology continues to expand, challenges arise in the state verification of blockchain systems based on account models. Traditionally, Merkle Patricia Tries are used to maintain the state of the world, and the verification of a specific data block needs to be verified step by step up to the root node, which guarantees the data integrity, but in large-scale systems, problems such as low efficiency of verification and updating, insufficient security, and increased storage demand still occur, which affects the performance of blockchain networks. In this paper, we propose a Verkle-Accumulator-Based Multiple State Verifiable and Updatable (VA-MSVU) scheme for blockchain. The scheme integrates Verkle tree (VT), Verkle accumulator (VA), KZG polynomial commitment, and aggregated proofs to verify the integrity of multiple account states in batches. By mapping account states to the VT, our approach enhances security, reduces the size of state data, and improves both verification speed and update efficiency. Simulation results show that the VA-MSVU scheme has smaller proof size and faster verification speed than the existing stored data structure, demonstrating the advantages of the VA-MSVU scheme in terms of simplicity and efficiency. For verifying multiple account states, the aggregated proofs of the scheme have significant advantages over KZG polynomial commitment and single-point proof, excelling in proof size, verification and update rate. In addition, by adjusting the branching factor in Verkle tree, a trade-off between computational overhead and communication is achieved to improve the adaptability of the system to different network scenarios.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104392"},"PeriodicalIF":8.0,"publicationDate":"2025-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Understanding the Wi-Fi and VR streaming interplay: A comprehensible simulation and experimental study 了解Wi-Fi和VR流媒体的相互作用：一个可理解的模拟和实验研究

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-14 DOI: 10.1016/j.jnca.2025.104391

Boris Bellalta, Miguel Casasnovas, Ferran Maura, Alejandro Rodríguez, Juan S. Marquerie, Pablo L. García, Francesc Wilhelmi, Josep Blat

This paper evaluates the performance of Wi-Fi networks for interactive Virtual Reality (VR) streaming with adaptive bitrate control. It focuses on the interaction between VR traffic characteristics and Wi-Fi link-layer mechanisms, studying how this relationship impacts key performance indicators such as throughput, latency, and user scalability. We begin by outlining the architecture, operation, traffic patterns, and performance demands of cloud/edge split-rendering VR systems. Then, using simulations, we investigate both single-user scenarios — examining the effects of modulation and coding schemes (MCSs) and user-to-access point (AP) distance on bitrate sustainability and latency — and multi-user scenarios, assessing how many concurrent VR users a single AP can support. Results show that the use of adaptive bitrate (ABR) streaming, as exemplified by our NeSt-VR algorithm, significantly outperforms constant bitrate (CBR) approaches, enhancing user capacity and resilience to changing channel propagation conditions. To validate the simulation findings, we conduct an experimental evaluation using Rooms, an open-source eXtended Reality (XR) content creation platform. The experimental results closely match the simulations, reinforcing the conclusion that adaptive bitrate control substantially improves Wi-Fi’s ability to support reliable, multiuser interactive VR streaming.

本文评估了具有自适应比特率控制的交互式虚拟现实（VR）流的Wi-Fi网络的性能。它侧重于VR流量特征与Wi-Fi链路层机制之间的交互，研究这种关系如何影响吞吐量、延迟和用户可扩展性等关键性能指标。我们首先概述了云/边缘分割渲染VR系统的架构、操作、流量模式和性能需求。然后，通过模拟，我们研究了单用户场景（检查调制和编码方案（MCSs）和用户到接入点（AP）距离对比特率可持续性和延迟的影响）和多用户场景（评估单个AP可以支持多少并发VR用户）。结果表明，使用自适应比特率（ABR）流，如我们的NeSt-VR算法所示，显著优于恒定比特率（CBR）方法，增强了用户容量和对不断变化的信道传播条件的弹性。为了验证模拟结果，我们使用开源扩展现实（XR）内容创建平台Rooms进行了实验评估。实验结果与模拟结果非常吻合，强化了自适应比特率控制大大提高Wi-Fi支持可靠的多用户交互式VR流的能力的结论。

{"title":"Understanding the Wi-Fi and VR streaming interplay: A comprehensible simulation and experimental study","authors":"Boris Bellalta, Miguel Casasnovas, Ferran Maura, Alejandro Rodríguez, Juan S. Marquerie, Pablo L. García, Francesc Wilhelmi, Josep Blat","doi":"10.1016/j.jnca.2025.104391","DOIUrl":"10.1016/j.jnca.2025.104391","url":null,"abstract":"<div><div>This paper evaluates the performance of Wi-Fi networks for interactive Virtual Reality (VR) streaming with adaptive bitrate control. It focuses on the interaction between VR traffic characteristics and Wi-Fi link-layer mechanisms, studying how this relationship impacts key performance indicators such as throughput, latency, and user scalability. We begin by outlining the architecture, operation, traffic patterns, and performance demands of cloud/edge split-rendering VR systems. Then, using simulations, we investigate both single-user scenarios — examining the effects of modulation and coding schemes (MCSs) and user-to-access point (AP) distance on bitrate sustainability and latency — and multi-user scenarios, assessing how many concurrent VR users a single AP can support. Results show that the use of adaptive bitrate (ABR) streaming, as exemplified by our NeSt-VR algorithm, significantly outperforms constant bitrate (CBR) approaches, enhancing user capacity and resilience to changing channel propagation conditions. To validate the simulation findings, we conduct an experimental evaluation using Rooms, an open-source eXtended Reality (XR) content creation platform. The experimental results closely match the simulations, reinforcing the conclusion that adaptive bitrate control substantially improves Wi-Fi’s ability to support reliable, multiuser interactive VR streaming.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104391"},"PeriodicalIF":8.0,"publicationDate":"2025-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Privacy-preserving trajectory data publication: A distributed approach without trusted servers 保护隐私的轨迹数据发布：没有可信服务器的分布式方法

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-14 DOI: 10.1016/j.jnca.2025.104388

Jong Wook Kim , Beakcheol Jang

The widespread adoption of mobile devices, coupled with the rapid advancement of GPS and positioning technologies, has led to a significant increase in the collection of trajectory data. This trajectory data serves as a critical resource for numerous applications, leading to an increasing demand for its sharing and publication. However, the sensitive nature of trajectory data poses significant privacy risks, necessitating the development of privacy-preserving publication schemes. Differential privacy (DP) has emerged as a leading approach for protecting individual trajectories during data publication, but many existing approaches rely on a trusted central server, an assumption that is unrealistic in practical settings. In this paper, we present DistTraj, a novel distributed framework for privacy-preserving trajectory data publishing that eliminates the need for a trusted central server. The proposed framework leverages a distributed clustering scheme to generalize trajectories without relying on a centralized trusted server. To improve the effectiveness of DP in this decentralized setting, we propose a method to establish a tighter bound on the global sensitivity of the DP mechanism within the clustering process. Through extensive experiments on real-world datasets, we demonstrate that the proposed DistTraj framework, even without relying on a trusted central server, achieves performance comparable to state-of-the-art central server-based methods. These results show that DistTraj successfully balances privacy preservation and data utility in decentralized environments, where trusting a central server is impractical or infeasible.

移动设备的广泛采用，加上GPS和定位技术的快速发展，导致了轨道数据收集的显著增加。这些轨迹数据是许多应用程序的关键资源，导致对其共享和发布的需求不断增加。然而，轨迹数据的敏感性带来了重大的隐私风险，需要开发保护隐私的发布方案。差分隐私（DP）已成为数据发布期间保护个人轨迹的主要方法，但许多现有方法依赖于可信的中央服务器，这一假设在实际设置中是不现实的。在本文中，我们提出了DistTraj，这是一种新颖的分布式框架，用于保护隐私的轨迹数据发布，消除了对可信中央服务器的需求。提出的框架利用分布式集群方案来泛化轨迹，而不依赖于集中式可信服务器。为了提高这种分散环境下DP的有效性，我们提出了一种在聚类过程中对DP机制的全局敏感性建立更严格约束的方法。通过对真实世界数据集的广泛实验，我们证明了所提出的DistTraj框架，即使不依赖于可信的中央服务器，也可以实现与最先进的基于中央服务器的方法相当的性能。这些结果表明，DistTraj在去中心化环境中成功地平衡了隐私保护和数据效用，在去中心化环境中，信任中央服务器是不切实际或不可行的。

{"title":"Privacy-preserving trajectory data publication: A distributed approach without trusted servers","authors":"Jong Wook Kim , Beakcheol Jang","doi":"10.1016/j.jnca.2025.104388","DOIUrl":"10.1016/j.jnca.2025.104388","url":null,"abstract":"<div><div>The widespread adoption of mobile devices, coupled with the rapid advancement of GPS and positioning technologies, has led to a significant increase in the collection of trajectory data. This trajectory data serves as a critical resource for numerous applications, leading to an increasing demand for its sharing and publication. However, the sensitive nature of trajectory data poses significant privacy risks, necessitating the development of privacy-preserving publication schemes. Differential privacy (DP) has emerged as a leading approach for protecting individual trajectories during data publication, but many existing approaches rely on a trusted central server, an assumption that is unrealistic in practical settings. In this paper, we present DistTraj, a novel distributed framework for privacy-preserving trajectory data publishing that eliminates the need for a trusted central server. The proposed framework leverages a distributed clustering scheme to generalize trajectories without relying on a centralized trusted server. To improve the effectiveness of DP in this decentralized setting, we propose a method to establish a tighter bound on the global sensitivity of the DP mechanism within the clustering process. Through extensive experiments on real-world datasets, we demonstrate that the proposed DistTraj framework, even without relying on a trusted central server, achieves performance comparable to state-of-the-art central server-based methods. These results show that DistTraj successfully balances privacy preservation and data utility in decentralized environments, where trusting a central server is impractical or infeasible.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104388"},"PeriodicalIF":8.0,"publicationDate":"2025-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531184","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Dynamic searchable symmetric encryption with efficient conjunctive query and non-interactive real deletion 具有高效联合查询和非交互式实删除的动态可搜索对称加密

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104387

Zhengwei Ren , Pei He , Rongwei Yu , Li Deng , Yan Tong , Shiwei Xu

Dynamic searchable symmetric encryption (DSSE) enables users to perform update and search operations over encrypted data on cloud servers. However, many DSSE schemes are unable to efficiently perform conjunctive queries containing multiple keywords, limiting their search capabilities. Those DSSE schemes supporting conjunctive query fail to achieve real deletion, affecting the efficiencies of subsequent searches. In this paper, we propose a DSSE scheme supporting conjunctive query and non-interactive real deletion simultaneously. For a conjunctive query containing multiple keywords, we adjust the positions of these keywords so that the keyword contained by the least number of document(s) is at the forefront of the conjunctive query. The document(s) containing this keyword are then located, and on the basis of the document(s) the remaining keywords are checked to obtain the final search result. Moreover, cuckoo filter is adopted to store the ciphertext to be searched, making the conjunctive query efficient. We deploy two search databases on the cloud server to achieve non-interactive real deletion. Benefiting from these two databases, the deleted ciphertext will be physically removed from the cloud server with no impact on subsequent searches, improving search efficiencies of subsequent searches. Our scheme only utilizes a few hash functions and a pseudorandom function, while the forward privacy and backward privacy are still achieved. We conduct a formal security analysis and extensive experimental evaluations, showing that our scheme has efficiency advantages in both update and search processes.

动态可搜索对称加密（DSSE）使用户能够对云服务器上的加密数据执行更新和搜索操作。然而，许多DSSE方案无法有效地执行包含多个关键字的连接查询，限制了它们的搜索能力。支持连接查询的DSSE方案无法实现真正的删除，影响后续搜索的效率。本文提出了一种同时支持联合查询和非交互式实删除的DSSE方案。对于包含多个关键字的连接查询，我们调整这些关键字的位置，以便由最少数量的文档包含的关键字位于连接查询的最前面。然后找到包含此关键字的文档，并在该文档的基础上检查其余关键字以获得最终搜索结果。此外，采用杜鹃滤波器存储待搜索的密文，提高了连接查询的效率。我们在云服务器上部署两个搜索数据库，实现非交互式的真实删除。得益于这两个数据库，删除的密文将从云服务器上物理移除，不会影响后续搜索，提高后续搜索的搜索效率。我们的方案只使用了几个哈希函数和一个伪随机函数，同时仍然实现了前向隐私和后向隐私。我们进行了正式的安全性分析和广泛的实验评估，表明我们的方案在更新和搜索过程中都具有效率优势。

{"title":"Dynamic searchable symmetric encryption with efficient conjunctive query and non-interactive real deletion","authors":"Zhengwei Ren , Pei He , Rongwei Yu , Li Deng , Yan Tong , Shiwei Xu","doi":"10.1016/j.jnca.2025.104387","DOIUrl":"10.1016/j.jnca.2025.104387","url":null,"abstract":"<div><div>Dynamic searchable symmetric encryption (DSSE) enables users to perform update and search operations over encrypted data on cloud servers. However, many DSSE schemes are unable to efficiently perform conjunctive queries containing multiple keywords, limiting their search capabilities. Those DSSE schemes supporting conjunctive query fail to achieve real deletion, affecting the efficiencies of subsequent searches. In this paper, we propose a DSSE scheme supporting conjunctive query and non-interactive real deletion simultaneously. For a conjunctive query containing multiple keywords, we adjust the positions of these keywords so that the keyword contained by the least number of document(s) is at the forefront of the conjunctive query. The document(s) containing this keyword are then located, and on the basis of the document(s) the remaining keywords are checked to obtain the final search result. Moreover, cuckoo filter is adopted to store the ciphertext to be searched, making the conjunctive query efficient. We deploy two search databases on the cloud server to achieve non-interactive real deletion. Benefiting from these two databases, the deleted ciphertext will be physically removed from the cloud server with no impact on subsequent searches, improving search efficiencies of subsequent searches. Our scheme only utilizes a few hash functions and a pseudorandom function, while the forward privacy and backward privacy are still achieved. We conduct a formal security analysis and extensive experimental evaluations, showing that our scheme has efficiency advantages in both update and search processes.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104387"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Task scheduling of cloud computing system by frilled lizard optimization with time varying expansion mixed function oscillation and horned lizard camouflage strategy 基于时变扩展混合函数振荡的褶边蜥蜴优化和角蜥蜴伪装策略的云计算系统任务调度

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104386

Hao-Ming Song, Si-Wen Zhang, Jie-Sheng Wang, Cheng Xing, Yu-Feng Sun, Yu-Cai Wang, Xiao-Fei Sui

With the increasing complexity and scale of cloud computing systems, task scheduling optimization has become critical for improving resource utilization, enhancing service reliability, and reducing overall energy consumption. Traditional swarm intelligence algorithms often struggle to achieve an effective balance between global exploration and local exploitation, leading to premature convergence or sub-optimal solutions, particularly in large-scale and high-dimensional problem scenarios. To address these challenges, this study proposes a Time Varying Mixed Function Frilled Lizard Optimization algorithm (TMCFLO) that incorporates a horned lizard-inspired camouflage strategy to increase population diversity and prevent premature convergence, alongside a novel mixed function oscillation mechanism, combining sine, cosine, power, logarithm, and Gaussian functions, to enhance local search precision and convergence efficiency. A time-varying expansion factor is further introduced to dynamically regulate oscillation amplitude, ensuring adaptive adjustment of search behavior throughout the optimization process. Extensive evaluations on the CEC 2022 benchmark set demonstrate that TMCFLO outperforms classical algorithms, including PSO, ACO, WOA, AOA, POA, ZOA, HO, RLLPSO and IHBA, achieving up to 26 percent improvement in optimization accuracy. In practical cloud computing task scheduling experiments with 1500 and 3000 tasks, TMCFLO achieves the lowest single task energy consumption of 0.2196, the lowest total energy consumption of 658.80, and the highest energy efficiency of 4.5569, confirming its effectiveness, scalability, and energy-efficient superiority for complex cloud scheduling problems.

随着云计算系统复杂度和规模的不断提高，优化任务调度对于提高资源利用率、增强业务可靠性、降低整体能耗具有重要意义。传统的群体智能算法往往难以实现全局探索和局部开发之间的有效平衡，导致过早收敛或次优解决方案，特别是在大规模和高维问题场景中。为了解决这些挑战，本研究提出了一种时变混合函数褶边蜥蜴优化算法（TMCFLO），该算法结合了角蜥蜴的伪装策略来增加种群多样性并防止早熟收敛，以及一种新的混合函数振荡机制，结合了正弦、余弦、幂、对数和高斯函数，以提高局部搜索精度和收敛效率。进一步引入时变扩展因子来动态调节振荡幅度，保证在整个优化过程中搜索行为的自适应调整。对CEC 2022基准集的广泛评估表明，TMCFLO优于经典算法，包括PSO， ACO， WOA， AOA， POA， ZOA， HO， RLLPSO和IHBA，优化精度提高了26%。在1500任务和3000任务的实际云计算任务调度实验中，TMCFLO的单任务能耗最低为0.2196，总能耗最低为658.80，能效最高为4.5569，验证了其在复杂云调度问题上的有效性、可扩展性和节能优势。

{"title":"Task scheduling of cloud computing system by frilled lizard optimization with time varying expansion mixed function oscillation and horned lizard camouflage strategy","authors":"Hao-Ming Song, Si-Wen Zhang, Jie-Sheng Wang, Cheng Xing, Yu-Feng Sun, Yu-Cai Wang, Xiao-Fei Sui","doi":"10.1016/j.jnca.2025.104386","DOIUrl":"10.1016/j.jnca.2025.104386","url":null,"abstract":"<div><div>With the increasing complexity and scale of cloud computing systems, task scheduling optimization has become critical for improving resource utilization, enhancing service reliability, and reducing overall energy consumption. Traditional swarm intelligence algorithms often struggle to achieve an effective balance between global exploration and local exploitation, leading to premature convergence or sub-optimal solutions, particularly in large-scale and high-dimensional problem scenarios. To address these challenges, this study proposes a Time Varying Mixed Function Frilled Lizard Optimization algorithm (TMCFLO) that incorporates a horned lizard-inspired camouflage strategy to increase population diversity and prevent premature convergence, alongside a novel mixed function oscillation mechanism, combining sine, cosine, power, logarithm, and Gaussian functions, to enhance local search precision and convergence efficiency. A time-varying expansion factor is further introduced to dynamically regulate oscillation amplitude, ensuring adaptive adjustment of search behavior throughout the optimization process. Extensive evaluations on the CEC 2022 benchmark set demonstrate that TMCFLO outperforms classical algorithms, including PSO, ACO, WOA, AOA, POA, ZOA, HO, RLLPSO and IHBA, achieving up to 26 percent improvement in optimization accuracy. In practical cloud computing task scheduling experiments with 1500 and 3000 tasks, TMCFLO achieves the lowest single task energy consumption of 0.2196, the lowest total energy consumption of 658.80, and the highest energy efficiency of 4.5569, confirming its effectiveness, scalability, and energy-efficient superiority for complex cloud scheduling problems.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104386"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145528948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Design, implementation, and performance evaluation of a high-performance and high-precision NetFlow/IPFIX flow-monitoring system on a P4 hardware switch 基于P4硬件交换机的高性能高精度NetFlow/IPFIX流量监控系统的设计、实现及性能评估

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104385

Shie-Yuan Wang , Tzu-Ching Lin

High-performance and high-precision flow monitoring is a crucial function for network management, network bandwidth usage accounting and billing, network security, network forensics, and other important tasks. Nowadays, many commercial switches/routers provide either sFlow, NetFlow, or IPFIX scheme for monitoring the flows traversing a network. sFlow is a scheme widely supported by many switches/routers due to its using a sampling-based method, which greatly reduces the CPU processing load on a switch/router and the network bandwidth required to transmit flow data to a remote collector. However, many small flows may go undetected and the estimated flow data (e.g., the packet count and byte count) for detected flows can significantly deviate from their ground truth.

NetFlow, which is Cisco Systems’ proprietary technology, does not use a sampling-based method by default. Instead, it tries to collect complete and correct flow data for every flow. However, as the link speed and the flow arrival rate continue to increase, NetFlow also provides a sampling-based option to reduce the CPU utilization of the switch/router. Because NetFlow is proprietary, an Internet Engineering Task Force (IETF) working group has defined IPFIX as an open flow information export protocol based on NetFlow Version 9. The requirements for IPFIX are defined in the RFC 3917 standards. Basically, IPFIX is the same as NetFlow Version 9.

Due to its high demand on the CPU of the switch/router, currently NetFlow is supported only on very high-end switches/routers and its design and implementation on these commercial switches/routers are not published in the literature. In this paper, we design and implement a high-performance and high-precision NetFlow/IPFIX system on a Programming Protocol-independent Packet Processors (P4) hardware switch. Based on a 20 Gbps playback of a packet trace gathered on an Internet backbone link, experimental results show that our novel method significantly outperforms the typical design and implementation method of NetFlow/IPFIX on a P4 hardware switch. For example, for the number of detected flows during the trace period, our method outperforms the typical method by a factor of 5.72. As for the number of flows whose packet and byte counts are correctly counted, our method outperforms the typical method by a factor of 8.57.

高性能、高精度的流量监控是网络管理、网络带宽计费、网络安全、网络取证等重要任务的关键功能。目前，许多商用交换机/路由器提供sFlow、NetFlow或IPFIX方案来监控流经网络的流量。sFlow是一种被许多交换机/路由器广泛支持的方案，因为它使用了基于采样的方法，大大降低了交换机/路由器的CPU处理负载和将流数据传输到远程采集器所需的网络带宽。然而，许多小流可能未被检测到，并且检测到的流的估计流数据（例如，数据包计数和字节计数）可能会明显偏离其基本事实。NetFlow是思科系统的专利技术，默认情况下不使用基于采样的方法。相反，它试图为每个流收集完整和正确的流量数据。然而，随着链路速度和流量到达率的不断增加，NetFlow还提供了一个基于采样的选项，以降低交换机/路由器的CPU利用率。由于NetFlow是专有的，互联网工程任务组（IETF）工作组已经将IPFIX定义为基于NetFlow Version 9的开放流量信息导出协议。对IPFIX的要求在RFC 3917标准中有定义。基本上，IPFIX与NetFlow Version 9相同。由于NetFlow对交换机/路由器CPU的要求很高，目前NetFlow只支持在非常高端的交换机/路由器上，其在这些商用交换机/路由器上的设计和实现没有在文献中发表。在本文中，我们设计并实现了一个基于P4 （Programming Protocol-independent Packet Processors）硬件交换机的高性能、高精度NetFlow/IPFIX系统。实验结果表明，该方法明显优于典型的NetFlow/IPFIX在P4硬件交换机上的设计和实现方法。例如，对于跟踪期间检测到的流的数量，我们的方法比典型方法的性能高出5.72倍。对于正确计算数据包和字节计数的流的数量，我们的方法比典型方法的性能高出8.57倍。

{"title":"Design, implementation, and performance evaluation of a high-performance and high-precision NetFlow/IPFIX flow-monitoring system on a P4 hardware switch","authors":"Shie-Yuan Wang , Tzu-Ching Lin","doi":"10.1016/j.jnca.2025.104385","DOIUrl":"10.1016/j.jnca.2025.104385","url":null,"abstract":"<div><div>High-performance and high-precision flow monitoring is a crucial function for network management, network bandwidth usage accounting and billing, network security, network forensics, and other important tasks. Nowadays, many commercial switches/routers provide either sFlow, NetFlow, or IPFIX scheme for monitoring the flows traversing a network. sFlow is a scheme widely supported by many switches/routers due to its using a sampling-based method, which greatly reduces the CPU processing load on a switch/router and the network bandwidth required to transmit flow data to a remote collector. However, many small flows may go undetected and the estimated flow data (e.g., the packet count and byte count) for detected flows can significantly deviate from their ground truth.</div><div>NetFlow, which is Cisco Systems’ proprietary technology, does not use a sampling-based method by default. Instead, it tries to collect complete and correct flow data for every flow. However, as the link speed and the flow arrival rate continue to increase, NetFlow also provides a sampling-based option to reduce the CPU utilization of the switch/router. Because NetFlow is proprietary, an Internet Engineering Task Force (IETF) working group has defined IPFIX as an open flow information export protocol based on NetFlow Version 9. The requirements for IPFIX are defined in the RFC 3917 standards. Basically, IPFIX is the same as NetFlow Version 9.</div><div>Due to its high demand on the CPU of the switch/router, currently NetFlow is supported only on very high-end switches/routers and its design and implementation on these commercial switches/routers are not published in the literature. In this paper, we design and implement a high-performance and high-precision NetFlow/IPFIX system on a Programming Protocol-independent Packet Processors (P4) hardware switch. Based on a 20 Gbps playback of a packet trace gathered on an Internet backbone link, experimental results show that our novel method significantly outperforms the typical design and implementation method of NetFlow/IPFIX on a P4 hardware switch. For example, for the number of detected flows during the trace period, our method outperforms the typical method by a factor of 5.72. As for the number of flows whose packet and byte counts are correctly counted, our method outperforms the typical method by a factor of 8.57.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104385"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145528949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SIoV-IDS: SDN-enabled zero-trust framework for explainable intrusion detection in IoVs using Variational Autoencoders and EX-LSTM SIoV-IDS：支持sdn的零信任框架，用于iov中使用变分自编码器和EX-LSTM的可解释入侵检测

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications

Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104389

Muddasar Laghari , Yuanchang Zhong , Muhammad Junaid Tahir , Muhammad Adil

In response to cyber attacks targeting the Internet of Vehicles (IoV) ecosystem, we propose SIoV-DS, a secure framework addressing inter-vehicle communication, intra-vehicle networks, and infrastructure threats using a zero-trust approach. Vehicle data is first encoded with a Variational Autoencoder (V-AE) to mitigate inference attacks, then analyzed by an Extended Long Short-Term Memory (EX-LSTM) detector capable of identifying diverse attacks, including Denial of Service (DoS), spoofing, and malware. For interpretability, Shapley Additive Explanations (SHAP) provide insights into EX-LSTM decisions, assisting Security Operations Center (SOC) analysts. SIoV-DS is deployed over a Software-Defined Networking (SDN) architecture to ensure scalability. Evaluations on CIC-IoV2024 and Edge-IIoTset2022 datasets demonstrate high accuracy (99.78% and 95.01%, respectively), while inference-time analysis confirms feasibility for real-time detection, effectively securing the IoV ecosystem against advanced cyber threats.

为了应对针对车联网（IoV）生态系统的网络攻击，我们提出了SIoV-DS，这是一个使用零信任方法解决车际通信、车内网络和基础设施威胁的安全框架。车辆数据首先使用变分自动编码器（V-AE）进行编码，以减轻推理攻击，然后通过扩展长短期记忆（EX-LSTM）检测器进行分析，该检测器能够识别各种攻击，包括拒绝服务（DoS），欺骗和恶意软件。在可解释性方面，Shapley加性解释（SHAP）提供了对EX-LSTM决策的见解，协助安全运营中心（SOC）分析师。SIoV-DS通过软件定义网络（SDN）架构部署，以确保可扩展性。对CIC-IoV2024和Edge-IIoTset2022数据集的评估表明，该方法具有较高的准确率（分别为99.78%和95.01%），而推断时间分析证实了实时检测的可行性，有效地保护了车联网生态系统免受高级网络威胁。

{"title":"SIoV-IDS: SDN-enabled zero-trust framework for explainable intrusion detection in IoVs using Variational Autoencoders and EX-LSTM","authors":"Muddasar Laghari , Yuanchang Zhong , Muhammad Junaid Tahir , Muhammad Adil","doi":"10.1016/j.jnca.2025.104389","DOIUrl":"10.1016/j.jnca.2025.104389","url":null,"abstract":"<div><div>In response to cyber attacks targeting the Internet of Vehicles (IoV) ecosystem, we propose <strong>SIoV-DS</strong>, a secure framework addressing inter-vehicle communication, intra-vehicle networks, and infrastructure threats using a zero-trust approach. Vehicle data is first encoded with a <em>Variational Autoencoder (V-AE)</em> to mitigate inference attacks, then analyzed by an <em>Extended Long Short-Term Memory (EX-LSTM)</em> detector capable of identifying diverse attacks, including Denial of Service (DoS), spoofing, and malware. For interpretability, <em>Shapley Additive Explanations (SHAP)</em> provide insights into EX-LSTM decisions, assisting Security Operations Center (SOC) analysts. SIoV-DS is deployed over a <em>Software-Defined Networking (SDN)</em> architecture to ensure scalability. Evaluations on <em>CIC-IoV2024</em> and <em>Edge-IIoTset2022</em> datasets demonstrate high accuracy (99.78% and 95.01%, respectively), while inference-time analysis confirms feasibility for real-time detection, effectively securing the IoV ecosystem against advanced cyber threats.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104389"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0