Permissioned blockchain is a promising methodology to build zero-trust storage foundation with trusted data storage and sharing for the zero-trust network. However, the inherent full-backup feature of the permissioned blockchain poses potential data privacy risks and substantial storage costs, hindering its usage as a storage medium. These issues necessitate the usage of secure data deduplication technology to mitigate them. Unfortunately, current secure data deduplication schemes are predominantly designed with centralized cloud servers in mind and are not suitable for distributed blockchain systems. The reason is that the full backup feature of the permissioned blockchain renders a wide attack surface to offline brute-force and frequency analysis attacks. In response, we propose DedupChain, a secure blockchain-enabled storage system with deduplication for zero-trust networks. DedupChain employs a trusted execution environment (i.e., Inter SGX enclave) in conjunction with Oblivious RAM (ORAM) to offer a novel security guarantee named oblivious data deduplication, which empowers DedupChain with the ability to defend offline brute-force and frequency analysis attacks. DedupChain also proposes several novel techniques to address the security and efficiency issues raised by the SGX enclave. We implemented a system prototype of DedupChain and evaluated its performance metrics. Our experimental results show that DedupChain exhibits satisfactory operational delays, throughput, and storage overhead. Security analysis shows that DedupChain is robust enough to withstand several types of attacks. To the best of our knowledge, we are the first to apply secure data deduplication techniques to address data privacy and storage cost issues raised by permissioned blockchain when used as a zero-trust storage medium.
{"title":"DedupChain: A Secure Blockchain-Enabled Storage System With Deduplication for Zero-Trust Network","authors":"Saiyu Qi;Qiuhao Wang;Wei Wei;Xu Yang;Hongguang Zhao;Yuhao Liu;Xu Yang;Yong Qi","doi":"10.1109/JSAC.2025.3560043","DOIUrl":"10.1109/JSAC.2025.3560043","url":null,"abstract":"Permissioned blockchain is a promising methodology to build zero-trust storage foundation with trusted data storage and sharing for the zero-trust network. However, the inherent full-backup feature of the permissioned blockchain poses potential data privacy risks and substantial storage costs, hindering its usage as a storage medium. These issues necessitate the usage of secure data deduplication technology to mitigate them. Unfortunately, current secure data deduplication schemes are predominantly designed with centralized cloud servers in mind and are not suitable for distributed blockchain systems. The reason is that the full backup feature of the permissioned blockchain renders a wide attack surface to offline brute-force and frequency analysis attacks. In response, we propose DedupChain, a secure blockchain-enabled storage system with deduplication for zero-trust networks. DedupChain employs a trusted execution environment (i.e., Inter SGX enclave) in conjunction with Oblivious RAM (ORAM) to offer a novel security guarantee named oblivious data deduplication, which empowers DedupChain with the ability to defend offline brute-force and frequency analysis attacks. DedupChain also proposes several novel techniques to address the security and efficiency issues raised by the SGX enclave. We implemented a system prototype of DedupChain and evaluated its performance metrics. Our experimental results show that DedupChain exhibits satisfactory operational delays, throughput, and storage overhead. Security analysis shows that DedupChain is robust enough to withstand several types of attacks. To the best of our knowledge, we are the first to apply secure data deduplication techniques to address data privacy and storage cost issues raised by permissioned blockchain when used as a zero-trust storage medium.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2070-2086"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3560000
Xin Wang;Bo Yi;Qing Li;Shahid Mumtaz;Jianhui Lv
With the rapid advancement of technologies such as B5G/6G and edge computing, network scenarios are becoming increasingly complex and diverse, leading to the emergence of slicing networks. Virtualizing applications into distinct categories and establishing corresponding network slices ensures performance to a certain extent. However, the challenges posed by the complex slicing environment demand more fine-grained routing control and higher costs to locate requested content or services, areas where current state-of-the-art methods fall short. To address these challenges, this work introduces a system framework that integrates the principles of Segment Routing over IPv6 (SRv6). An SRv6 optimization layer is created between the control and infrastructure layers to manage slices effectively and enhance routing control. Additionally, we propose a novel policy routing method based on zero-trust and Graph Convolutional Network (GCN) technology. This method transforms actions into policies that can be flexibly deployed on SRv6 nodes, segment by segment. These actions encompass both routing and security measures, allowing for dynamic and flexible deployment of policies on each segment to achieve the desired goals. This integration of segment routing and zero-trust principles simplifies implementation and enhances security. Comprehensive experiments were conducted to evaluate the proposed method. The results demonstrate significant improvements over state-of-the-art methods, including a higher service acceptance rate, better resource utilization, and reduced average latency and packet loss rate.
{"title":"SRv6 and Zero-Trust Policy Enabled Graph Convolutional Neural Networks for Slicing Network Optimization","authors":"Xin Wang;Bo Yi;Qing Li;Shahid Mumtaz;Jianhui Lv","doi":"10.1109/JSAC.2025.3560000","DOIUrl":"10.1109/JSAC.2025.3560000","url":null,"abstract":"With the rapid advancement of technologies such as B5G/6G and edge computing, network scenarios are becoming increasingly complex and diverse, leading to the emergence of slicing networks. Virtualizing applications into distinct categories and establishing corresponding network slices ensures performance to a certain extent. However, the challenges posed by the complex slicing environment demand more fine-grained routing control and higher costs to locate requested content or services, areas where current state-of-the-art methods fall short. To address these challenges, this work introduces a system framework that integrates the principles of Segment Routing over IPv6 (SRv6). An SRv6 optimization layer is created between the control and infrastructure layers to manage slices effectively and enhance routing control. Additionally, we propose a novel policy routing method based on zero-trust and Graph Convolutional Network (GCN) technology. This method transforms actions into policies that can be flexibly deployed on SRv6 nodes, segment by segment. These actions encompass both routing and security measures, allowing for dynamic and flexible deployment of policies on each segment to achieve the desired goals. This integration of segment routing and zero-trust principles simplifies implementation and enhances security. Comprehensive experiments were conducted to evaluate the proposed method. The results demonstrate significant improvements over state-of-the-art methods, including a higher service acceptance rate, better resource utilization, and reduced average latency and packet loss rate.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2279-2292"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3559116
Hongru Li;Jiawei Shao;Hengtao He;Shenghui Song;Jun Zhang;Khaled B. Letaief
Task-oriented communication aims to extract and transmit task-relevant information to significantly reduce the communication overhead and transmission latency. However, the unpredictable distribution shifts between training and test data, including domain shift and semantic shift, can dramatically undermine the system performance. In order to tackle these challenges, it is crucial to ensure that the encoded features can generalize to domain-shifted data and detect semantic-shifted data, while remaining compact for transmission. In this paper, we propose a novel approach based on the information bottleneck (IB) principle and invariant risk minimization (IRM) framework. The proposed method aims to extract compact and informative features that possess high capability for effective domain-shift generalization and accurate semantic-shift detection without any knowledge of the test data during training. Specifically, we propose an invariant feature encoding approach based on the IB principle and IRM framework for domain-shift generalization, which aims to find the causal relationship between the input data and task result by minimizing the complexity and domain dependence of the encoded feature. Furthermore, we enhance the task-oriented communication with the label-dependent feature encoding approach for semantic-shift detection which achieves joint gains in IB optimization and detection performance. To avoid the intractable computation of the IB-based objective, we leverage variational approximation to derive a tractable upper bound for optimization. Extensive simulation results on image classification tasks demonstrate that the proposed scheme outperforms state-of-the-art approaches and achieves a better rate-distortion tradeoff.
{"title":"Tackling Distribution Shifts in Task-Oriented Communication With Information Bottleneck","authors":"Hongru Li;Jiawei Shao;Hengtao He;Shenghui Song;Jun Zhang;Khaled B. Letaief","doi":"10.1109/JSAC.2025.3559116","DOIUrl":"10.1109/JSAC.2025.3559116","url":null,"abstract":"Task-oriented communication aims to extract and transmit task-relevant information to significantly reduce the communication overhead and transmission latency. However, the <italic>unpredictable</i> distribution shifts between training and test data, including <italic>domain shift</i> and <italic>semantic shift</i>, can dramatically undermine the system performance. In order to tackle these challenges, it is crucial to ensure that the encoded features can generalize to <italic>domain-shifted</i> data and detect <italic>semantic-shifted</i> data, while remaining compact for transmission. In this paper, we propose a novel approach based on the information bottleneck (IB) principle and invariant risk minimization (IRM) framework. The proposed method aims to extract compact and informative features that possess high capability for effective <italic>domain-shift generalization</i> and accurate <italic>semantic-shift detection</i> without any knowledge of the test data during training. Specifically, we propose an invariant feature encoding approach based on the IB principle and IRM framework for <italic>domain-shift</i> generalization, which aims to find the causal relationship between the input data and task result by minimizing the complexity and domain dependence of the encoded feature. Furthermore, we enhance the task-oriented communication with the label-dependent feature encoding approach for <italic>semantic-shift detection</i> which achieves joint gains in IB optimization and detection performance. To avoid the intractable computation of the IB-based objective, we leverage variational approximation to derive a tractable upper bound for optimization. Extensive simulation results on image classification tasks demonstrate that the proposed scheme outperforms state-of-the-art approaches and achieves a better rate-distortion tradeoff.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 7","pages":"2667-2683"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10964522","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3560012
Xiaokang Zhou;Wei Liang;Kevin I-Kai Wang;Katsutoshi Yada;Laurence T. Yang;Jianhua Ma;Qun Jin
The rapid development and usage of digital technologies in modern intelligent systems and applications bring critical challenges on data security and privacy. It is essential to allow cross-organizational data sharing to achieve smart service provisioning, while preventing unauthorized access and data leak to ensure end users’ efficient and secure collaborations. Federated Learning (FL) offers a promising pathway to enable innovative collaboration across multiple organizations. However, more stringent security policies are needed to ensure authenticity of participating entities, safeguard data during communication, and prevent malicious activities. In this paper, we propose a Decentralized Federated Graph Learning (FGL) with Lightweight Zero Trust Architecture (ZTA) model, named DFGL-LZTA, to provide context-aware security with dynamic defense policy update, while maintaining computational and communication efficiency in resource-constrained environments, for highly distributed and heterogeneous systems in next-generation networking. Specifically, with a re-designed lightweight ZTA, which leverages adaptive privacy preservation and reputation-based aggregation together to tackle multi-level security threats (e.g., data-level, model-level, and identity-level attacks), a Proximal Policy Optimization (PPO) based Deep Reinforcement Learning (DRL) agent is introduced to enable the real-time and adaptive security policy update and optimization based on contextual features. A hierarchical Graph Attention Network (GAT) mechanism is then improved and applied to facilitate the dynamic subgraph learning in local training with a layer-wise architecture, while a so-called sparse global aggregation scheme is developed to balance the communication efficiency and model robustness in a P2P manner. Experiments and evaluations conducted based on two open-source datasets and one synthetic dataset demonstrate the usefulness of our proposed model in terms of training performance, computational and communication efficiency, and model accuracy, compared with other four state-of-the-art methods for next-generation networking security in modern distributed learning systems.
{"title":"Decentralized Federated Graph Learning With Lightweight Zero Trust Architecture for Next-Generation Networking Security","authors":"Xiaokang Zhou;Wei Liang;Kevin I-Kai Wang;Katsutoshi Yada;Laurence T. Yang;Jianhua Ma;Qun Jin","doi":"10.1109/JSAC.2025.3560012","DOIUrl":"10.1109/JSAC.2025.3560012","url":null,"abstract":"The rapid development and usage of digital technologies in modern intelligent systems and applications bring critical challenges on data security and privacy. It is essential to allow cross-organizational data sharing to achieve smart service provisioning, while preventing unauthorized access and data leak to ensure end users’ efficient and secure collaborations. Federated Learning (FL) offers a promising pathway to enable innovative collaboration across multiple organizations. However, more stringent security policies are needed to ensure authenticity of participating entities, safeguard data during communication, and prevent malicious activities. In this paper, we propose a Decentralized Federated Graph Learning (FGL) with Lightweight Zero Trust Architecture (ZTA) model, named DFGL-LZTA, to provide context-aware security with dynamic defense policy update, while maintaining computational and communication efficiency in resource-constrained environments, for highly distributed and heterogeneous systems in next-generation networking. Specifically, with a re-designed lightweight ZTA, which leverages adaptive privacy preservation and reputation-based aggregation together to tackle multi-level security threats (e.g., data-level, model-level, and identity-level attacks), a Proximal Policy Optimization (PPO) based Deep Reinforcement Learning (DRL) agent is introduced to enable the real-time and adaptive security policy update and optimization based on contextual features. A hierarchical Graph Attention Network (GAT) mechanism is then improved and applied to facilitate the dynamic subgraph learning in local training with a layer-wise architecture, while a so-called sparse global aggregation scheme is developed to balance the communication efficiency and model robustness in a P2P manner. Experiments and evaluations conducted based on two open-source datasets and one synthetic dataset demonstrate the usefulness of our proposed model in terms of training performance, computational and communication efficiency, and model accuracy, compared with other four state-of-the-art methods for next-generation networking security in modern distributed learning systems.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"1908-1922"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-15DOI: 10.1109/JSAC.2025.3560036
Xiang Wu;Baowen Zou;Chuanchuan Lu;Lili Wang;Yongting Zhang;Huanhuan Wang
With a growing security threat in wireless communication networks, a promising method for secure next-generation networks is a zero-trust framework focusing on authentication schemes. How to analyze the risks involved in authentication is a challenge. This study quantifies authentication risks within the zero-trust framework and introduces a privacy domain prevention-control theory. The theory encompasses dynamic privacy risk assessment, intelligent risk classification, and automated selection of privacy protection schemes. First, a dynamic privacy risk assessment method, based on physical entity relationships, is proposed to evaluate all privacy risks. Second, a five-category risk classification method is designed to categorize privacy risks, facilitating the selection of prevention-control schemes, with its rationality mathematically validated. Additionally, an Analytical Hierarchy Process (AHP)-based method is introduced to guide the optimal selection of prevention-control schemes for various scenarios. Finally, the practical application of the theory in medicine multi-modal computing scene of wireless body area networks demonstrates its effectiveness. The experimental results also show the superiority and feasibility of the proposed methods.
{"title":"Dynamic Security Computing Framework With Zero Trust Based on Privacy Domain Prevention and Control Theory","authors":"Xiang Wu;Baowen Zou;Chuanchuan Lu;Lili Wang;Yongting Zhang;Huanhuan Wang","doi":"10.1109/JSAC.2025.3560036","DOIUrl":"10.1109/JSAC.2025.3560036","url":null,"abstract":"With a growing security threat in wireless communication networks, a promising method for secure next-generation networks is a zero-trust framework focusing on authentication schemes. How to analyze the risks involved in authentication is a challenge. This study quantifies authentication risks within the zero-trust framework and introduces a privacy domain prevention-control theory. The theory encompasses dynamic privacy risk assessment, intelligent risk classification, and automated selection of privacy protection schemes. First, a dynamic privacy risk assessment method, based on physical entity relationships, is proposed to evaluate all privacy risks. Second, a five-category risk classification method is designed to categorize privacy risks, facilitating the selection of prevention-control schemes, with its rationality mathematically validated. Additionally, an Analytical Hierarchy Process (AHP)-based method is introduced to guide the optimal selection of prevention-control schemes for various scenarios. Finally, the practical application of the theory in medicine multi-modal computing scene of wireless body area networks demonstrates its effectiveness. The experimental results also show the superiority and feasibility of the proposed methods.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2266-2278"},"PeriodicalIF":0.0,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143836721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource. This paper proposes a method for federating zero trust architectures, ensuring the preservation of zero trust guarantees when accessing federated resources. The proposed approach relies on remote attestation, enabling continuous authentication and monitoring of requesters, without requiring intrusive software installations on every device within the federation. Moreover, this paper proposes a proof-of-concept architecture that combines several open-source products, to build an architecture with advanced zero trust maturity level. The feasibility of the proposed federation method is demonstrated through this proof-of-concept, providing detailed information on the federation procedure and its implementation.
{"title":"Building a Zero Trust Federation","authors":"Alexandre Poirrier;Laurent Cailleux;Thomas Heide Clausen","doi":"10.1109/JSAC.2025.3560014","DOIUrl":"10.1109/JSAC.2025.3560014","url":null,"abstract":"Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource. This paper proposes a method for federating zero trust architectures, ensuring the preservation of zero trust guarantees when accessing federated resources. The proposed approach relies on remote attestation, enabling continuous authentication and monitoring of requesters, without requiring intrusive software installations on every device within the federation. Moreover, this paper proposes a proof-of-concept architecture that combines several open-source products, to build an architecture with advanced zero trust maturity level. The feasibility of the proposed federation method is demonstrated through this proof-of-concept, providing detailed information on the federation procedure and its implementation.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2113-2125"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831759","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rapid evolution of blockchain has established it as a critical enabler for decentralized zero-trust services and networks. Without relying on traditional trust mechanisms such as pre-established mutual trust or central authentication, blockchain facilitates trust-free services via smart contract. Smart contracts offer verifiable software trust for various blockchain-enabled services (BESs) while protecting participants’ interests. However, the impact of blockchain on BES remains underexplored and unclear. In this work, we consider a general BES framework suitable for diverse decentralized zero-trust services and assess the role of blockchain in BES. We first build an $M/G/1$ -type queuing model for BES and establish the stability conditions using matrix analytic methods. Based on the stability conditions, we identify the blockchain scalability and server capability as two critical bottlenecks of BES. We further use a tandem queuing model to describe the BES latency of the assembling and service phases. We analytically characterize the properties such as the convexity of service-phase latency with respect to traffic intensity, and highlight the BES pooling effects from traffic offloading and resource sharing. At last, we verify our conclusions through simulations and explore potential pathways for more efficient BES frameworks.
{"title":"Blockchain-Enabled Decentralized Services and Networks: Assessing Roles and Impacts","authors":"Xintong Ling;Yuwei Le;Shiyi Chen;Jiaheng Wang;Xiaoyang Zhou","doi":"10.1109/JSAC.2025.3560044","DOIUrl":"10.1109/JSAC.2025.3560044","url":null,"abstract":"The rapid evolution of blockchain has established it as a critical enabler for decentralized zero-trust services and networks. Without relying on traditional trust mechanisms such as pre-established mutual trust or central authentication, blockchain facilitates trust-free services via smart contract. Smart contracts offer verifiable software trust for various blockchain-enabled services (BESs) while protecting participants’ interests. However, the impact of blockchain on BES remains underexplored and unclear. In this work, we consider a general BES framework suitable for diverse decentralized zero-trust services and assess the role of blockchain in BES. We first build an <inline-formula> <tex-math>$M/G/1$ </tex-math></inline-formula>-type queuing model for BES and establish the stability conditions using matrix analytic methods. Based on the stability conditions, we identify the blockchain scalability and server capability as two critical bottlenecks of BES. We further use a tandem queuing model to describe the BES latency of the assembling and service phases. We analytically characterize the properties such as the convexity of service-phase latency with respect to traffic intensity, and highlight the BES pooling effects from traffic offloading and resource sharing. At last, we verify our conclusions through simulations and explore potential pathways for more efficient BES frameworks.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2141-2154"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-14DOI: 10.1109/JSAC.2025.3559122
Rajesh Mishra;Syed Jafar;Sriram Vishwanath;Hyeji Kim
In this paper, we consider a K-user interference channel where interference among the users is neither too strong nor too weak, a scenario that is relatively underexplored in the literature. We propose a novel deep learning-based approach to design the encoder and decoder functions that aim to maximize the sumrate of the interference channel for discrete constellations. We first consider the MaxSINR algorithm, a state-of-the-art linear scheme for Gaussian inputs, as the baseline and then propose a modified version of the algorithm for discrete inputs. We then propose a neural network-based approach that learns a non-linear constellation mapping with the objective of maximizing the sumrate. We provide numerical results to show that the constellations learned by the neural network-based approach provide enhanced alignments, not just in beamforming directions but also in terms of the effective constellation at the receiver, thereby leading to improved sum-rate performance.
{"title":"Enhancing K-User Interference Alignment for Discrete Constellations via Learning","authors":"Rajesh Mishra;Syed Jafar;Sriram Vishwanath;Hyeji Kim","doi":"10.1109/JSAC.2025.3559122","DOIUrl":"10.1109/JSAC.2025.3559122","url":null,"abstract":"In this paper, we consider a <italic>K</i>-user interference channel where interference among the users is neither too strong nor too weak, a scenario that is relatively underexplored in the literature. We propose a novel deep learning-based approach to design the encoder and decoder functions that aim to maximize the sumrate of the interference channel for discrete constellations. We first consider the MaxSINR algorithm, a state-of-the-art linear scheme for Gaussian inputs, as the baseline and then propose a modified version of the algorithm for discrete inputs. We then propose a neural network-based approach that learns a non-linear constellation mapping with the objective of maximizing the sumrate. We provide numerical results to show that the constellations learned by the neural network-based approach provide enhanced alignments, not just in beamforming directions but also in terms of the effective constellation at the receiver, thereby leading to improved sum-rate performance.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 7","pages":"2405-2416"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-14DOI: 10.1109/JSAC.2025.3560040
Manh Tien Anh Nguyen;Van Tong;Sondes Bannour Souihi;Sami Souihi
Web applications have become integral to daily life due to the migration of applications and data to cloud-based platforms, increasing their vulnerability to attacks. This paper addresses the need for robust intrusion detection systems by proposing a system grounded in Zero Trust architecture, which mandates continuous monitoring and multi-layered defenses. The Zero Trust principles ensure ongoing threat assessment and comprehensive protection against various attack vectors. Building on these foundational Zero Trust principles, our study introduces a system designed to not only distinguish normal HTTP requests from well-known attack patterns but also detect emerging types of anomalous attacks. Our system consists of two models that integrate Natural Language Processing approaches, Deep Learning techniques, and Transfer Learning strategies. The first model is employed to detect new anomalous HTTP requests that differ from normal requests. HTTP requests identified as anomalous are transmitted to the second model in charge of classifying specific categories of both well-known and novel attacks. Experiments show that our end-to-end system achieves the average F1-score of 89% on the combination of the CAPEC dataset and the zero-shot CSIC dataset. The proposed system proves also to be able to identify anomalous requests with a minimal latency of 4.8 milliseconds in production settings.
{"title":"Zero Trust: Deep Learning and NLP for HTTP Anomaly Detection in IDS","authors":"Manh Tien Anh Nguyen;Van Tong;Sondes Bannour Souihi;Sami Souihi","doi":"10.1109/JSAC.2025.3560040","DOIUrl":"10.1109/JSAC.2025.3560040","url":null,"abstract":"Web applications have become integral to daily life due to the migration of applications and data to cloud-based platforms, increasing their vulnerability to attacks. This paper addresses the need for robust intrusion detection systems by proposing a system grounded in Zero Trust architecture, which mandates continuous monitoring and multi-layered defenses. The Zero Trust principles ensure ongoing threat assessment and comprehensive protection against various attack vectors. Building on these foundational Zero Trust principles, our study introduces a system designed to not only distinguish normal HTTP requests from well-known attack patterns but also detect emerging types of anomalous attacks. Our system consists of two models that integrate Natural Language Processing approaches, Deep Learning techniques, and Transfer Learning strategies. The first model is employed to detect new anomalous HTTP requests that differ from normal requests. HTTP requests identified as anomalous are transmitted to the second model in charge of classifying specific categories of both well-known and novel attacks. Experiments show that our end-to-end system achieves the average F1-score of 89% on the combination of the CAPEC dataset and the zero-shot CSIC dataset. The proposed system proves also to be able to identify anomalous requests with a minimal latency of 4.8 milliseconds in production settings.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"2215-2229"},"PeriodicalIF":0.0,"publicationDate":"2025-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143831760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-04-11DOI: 10.1109/JSAC.2025.3560039
Shiva Raj Pokhrel;Gang Li;Robin Doss;Surya Nepal
Next-generation networks demand security that evolves as fast as threats do. Our pioneering decentralized Zero Trust Architecture (dZTA), proposed in this paper, redefines protection for IoT and remote collaboration, merging Zero Trust’s ironclad access controls with blockchain’s transparency and federated learning’s privacy-first analytics. Unlike traditional models, dZTA enforces security at every layer: a distributed policy engine eliminates single points of failure, cross-network analytics optimize WiFi-8, satellite, and 6G performance under real-world stressors, and anti-leakage protocols safeguard IoT ecosystems. Rigorous real-world simulations confirm dZTA’s dual triumph—uncompromising security and seamless efficiency—proving its readiness to secure tomorrow’s hyperconnected world.
{"title":"Toward Decentralized Operationalization of Zero Trust Architecture for Next Generation Networks","authors":"Shiva Raj Pokhrel;Gang Li;Robin Doss;Surya Nepal","doi":"10.1109/JSAC.2025.3560039","DOIUrl":"10.1109/JSAC.2025.3560039","url":null,"abstract":"Next-generation networks demand security that evolves as fast as threats do. Our pioneering decentralized Zero Trust Architecture (dZTA), proposed in this paper, redefines protection for IoT and remote collaboration, merging Zero Trust’s ironclad access controls with blockchain’s transparency and federated learning’s privacy-first analytics. Unlike traditional models, dZTA enforces security at every layer: a distributed policy engine eliminates single points of failure, cross-network analytics optimize WiFi-8, satellite, and 6G performance under real-world stressors, and anti-leakage protocols safeguard IoT ecosystems. Rigorous real-world simulations confirm dZTA’s dual triumph—uncompromising security and seamless efficiency—proving its readiness to secure tomorrow’s hyperconnected world.","PeriodicalId":73294,"journal":{"name":"IEEE journal on selected areas in communications : a publication of the IEEE Communications Society","volume":"43 6","pages":"1998-2010"},"PeriodicalIF":0.0,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143822834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: