首页 > 最新文献

Journal of Network and Computer Applications最新文献

英文 中文
SELB: Self-Evolution Load Balancing Based on Temporal Graph Convolutional Network in Software-Defined Data Center Networks 软件定义数据中心网络中基于时间图卷积网络的自进化负载平衡
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-02-01 Epub Date: 2025-12-02 DOI: 10.1016/j.jnca.2025.104401
Yong Liu , Guisheng Liu , Tianyi Yu , Qian Meng
Software-Defined Networking (SDN) is a network architecture that separates the control plane and data plane of the traditional data center network, resulting in enhanced network scalability and flexibility. The conventional Equal Cost MultiPath (ECMP) load balancing algorithm, which relies on static hash mapping, has limitations when applied to data center networks, leading to issues such as hash conflicts and congestion between mouse and elephant flows. Therefore, load balancing based on flowlet granularity has been proposed. This approach divides flows into flowlets, leveraging the burstiness of traffic to enhance load balancing capabilities. However, these approaches encounter several challenges, such as the lack of real-time feedback on network load situations, the inability of static flowlet timeouts to adapt to dynamic changes in the network, and inadequate consideration of load distribution. To address these challenges, we propose a novel load balancing strategy called Self-Evolution Load Balancing (SELB) based on Temporal Graph Convolutional Network (T-GCN). SELB utilizes the T-GCN to dynamically predict the network load state for real-time feedback. Meanwhile, the adaptive flow splitting algorithm is employed to dynamically adjust the timeout of flowlets, effectively adapting to changes in network dynamics. Moreover, SELB incorporates a load-aware route planning strategy that considers the overall network load distribution. By doing so, it can intelligently route flowlets along equivalent multipaths, enhancing load balancing capabilities. The simulation results demonstrate that SELB effectively reduces Flow Completion Time (FCT), enhances average throughput, and improves load balancing performance in comparison to existing schemes.
SDN (Software-Defined Networking)是一种将传统数据中心网络的控制平面和数据平面分离开来的网络架构,增强了网络的可扩展性和灵活性。传统的等成本多路径(Equal Cost MultiPath, ECMP)负载平衡算法依赖于静态哈希映射,在应用于数据中心网络时存在局限性,会导致诸如哈希冲突和象流之间的拥塞等问题。因此,提出了基于流粒度的负载均衡。这种方法将流分成小流,利用流量的突发性来增强负载平衡能力。然而,这些方法遇到了一些挑战,例如缺乏对网络负载情况的实时反馈,静态流超时不能适应网络的动态变化,以及对负载分布的考虑不足。为了解决这些挑战,我们提出了一种新的负载平衡策略,称为基于时间图卷积网络(T-GCN)的自进化负载平衡(SELB)。SELB利用T-GCN动态预测网络负载状态,进行实时反馈。同时,采用自适应流分割算法动态调整小流超时,有效适应网络动态变化。此外,SELB还结合了考虑整个网络负载分布的负载感知路由规划策略。通过这样做,它可以沿着等效的多路径智能地路由流,增强负载平衡能力。仿真结果表明,与现有算法相比,SELB算法有效地缩短了流完成时间(Flow Completion Time, FCT),提高了平均吞吐量,改善了负载均衡性能。
{"title":"SELB: Self-Evolution Load Balancing Based on Temporal Graph Convolutional Network in Software-Defined Data Center Networks","authors":"Yong Liu ,&nbsp;Guisheng Liu ,&nbsp;Tianyi Yu ,&nbsp;Qian Meng","doi":"10.1016/j.jnca.2025.104401","DOIUrl":"10.1016/j.jnca.2025.104401","url":null,"abstract":"<div><div>Software-Defined Networking (SDN) is a network architecture that separates the control plane and data plane of the traditional data center network, resulting in enhanced network scalability and flexibility. The conventional Equal Cost MultiPath (ECMP) load balancing algorithm, which relies on static hash mapping, has limitations when applied to data center networks, leading to issues such as hash conflicts and congestion between mouse and elephant flows. Therefore, load balancing based on flowlet granularity has been proposed. This approach divides flows into flowlets, leveraging the burstiness of traffic to enhance load balancing capabilities. However, these approaches encounter several challenges, such as the lack of real-time feedback on network load situations, the inability of static flowlet timeouts to adapt to dynamic changes in the network, and inadequate consideration of load distribution. To address these challenges, we propose a novel load balancing strategy called Self-Evolution Load Balancing (SELB) based on Temporal Graph Convolutional Network (T-GCN). SELB utilizes the T-GCN to dynamically predict the network load state for real-time feedback. Meanwhile, the adaptive flow splitting algorithm is employed to dynamically adjust the timeout of flowlets, effectively adapting to changes in network dynamics. Moreover, SELB incorporates a load-aware route planning strategy that considers the overall network load distribution. By doing so, it can intelligently route flowlets along equivalent multipaths, enhancing load balancing capabilities. The simulation results demonstrate that SELB effectively reduces Flow Completion Time (FCT), enhances average throughput, and improves load balancing performance in comparison to existing schemes.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"246 ","pages":"Article 104401"},"PeriodicalIF":8.0,"publicationDate":"2026-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145657738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards IT/OT integration in industry digitalization: A comprehensive survey 工业数字化中的IT/OT融合:综合调查
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-01-01 Epub Date: 2025-11-04 DOI: 10.1016/j.jnca.2025.104373
Riccardo Venanzi, Giuseppe Di Modica, Luca Foschini, Paolo Bellavista
According to both academic and industry perspectives, the Fourth Industrial Revolution has brought about a paradigm shift in the manufacturing sector enabling companies to enhance their competitiveness in the global market. To achieve this goal, manufacturing companies will need to undertake a deep digital transformation, primarily by introducing advanced Information Technology (IT) into traditionally less digitalized departments, such as shop floors, where Operational Technology (OT) currently dominate. For the full achievement of Industry 4.0 revolution objectives, practitioners believe in the strong requirement of a progressive and tight integration between IT and OT departments. In the depicted scenario, communication technologies are expected to play a pivotal role in facilitating the integration process, but other more recent and advanced IT have also proven helpful. In particular, the topic of IT/OT integration has attracted significant attention from various research communities that have sought to identify both the opportunities and challenges associated with its implementation. Although some good surveys of those works have appeared in the literature, to the best of our knowledge, no comprehensive review has yet been conducted that is fully dedicated to the topic of IT/OT convergence. In this paper, we propose a holistic approach to examine the various dimensions of IT/OT integration, which we classify into five interconnected realms, Communication, IT-Driven Support to OT, Human Centricity, Advanced Industrial Control Systems, and cybersecurity. Furthermore, we develop a realm-oriented taxonomy to organize the surveyed works in a structured manner, offering readers a clear overview of the current state of the literature, along with insights into unexplored opportunities and future directions for IT/OT integration.
从学术界和产业界的角度来看,第四次工业革命带来了制造业的范式转变,使企业能够提高在全球市场上的竞争力。为了实现这一目标,制造企业将需要进行深度数字化转型,主要是通过将先进的信息技术(IT)引入传统上数字化程度较低的部门,例如车间,而运营技术(OT)目前在这些部门中占主导地位。为了全面实现工业4.0革命的目标,从业者相信IT和OT部门之间的渐进和紧密集成的强烈需求。在所描述的场景中,通信技术有望在促进集成过程中发挥关键作用,但其他最新和更先进的IT也被证明是有用的。特别是,IT/OT集成的主题已经引起了各种研究团体的极大关注,这些研究团体试图确定与其实施相关的机遇和挑战。尽管文献中已经出现了一些对这些作品的良好调查,但据我们所知,还没有进行全面的审查,完全致力于IT/OT融合的主题。在本文中,我们提出了一种整体方法来检查IT/OT集成的各个维度,我们将其分为五个相互关联的领域,通信,IT驱动的OT支持,以人为本,先进工业控制系统和网络安全。此外,我们开发了一个面向领域的分类法,以结构化的方式组织调查的作品,为读者提供了文献当前状态的清晰概述,以及对IT/OT集成未开发机会和未来方向的见解。
{"title":"Towards IT/OT integration in industry digitalization: A comprehensive survey","authors":"Riccardo Venanzi,&nbsp;Giuseppe Di Modica,&nbsp;Luca Foschini,&nbsp;Paolo Bellavista","doi":"10.1016/j.jnca.2025.104373","DOIUrl":"10.1016/j.jnca.2025.104373","url":null,"abstract":"<div><div>According to both academic and industry perspectives, the Fourth Industrial Revolution has brought about a paradigm shift in the manufacturing sector enabling companies to enhance their competitiveness in the global market. To achieve this goal, manufacturing companies will need to undertake a deep digital transformation, primarily by introducing advanced Information Technology (IT) into traditionally less digitalized departments, such as shop floors, where Operational Technology (OT) currently dominate. For the full achievement of Industry 4.0 revolution objectives, practitioners believe in the strong requirement of a progressive and tight integration between IT and OT departments. In the depicted scenario, communication technologies are expected to play a pivotal role in facilitating the integration process, but other more recent and advanced IT have also proven helpful. In particular, the topic of IT/OT integration has attracted significant attention from various research communities that have sought to identify both the opportunities and challenges associated with its implementation. Although some good surveys of those works have appeared in the literature, to the best of our knowledge, no comprehensive review has yet been conducted that is fully dedicated to the topic of IT/OT convergence. In this paper, we propose a holistic approach to examine the various dimensions of IT/OT integration, which we classify into five interconnected realms, Communication, IT-Driven Support to OT, Human Centricity, Advanced Industrial Control Systems, and cybersecurity. Furthermore, we develop a realm-oriented taxonomy to organize the surveyed works in a structured manner, offering readers a clear overview of the current state of the literature, along with insights into unexplored opportunities and future directions for IT/OT integration.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104373"},"PeriodicalIF":8.0,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145441548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Dynamic searchable symmetric encryption with efficient conjunctive query and non-interactive real deletion 具有高效联合查询和非交互式实删除的动态可搜索对称加密
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-01-01 Epub Date: 2025-11-13 DOI: 10.1016/j.jnca.2025.104387
Zhengwei Ren , Pei He , Rongwei Yu , Li Deng , Yan Tong , Shiwei Xu
Dynamic searchable symmetric encryption (DSSE) enables users to perform update and search operations over encrypted data on cloud servers. However, many DSSE schemes are unable to efficiently perform conjunctive queries containing multiple keywords, limiting their search capabilities. Those DSSE schemes supporting conjunctive query fail to achieve real deletion, affecting the efficiencies of subsequent searches. In this paper, we propose a DSSE scheme supporting conjunctive query and non-interactive real deletion simultaneously. For a conjunctive query containing multiple keywords, we adjust the positions of these keywords so that the keyword contained by the least number of document(s) is at the forefront of the conjunctive query. The document(s) containing this keyword are then located, and on the basis of the document(s) the remaining keywords are checked to obtain the final search result. Moreover, cuckoo filter is adopted to store the ciphertext to be searched, making the conjunctive query efficient. We deploy two search databases on the cloud server to achieve non-interactive real deletion. Benefiting from these two databases, the deleted ciphertext will be physically removed from the cloud server with no impact on subsequent searches, improving search efficiencies of subsequent searches. Our scheme only utilizes a few hash functions and a pseudorandom function, while the forward privacy and backward privacy are still achieved. We conduct a formal security analysis and extensive experimental evaluations, showing that our scheme has efficiency advantages in both update and search processes.
动态可搜索对称加密(DSSE)使用户能够对云服务器上的加密数据执行更新和搜索操作。然而,许多DSSE方案无法有效地执行包含多个关键字的连接查询,限制了它们的搜索能力。支持连接查询的DSSE方案无法实现真正的删除,影响后续搜索的效率。本文提出了一种同时支持联合查询和非交互式实删除的DSSE方案。对于包含多个关键字的连接查询,我们调整这些关键字的位置,以便由最少数量的文档包含的关键字位于连接查询的最前面。然后找到包含此关键字的文档,并在该文档的基础上检查其余关键字以获得最终搜索结果。此外,采用杜鹃滤波器存储待搜索的密文,提高了连接查询的效率。我们在云服务器上部署两个搜索数据库,实现非交互式的真实删除。得益于这两个数据库,删除的密文将从云服务器上物理移除,不会影响后续搜索,提高后续搜索的搜索效率。我们的方案只使用了几个哈希函数和一个伪随机函数,同时仍然实现了前向隐私和后向隐私。我们进行了正式的安全性分析和广泛的实验评估,表明我们的方案在更新和搜索过程中都具有效率优势。
{"title":"Dynamic searchable symmetric encryption with efficient conjunctive query and non-interactive real deletion","authors":"Zhengwei Ren ,&nbsp;Pei He ,&nbsp;Rongwei Yu ,&nbsp;Li Deng ,&nbsp;Yan Tong ,&nbsp;Shiwei Xu","doi":"10.1016/j.jnca.2025.104387","DOIUrl":"10.1016/j.jnca.2025.104387","url":null,"abstract":"<div><div>Dynamic searchable symmetric encryption (DSSE) enables users to perform update and search operations over encrypted data on cloud servers. However, many DSSE schemes are unable to efficiently perform conjunctive queries containing multiple keywords, limiting their search capabilities. Those DSSE schemes supporting conjunctive query fail to achieve real deletion, affecting the efficiencies of subsequent searches. In this paper, we propose a DSSE scheme supporting conjunctive query and non-interactive real deletion simultaneously. For a conjunctive query containing multiple keywords, we adjust the positions of these keywords so that the keyword contained by the least number of document(s) is at the forefront of the conjunctive query. The document(s) containing this keyword are then located, and on the basis of the document(s) the remaining keywords are checked to obtain the final search result. Moreover, cuckoo filter is adopted to store the ciphertext to be searched, making the conjunctive query efficient. We deploy two search databases on the cloud server to achieve non-interactive real deletion. Benefiting from these two databases, the deleted ciphertext will be physically removed from the cloud server with no impact on subsequent searches, improving search efficiencies of subsequent searches. Our scheme only utilizes a few hash functions and a pseudorandom function, while the forward privacy and backward privacy are still achieved. We conduct a formal security analysis and extensive experimental evaluations, showing that our scheme has efficiency advantages in both update and search processes.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104387"},"PeriodicalIF":8.0,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Edge-AI: A systematic review on architectures, applications, and challenges Edge-AI:对架构、应用和挑战的系统回顾
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-01-01 Epub Date: 2025-11-08 DOI: 10.1016/j.jnca.2025.104375
Himanshu Gauttam , Garima Nain , K.K. Pattanaik , Paulo Mendes
The evolution of computing technologies and the generation of massive amounts of data fueled the development of Artificial Intelligence (AI), specifically Deep Learning (DL), solutions to extract key patterns from data, and the generation of insights and knowledge useful to achieve optimized service execution. Traditional cloud-based execution of DL solutions faces several challenges, such as latency, data privacy, and reliability, while trying to meet service requirements. In contrast, the limited computing and storage resources on the edge pose daunting challenges in executing resource-intensive DL solutions closer to the customer. This scenario led to the birth of an interdisciplinary research field named Edge-AI or Edge-Intelligence, aiming to mitigate the limitations of cloud and edge-based DL executions. In this context, this work proposes a reference layered Edge-AI framework to ensure the successful deployment of the Edge-Intelligence paradigm, encompassing three novel layers for the optimization of edge infrastructure, edge inference, and edge training. The work presents a detailed investigation and analysis of the schemes centered around the above-listed layers of the proposed Edge-AI framework. Furthermore, this work discusses potential application domains for Edge-AI, delving into a set of potential limitations, and ending up identifying future research directions in terms of Edge-AI infrastructure deployment, inference and training, which are functionalities needed to deploy and use robust, sustainable, and efficient intelligent edge networks.
计算技术的发展和大量数据的产生推动了人工智能(AI)的发展,特别是深度学习(DL),从数据中提取关键模式的解决方案,以及对实现优化服务执行有用的见解和知识的产生。传统的基于云的深度学习解决方案在试图满足服务需求的同时面临着一些挑战,如延迟、数据隐私和可靠性。相比之下,边缘有限的计算和存储资源在执行更接近客户的资源密集型深度学习解决方案时构成了艰巨的挑战。这种情况导致了一个名为Edge-AI或Edge-Intelligence的跨学科研究领域的诞生,旨在减轻云和基于边缘的深度学习执行的局限性。在此背景下,本工作提出了一个参考分层边缘人工智能框架,以确保边缘智能范式的成功部署,该框架包括三个新的层,用于优化边缘基础设施、边缘推理和边缘训练。这项工作对围绕拟议的边缘人工智能框架的上述层的方案进行了详细的调查和分析。此外,本工作还讨论了edge - ai的潜在应用领域,深入研究了一系列潜在的限制,并最终确定了edge - ai基础设施部署、推理和训练方面的未来研究方向,这些都是部署和使用强大、可持续和高效的智能边缘网络所需的功能。
{"title":"Edge-AI: A systematic review on architectures, applications, and challenges","authors":"Himanshu Gauttam ,&nbsp;Garima Nain ,&nbsp;K.K. Pattanaik ,&nbsp;Paulo Mendes","doi":"10.1016/j.jnca.2025.104375","DOIUrl":"10.1016/j.jnca.2025.104375","url":null,"abstract":"<div><div>The evolution of computing technologies and the generation of massive amounts of data fueled the development of <em>Artificial Intelligence</em> (AI), specifically <em>Deep Learning</em> (DL), solutions to extract key patterns from data, and the generation of insights and knowledge useful to achieve optimized service execution. Traditional cloud-based execution of DL solutions faces several challenges, such as latency, data privacy, and reliability, while trying to meet service requirements. In contrast, the limited computing and storage resources on the edge pose daunting challenges in executing resource-intensive DL solutions closer to the customer. This scenario led to the birth of an interdisciplinary research field named Edge-AI or Edge-Intelligence, aiming to mitigate the limitations of cloud and edge-based DL executions. In this context, this work proposes a reference layered Edge-AI framework to ensure the successful deployment of the Edge-Intelligence paradigm, encompassing three novel layers for the optimization of edge infrastructure, edge inference, and edge training. The work presents a detailed investigation and analysis of the schemes centered around the above-listed layers of the proposed Edge-AI framework. Furthermore, this work discusses potential application domains for Edge-AI, delving into a set of potential limitations, and ending up identifying future research directions in terms of Edge-AI infrastructure deployment, inference and training, which are functionalities needed to deploy and use robust, sustainable, and efficient intelligent edge networks.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104375"},"PeriodicalIF":8.0,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145461584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A comprehensive study of the 6LoWSD protocol architecture with respect to scalability and mobility for SDN-enabled IoT networks 针对支持sdn的物联网网络的可扩展性和移动性,全面研究6LoWSD协议架构
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-01-01 Epub Date: 2025-11-06 DOI: 10.1016/j.jnca.2025.104370
Wanbanker Khongbuh , Goutam Saha
The Internet of Things (IoT) and software-defined networks (SDN) have opened up new opportunities for innovation. Many of the limitations of the IoT system can be rectified with the SDN concepts. Thus, the combination of SDN and IoT has tremendous potential in various application domains. As the number of IoT devices is increasing with time, the scalability issues need to be further improved. Another significant challenge in IoT environments is mobility. Maintaining seamless mobility and persistent connectivity for IoT devices operating over large-scale or geographically dispersed environments presents a significant research challenge. But scalability and mobility are complex challenges. Developing scalable, mobile, and adaptive network architectures is crucial for SDN-enabled IoT ecosystems. Using SDN-enabled IoT networks, we introduced a comprehensive approach to address these challenges. Here, a new protocol based on OpenFlow of SDN and 6LoWPAN of the IoT system, namely, 6LoWSD has been proposed. In this investigation, emphasis has been placed on techniques on how the proposed 6LoWSD can improve scalability and mobility issues. In this study, experiments with the proposed protocol were performed using physical devices and a simulated platform. The results were compared with the 6LoWPAN counterpart and were found to be satisfactory.
物联网(IoT)和软件定义网络(SDN)为创新提供了新的机遇。物联网系统的许多局限性可以通过SDN概念得到纠正。因此,SDN与物联网的结合在各个应用领域具有巨大的潜力。随着物联网设备的数量随着时间的推移而增加,可扩展性问题需要进一步改善。物联网环境中的另一个重大挑战是移动性。为在大规模或地理分散的环境中运行的物联网设备保持无缝移动性和持久连接是一项重大的研究挑战。但可扩展性和移动性是复杂的挑战。开发可扩展、移动和自适应的网络架构对于支持sdn的物联网生态系统至关重要。使用支持sdn的物联网网络,我们引入了一种全面的方法来应对这些挑战。在此,基于SDN的OpenFlow和物联网系统的6LoWPAN,提出了一种新的协议,即6LoWSD。在本调查中,重点放在建议的6LoWSD如何改善可伸缩性和移动性问题的技术上。在本研究中,使用物理设备和模拟平台对所提出的协议进行了实验。结果与6LoWPAN相比较,发现是令人满意的。
{"title":"A comprehensive study of the 6LoWSD protocol architecture with respect to scalability and mobility for SDN-enabled IoT networks","authors":"Wanbanker Khongbuh ,&nbsp;Goutam Saha","doi":"10.1016/j.jnca.2025.104370","DOIUrl":"10.1016/j.jnca.2025.104370","url":null,"abstract":"<div><div>The Internet of Things (IoT) and software-defined networks (SDN) have opened up new opportunities for innovation. Many of the limitations of the IoT system can be rectified with the SDN concepts. Thus, the combination of SDN and IoT has tremendous potential in various application domains. As the number of IoT devices is increasing with time, the scalability issues need to be further improved. Another significant challenge in IoT environments is mobility. Maintaining seamless mobility and persistent connectivity for IoT devices operating over large-scale or geographically dispersed environments presents a significant research challenge. But scalability and mobility are complex challenges. Developing scalable, mobile, and adaptive network architectures is crucial for SDN-enabled IoT ecosystems. Using SDN-enabled IoT networks, we introduced a comprehensive approach to address these challenges. Here, a new protocol based on OpenFlow of SDN and 6LoWPAN of the IoT system, namely, 6LoWSD has been proposed. In this investigation, emphasis has been placed on techniques on how the proposed 6LoWSD can improve scalability and mobility issues. In this study, experiments with the proposed protocol were performed using physical devices and a simulated platform. The results were compared with the 6LoWPAN counterpart and were found to be satisfactory.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104370"},"PeriodicalIF":8.0,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145461588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Adaptive context-aware multi-tab website fingerprinting using hierarchical deep learning 自适应上下文感知多标签网站指纹使用层次深度学习
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-01-01 Epub Date: 2025-10-30 DOI: 10.1016/j.jnca.2025.104374
Faisal Murad , Jie Cui , Muhammad Aurangzeb Khan , Depeng Chen
<div><div>Website fingerprinting aims to infer visited websites from encrypted network traffic. Conventional approaches predominantly assume single-tab browsing, limiting their applicability under realistic multi-tab conditions, where concurrent flows introduce inter-tab interference, temporal overlap, and attribution ambiguity that degrade classification accuracy. This paper presents Adaptive Context-Aware Multi-Tab Fingerprinting, a dynamic framework designed for multi-tab website fingerprinting through context-driven feature modeling and attention adaptation. ACMF integrates three coordinated modules. (1) CBAM employs an attention-augmented LSTM that processes sequences of packet direction, size, and inter-arrival time with tab-switch indicators, producing a session context vector <span><math><mi>c</mi></math></span>. A self-attention state <span><math><msub><mrow><mi>z</mi></mrow><mrow><mi>t</mi></mrow></msub></math></span> modulates recurrent dynamics, and multi-scale temporal aggregation yields <span><math><mrow><mi>c</mi><mo>=</mo><msub><mrow><mo>∑</mo></mrow><mrow><mi>ℓ</mi></mrow></msub><msub><mrow><mi>ω</mi></mrow><mrow><mi>ℓ</mi></mrow></msub><msup><mrow><mi>h</mi></mrow><mrow><mrow><mo>(</mo><mi>ℓ</mi><mo>)</mo></mrow></mrow></msup></mrow></math></span>. (2) DTAM uses a Transformer encoder with per-slot gating for variable tab cardinality. For each slot feature <span><math><msub><mrow><mi>f</mi></mrow><mrow><mi>i</mi></mrow></msub></math></span>, a gate <span><math><mrow><msub><mrow><mi>g</mi></mrow><mrow><mi>i</mi></mrow></msub><mo>=</mo><mi>σ</mi><mrow><mo>(</mo><msubsup><mrow><mi>w</mi></mrow><mrow><mi>g</mi></mrow><mrow><mo>⊤</mo></mrow></msubsup><mrow><mo>[</mo><mi>c</mi><mo>;</mo><msub><mrow><mi>f</mi></mrow><mrow><mi>i</mi></mrow></msub><mo>]</mo></mrow><mo>+</mo><msub><mrow><mi>b</mi></mrow><mrow><mi>g</mi></mrow></msub><mo>)</mo></mrow></mrow></math></span> scales multi-head attention outputs, normalized by <span><math><mrow><msub><mrow><mo>∑</mo></mrow><mrow><mi>i</mi></mrow></msub><msub><mrow><mi>g</mi></mrow><mrow><mi>i</mi></mrow></msub><mo>+</mo><mi>ϵ</mi></mrow></math></span> and followed by a position-wise feed-forward network to produce representation <span><math><mi>F</mi></math></span>. (3) HMLFE combines dilated 1D CNNs to capture local temporal motifs with a GNN that builds a similarity graph using edge weights <span><math><mrow><mo>exp</mo><mrow><mo>(</mo><mo>−</mo><mo>‖</mo><msub><mrow><mi>u</mi></mrow><mrow><mi>i</mi></mrow></msub><mo>−</mo><msub><mrow><mi>u</mi></mrow><mrow><mi>j</mi></mrow></msub><msup><mrow><mo>‖</mo></mrow><mrow><mn>2</mn></mrow></msup><mo>/</mo><mi>τ</mi><mo>)</mo></mrow></mrow></math></span> and performs attention-based message passing. A graph readout operation generates <span><math><msub><mrow><mi>h</mi></mrow><mrow><mi>G</mi></mrow></msub></math></span>, and the final representation <span><math><mrow><mi>r</mi><mo>=</mo><mrow><mo>[</mo><mi>F</mi><mo>∥</mo><msub><mrow><mi>h</mi></mrow><
网站指纹识别旨在从加密的网络流量中推断访问过的网站。传统方法主要假设单标签浏览,限制了它们在实际多标签条件下的适用性,并发流会引入标签间干扰、时间重叠和属性模糊,从而降低分类准确性。本文介绍了自适应上下文感知多标签指纹,这是一个通过上下文驱动的特征建模和注意力适应为多标签网站指纹识别设计的动态框架。ACMF集成了三个协调的模块。(1) CBAM采用一种注意力增强LSTM,该LSTM利用标签切换指示器处理数据包方向、大小和间隔到达时间序列,产生会话上下文向量c。自关注状态zt调节循环动态,多尺度时间聚合产生c=∑r ω r h(r)。(2) DTAM使用变压器编码器,每个插槽对可变选项卡基数进行门控。对于每个槽型特征fi,栅极gi=σ(wg∞[c;fi]+bg)缩放多头注意力输出,通过∑igi+ λ进行归一化,然后通过位置前馈网络生成表示f。(3)HMLFE将扩展1D cnn与使用边权exp(−‖ui−uj‖2/τ)构建相似图的GNN结合起来捕获局部时间主题,并执行基于注意力的消息传递。图形读出操作生成hG,最终表示r=[F∥hG]用于分类。对MultiTab网站指纹数据集的评估达到95.6%的训练准确率和90.5%的验证准确率,超过了并发标签条件下最先进的基线。
{"title":"Adaptive context-aware multi-tab website fingerprinting using hierarchical deep learning","authors":"Faisal Murad ,&nbsp;Jie Cui ,&nbsp;Muhammad Aurangzeb Khan ,&nbsp;Depeng Chen","doi":"10.1016/j.jnca.2025.104374","DOIUrl":"10.1016/j.jnca.2025.104374","url":null,"abstract":"&lt;div&gt;&lt;div&gt;Website fingerprinting aims to infer visited websites from encrypted network traffic. Conventional approaches predominantly assume single-tab browsing, limiting their applicability under realistic multi-tab conditions, where concurrent flows introduce inter-tab interference, temporal overlap, and attribution ambiguity that degrade classification accuracy. This paper presents Adaptive Context-Aware Multi-Tab Fingerprinting, a dynamic framework designed for multi-tab website fingerprinting through context-driven feature modeling and attention adaptation. ACMF integrates three coordinated modules. (1) CBAM employs an attention-augmented LSTM that processes sequences of packet direction, size, and inter-arrival time with tab-switch indicators, producing a session context vector &lt;span&gt;&lt;math&gt;&lt;mi&gt;c&lt;/mi&gt;&lt;/math&gt;&lt;/span&gt;. A self-attention state &lt;span&gt;&lt;math&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;z&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;t&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;/math&gt;&lt;/span&gt; modulates recurrent dynamics, and multi-scale temporal aggregation yields &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;mi&gt;c&lt;/mi&gt;&lt;mo&gt;=&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mo&gt;∑&lt;/mo&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;ℓ&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;ω&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;ℓ&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;msup&gt;&lt;mrow&gt;&lt;mi&gt;h&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mrow&gt;&lt;mo&gt;(&lt;/mo&gt;&lt;mi&gt;ℓ&lt;/mi&gt;&lt;mo&gt;)&lt;/mo&gt;&lt;/mrow&gt;&lt;/mrow&gt;&lt;/msup&gt;&lt;/mrow&gt;&lt;/math&gt;&lt;/span&gt;. (2) DTAM uses a Transformer encoder with per-slot gating for variable tab cardinality. For each slot feature &lt;span&gt;&lt;math&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;f&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;/math&gt;&lt;/span&gt;, a gate &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;g&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;=&lt;/mo&gt;&lt;mi&gt;σ&lt;/mi&gt;&lt;mrow&gt;&lt;mo&gt;(&lt;/mo&gt;&lt;msubsup&gt;&lt;mrow&gt;&lt;mi&gt;w&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;g&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mo&gt;⊤&lt;/mo&gt;&lt;/mrow&gt;&lt;/msubsup&gt;&lt;mrow&gt;&lt;mo&gt;[&lt;/mo&gt;&lt;mi&gt;c&lt;/mi&gt;&lt;mo&gt;;&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;f&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;]&lt;/mo&gt;&lt;/mrow&gt;&lt;mo&gt;+&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;b&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;g&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;)&lt;/mo&gt;&lt;/mrow&gt;&lt;/mrow&gt;&lt;/math&gt;&lt;/span&gt; scales multi-head attention outputs, normalized by &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mo&gt;∑&lt;/mo&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;g&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;+&lt;/mo&gt;&lt;mi&gt;ϵ&lt;/mi&gt;&lt;/mrow&gt;&lt;/math&gt;&lt;/span&gt; and followed by a position-wise feed-forward network to produce representation &lt;span&gt;&lt;math&gt;&lt;mi&gt;F&lt;/mi&gt;&lt;/math&gt;&lt;/span&gt;. (3) HMLFE combines dilated 1D CNNs to capture local temporal motifs with a GNN that builds a similarity graph using edge weights &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;mo&gt;exp&lt;/mo&gt;&lt;mrow&gt;&lt;mo&gt;(&lt;/mo&gt;&lt;mo&gt;−&lt;/mo&gt;&lt;mo&gt;‖&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;u&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;−&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;u&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;j&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;msup&gt;&lt;mrow&gt;&lt;mo&gt;‖&lt;/mo&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mn&gt;2&lt;/mn&gt;&lt;/mrow&gt;&lt;/msup&gt;&lt;mo&gt;/&lt;/mo&gt;&lt;mi&gt;τ&lt;/mi&gt;&lt;mo&gt;)&lt;/mo&gt;&lt;/mrow&gt;&lt;/mrow&gt;&lt;/math&gt;&lt;/span&gt; and performs attention-based message passing. A graph readout operation generates &lt;span&gt;&lt;math&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;h&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;G&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;/math&gt;&lt;/span&gt;, and the final representation &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;mi&gt;r&lt;/mi&gt;&lt;mo&gt;=&lt;/mo&gt;&lt;mrow&gt;&lt;mo&gt;[&lt;/mo&gt;&lt;mi&gt;F&lt;/mi&gt;&lt;mo&gt;∥&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;h&lt;/mi&gt;&lt;/mrow&gt;&lt;","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104374"},"PeriodicalIF":8.0,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145404578","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Task scheduling of cloud computing system by frilled lizard optimization with time varying expansion mixed function oscillation and horned lizard camouflage strategy 基于时变扩展混合函数振荡的褶边蜥蜴优化和角蜥蜴伪装策略的云计算系统任务调度
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-01-01 Epub Date: 2025-11-13 DOI: 10.1016/j.jnca.2025.104386
Hao-Ming Song, Si-Wen Zhang, Jie-Sheng Wang, Cheng Xing, Yu-Feng Sun, Yu-Cai Wang, Xiao-Fei Sui
With the increasing complexity and scale of cloud computing systems, task scheduling optimization has become critical for improving resource utilization, enhancing service reliability, and reducing overall energy consumption. Traditional swarm intelligence algorithms often struggle to achieve an effective balance between global exploration and local exploitation, leading to premature convergence or sub-optimal solutions, particularly in large-scale and high-dimensional problem scenarios. To address these challenges, this study proposes a Time Varying Mixed Function Frilled Lizard Optimization algorithm (TMCFLO) that incorporates a horned lizard-inspired camouflage strategy to increase population diversity and prevent premature convergence, alongside a novel mixed function oscillation mechanism, combining sine, cosine, power, logarithm, and Gaussian functions, to enhance local search precision and convergence efficiency. A time-varying expansion factor is further introduced to dynamically regulate oscillation amplitude, ensuring adaptive adjustment of search behavior throughout the optimization process. Extensive evaluations on the CEC 2022 benchmark set demonstrate that TMCFLO outperforms classical algorithms, including PSO, ACO, WOA, AOA, POA, ZOA, HO, RLLPSO and IHBA, achieving up to 26 percent improvement in optimization accuracy. In practical cloud computing task scheduling experiments with 1500 and 3000 tasks, TMCFLO achieves the lowest single task energy consumption of 0.2196, the lowest total energy consumption of 658.80, and the highest energy efficiency of 4.5569, confirming its effectiveness, scalability, and energy-efficient superiority for complex cloud scheduling problems.
随着云计算系统复杂度和规模的不断提高,优化任务调度对于提高资源利用率、增强业务可靠性、降低整体能耗具有重要意义。传统的群体智能算法往往难以实现全局探索和局部开发之间的有效平衡,导致过早收敛或次优解决方案,特别是在大规模和高维问题场景中。为了解决这些挑战,本研究提出了一种时变混合函数褶边蜥蜴优化算法(TMCFLO),该算法结合了角蜥蜴的伪装策略来增加种群多样性并防止早熟收敛,以及一种新的混合函数振荡机制,结合了正弦、余弦、幂、对数和高斯函数,以提高局部搜索精度和收敛效率。进一步引入时变扩展因子来动态调节振荡幅度,保证在整个优化过程中搜索行为的自适应调整。对CEC 2022基准集的广泛评估表明,TMCFLO优于经典算法,包括PSO, ACO, WOA, AOA, POA, ZOA, HO, RLLPSO和IHBA,优化精度提高了26%。在1500任务和3000任务的实际云计算任务调度实验中,TMCFLO的单任务能耗最低为0.2196,总能耗最低为658.80,能效最高为4.5569,验证了其在复杂云调度问题上的有效性、可扩展性和节能优势。
{"title":"Task scheduling of cloud computing system by frilled lizard optimization with time varying expansion mixed function oscillation and horned lizard camouflage strategy","authors":"Hao-Ming Song,&nbsp;Si-Wen Zhang,&nbsp;Jie-Sheng Wang,&nbsp;Cheng Xing,&nbsp;Yu-Feng Sun,&nbsp;Yu-Cai Wang,&nbsp;Xiao-Fei Sui","doi":"10.1016/j.jnca.2025.104386","DOIUrl":"10.1016/j.jnca.2025.104386","url":null,"abstract":"<div><div>With the increasing complexity and scale of cloud computing systems, task scheduling optimization has become critical for improving resource utilization, enhancing service reliability, and reducing overall energy consumption. Traditional swarm intelligence algorithms often struggle to achieve an effective balance between global exploration and local exploitation, leading to premature convergence or sub-optimal solutions, particularly in large-scale and high-dimensional problem scenarios. To address these challenges, this study proposes a Time Varying Mixed Function Frilled Lizard Optimization algorithm (TMCFLO) that incorporates a horned lizard-inspired camouflage strategy to increase population diversity and prevent premature convergence, alongside a novel mixed function oscillation mechanism, combining sine, cosine, power, logarithm, and Gaussian functions, to enhance local search precision and convergence efficiency. A time-varying expansion factor is further introduced to dynamically regulate oscillation amplitude, ensuring adaptive adjustment of search behavior throughout the optimization process. Extensive evaluations on the CEC 2022 benchmark set demonstrate that TMCFLO outperforms classical algorithms, including PSO, ACO, WOA, AOA, POA, ZOA, HO, RLLPSO and IHBA, achieving up to 26 percent improvement in optimization accuracy. In practical cloud computing task scheduling experiments with 1500 and 3000 tasks, TMCFLO achieves the lowest single task energy consumption of 0.2196, the lowest total energy consumption of 658.80, and the highest energy efficiency of 4.5569, confirming its effectiveness, scalability, and energy-efficient superiority for complex cloud scheduling problems.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104386"},"PeriodicalIF":8.0,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145528948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Design, implementation, and performance evaluation of a high-performance and high-precision NetFlow/IPFIX flow-monitoring system on a P4 hardware switch 基于P4硬件交换机的高性能高精度NetFlow/IPFIX流量监控系统的设计、实现及性能评估
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-01-01 Epub Date: 2025-11-13 DOI: 10.1016/j.jnca.2025.104385
Shie-Yuan Wang , Tzu-Ching Lin
High-performance and high-precision flow monitoring is a crucial function for network management, network bandwidth usage accounting and billing, network security, network forensics, and other important tasks. Nowadays, many commercial switches/routers provide either sFlow, NetFlow, or IPFIX scheme for monitoring the flows traversing a network. sFlow is a scheme widely supported by many switches/routers due to its using a sampling-based method, which greatly reduces the CPU processing load on a switch/router and the network bandwidth required to transmit flow data to a remote collector. However, many small flows may go undetected and the estimated flow data (e.g., the packet count and byte count) for detected flows can significantly deviate from their ground truth.
NetFlow, which is Cisco Systems’ proprietary technology, does not use a sampling-based method by default. Instead, it tries to collect complete and correct flow data for every flow. However, as the link speed and the flow arrival rate continue to increase, NetFlow also provides a sampling-based option to reduce the CPU utilization of the switch/router. Because NetFlow is proprietary, an Internet Engineering Task Force (IETF) working group has defined IPFIX as an open flow information export protocol based on NetFlow Version 9. The requirements for IPFIX are defined in the RFC 3917 standards. Basically, IPFIX is the same as NetFlow Version 9.
Due to its high demand on the CPU of the switch/router, currently NetFlow is supported only on very high-end switches/routers and its design and implementation on these commercial switches/routers are not published in the literature. In this paper, we design and implement a high-performance and high-precision NetFlow/IPFIX system on a Programming Protocol-independent Packet Processors (P4) hardware switch. Based on a 20 Gbps playback of a packet trace gathered on an Internet backbone link, experimental results show that our novel method significantly outperforms the typical design and implementation method of NetFlow/IPFIX on a P4 hardware switch. For example, for the number of detected flows during the trace period, our method outperforms the typical method by a factor of 5.72. As for the number of flows whose packet and byte counts are correctly counted, our method outperforms the typical method by a factor of 8.57.
高性能、高精度的流量监控是网络管理、网络带宽计费、网络安全、网络取证等重要任务的关键功能。目前,许多商用交换机/路由器提供sFlow、NetFlow或IPFIX方案来监控流经网络的流量。sFlow是一种被许多交换机/路由器广泛支持的方案,因为它使用了基于采样的方法,大大降低了交换机/路由器的CPU处理负载和将流数据传输到远程采集器所需的网络带宽。然而,许多小流可能未被检测到,并且检测到的流的估计流数据(例如,数据包计数和字节计数)可能会明显偏离其基本事实。NetFlow是思科系统的专利技术,默认情况下不使用基于采样的方法。相反,它试图为每个流收集完整和正确的流量数据。然而,随着链路速度和流量到达率的不断增加,NetFlow还提供了一个基于采样的选项,以降低交换机/路由器的CPU利用率。由于NetFlow是专有的,互联网工程任务组(IETF)工作组已经将IPFIX定义为基于NetFlow Version 9的开放流量信息导出协议。对IPFIX的要求在RFC 3917标准中有定义。基本上,IPFIX与NetFlow Version 9相同。由于NetFlow对交换机/路由器CPU的要求很高,目前NetFlow只支持在非常高端的交换机/路由器上,其在这些商用交换机/路由器上的设计和实现没有在文献中发表。在本文中,我们设计并实现了一个基于P4 (Programming Protocol-independent Packet Processors)硬件交换机的高性能、高精度NetFlow/IPFIX系统。实验结果表明,该方法明显优于典型的NetFlow/IPFIX在P4硬件交换机上的设计和实现方法。例如,对于跟踪期间检测到的流的数量,我们的方法比典型方法的性能高出5.72倍。对于正确计算数据包和字节计数的流的数量,我们的方法比典型方法的性能高出8.57倍。
{"title":"Design, implementation, and performance evaluation of a high-performance and high-precision NetFlow/IPFIX flow-monitoring system on a P4 hardware switch","authors":"Shie-Yuan Wang ,&nbsp;Tzu-Ching Lin","doi":"10.1016/j.jnca.2025.104385","DOIUrl":"10.1016/j.jnca.2025.104385","url":null,"abstract":"<div><div>High-performance and high-precision flow monitoring is a crucial function for network management, network bandwidth usage accounting and billing, network security, network forensics, and other important tasks. Nowadays, many commercial switches/routers provide either sFlow, NetFlow, or IPFIX scheme for monitoring the flows traversing a network. sFlow is a scheme widely supported by many switches/routers due to its using a sampling-based method, which greatly reduces the CPU processing load on a switch/router and the network bandwidth required to transmit flow data to a remote collector. However, many small flows may go undetected and the estimated flow data (e.g., the packet count and byte count) for detected flows can significantly deviate from their ground truth.</div><div>NetFlow, which is Cisco Systems’ proprietary technology, does not use a sampling-based method by default. Instead, it tries to collect complete and correct flow data for every flow. However, as the link speed and the flow arrival rate continue to increase, NetFlow also provides a sampling-based option to reduce the CPU utilization of the switch/router. Because NetFlow is proprietary, an Internet Engineering Task Force (IETF) working group has defined IPFIX as an open flow information export protocol based on NetFlow Version 9. The requirements for IPFIX are defined in the RFC 3917 standards. Basically, IPFIX is the same as NetFlow Version 9.</div><div>Due to its high demand on the CPU of the switch/router, currently NetFlow is supported only on very high-end switches/routers and its design and implementation on these commercial switches/routers are not published in the literature. In this paper, we design and implement a high-performance and high-precision NetFlow/IPFIX system on a Programming Protocol-independent Packet Processors (P4) hardware switch. Based on a 20 Gbps playback of a packet trace gathered on an Internet backbone link, experimental results show that our novel method significantly outperforms the typical design and implementation method of NetFlow/IPFIX on a P4 hardware switch. For example, for the number of detected flows during the trace period, our method outperforms the typical method by a factor of 5.72. As for the number of flows whose packet and byte counts are correctly counted, our method outperforms the typical method by a factor of 8.57.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104385"},"PeriodicalIF":8.0,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145528949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A quantum-secure digital signature-based communication protocol for the Internet of Drones (IoD) 无人机互联网(IoD)基于量子安全数字签名的通信协议
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-01-01 Epub Date: 2025-11-26 DOI: 10.1016/j.jnca.2025.104398
Jithu Vijay V.P., Shahanas I.N., Sabu M. Thampi, Aiswarya S. Nair
The use of drones is rapidly increasing in areas such as surveillance, defense, and emergency services. As a result, ensuring secure communication and proper authentication has become a major concern in the Internet of Drones, where drones must share data and coordinate their actions in real time. One of the biggest challenges in drone networks is maintaining secure and reliable communication between drones. The dynamic and distributed nature of these networks increases the risk of security breaches. Existing systems mostly rely on cryptographic methods like RSA and ECC. These methods will not remain secure in the future because of advancements in quantum computing. These systems also depend on static data storage and centralized credential management, which make them vulnerable to attacks such as impersonation, replay, and man-in-the-middle. To address these issues, we propose a quantum-secure drone-to-drone authentication and secure communication protocol that utilizes Post Quantum Cryptographic (PQC) algorithms such as, Kyber for encryption and Dilithium for digital signatures. Both are lattice-based lightweight cryptographic algorithms that offer strong resistance against quantum attacks. Instead of storing secret data on drones and to prevent cloning, we use Physical Unclonable Functions (PUF) to generate device specific seeds for authentication and key generation during each session. A Hyperledger Fabric Blockchain is used at the Ground Control Station (GCS) to store drone credentials securely and avoid single point failure. We conducted the formal security analysis using the Burrows–Abadi–Needham (BAN) logic for trust validation and the Scyther tool to formally analyze and verify resistance against classical and quantum-era attacks. In addition to formal proofs, informal analysis confirms that the protocol maintains data integrity and authentication even under active network threats. We implemented the protocol using Raspberry Pi drones and a Linux-based GCS. Performance results show a low computation time of 0.08 s for authentication and 0.12 s for secure communication on Raspberry Pi 5, with minimal memory usage and acceptable communication cost suitable for implementation on resource-constrained drones.
无人机在监视、防御和应急服务等领域的使用正在迅速增加。因此,确保安全通信和适当的身份验证已成为无人机互联网的主要关注点,无人机必须实时共享数据并协调其行动。无人机网络面临的最大挑战之一是保持无人机之间安全可靠的通信。这些网络的动态和分布式特性增加了安全漏洞的风险。现有的系统主要依赖于RSA和ECC等加密方法。由于量子计算的进步,这些方法在未来将不会保持安全。这些系统还依赖于静态数据存储和集中式凭证管理,这使得它们容易受到诸如模拟、重放和中间人攻击等攻击。为了解决这些问题,我们提出了一种量子安全无人机对无人机身份验证和安全通信协议,该协议利用后量子加密(PQC)算法,如Kyber加密和Dilithium数字签名。两者都是基于格的轻量级加密算法,可提供强大的抗量子攻击能力。而不是在无人机上存储秘密数据,以防止克隆,我们使用物理不可克隆功能(PUF)来生成设备特定的种子认证和密钥生成在每个会话期间。地面控制站(GCS)使用Hyperledger Fabric区块链来安全地存储无人机凭证并避免单点故障。我们使用Burrows-Abadi-Needham (BAN)逻辑进行了正式的安全分析,用于信任验证,并使用Scyther工具正式分析和验证对经典和量子时代攻击的抵抗力。除了正式的证明之外,非正式的分析证实,即使在活跃的网络威胁下,该协议也能保持数据完整性和身份验证。我们使用树莓派无人机和基于linux的GCS实现了该协议。性能结果表明,该算法在Raspberry Pi 5上的认证计算时间为0.08 s,安全通信计算时间为0.12 s,具有最小的内存使用和可接受的通信成本,适合在资源受限的无人机上实现。
{"title":"A quantum-secure digital signature-based communication protocol for the Internet of Drones (IoD)","authors":"Jithu Vijay V.P.,&nbsp;Shahanas I.N.,&nbsp;Sabu M. Thampi,&nbsp;Aiswarya S. Nair","doi":"10.1016/j.jnca.2025.104398","DOIUrl":"10.1016/j.jnca.2025.104398","url":null,"abstract":"<div><div>The use of drones is rapidly increasing in areas such as surveillance, defense, and emergency services. As a result, ensuring secure communication and proper authentication has become a major concern in the Internet of Drones, where drones must share data and coordinate their actions in real time. One of the biggest challenges in drone networks is maintaining secure and reliable communication between drones. The dynamic and distributed nature of these networks increases the risk of security breaches. Existing systems mostly rely on cryptographic methods like RSA and ECC. These methods will not remain secure in the future because of advancements in quantum computing. These systems also depend on static data storage and centralized credential management, which make them vulnerable to attacks such as impersonation, replay, and man-in-the-middle. To address these issues, we propose a quantum-secure drone-to-drone authentication and secure communication protocol that utilizes Post Quantum Cryptographic (PQC) algorithms such as, Kyber for encryption and Dilithium for digital signatures. Both are lattice-based lightweight cryptographic algorithms that offer strong resistance against quantum attacks. Instead of storing secret data on drones and to prevent cloning, we use Physical Unclonable Functions (PUF) to generate device specific seeds for authentication and key generation during each session. A Hyperledger Fabric Blockchain is used at the Ground Control Station (GCS) to store drone credentials securely and avoid single point failure. We conducted the formal security analysis using the Burrows–Abadi–Needham (BAN) logic for trust validation and the Scyther tool to formally analyze and verify resistance against classical and quantum-era attacks. In addition to formal proofs, informal analysis confirms that the protocol maintains data integrity and authentication even under active network threats. We implemented the protocol using Raspberry Pi drones and a Linux-based GCS. Performance results show a low computation time of 0.08 s for authentication and 0.12 s for secure communication on Raspberry Pi 5, with minimal memory usage and acceptable communication cost suitable for implementation on resource-constrained drones.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104398"},"PeriodicalIF":8.0,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145609218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Optimal multi-access edge computing system deployment in private 5G networks for multi-story construction sites 面向多层建筑工地专用网的多址边缘计算系统优化部署
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2026-01-01 Epub Date: 2025-11-13 DOI: 10.1016/j.jnca.2025.104384
Shi-Yu Zhang , Chun-Cheng Lin , Zhen-Yin Annie Chen , Der-Jiunn Deng
Driven by the swift progression of smart construction, the number of sensors and smart devices on construction sites has increased dramatically, posing new challenges to data processing and communications. However, conventional cloud computing framework can hardly meet the requirement for processing enormous real-time data from construction sites, while existing approaches to deploying multi-access edge computing (MEC) servers overlooked the energy usage of MEC servers, as well as the unique physical and network security requirements within the multi-story structure of complex construction sites. Therefore, this work presents a mathematical programming model for private 5G network MEC systems on smart construction sites considering installation, connectivity, energy consumption, security maintenance, and cybersecurity; and further solve it with a hybrid metaheuristic approach that combines simplified harmony search (SHS) and variable neighborhood search (VNS) algorithms. The deployment of private 5G network edge computing servers and base stations is recognized as an NP-hard problem, where conventional mathematical models may fall short in finding practical, optimal solutions. Our proposed hybrid algorithm integrates the global search capability of SHS with the local search efficiency of VNS to comprehensively explore the solution space, providing a robust yet implementable method for complex optimization. The efficacy of this approach is validated through experimental evaluations in real-world construction site scenarios, demonstrating notable advantages in solution quality, stability, energy consumption, and overall cost reduction. Results show that the proposed algorithm significantly minimizes costs related to installation, security maintenance, and data protection, fulfilling diverse constraints effectively and making it a promising solution of deploying the MEC systems in private 5G networks for smart construction sites.
在智能建筑快速发展的推动下,建筑工地的传感器和智能设备数量急剧增加,对数据处理和通信提出了新的挑战。然而,传统的云计算框架很难满足处理建筑工地海量实时数据的需求,而现有的多接入边缘计算(MEC)服务器部署方法忽视了MEC服务器的能耗,以及复杂建筑工地多层结构中独特的物理和网络安全需求。因此,本文提出了智能建筑工地专用5G网络MEC系统的数学规划模型,考虑了安装、连接、能耗、安全维护和网络安全;并进一步采用简化和谐搜索(SHS)和可变邻域搜索(VNS)算法相结合的混合元启发式方法进行求解。私有5G网络边缘计算服务器和基站的部署被认为是一个np难题,传统的数学模型可能无法找到实用的最佳解决方案。我们提出的混合算法将SHS的全局搜索能力与VNS的局部搜索效率相结合,全面探索解空间,为复杂优化提供了一种鲁棒且可实现的方法。该方法的有效性通过实际施工现场场景的实验评估得到验证,在解决方案质量、稳定性、能耗和总体成本降低方面显示出显著优势。结果表明,该算法显著降低了与安装、安全维护和数据保护相关的成本,有效地满足了各种约束条件,使其成为智能建筑工地专用5G网络中部署MEC系统的有希望的解决方案。
{"title":"Optimal multi-access edge computing system deployment in private 5G networks for multi-story construction sites","authors":"Shi-Yu Zhang ,&nbsp;Chun-Cheng Lin ,&nbsp;Zhen-Yin Annie Chen ,&nbsp;Der-Jiunn Deng","doi":"10.1016/j.jnca.2025.104384","DOIUrl":"10.1016/j.jnca.2025.104384","url":null,"abstract":"<div><div>Driven by the swift progression of smart construction, the number of sensors and smart devices on construction sites has increased dramatically, posing new challenges to data processing and communications. However, conventional cloud computing framework can hardly meet the requirement for processing enormous real-time data from construction sites, while existing approaches to deploying multi-access edge computing (MEC) servers overlooked the energy usage of MEC servers, as well as the unique physical and network security requirements within the multi-story structure of complex construction sites. Therefore, this work presents a mathematical programming model for private 5G network MEC systems on smart construction sites considering installation, connectivity, energy consumption, security maintenance, and cybersecurity; and further solve it with a hybrid metaheuristic approach that combines simplified harmony search (SHS) and variable neighborhood search (VNS) algorithms. The deployment of private 5G network edge computing servers and base stations is recognized as an NP-hard problem, where conventional mathematical models may fall short in finding practical, optimal solutions. Our proposed hybrid algorithm integrates the global search capability of SHS with the local search efficiency of VNS to comprehensively explore the solution space, providing a robust yet implementable method for complex optimization. The efficacy of this approach is validated through experimental evaluations in real-world construction site scenarios, demonstrating notable advantages in solution quality, stability, energy consumption, and overall cost reduction. Results show that the proposed algorithm significantly minimizes costs related to installation, security maintenance, and data protection, fulfilling diverse constraints effectively and making it a promising solution of deploying the MEC systems in private 5G networks for smart construction sites.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104384"},"PeriodicalIF":8.0,"publicationDate":"2026-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
类型
全部 化学•材料 生命科学 医学 物理 工程技术 环境•农林 材料科学 地球科学 法学 管理学 化学 环境科学与生态学 计算机科学 教育学 经济学 农林科学 人文科学 生物学 数学 物理与天体物理 心理学 综合性期刊 其他 工业工程 理学 历史学 农学 文学 信息工程
数据库
全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley
期刊
Journal of Network and Computer Applications
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1