首页 > 最新文献

Journal of Network and Computer Applications最新文献

英文 中文
Optimal multi-access edge computing system deployment in private 5G networks for multi-story construction sites 面向多层建筑工地专用网的多址边缘计算系统优化部署
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-11-13 DOI: 10.1016/j.jnca.2025.104384
Shi-Yu Zhang , Chun-Cheng Lin , Zhen-Yin Annie Chen , Der-Jiunn Deng
Driven by the swift progression of smart construction, the number of sensors and smart devices on construction sites has increased dramatically, posing new challenges to data processing and communications. However, conventional cloud computing framework can hardly meet the requirement for processing enormous real-time data from construction sites, while existing approaches to deploying multi-access edge computing (MEC) servers overlooked the energy usage of MEC servers, as well as the unique physical and network security requirements within the multi-story structure of complex construction sites. Therefore, this work presents a mathematical programming model for private 5G network MEC systems on smart construction sites considering installation, connectivity, energy consumption, security maintenance, and cybersecurity; and further solve it with a hybrid metaheuristic approach that combines simplified harmony search (SHS) and variable neighborhood search (VNS) algorithms. The deployment of private 5G network edge computing servers and base stations is recognized as an NP-hard problem, where conventional mathematical models may fall short in finding practical, optimal solutions. Our proposed hybrid algorithm integrates the global search capability of SHS with the local search efficiency of VNS to comprehensively explore the solution space, providing a robust yet implementable method for complex optimization. The efficacy of this approach is validated through experimental evaluations in real-world construction site scenarios, demonstrating notable advantages in solution quality, stability, energy consumption, and overall cost reduction. Results show that the proposed algorithm significantly minimizes costs related to installation, security maintenance, and data protection, fulfilling diverse constraints effectively and making it a promising solution of deploying the MEC systems in private 5G networks for smart construction sites.
在智能建筑快速发展的推动下,建筑工地的传感器和智能设备数量急剧增加,对数据处理和通信提出了新的挑战。然而,传统的云计算框架很难满足处理建筑工地海量实时数据的需求,而现有的多接入边缘计算(MEC)服务器部署方法忽视了MEC服务器的能耗,以及复杂建筑工地多层结构中独特的物理和网络安全需求。因此,本文提出了智能建筑工地专用5G网络MEC系统的数学规划模型,考虑了安装、连接、能耗、安全维护和网络安全;并进一步采用简化和谐搜索(SHS)和可变邻域搜索(VNS)算法相结合的混合元启发式方法进行求解。私有5G网络边缘计算服务器和基站的部署被认为是一个np难题,传统的数学模型可能无法找到实用的最佳解决方案。我们提出的混合算法将SHS的全局搜索能力与VNS的局部搜索效率相结合,全面探索解空间,为复杂优化提供了一种鲁棒且可实现的方法。该方法的有效性通过实际施工现场场景的实验评估得到验证,在解决方案质量、稳定性、能耗和总体成本降低方面显示出显著优势。结果表明,该算法显著降低了与安装、安全维护和数据保护相关的成本,有效地满足了各种约束条件,使其成为智能建筑工地专用5G网络中部署MEC系统的有希望的解决方案。
{"title":"Optimal multi-access edge computing system deployment in private 5G networks for multi-story construction sites","authors":"Shi-Yu Zhang ,&nbsp;Chun-Cheng Lin ,&nbsp;Zhen-Yin Annie Chen ,&nbsp;Der-Jiunn Deng","doi":"10.1016/j.jnca.2025.104384","DOIUrl":"10.1016/j.jnca.2025.104384","url":null,"abstract":"<div><div>Driven by the swift progression of smart construction, the number of sensors and smart devices on construction sites has increased dramatically, posing new challenges to data processing and communications. However, conventional cloud computing framework can hardly meet the requirement for processing enormous real-time data from construction sites, while existing approaches to deploying multi-access edge computing (MEC) servers overlooked the energy usage of MEC servers, as well as the unique physical and network security requirements within the multi-story structure of complex construction sites. Therefore, this work presents a mathematical programming model for private 5G network MEC systems on smart construction sites considering installation, connectivity, energy consumption, security maintenance, and cybersecurity; and further solve it with a hybrid metaheuristic approach that combines simplified harmony search (SHS) and variable neighborhood search (VNS) algorithms. The deployment of private 5G network edge computing servers and base stations is recognized as an NP-hard problem, where conventional mathematical models may fall short in finding practical, optimal solutions. Our proposed hybrid algorithm integrates the global search capability of SHS with the local search efficiency of VNS to comprehensively explore the solution space, providing a robust yet implementable method for complex optimization. The efficacy of this approach is validated through experimental evaluations in real-world construction site scenarios, demonstrating notable advantages in solution quality, stability, energy consumption, and overall cost reduction. Results show that the proposed algorithm significantly minimizes costs related to installation, security maintenance, and data protection, fulfilling diverse constraints effectively and making it a promising solution of deploying the MEC systems in private 5G networks for smart construction sites.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104384"},"PeriodicalIF":8.0,"publicationDate":"2025-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145531188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Edge-AI: A systematic review on architectures, applications, and challenges Edge-AI:对架构、应用和挑战的系统回顾
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-11-08 DOI: 10.1016/j.jnca.2025.104375
Himanshu Gauttam , Garima Nain , K.K. Pattanaik , Paulo Mendes
The evolution of computing technologies and the generation of massive amounts of data fueled the development of Artificial Intelligence (AI), specifically Deep Learning (DL), solutions to extract key patterns from data, and the generation of insights and knowledge useful to achieve optimized service execution. Traditional cloud-based execution of DL solutions faces several challenges, such as latency, data privacy, and reliability, while trying to meet service requirements. In contrast, the limited computing and storage resources on the edge pose daunting challenges in executing resource-intensive DL solutions closer to the customer. This scenario led to the birth of an interdisciplinary research field named Edge-AI or Edge-Intelligence, aiming to mitigate the limitations of cloud and edge-based DL executions. In this context, this work proposes a reference layered Edge-AI framework to ensure the successful deployment of the Edge-Intelligence paradigm, encompassing three novel layers for the optimization of edge infrastructure, edge inference, and edge training. The work presents a detailed investigation and analysis of the schemes centered around the above-listed layers of the proposed Edge-AI framework. Furthermore, this work discusses potential application domains for Edge-AI, delving into a set of potential limitations, and ending up identifying future research directions in terms of Edge-AI infrastructure deployment, inference and training, which are functionalities needed to deploy and use robust, sustainable, and efficient intelligent edge networks.
计算技术的发展和大量数据的产生推动了人工智能(AI)的发展,特别是深度学习(DL),从数据中提取关键模式的解决方案,以及对实现优化服务执行有用的见解和知识的产生。传统的基于云的深度学习解决方案在试图满足服务需求的同时面临着一些挑战,如延迟、数据隐私和可靠性。相比之下,边缘有限的计算和存储资源在执行更接近客户的资源密集型深度学习解决方案时构成了艰巨的挑战。这种情况导致了一个名为Edge-AI或Edge-Intelligence的跨学科研究领域的诞生,旨在减轻云和基于边缘的深度学习执行的局限性。在此背景下,本工作提出了一个参考分层边缘人工智能框架,以确保边缘智能范式的成功部署,该框架包括三个新的层,用于优化边缘基础设施、边缘推理和边缘训练。这项工作对围绕拟议的边缘人工智能框架的上述层的方案进行了详细的调查和分析。此外,本工作还讨论了edge - ai的潜在应用领域,深入研究了一系列潜在的限制,并最终确定了edge - ai基础设施部署、推理和训练方面的未来研究方向,这些都是部署和使用强大、可持续和高效的智能边缘网络所需的功能。
{"title":"Edge-AI: A systematic review on architectures, applications, and challenges","authors":"Himanshu Gauttam ,&nbsp;Garima Nain ,&nbsp;K.K. Pattanaik ,&nbsp;Paulo Mendes","doi":"10.1016/j.jnca.2025.104375","DOIUrl":"10.1016/j.jnca.2025.104375","url":null,"abstract":"<div><div>The evolution of computing technologies and the generation of massive amounts of data fueled the development of <em>Artificial Intelligence</em> (AI), specifically <em>Deep Learning</em> (DL), solutions to extract key patterns from data, and the generation of insights and knowledge useful to achieve optimized service execution. Traditional cloud-based execution of DL solutions faces several challenges, such as latency, data privacy, and reliability, while trying to meet service requirements. In contrast, the limited computing and storage resources on the edge pose daunting challenges in executing resource-intensive DL solutions closer to the customer. This scenario led to the birth of an interdisciplinary research field named Edge-AI or Edge-Intelligence, aiming to mitigate the limitations of cloud and edge-based DL executions. In this context, this work proposes a reference layered Edge-AI framework to ensure the successful deployment of the Edge-Intelligence paradigm, encompassing three novel layers for the optimization of edge infrastructure, edge inference, and edge training. The work presents a detailed investigation and analysis of the schemes centered around the above-listed layers of the proposed Edge-AI framework. Furthermore, this work discusses potential application domains for Edge-AI, delving into a set of potential limitations, and ending up identifying future research directions in terms of Edge-AI infrastructure deployment, inference and training, which are functionalities needed to deploy and use robust, sustainable, and efficient intelligent edge networks.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104375"},"PeriodicalIF":8.0,"publicationDate":"2025-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145461584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A comprehensive study of the 6LoWSD protocol architecture with respect to scalability and mobility for SDN-enabled IoT networks 针对支持sdn的物联网网络的可扩展性和移动性,全面研究6LoWSD协议架构
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-11-06 DOI: 10.1016/j.jnca.2025.104370
Wanbanker Khongbuh , Goutam Saha
The Internet of Things (IoT) and software-defined networks (SDN) have opened up new opportunities for innovation. Many of the limitations of the IoT system can be rectified with the SDN concepts. Thus, the combination of SDN and IoT has tremendous potential in various application domains. As the number of IoT devices is increasing with time, the scalability issues need to be further improved. Another significant challenge in IoT environments is mobility. Maintaining seamless mobility and persistent connectivity for IoT devices operating over large-scale or geographically dispersed environments presents a significant research challenge. But scalability and mobility are complex challenges. Developing scalable, mobile, and adaptive network architectures is crucial for SDN-enabled IoT ecosystems. Using SDN-enabled IoT networks, we introduced a comprehensive approach to address these challenges. Here, a new protocol based on OpenFlow of SDN and 6LoWPAN of the IoT system, namely, 6LoWSD has been proposed. In this investigation, emphasis has been placed on techniques on how the proposed 6LoWSD can improve scalability and mobility issues. In this study, experiments with the proposed protocol were performed using physical devices and a simulated platform. The results were compared with the 6LoWPAN counterpart and were found to be satisfactory.
物联网(IoT)和软件定义网络(SDN)为创新提供了新的机遇。物联网系统的许多局限性可以通过SDN概念得到纠正。因此,SDN与物联网的结合在各个应用领域具有巨大的潜力。随着物联网设备的数量随着时间的推移而增加,可扩展性问题需要进一步改善。物联网环境中的另一个重大挑战是移动性。为在大规模或地理分散的环境中运行的物联网设备保持无缝移动性和持久连接是一项重大的研究挑战。但可扩展性和移动性是复杂的挑战。开发可扩展、移动和自适应的网络架构对于支持sdn的物联网生态系统至关重要。使用支持sdn的物联网网络,我们引入了一种全面的方法来应对这些挑战。在此,基于SDN的OpenFlow和物联网系统的6LoWPAN,提出了一种新的协议,即6LoWSD。在本调查中,重点放在建议的6LoWSD如何改善可伸缩性和移动性问题的技术上。在本研究中,使用物理设备和模拟平台对所提出的协议进行了实验。结果与6LoWPAN相比较,发现是令人满意的。
{"title":"A comprehensive study of the 6LoWSD protocol architecture with respect to scalability and mobility for SDN-enabled IoT networks","authors":"Wanbanker Khongbuh ,&nbsp;Goutam Saha","doi":"10.1016/j.jnca.2025.104370","DOIUrl":"10.1016/j.jnca.2025.104370","url":null,"abstract":"<div><div>The Internet of Things (IoT) and software-defined networks (SDN) have opened up new opportunities for innovation. Many of the limitations of the IoT system can be rectified with the SDN concepts. Thus, the combination of SDN and IoT has tremendous potential in various application domains. As the number of IoT devices is increasing with time, the scalability issues need to be further improved. Another significant challenge in IoT environments is mobility. Maintaining seamless mobility and persistent connectivity for IoT devices operating over large-scale or geographically dispersed environments presents a significant research challenge. But scalability and mobility are complex challenges. Developing scalable, mobile, and adaptive network architectures is crucial for SDN-enabled IoT ecosystems. Using SDN-enabled IoT networks, we introduced a comprehensive approach to address these challenges. Here, a new protocol based on OpenFlow of SDN and 6LoWPAN of the IoT system, namely, 6LoWSD has been proposed. In this investigation, emphasis has been placed on techniques on how the proposed 6LoWSD can improve scalability and mobility issues. In this study, experiments with the proposed protocol were performed using physical devices and a simulated platform. The results were compared with the 6LoWPAN counterpart and were found to be satisfactory.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104370"},"PeriodicalIF":8.0,"publicationDate":"2025-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145461588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards IT/OT integration in industry digitalization: A comprehensive survey 工业数字化中的IT/OT融合:综合调查
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-11-04 DOI: 10.1016/j.jnca.2025.104373
Riccardo Venanzi, Giuseppe Di Modica, Luca Foschini, Paolo Bellavista
According to both academic and industry perspectives, the Fourth Industrial Revolution has brought about a paradigm shift in the manufacturing sector enabling companies to enhance their competitiveness in the global market. To achieve this goal, manufacturing companies will need to undertake a deep digital transformation, primarily by introducing advanced Information Technology (IT) into traditionally less digitalized departments, such as shop floors, where Operational Technology (OT) currently dominate. For the full achievement of Industry 4.0 revolution objectives, practitioners believe in the strong requirement of a progressive and tight integration between IT and OT departments. In the depicted scenario, communication technologies are expected to play a pivotal role in facilitating the integration process, but other more recent and advanced IT have also proven helpful. In particular, the topic of IT/OT integration has attracted significant attention from various research communities that have sought to identify both the opportunities and challenges associated with its implementation. Although some good surveys of those works have appeared in the literature, to the best of our knowledge, no comprehensive review has yet been conducted that is fully dedicated to the topic of IT/OT convergence. In this paper, we propose a holistic approach to examine the various dimensions of IT/OT integration, which we classify into five interconnected realms, Communication, IT-Driven Support to OT, Human Centricity, Advanced Industrial Control Systems, and cybersecurity. Furthermore, we develop a realm-oriented taxonomy to organize the surveyed works in a structured manner, offering readers a clear overview of the current state of the literature, along with insights into unexplored opportunities and future directions for IT/OT integration.
从学术界和产业界的角度来看,第四次工业革命带来了制造业的范式转变,使企业能够提高在全球市场上的竞争力。为了实现这一目标,制造企业将需要进行深度数字化转型,主要是通过将先进的信息技术(IT)引入传统上数字化程度较低的部门,例如车间,而运营技术(OT)目前在这些部门中占主导地位。为了全面实现工业4.0革命的目标,从业者相信IT和OT部门之间的渐进和紧密集成的强烈需求。在所描述的场景中,通信技术有望在促进集成过程中发挥关键作用,但其他最新和更先进的IT也被证明是有用的。特别是,IT/OT集成的主题已经引起了各种研究团体的极大关注,这些研究团体试图确定与其实施相关的机遇和挑战。尽管文献中已经出现了一些对这些作品的良好调查,但据我们所知,还没有进行全面的审查,完全致力于IT/OT融合的主题。在本文中,我们提出了一种整体方法来检查IT/OT集成的各个维度,我们将其分为五个相互关联的领域,通信,IT驱动的OT支持,以人为本,先进工业控制系统和网络安全。此外,我们开发了一个面向领域的分类法,以结构化的方式组织调查的作品,为读者提供了文献当前状态的清晰概述,以及对IT/OT集成未开发机会和未来方向的见解。
{"title":"Towards IT/OT integration in industry digitalization: A comprehensive survey","authors":"Riccardo Venanzi,&nbsp;Giuseppe Di Modica,&nbsp;Luca Foschini,&nbsp;Paolo Bellavista","doi":"10.1016/j.jnca.2025.104373","DOIUrl":"10.1016/j.jnca.2025.104373","url":null,"abstract":"<div><div>According to both academic and industry perspectives, the Fourth Industrial Revolution has brought about a paradigm shift in the manufacturing sector enabling companies to enhance their competitiveness in the global market. To achieve this goal, manufacturing companies will need to undertake a deep digital transformation, primarily by introducing advanced Information Technology (IT) into traditionally less digitalized departments, such as shop floors, where Operational Technology (OT) currently dominate. For the full achievement of Industry 4.0 revolution objectives, practitioners believe in the strong requirement of a progressive and tight integration between IT and OT departments. In the depicted scenario, communication technologies are expected to play a pivotal role in facilitating the integration process, but other more recent and advanced IT have also proven helpful. In particular, the topic of IT/OT integration has attracted significant attention from various research communities that have sought to identify both the opportunities and challenges associated with its implementation. Although some good surveys of those works have appeared in the literature, to the best of our knowledge, no comprehensive review has yet been conducted that is fully dedicated to the topic of IT/OT convergence. In this paper, we propose a holistic approach to examine the various dimensions of IT/OT integration, which we classify into five interconnected realms, Communication, IT-Driven Support to OT, Human Centricity, Advanced Industrial Control Systems, and cybersecurity. Furthermore, we develop a realm-oriented taxonomy to organize the surveyed works in a structured manner, offering readers a clear overview of the current state of the literature, along with insights into unexplored opportunities and future directions for IT/OT integration.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104373"},"PeriodicalIF":8.0,"publicationDate":"2025-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145441548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Adaptive context-aware multi-tab website fingerprinting using hierarchical deep learning 自适应上下文感知多标签网站指纹使用层次深度学习
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-10-30 DOI: 10.1016/j.jnca.2025.104374
Faisal Murad , Jie Cui , Muhammad Aurangzeb Khan , Depeng Chen
<div><div>Website fingerprinting aims to infer visited websites from encrypted network traffic. Conventional approaches predominantly assume single-tab browsing, limiting their applicability under realistic multi-tab conditions, where concurrent flows introduce inter-tab interference, temporal overlap, and attribution ambiguity that degrade classification accuracy. This paper presents Adaptive Context-Aware Multi-Tab Fingerprinting, a dynamic framework designed for multi-tab website fingerprinting through context-driven feature modeling and attention adaptation. ACMF integrates three coordinated modules. (1) CBAM employs an attention-augmented LSTM that processes sequences of packet direction, size, and inter-arrival time with tab-switch indicators, producing a session context vector <span><math><mi>c</mi></math></span>. A self-attention state <span><math><msub><mrow><mi>z</mi></mrow><mrow><mi>t</mi></mrow></msub></math></span> modulates recurrent dynamics, and multi-scale temporal aggregation yields <span><math><mrow><mi>c</mi><mo>=</mo><msub><mrow><mo>∑</mo></mrow><mrow><mi>ℓ</mi></mrow></msub><msub><mrow><mi>ω</mi></mrow><mrow><mi>ℓ</mi></mrow></msub><msup><mrow><mi>h</mi></mrow><mrow><mrow><mo>(</mo><mi>ℓ</mi><mo>)</mo></mrow></mrow></msup></mrow></math></span>. (2) DTAM uses a Transformer encoder with per-slot gating for variable tab cardinality. For each slot feature <span><math><msub><mrow><mi>f</mi></mrow><mrow><mi>i</mi></mrow></msub></math></span>, a gate <span><math><mrow><msub><mrow><mi>g</mi></mrow><mrow><mi>i</mi></mrow></msub><mo>=</mo><mi>σ</mi><mrow><mo>(</mo><msubsup><mrow><mi>w</mi></mrow><mrow><mi>g</mi></mrow><mrow><mo>⊤</mo></mrow></msubsup><mrow><mo>[</mo><mi>c</mi><mo>;</mo><msub><mrow><mi>f</mi></mrow><mrow><mi>i</mi></mrow></msub><mo>]</mo></mrow><mo>+</mo><msub><mrow><mi>b</mi></mrow><mrow><mi>g</mi></mrow></msub><mo>)</mo></mrow></mrow></math></span> scales multi-head attention outputs, normalized by <span><math><mrow><msub><mrow><mo>∑</mo></mrow><mrow><mi>i</mi></mrow></msub><msub><mrow><mi>g</mi></mrow><mrow><mi>i</mi></mrow></msub><mo>+</mo><mi>ϵ</mi></mrow></math></span> and followed by a position-wise feed-forward network to produce representation <span><math><mi>F</mi></math></span>. (3) HMLFE combines dilated 1D CNNs to capture local temporal motifs with a GNN that builds a similarity graph using edge weights <span><math><mrow><mo>exp</mo><mrow><mo>(</mo><mo>−</mo><mo>‖</mo><msub><mrow><mi>u</mi></mrow><mrow><mi>i</mi></mrow></msub><mo>−</mo><msub><mrow><mi>u</mi></mrow><mrow><mi>j</mi></mrow></msub><msup><mrow><mo>‖</mo></mrow><mrow><mn>2</mn></mrow></msup><mo>/</mo><mi>τ</mi><mo>)</mo></mrow></mrow></math></span> and performs attention-based message passing. A graph readout operation generates <span><math><msub><mrow><mi>h</mi></mrow><mrow><mi>G</mi></mrow></msub></math></span>, and the final representation <span><math><mrow><mi>r</mi><mo>=</mo><mrow><mo>[</mo><mi>F</mi><mo>∥</mo><msub><mrow><mi>h</mi></mrow><
网站指纹识别旨在从加密的网络流量中推断访问过的网站。传统方法主要假设单标签浏览,限制了它们在实际多标签条件下的适用性,并发流会引入标签间干扰、时间重叠和属性模糊,从而降低分类准确性。本文介绍了自适应上下文感知多标签指纹,这是一个通过上下文驱动的特征建模和注意力适应为多标签网站指纹识别设计的动态框架。ACMF集成了三个协调的模块。(1) CBAM采用一种注意力增强LSTM,该LSTM利用标签切换指示器处理数据包方向、大小和间隔到达时间序列,产生会话上下文向量c。自关注状态zt调节循环动态,多尺度时间聚合产生c=∑r ω r h(r)。(2) DTAM使用变压器编码器,每个插槽对可变选项卡基数进行门控。对于每个槽型特征fi,栅极gi=σ(wg∞[c;fi]+bg)缩放多头注意力输出,通过∑igi+ λ进行归一化,然后通过位置前馈网络生成表示f。(3)HMLFE将扩展1D cnn与使用边权exp(−‖ui−uj‖2/τ)构建相似图的GNN结合起来捕获局部时间主题,并执行基于注意力的消息传递。图形读出操作生成hG,最终表示r=[F∥hG]用于分类。对MultiTab网站指纹数据集的评估达到95.6%的训练准确率和90.5%的验证准确率,超过了并发标签条件下最先进的基线。
{"title":"Adaptive context-aware multi-tab website fingerprinting using hierarchical deep learning","authors":"Faisal Murad ,&nbsp;Jie Cui ,&nbsp;Muhammad Aurangzeb Khan ,&nbsp;Depeng Chen","doi":"10.1016/j.jnca.2025.104374","DOIUrl":"10.1016/j.jnca.2025.104374","url":null,"abstract":"&lt;div&gt;&lt;div&gt;Website fingerprinting aims to infer visited websites from encrypted network traffic. Conventional approaches predominantly assume single-tab browsing, limiting their applicability under realistic multi-tab conditions, where concurrent flows introduce inter-tab interference, temporal overlap, and attribution ambiguity that degrade classification accuracy. This paper presents Adaptive Context-Aware Multi-Tab Fingerprinting, a dynamic framework designed for multi-tab website fingerprinting through context-driven feature modeling and attention adaptation. ACMF integrates three coordinated modules. (1) CBAM employs an attention-augmented LSTM that processes sequences of packet direction, size, and inter-arrival time with tab-switch indicators, producing a session context vector &lt;span&gt;&lt;math&gt;&lt;mi&gt;c&lt;/mi&gt;&lt;/math&gt;&lt;/span&gt;. A self-attention state &lt;span&gt;&lt;math&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;z&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;t&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;/math&gt;&lt;/span&gt; modulates recurrent dynamics, and multi-scale temporal aggregation yields &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;mi&gt;c&lt;/mi&gt;&lt;mo&gt;=&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mo&gt;∑&lt;/mo&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;ℓ&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;ω&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;ℓ&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;msup&gt;&lt;mrow&gt;&lt;mi&gt;h&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mrow&gt;&lt;mo&gt;(&lt;/mo&gt;&lt;mi&gt;ℓ&lt;/mi&gt;&lt;mo&gt;)&lt;/mo&gt;&lt;/mrow&gt;&lt;/mrow&gt;&lt;/msup&gt;&lt;/mrow&gt;&lt;/math&gt;&lt;/span&gt;. (2) DTAM uses a Transformer encoder with per-slot gating for variable tab cardinality. For each slot feature &lt;span&gt;&lt;math&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;f&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;/math&gt;&lt;/span&gt;, a gate &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;g&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;=&lt;/mo&gt;&lt;mi&gt;σ&lt;/mi&gt;&lt;mrow&gt;&lt;mo&gt;(&lt;/mo&gt;&lt;msubsup&gt;&lt;mrow&gt;&lt;mi&gt;w&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;g&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mo&gt;⊤&lt;/mo&gt;&lt;/mrow&gt;&lt;/msubsup&gt;&lt;mrow&gt;&lt;mo&gt;[&lt;/mo&gt;&lt;mi&gt;c&lt;/mi&gt;&lt;mo&gt;;&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;f&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;]&lt;/mo&gt;&lt;/mrow&gt;&lt;mo&gt;+&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;b&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;g&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;)&lt;/mo&gt;&lt;/mrow&gt;&lt;/mrow&gt;&lt;/math&gt;&lt;/span&gt; scales multi-head attention outputs, normalized by &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mo&gt;∑&lt;/mo&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;g&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;+&lt;/mo&gt;&lt;mi&gt;ϵ&lt;/mi&gt;&lt;/mrow&gt;&lt;/math&gt;&lt;/span&gt; and followed by a position-wise feed-forward network to produce representation &lt;span&gt;&lt;math&gt;&lt;mi&gt;F&lt;/mi&gt;&lt;/math&gt;&lt;/span&gt;. (3) HMLFE combines dilated 1D CNNs to capture local temporal motifs with a GNN that builds a similarity graph using edge weights &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;mo&gt;exp&lt;/mo&gt;&lt;mrow&gt;&lt;mo&gt;(&lt;/mo&gt;&lt;mo&gt;−&lt;/mo&gt;&lt;mo&gt;‖&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;u&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;i&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;mo&gt;−&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;u&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;j&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;msup&gt;&lt;mrow&gt;&lt;mo&gt;‖&lt;/mo&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mn&gt;2&lt;/mn&gt;&lt;/mrow&gt;&lt;/msup&gt;&lt;mo&gt;/&lt;/mo&gt;&lt;mi&gt;τ&lt;/mi&gt;&lt;mo&gt;)&lt;/mo&gt;&lt;/mrow&gt;&lt;/mrow&gt;&lt;/math&gt;&lt;/span&gt; and performs attention-based message passing. A graph readout operation generates &lt;span&gt;&lt;math&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;h&lt;/mi&gt;&lt;/mrow&gt;&lt;mrow&gt;&lt;mi&gt;G&lt;/mi&gt;&lt;/mrow&gt;&lt;/msub&gt;&lt;/math&gt;&lt;/span&gt;, and the final representation &lt;span&gt;&lt;math&gt;&lt;mrow&gt;&lt;mi&gt;r&lt;/mi&gt;&lt;mo&gt;=&lt;/mo&gt;&lt;mrow&gt;&lt;mo&gt;[&lt;/mo&gt;&lt;mi&gt;F&lt;/mi&gt;&lt;mo&gt;∥&lt;/mo&gt;&lt;msub&gt;&lt;mrow&gt;&lt;mi&gt;h&lt;/mi&gt;&lt;/mrow&gt;&lt;","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104374"},"PeriodicalIF":8.0,"publicationDate":"2025-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145404578","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
CPPA-SKU: Towards efficient conditional privacy-preserving authentication protocol with secret key update in VANET 面向VANET的具有密钥更新的高效条件隐私保护认证协议
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-10-30 DOI: 10.1016/j.jnca.2025.104369
Xinyu Fan , Shiyuan Xu , Yibo Cao , Xue Chen , Yu Chen , Tianrun Xu
The rapid development of intelligent transportation systems (ITS) has raised higher requirements for traffic data sharing and collaboration. As an effective solution, vehicular ad-hoc network (VANET) has emerged to support real-time data transfer between vehicles and infrastructure. However, VANET faces the challenges of data security and privacy. To alleviate these, many conditional privacy-preserving authentication (CPPA) schemes have been proposed. CPPA utilizes signature technology to ensure message authenticity while enabling the effective tracing of malicious vehicles. Unfortunately, traditional CPPA schemes fail to consider the security of secret keys stored in tamper-proof devices (TPDs). Additionally, most existing schemes still suffer from excessive computational and communication overhead. In this paper, we propose CPPA-SKU, an efficient CPPA scheme with message recovery for VANET. CPPA-SKU introduces a secret key update method using a secure pseudo-random function and Shamir’s secret sharing to prevent key leakage issues in TPDs. Additionally, CPPA-SKU enables the recovery of relevant messages, eliminating the need to embed messages in signatures, thereby reducing the communication overhead. Furthermore, CPPA-SKU is implemented based on the elliptic curve cryptosystem, which avoids expensive bilinear pairing operations while ensuring the security of signatures. We also formally prove the security of CPPA-SKU in the random oracle model. Comprehensive performance evaluations indicate that CPPA-SKU reduces computational overhead by approximately 1.3×–2.8× and communication overhead by approximately 1.5×-3.5×.
智能交通系统的快速发展对交通数据的共享和协作提出了更高的要求。作为一种有效的解决方案,车载自组织网络(VANET)已经出现,以支持车辆和基础设施之间的实时数据传输。然而,VANET面临着数据安全和隐私方面的挑战。为了缓解这些问题,人们提出了许多条件隐私保护身份验证方案。CPPA利用签名技术确保消息真实性,同时有效跟踪恶意车辆。不幸的是,传统的CPPA方案没有考虑存储在防篡改设备(TPDs)中的密钥的安全性。此外,大多数现有方案仍然存在过多的计算和通信开销。在本文中,我们提出了一种有效的带消息恢复的VANET的CPPA- sku方案。CPPA-SKU引入了一种使用安全伪随机函数和Shamir秘密共享的密钥更新方法,以防止密钥泄露问题。此外,CPPA-SKU支持恢复相关消息,无需在签名中嵌入消息,从而减少了通信开销。此外,CPPA-SKU是基于椭圆曲线密码系统实现的,避免了昂贵的双线性配对操作,同时保证了签名的安全性。并在随机oracle模型下正式证明了CPPA-SKU的安全性。综合性能评估表明,CPPA-SKU减少了大约1.3×-2.8×的计算开销和大约1.5×-3.5×的通信开销。
{"title":"CPPA-SKU: Towards efficient conditional privacy-preserving authentication protocol with secret key update in VANET","authors":"Xinyu Fan ,&nbsp;Shiyuan Xu ,&nbsp;Yibo Cao ,&nbsp;Xue Chen ,&nbsp;Yu Chen ,&nbsp;Tianrun Xu","doi":"10.1016/j.jnca.2025.104369","DOIUrl":"10.1016/j.jnca.2025.104369","url":null,"abstract":"<div><div>The rapid development of intelligent transportation systems (ITS) has raised higher requirements for traffic data sharing and collaboration. As an effective solution, vehicular ad-hoc network (VANET) has emerged to support real-time data transfer between vehicles and infrastructure. However, VANET faces the challenges of data security and privacy. To alleviate these, many conditional privacy-preserving authentication (CPPA) schemes have been proposed. CPPA utilizes signature technology to ensure message authenticity while enabling the effective tracing of malicious vehicles. Unfortunately, traditional CPPA schemes fail to consider the security of secret keys stored in tamper-proof devices (TPDs). Additionally, most existing schemes still suffer from excessive computational and communication overhead. In this paper, we propose CPPA-SKU, an efficient CPPA scheme with message recovery for VANET. CPPA-SKU introduces a secret key update method using a secure pseudo-random function and Shamir’s secret sharing to prevent key leakage issues in TPDs. Additionally, CPPA-SKU enables the recovery of relevant messages, eliminating the need to embed messages in signatures, thereby reducing the communication overhead. Furthermore, CPPA-SKU is implemented based on the elliptic curve cryptosystem, which avoids expensive bilinear pairing operations while ensuring the security of signatures. We also formally prove the security of CPPA-SKU in the random oracle model. Comprehensive performance evaluations indicate that CPPA-SKU reduces computational overhead by approximately 1.3<span><math><mo>×</mo></math></span>–2.8<span><math><mo>×</mo></math></span> and communication overhead by approximately 1.5<span><math><mo>×</mo></math></span>-3.5<span><math><mo>×</mo></math></span>.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104369"},"PeriodicalIF":8.0,"publicationDate":"2025-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145404577","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DNCCQ-PPO: A dynamic network congestion control algorithm based on deep reinforcement learning for XQUIC DNCCQ-PPO:基于深度强化学习的XQUIC动态网络拥塞控制算法
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-10-30 DOI: 10.1016/j.jnca.2025.104371
Wenhui Yu , Jinyao Liu , Xiaoqiang Di , Pei Xiao , Hui Qi
The diversity of network forms and services poses challenges to the TCP protocol in achieving good performance. The current XQUIC implementation of the QUIC protocol still adopts TCP’s heuristic congestion control mechanisms, resulting in limited performance gains. In recent years, reinforcement learning-based congestion control has emerged as an effective alternative to traditional strategies, but existing algorithms are not optimized for dynamic network characteristics. In this paper, we propose a deep reinforcement learning-based congestion control algorithm, Dynamic Network Congestion Control for QUIC Based on PPO (DNCCQ-PPO). To address the heterogeneity of dynamic network training environments, we introduce a novel sampling interaction mechanism, action space, and reward function, and propose an asynchronous distributed training scheme. Additionally, we develop a generalized reinforcement learning framework for congestion control algorithm development that supports XQUIC, and verify the performance of DNCCQ-PPO within this framework. Experimental results demonstrate the algorithm’s fast convergence and excellent training performance. In performance tests, DNCCQ-PPO achieves throughput comparable to that of CUBIC while reducing latency by 54.78%. In multi-stream fairness tests, it outperforms several mainstream algorithms. In satellite network simulations, DNCCQ-PPO maintains high throughput while reducing latency by 69.58% and 72.77% compared to CUBIC and PCC, respectively.
网络形式和业务的多样性对TCP协议的性能提出了挑战。目前QUIC协议的XQUIC实现仍然采用TCP的启发式拥塞控制机制,导致性能提升有限。近年来,基于强化学习的拥塞控制已成为传统策略的有效替代,但现有算法并未针对网络的动态特性进行优化。本文提出了一种基于深度强化学习的拥塞控制算法——基于PPO的QUIC动态网络拥塞控制(DNCCQ-PPO)。为了解决动态网络训练环境的异质性,引入了一种新的采样交互机制、动作空间和奖励函数,提出了一种异步分布式训练方案。此外,我们开发了一个用于支持XQUIC的拥塞控制算法开发的广义强化学习框架,并在该框架内验证了DNCCQ-PPO的性能。实验结果表明,该算法具有较快的收敛速度和良好的训练性能。在性能测试中,DNCCQ-PPO实现了与CUBIC相当的吞吐量,同时将延迟降低了54.78%。在多流公平性测试中,它优于几种主流算法。在卫星网络模拟中,与CUBIC和PCC相比,DNCCQ-PPO在保持高吞吐量的同时,延迟分别降低了69.58%和72.77%。
{"title":"DNCCQ-PPO: A dynamic network congestion control algorithm based on deep reinforcement learning for XQUIC","authors":"Wenhui Yu ,&nbsp;Jinyao Liu ,&nbsp;Xiaoqiang Di ,&nbsp;Pei Xiao ,&nbsp;Hui Qi","doi":"10.1016/j.jnca.2025.104371","DOIUrl":"10.1016/j.jnca.2025.104371","url":null,"abstract":"<div><div>The diversity of network forms and services poses challenges to the TCP protocol in achieving good performance. The current XQUIC implementation of the QUIC protocol still adopts TCP’s heuristic congestion control mechanisms, resulting in limited performance gains. In recent years, reinforcement learning-based congestion control has emerged as an effective alternative to traditional strategies, but existing algorithms are not optimized for dynamic network characteristics. In this paper, we propose a deep reinforcement learning-based congestion control algorithm, Dynamic Network Congestion Control for QUIC Based on PPO (DNCCQ-PPO). To address the heterogeneity of dynamic network training environments, we introduce a novel sampling interaction mechanism, action space, and reward function, and propose an asynchronous distributed training scheme. Additionally, we develop a generalized reinforcement learning framework for congestion control algorithm development that supports XQUIC, and verify the performance of DNCCQ-PPO within this framework. Experimental results demonstrate the algorithm’s fast convergence and excellent training performance. In performance tests, DNCCQ-PPO achieves throughput comparable to that of CUBIC while reducing latency by 54.78%. In multi-stream fairness tests, it outperforms several mainstream algorithms. In satellite network simulations, DNCCQ-PPO maintains high throughput while reducing latency by 69.58% and 72.77% compared to CUBIC and PCC, respectively.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104371"},"PeriodicalIF":8.0,"publicationDate":"2025-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145404579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
LiteWTAKA: Authenticating UAV-GCS and UAV–UAV communication using secure and lightweight mechanism based on PUF LiteWTAKA:使用基于PUF的安全和轻量级机制验证无人机- gcs和无人机-无人机通信
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-10-30 DOI: 10.1016/j.jnca.2025.104372
Naveen Kumar, Ankit Chaudhary
The adoption of Unmanned Aerial Vehicles (UAVs) or Drone technology is increasing from miliary to civilian domains because of its effectiveness in performing difficult operations. UAV communicates with Ground Control Station (GCS) in presence of open wireless channel which is insecure. The communication is susceptible to various security attacks because of open nature of wireless channel. A number of traditional cryptographic solutions are provided to mitigate these attacks, but there is need of large amount of computational resources. The UAVs are equipped with limited resources, so a lightweight mechanism is required. So, in this paper, a lightweight authentication and key agreement protocol is proposed that makes use of Physical Unclonable Function (PUF) technology along with the hash function and XOR operations to secure the communication. The proposed scheme ensures the robust authentication along with session key update mechanism. The security of proposed mechanism is validated and verified by formal security analysis using Scyther simulation tool, Burrows-Abadi-Needham (BAN) logic and Real-or-Random (ROR) model. The comprehensive analysis demonstrates that the scheme effectively mitigates known security attacks. The efficiency of proposed protocol is demonstrated by performing the experiments and by comparing it with the state-of-the-art schemes in terms of computation cost, communication cost, energy consumption and security requirements.
无人驾驶飞行器(uav)或无人机技术的采用正在从军事领域增加到民用领域,因为它可以有效地执行困难的操作。无人机与地面控制站(GCS)在开放无线信道存在的情况下进行通信是不安全的。由于无线信道的开放性,通信容易受到各种安全攻击。传统的加密解决方案可以缓解这些攻击,但需要大量的计算资源。无人机装备的资源有限,因此需要一种轻量级的机制。因此,本文提出了一种轻量级的身份验证和密钥协议,该协议利用物理不可克隆功能(PUF)技术以及哈希函数和异或操作来保护通信。该方案保证了认证的鲁棒性和会话密钥更新机制。利用Scyther仿真工具、Burrows-Abadi-Needham (BAN)逻辑和Real-or-Random (ROR)模型对所提出机制的安全性进行了形式化的安全性分析和验证。综合分析表明,该方案能够有效缓解已知的安全攻击。通过实验验证了该协议的有效性,并将其与现有协议在计算成本、通信成本、能耗和安全要求等方面进行了比较。
{"title":"LiteWTAKA: Authenticating UAV-GCS and UAV–UAV communication using secure and lightweight mechanism based on PUF","authors":"Naveen Kumar,&nbsp;Ankit Chaudhary","doi":"10.1016/j.jnca.2025.104372","DOIUrl":"10.1016/j.jnca.2025.104372","url":null,"abstract":"<div><div>The adoption of Unmanned Aerial Vehicles (UAVs) or Drone technology is increasing from miliary to civilian domains because of its effectiveness in performing difficult operations. UAV communicates with Ground Control Station (GCS) in presence of open wireless channel which is insecure. The communication is susceptible to various security attacks because of open nature of wireless channel. A number of traditional cryptographic solutions are provided to mitigate these attacks, but there is need of large amount of computational resources. The UAVs are equipped with limited resources, so a lightweight mechanism is required. So, in this paper, a lightweight authentication and key agreement protocol is proposed that makes use of Physical Unclonable Function (PUF) technology along with the hash function and XOR operations to secure the communication. The proposed scheme ensures the robust authentication along with session key update mechanism. The security of proposed mechanism is validated and verified by formal security analysis using Scyther simulation tool, Burrows-Abadi-Needham (BAN) logic and Real-or-Random (ROR) model. The comprehensive analysis demonstrates that the scheme effectively mitigates known security attacks. The efficiency of proposed protocol is demonstrated by performing the experiments and by comparing it with the state-of-the-art schemes in terms of computation cost, communication cost, energy consumption and security requirements.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"245 ","pages":"Article 104372"},"PeriodicalIF":8.0,"publicationDate":"2025-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145382976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Mamba-NTP: Mamba-based network traffic prediction with sparse measurements Mamba-NTP:基于mamba的稀疏测量网络流量预测
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-10-22 DOI: 10.1016/j.jnca.2025.104364
Chengzhe Xu , Yingya Guo , Huan Luo , Yue Yu , Zebo Huang
Accurate network traffic prediction is critical for efficient network planning and routing, especially in large-scale and dynamic environments. Traditional approaches rely on full-scale measurements, which are often impractical due to cost, scalability, and privacy concerns. Sparse measurements offer a more feasible alternative but lead to incomplete traffic data, posing significant challenges for accurate prediction. To address this, we propose Mamba-NTP, a novel end-to-end Mamba-based Network Traffic Prediction framework designed for sparse measurement settings. Leveraging the recent Mamba state-space model, Mamba-NTP captures long-range spatiotemporal dependencies with linear time complexity, enabling efficient and scalable prediction. Furthermore, Mamba-NTP employs a multi-task learning paradigm — comprising Traffic Completion, Graph Learning, and Traffic Prediction tasks — to extract shared traffic representations and enhance prediction robustness. In addition, the graph learning task in Mamba-NTP leverages graph learning techniques to infer intrinsic traffic correlations and model the inner traffic dependencies among network nodes. Extensive experiments on real-world datasets demonstrate that Mamba-NTP consistently outperforms state-of-the-art methods in both accuracy and efficiency under various levels of measurement sparsity.
准确的网络流量预测对于有效的网络规划和路由至关重要,特别是在大规模和动态环境中。传统的方法依赖于全面的测量,由于成本、可伸缩性和隐私问题,这通常是不切实际的。稀疏测量提供了一个更可行的替代方案,但导致交通数据不完整,对准确预测提出了重大挑战。为了解决这个问题,我们提出了Mamba-NTP,这是一个新颖的端到端基于mamba的网络流量预测框架,专为稀疏测量设置而设计。利用最新的Mamba状态空间模型,Mamba- ntp可以捕获具有线性时间复杂性的远程时空依赖关系,从而实现高效和可扩展的预测。此外,Mamba-NTP采用多任务学习范式——包括流量完成、图学习和流量预测任务——来提取共享的流量表示并增强预测的鲁棒性。此外,Mamba-NTP中的图学习任务利用图学习技术来推断内在的流量相关性,并对网络节点之间的内部流量依赖关系进行建模。对真实世界数据集的广泛实验表明,在各种测量稀疏度水平下,Mamba-NTP始终优于最先进的精度和效率方法。
{"title":"Mamba-NTP: Mamba-based network traffic prediction with sparse measurements","authors":"Chengzhe Xu ,&nbsp;Yingya Guo ,&nbsp;Huan Luo ,&nbsp;Yue Yu ,&nbsp;Zebo Huang","doi":"10.1016/j.jnca.2025.104364","DOIUrl":"10.1016/j.jnca.2025.104364","url":null,"abstract":"<div><div>Accurate network traffic prediction is critical for efficient network planning and routing, especially in large-scale and dynamic environments. Traditional approaches rely on full-scale measurements, which are often impractical due to cost, scalability, and privacy concerns. Sparse measurements offer a more feasible alternative but lead to incomplete traffic data, posing significant challenges for accurate prediction. To address this, we propose Mamba-NTP, a novel end-to-end Mamba-based Network Traffic Prediction framework designed for sparse measurement settings. Leveraging the recent Mamba state-space model, Mamba-NTP captures long-range spatiotemporal dependencies with linear time complexity, enabling efficient and scalable prediction. Furthermore, Mamba-NTP employs a multi-task learning paradigm — comprising Traffic Completion, Graph Learning, and Traffic Prediction tasks — to extract shared traffic representations and enhance prediction robustness. In addition, the graph learning task in Mamba-NTP leverages graph learning techniques to infer intrinsic traffic correlations and model the inner traffic dependencies among network nodes. Extensive experiments on real-world datasets demonstrate that Mamba-NTP consistently outperforms state-of-the-art methods in both accuracy and efficiency under various levels of measurement sparsity.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"244 ","pages":"Article 104364"},"PeriodicalIF":8.0,"publicationDate":"2025-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145364130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A protocol-independent in-network security service for cloud applications 为云应用程序提供协议独立的网络内安全服务
IF 8 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Journal of Network and Computer Applications
Pub Date : 2025-10-22 DOI: 10.1016/j.jnca.2025.104368
Bin Song , Bin Sun , Qiang Fu , Hao Li
Cloud services are increasingly generating a large amount of Internet traffic. Much of it such as rich media and gaming traffic is not highly sensitive but prefers some protection. The traditional end-to-end encryption such as Transport Layer Security Protocol (TLS) is costly and has its own issues, such as increased latency, while the simple anonymity solutions cannot resist traffic analysis attacks. In this paper, we propose FlowShredder, a protocol-independent and in-network service to secure such traffic in the cloud. FlowShredder aims to break the association between the packets, the data flow, and the hosts by obfuscating the packet header (and some payload if needed). Without the context of the flow and the hosts, these packets are of little value to the adversary. The operation is carried out at cloud gateways, without encrypting the payload. Its simple logic can therefore be executed within a single pipeline of the Tofino programmable switch, to ensure wire-speed performance without the scalability issue. Being protocol-independent and operating in-network at wire speed make FlowShredder a practical and generic security service to protect the cloud traffic. In addition, FlowShredder can work with end-to-end encryption such as 0-RTT TLS (e.g., Quick UDP Internet Connections Protocol, QUIC) for enhanced protection, ideal for web browsing or real-time communications. We implement FlowShredder in Programming Protocol-Independent Packet Processors Language (P4) switches. Experiments in synthetic and real scenarios show that FlowShredder can effectively resist the traffic analysis attack with supervised learning techniques, and realize the wire-speed performance over a 100Gbps network while incurring minor overhead.
云服务越来越多地产生大量的互联网流量。其中很多数据,如富媒体和游戏流量,并不是高度敏感的,但需要一些保护。传输层安全协议(Transport Layer Security Protocol, TLS)等传统的端到端加密成本高,并且存在延迟增加等问题,而简单的匿名解决方案无法抵御流量分析攻击。在本文中,我们提出了FlowShredder,这是一种协议独立的网络内服务,用于保护云中的此类流量。FlowShredder旨在通过混淆包头(如果需要的话,还有一些有效负载)来打破包、数据流和主机之间的关联。如果没有流和主机的上下文,这些数据包对攻击者来说几乎没有价值。该操作在云网关上执行,不加密有效负载。因此,其简单的逻辑可以在Tofino可编程交换机的单个管道中执行,以确保线速性能而不存在可扩展性问题。协议独立和在网络中以线速运行使FlowShredder成为保护云流量的实用和通用安全服务。此外,FlowShredder可以使用端到端加密,如0-RTT TLS(例如,快速UDP互联网连接协议,QUIC),以增强保护,非常适合网页浏览或实时通信。我们在编程协议独立包处理器语言(P4)交换机中实现了FlowShredder。综合和真实场景实验表明,FlowShredder利用监督学习技术可以有效抵御流量分析攻击,并且在产生较小开销的情况下实现100Gbps网络的线速性能。
{"title":"A protocol-independent in-network security service for cloud applications","authors":"Bin Song ,&nbsp;Bin Sun ,&nbsp;Qiang Fu ,&nbsp;Hao Li","doi":"10.1016/j.jnca.2025.104368","DOIUrl":"10.1016/j.jnca.2025.104368","url":null,"abstract":"<div><div>Cloud services are increasingly generating a large amount of Internet traffic. Much of it such as rich media and gaming traffic is not highly sensitive but prefers some protection. The traditional end-to-end encryption such as Transport Layer Security Protocol (TLS) is costly and has its own issues, such as increased latency, while the simple anonymity solutions cannot resist traffic analysis attacks. In this paper, we propose FlowShredder, a protocol-independent and in-network service to secure such traffic in the cloud. FlowShredder aims to break the association between the packets, the data flow, and the hosts by obfuscating the packet header (and some payload if needed). Without the context of the flow and the hosts, these packets are of little value to the adversary. The operation is carried out at cloud gateways, without encrypting the payload. Its simple logic can therefore be executed within a single pipeline of the Tofino programmable switch, to ensure wire-speed performance without the scalability issue. Being protocol-independent and operating in-network at wire speed make FlowShredder a practical and generic security service to protect the cloud traffic. In addition, FlowShredder can work with end-to-end encryption such as 0-RTT TLS (<em>e.g.</em>, Quick UDP Internet Connections Protocol, QUIC) for enhanced protection, ideal for web browsing or real-time communications. We implement FlowShredder in Programming Protocol-Independent Packet Processors Language (P4) switches. Experiments in synthetic and real scenarios show that FlowShredder can effectively resist the traffic analysis attack with supervised learning techniques, and realize the wire-speed performance over a 100Gbps network while incurring minor overhead.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"244 ","pages":"Article 104368"},"PeriodicalIF":8.0,"publicationDate":"2025-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145364208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
类型
全部 化学•材料 生命科学 医学 物理 工程技术 环境•农林 材料科学 地球科学 法学 管理学 化学 环境科学与生态学 计算机科学 教育学 经济学 农林科学 人文科学 生物学 数学 物理与天体物理 心理学 综合性期刊 其他 工业工程 理学 历史学 农学 文学 信息工程
数据库
全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley
期刊
Journal of Network and Computer Applications
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1