IEEE Transactions on Network and Service Management最新文献_第4页

Adapting to the Evolution: Enhancing Intrusion Detection Through Machine Learning in the QUIC Protocol Era 适应演变：在 QUIC 协议时代通过机器学习加强入侵检测

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-21 DOI: 10.1109/TNSM.2025.3540753

Adam Kadi;Lyes Khoukhi;Jouni Viinikka;Pierre-Edouard Fabre

{"title":"Adapting to the Evolution: Enhancing Intrusion Detection Through Machine Learning in the QUIC Protocol Era","authors":"Adam Kadi;Lyes Khoukhi;Jouni Viinikka;Pierre-Edouard Fabre","doi":"10.1109/TNSM.2025.3540753","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3540753","url":null,"abstract":"The advent of the QUIC protocol may herald a significant shift in the composition of online traffic in the years to come. The transport layer encryption of the QUIC protocol is one of its main evolutions, especially for metadata that was previously transmitted over TCP traffic without encryption. This new protocol has the potential to require significant alterations in future Internet traffic analysis methods and impact network intrusion detection. On the other side, Machine learning has been used in several research projects to identify network intrusions, with positive outcomes. However, we must take into account new evolution of network traffic. In this paper, we propose a new approach that employs supervised machine learning algorithms to identify flows generated by bots interacting with a Web server during a DDoS attack, focusing on the challenges posed by the QUIC protocol and its implications for effective intrusion detection and cybersecurity. Our contribution in this work is divided into three main parts: 1) A guided process with model architecture for emulating and collecting traffic that depict a range of situations our system may encounter; 2) an analysis module that consists on the creation of two labeled datasets, where observations represent the traffic flows detected in PCAP files. We studied the relevance of different features for these datasets, contributing to a thorough understanding of the quality of the data used; 3) a real world experimention for evaluating the effectiveness of several supervised machine learning algorithms on our datasets. This experimentation allows us to determine which algorithm provides the best prediction results.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 2","pages":"1929-1944"},"PeriodicalIF":4.7,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143860982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Class Incremental Website Fingerprinting Attack Based on Dynamic Expansion Architecture 基于动态扩展架构的类增量式网站指纹攻击

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-20 DOI: 10.1109/TNSM.2025.3538895

Yali Yuan;Yangyang Du;Guang Cheng

{"title":"Class Incremental Website Fingerprinting Attack Based on Dynamic Expansion Architecture","authors":"Yali Yuan;Yangyang Du;Guang Cheng","doi":"10.1109/TNSM.2025.3538895","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3538895","url":null,"abstract":"Encrypted traffic on anonymizing networks is still at risk of being exposed to the Website Fingerprinting (WF) attack. This attack can seriously threaten the online privacy of users of anonymity networks such as Tor. While deep-learning-based WF attacks achieve high accuracy in controlled experimental settings, they cannot continuously learn after deployment. In real-world environments, new websites are constantly emerging, requiring attackers to expand their monitoring scope continuously. This necessitates attack models capable of continuous learning and expanding classification capabilities. In this paper, we explore how attackers can leverage incremental class learning techniques to continuously learn new classes while retaining the ability to distinguish old ones. This approach mitigates the catastrophic forgetting problem in dynamic, open-world scenarios. We introduce a new WF attack, Class Incremental Fingerprinting (CIF), which employs a scalable architecture enabling Class Incremental Learning (CIL) with limited resources. We evaluate this attack in various scenarios, such as learning 100, 200, and 500 monitored website classes across 5 and 10 incremental tasks, achieving an average accuracy of 97.8% and above. Additionally, we assess the CIF attack’s effectiveness in open-world multi-classification scenarios and test it in few-shot settings using the proposed data augmentation method, Mixtam, achieving an average task accuracy of 87.6% and above with only 30 samples per class.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 2","pages":"1955-1971"},"PeriodicalIF":4.7,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143860833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

VPN-Encrypted Network Traffic Classification Using a Time-Series Approach 使用时间序列方法进行 VPN 加密网络流量分类

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-20 DOI: 10.1109/TNSM.2025.3543903

Jaidip Kotak;Idan Yankelev;Idan Bibi;Yuval Elovici;Asaf Shabtai

{"title":"VPN-Encrypted Network Traffic Classification Using a Time-Series Approach","authors":"Jaidip Kotak;Idan Yankelev;Idan Bibi;Yuval Elovici;Asaf Shabtai","doi":"10.1109/TNSM.2025.3543903","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3543903","url":null,"abstract":"Network traffic classification provides value to organizations and Internet service providers (ISPs). The identification of applications or services from network traffic enables organizations to better manage their business, and ISPs to offer services to their users. Given the vast quantity of traffic flowing in and out of organizations, it is impractical to write manual signatures for traffic identification. The effectiveness of machine learning (ML) in the identification of applications or services from network traffic has been demonstrated. Even when network traffic is encrypted, ML algorithms achieve high accuracy in the task of traffic identification based on statistical information and the packets’ headers and payloads. However, existing approaches were shown to be ineffective for VPN-encrypted network traffic. In this study, we propose a novel time-series based approach for the identification of traffic/source applications on VPN-encrypted traffic. We also demonstrate the broad applicability of our proposed approach by evaluating its effectiveness on non-VPN traffic that is encrypted, and on IoT traffic.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 2","pages":"2225-2242"},"PeriodicalIF":4.7,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143860753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Deterministic and Dynamic Joint Placement and Scheduling of VNF-FGs for Remote Robotic Surgery 远程机器人手术中vnf - fg的确定性和动态关节放置与调度

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-20 DOI: 10.1109/TNSM.2025.3539183

Amina Hentati;Amin Ebrahimzadeh;Roch H. Glitho;Fatna Belqasmi;Rabeb Mizouni

{"title":"Deterministic and Dynamic Joint Placement and Scheduling of VNF-FGs for Remote Robotic Surgery","authors":"Amina Hentati;Amin Ebrahimzadeh;Roch H. Glitho;Fatna Belqasmi;Rabeb Mizouni","doi":"10.1109/TNSM.2025.3539183","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3539183","url":null,"abstract":"During a Remote Robotic Surgery (RRS) session, multimodal data traffic with different requirements is initiated. In order to achieve a cost-effective deployment of such a system, it is crucial to tailor resource allocation policies based on the different quality of service (QoS) requirements of each data traffic. In this paper, we focus on resource allocation in a 5G-enabled tactile Internet RRS system using network function virtualization (NFV). In particular, we investigate the joint placement and scheduling of Virtualized Network Functions (VNFs) in a RRS system under both deterministic and dynamic settings. An integer linear program (ILP) is used to formulate the problem. Due to its high computational complexity, we first propose an efficient greedy algorithm to solve the ILP under deterministic settings. Simulation results show that our proposed algorithm achieves near-optimal performance and outperforms the benchmark solutions in terms of cost and admission rate. It can reduce cost by up to 37% and improve admission rate by up to 34% while satisfying both latency and reliability constraints. Furthermore, our results show that modeling the multimodal data traffic by multiple VNF Forwarding Graphs (VNF-FGs) with different QoS requirements achieves a significant gain in terms of cost and acceptance rate compared to modeling it by a single VNF-FG with the most stringent requirements. We then considered a dynamic environment where latency variations and traffic arrivals may occur over time. Using the principles of optimal stopping theory, we propose an adaptive dynamic scheduler that is capable of triggering recalculations of the existing optimal solution based on the observed cumulative number of traffic arrivals and latency violations without the need for predictions. Our proposed optimal scheduler minimizes the migration cost compared to other schedulers.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 2","pages":"1841-1858"},"PeriodicalIF":4.7,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143860845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Addressing Scalability Issues of Blockchains With Hypergraph Payment Networks 用超图支付网络解决区块链的可扩展性问题

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-20 DOI: 10.1109/TNSM.2025.3542960

Arad Kotzer;Bence Ladóczki;János Tapolcai;Ori Rottenstreich

{"title":"Addressing Scalability Issues of Blockchains With Hypergraph Payment Networks","authors":"Arad Kotzer;Bence Ladóczki;János Tapolcai;Ori Rottenstreich","doi":"10.1109/TNSM.2025.3542960","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3542960","url":null,"abstract":"Payment channels are auspicious candidates in layer-2 solutions to reduce the number of on-chain transactions on traditional blockchains and increase transaction throughput. To construct payment channels, peers lock funds on 2-of-2 multisig addresses and open channels between one another to transact via instant peer-to-peer transactions. Transactions between peers without a direct channel are made possible by routing the payment over a series of adjacent channels. In certain cases, this can lead to relatively low transaction success rates and high transaction fees. In this work, we introduce pliability to constructing payment channels and graft edges with more than two endpoints into the payment graph. We refer to these constructions as hyperedges. We present hyperedge-based topologies to form hypergraphs and compare them to Bitcoin’s Lightning network and other state-of-the-art solutions. The results demonstrate that hyperedge-based implementations can both increase transaction success rate, in addition to decreasing the network cost by more than 50% compared to that of the Lightning Network.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 3","pages":"2427-2440"},"PeriodicalIF":4.7,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144232158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Counteracting New Attacks in CPS: A Few-Shot Class-Incremental Adaptation Strategy for Intrusion Detection System 抵御CPS中的新攻击：入侵检测系统的几次类增量适应策略

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-20 DOI: 10.1109/TNSM.2025.3543773

Xinrui Dong;Yingxu Lai;Xiao Zhang;Xinyu Xu

{"title":"Counteracting New Attacks in CPS: A Few-Shot Class-Incremental Adaptation Strategy for Intrusion Detection System","authors":"Xinrui Dong;Yingxu Lai;Xiao Zhang;Xinyu Xu","doi":"10.1109/TNSM.2025.3543773","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3543773","url":null,"abstract":"The deep integration of physical devices and communication networks has increased the security risks of cyber-physical systems (CPSs) compared to traditional control systems. Deep learning-based intrusion detection systems (IDSs) play a crucial role in ensuring CPSs security. However, the existing IDSs often rely on known attack features, rendering them unable to withstand emerging new attacks arising from the dynamic evolution of intrusion behaviors. This paper aims to develop an IDSs with high adaptability and strong generalization capabilities, which is capable of rapidly adapting to new attack classes with only a few new samples. To achieve this objective, we propose CAT-IDS, a few-shot class-incremental adaptation strategy for an IDS to counteract new attacks on CPSs. We design a highly symmetric classifier structure for CAT-IDS that can flexibly adjust the classification space to adapt to new attacks. Furthermore, we calibrate the biased distribution formed by a few training samples through statistical feature transfer. In order to prevent the model from forgetting old attack information during the adaptation process, we devise hybrid features for attack detection. These features contain essential information for both old and new class classifications. We demonstrate the effectiveness of CAT-IDS through multiple experiments on three CPSs datasets. The results show that CAT-IDS achieves an average accuracy improvement of approximately 4. 5% compared to the state-of-the-art methods, demonstrating its superior ability to adapt to new attacks while maintaining high performance in classifying existing attacks.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 3","pages":"2473-2488"},"PeriodicalIF":4.7,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144232190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

JLOS: A Cooperative UAV-Based Optical Wireless Communication With Multi-Agent Reinforcement Learning 基于多智能体强化学习的协同无人机光无线通信

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-18 DOI: 10.1109/TNSM.2025.3543160

Jiangang Liu;Hanjiang Luo;Hang Tao;Jiahong Liu;Jiehan Zhou

{"title":"JLOS: A Cooperative UAV-Based Optical Wireless Communication With Multi-Agent Reinforcement Learning","authors":"Jiangang Liu;Hanjiang Luo;Hang Tao;Jiahong Liu;Jiehan Zhou","doi":"10.1109/TNSM.2025.3543160","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3543160","url":null,"abstract":"In maritime Internet of Things (IoT) systems, leveraging a swarm of Uncrewed Aerial Vehicles (UAVs) and optical communication can achieve a variety of potential maritime missions. However, due to the high directionality of the optical beam and interference from the marine environment, the optical link via UAVs as relays is prone to interruption. To address this challenge, we propose a Joint Link Optimization Scheme (JLOS) that includes Wind Disturbance Resistance (WDR) and Adaptive Beamwidth Adjustment (ABA). In WDR, we first model the problem as a Partially Observed Markov Decision Process (POMDP), and then design a collaborative Multi-Agent Reinforcement Learning (MARL) approach to control a swarm of UAVs in windy conditions, to maintain mechanical stability and prevent link interruption. Furthermore, in ABA, to reduce uncertainties from control activities and environmental factors like sunlight and fog, we design an adaptive algorithm using distributed MARL. It adjusts beamwidth based on historical UAV locations and link Bit Error Ratio (BER) to improve communication reliability. Numerical simulations confirm its effectiveness in enhancing robust data transmission.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 2","pages":"1345-1356"},"PeriodicalIF":4.7,"publicationDate":"2025-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143871088","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

DRLLog: Deep Reinforcement Learning for Online Log Anomaly Detection DRLLog：深度强化学习在线日志异常检测

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-17 DOI: 10.1109/TNSM.2025.3542595

Junwei Zhou;Yuyang Gao;Ying Zhu;Xiangtian Yu;Yanchao Yang;Cheng Tan;Jianwen Xiang

{"title":"DRLLog: Deep Reinforcement Learning for Online Log Anomaly Detection","authors":"Junwei Zhou;Yuyang Gao;Ying Zhu;Xiangtian Yu;Yanchao Yang;Cheng Tan;Jianwen Xiang","doi":"10.1109/TNSM.2025.3542595","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3542595","url":null,"abstract":"System logs record the system’s status and application behavior, providing support for various system management and diagnostic tasks. However, existing methods for log anomaly detection face several challenges, including limitations in recognizing current types of anomalous logs and difficulties in performing online incremental updates to the anomaly detection models. To address these challenges, this paper introduces DRLLog, which applies Deep Reinforcement Learning (DRL) networks to detect anomalous events. DRLLog uses Deep Q Network (DQN) as the agent, with log entries serving as reward signals. By interacting with the environment generated from log data and adopting various action behaviors, it aims to maximize the reward value obtained as feedback. Through this approach, DRLLog achieves learning from historical log data and perception of the current environment, enabling continuous learning and adaptation to different log sequence patterns. Additionally, DRLLog introduces low-rank adaptation by using two low-rank parameter matrices in the fully connected layer of the DQN to represent changes in its weight matrix. During online model learning, only low-rank parameter matrices of the model are updated, effectively reducing the model’s overhead. Furthermore, DRLLog introduces focal loss to focus more on learning the features of anomalous logs, effectively addressing the issue of imbalanced quantities between normal and anomalous logs. We evaluated the performance on widely used log datasets, including HDFS, BGL and ThunderBird, showing an average improvement of 3% in F1-Score compared to baseline methods. During online model learning, DRLLog achieves an average reduction of 90% in parameter count and a significant decrease in training and testing time as well.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 3","pages":"2382-2395"},"PeriodicalIF":4.7,"publicationDate":"2025-02-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144231975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Joint Double Auction-Based Channel Selection in Wireless Monitoring Networks 基于联合双拍卖的无线监控网络信道选择

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-17 DOI: 10.1109/TNSM.2025.3542821

Na Xia;Lei Chen;Meng Li;Yutao Yin;Ke Zhang

{"title":"Joint Double Auction-Based Channel Selection in Wireless Monitoring Networks","authors":"Na Xia;Lei Chen;Meng Li;Yutao Yin;Ke Zhang","doi":"10.1109/TNSM.2025.3542821","DOIUrl":"https://doi.org/10.1109/TNSM.2025.3542821","url":null,"abstract":"In wireless networks, utilizing sniffers for fault analysis, traffic traceback, and resource optimization is a crucial task. However, existing centralized algorithms cannot be applied to high-density wireless networks. Therefore, distributed optimization of channel selection to maximize the monitoring rate of sensors in Wireless Monitoring Networks (WMNs) is a challenge. This paper proposes a joint double auction-based distributed channel selection algorithm (J2A-CS) to maximize overall quality of monitoring (QoM). First, sniffers are redundantly deployed in WMNs, and an initial channel allocation strategy is formulated. Subsequently, sniffers collectively act as buyers and sellers at different stages. Finally, buyers bid asynchronously, and sellers settle synchronously to maximize the seller’s marginal revenue and update the channel selection scheme. As a distributed channel selection algorithm, J2A-CS addresses the highest overall QoM issue in WMNs, demonstrating high scalability and fault tolerance. Simulation results show that J2A-CS significantly improves QoM compared to existing distributed algorithms and outperforms centralized algorithms in high-density scenarios.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 3","pages":"2412-2426"},"PeriodicalIF":4.7,"publicationDate":"2025-02-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144232153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Mapping the Landscape of Generative AI in Network Monitoring and Management 生成式人工智能在网络监控和管理中的应用

IF 4.7 2区计算机科学

IEEE Transactions on Network and Service Management Pub Date : 2025-02-17 DOI: 10.1109/TNSM.2025.3543022

Giampaolo Bovenzi;Francesco Cerasuolo;Domenico Ciuonzo;Davide Di Monda;Idio Guarino;Antonio Montieri;Valerio Persico;Antonio Pescapé

引用次数: 0