{"title":"IEEE/ACM Transactions on Networking Society Information","authors":"","doi":"10.1109/TNET.2024.3513679","DOIUrl":"https://doi.org/10.1109/TNET.2024.3513679","url":null,"abstract":"","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"C3-C3"},"PeriodicalIF":3.0,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10807688","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142858967","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"IEEE/ACM Transactions on Networking Information for Authors","authors":"","doi":"10.1109/TNET.2024.3513677","DOIUrl":"https://doi.org/10.1109/TNET.2024.3513677","url":null,"abstract":"","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"5539-5539"},"PeriodicalIF":3.0,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10807686","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142858966","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"FPCA: Parasitic Coding Authentication for UAVs by FM Signals","authors":"Shaopeng Zhu;Xiaolong Zheng;Liang Liu;Huadong Ma","doi":"10.1109/TNET.2024.3412958","DOIUrl":"https://doi.org/10.1109/TNET.2024.3412958","url":null,"abstract":"De-authentication attack is one of the major threats to Unmanned Aerial Vehicle (UAV) communication, in which the attacker continuously sends de-authentication frames to disconnect the UAV communication link. Existing defense methods are based on authentication by digital passwords or physical channel features. But they suffer from replay attacks or cannot adapt to the UAV mobility. In this paper, instead of enhancing the in-channel authentication, we leverage the ambient broadcasting signal to establish a low-cost additional channel for authentication. Different from methods using another dedicated secure communication channel to perform an independent authentication, we use the ambient FM radio broadcasting channel and couple the two channels by encoding parasitic bits on the host signals of the broadcasting channel, which is called parasitic coding. To further enhance the security, we propose the FM-based Parasitic Coding Authentication (FPCA) that leverages elaborate host signal processing and vector coding to ensure that the attacker cannot decode our authentication even knowing the FM receiving frequency. We implement FPCA on the embedded UAV platform. The extensive experiments show that FPCA can resist replay attacks and brute force searching, achieving reliable continuous authentication for UAVs.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"4570-4584"},"PeriodicalIF":3.0,"publicationDate":"2024-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142859214","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Guanglei Song;Lin He;Tao Chen;Jinlei Lin;Linna Fan;Kun Wen;Zhiliang Wang;Jiahai Yang
{"title":"PMap: Reinforcement Learning-Based Internet-Wide Port Scanning","authors":"Guanglei Song;Lin He;Tao Chen;Jinlei Lin;Linna Fan;Kun Wen;Zhiliang Wang;Jiahai Yang","doi":"10.1109/TNET.2024.3491314","DOIUrl":"https://doi.org/10.1109/TNET.2024.3491314","url":null,"abstract":"Internet-wide scanning is a commonly used research technique in various network surveys, such as measuring service deployment and security vulnerabilities. However, these network surveys are limited to the given port set, not comprehensively obtaining the real network landscape, and even misleading survey conclusions. In this work, we introduce PMap, a port scanning tool that efficiently discovers the most open ports from all 65K ports in the whole network. PMap uses the correlation of ports to build an open port correlation graph of each network, using a reinforcement learning framework to update the correlation graph based on feedback results and dynamically adjust the order of port scanning. Compared to current port scanning methods, PMap performs better on hit rate, coverage, and intrusiveness. Our experiments over real networks show that PMap can find 90% open ports by only scanning 125 ports (90%@125) to each address, which is 99.3% less than the state-of-the-art port scanning methods. It reduces the number of scanned ports to decrease the intrusive nature of port scanning. In addition, PMap is highly parallel and lightweight. It scans 500 networks in parallel, achieving a port recommendation rate of up to 18 million per second, consuming only 7GB of memory. PMap is the first effective practice for scanning open ports using reinforcement learning. It bridges the gap of existing scanning tools and effectively supports subsequent service discovery and security research.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"5524-5538"},"PeriodicalIF":3.0,"publicationDate":"2024-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142858964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Liang Xie;Zhou Su;Nan Chen;Yuntao Wang;Yiliang Liu;Ruidong Li
{"title":"A Privacy-Preserving Incentive Scheme for Data Sensing in App-Assisted Mobile Edge Crowdsensing","authors":"Liang Xie;Zhou Su;Nan Chen;Yuntao Wang;Yiliang Liu;Ruidong Li","doi":"10.1109/TNET.2024.3431629","DOIUrl":"https://doi.org/10.1109/TNET.2024.3431629","url":null,"abstract":"Application (App)-assisted mobile edge crowd- sensing is a promising paradigm, in which Apps are in charge of tagging the location of the sensing tasks as point-of-interest (PoI) to assist the platform in recruiting users to participate in the sensing tasks. However, there exist potential security, incentive, and privacy threats for App-assisted mobile edge crowdsensing (AMECS) due to the presence of malicious Apps, the low-quality shared sensing data, and the vulnerability of wireless communication. Therefore, we propose a differential privacy-based incentive (DPI) scheme for AMECS to provide secure and efficient crowdsensing services while protecting users’ privacy. Specifically, we first propose an App quality management mechanism to correlate the behavior of each App with its quality and then select reliable Apps based on quality thresholds to assist the platform in recruiting users. With the designed mechanism, we further present an auction game-based incentive mechanism to encourage Apps to mark the location of the sensing tasks as PoI. To protect the privacy of users, a privacy-preserving sensing data sharing algorithm is devised based on differential privacy. Further, given the difficulty of obtaining accurate network parameters in practice, a reinforcement learning-based incentive mechanism is designed to encourage users to participate in sensing tasks. Finally, simulation results and security analysis demonstrate that the proposed scheme can effectively improve the utilities of users, ensure the security of the crowdsensing process, and protect the privacy of users.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"4765-4780"},"PeriodicalIF":3.0,"publicationDate":"2024-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142859335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"EPIC: Traffic Engineering-Centric Path Programmability Recovery Under Controller Failures in SD-WANs","authors":"Songshi Dou;Li Qi;Jianye Wang;Zehua Guo","doi":"10.1109/TNET.2024.3438292","DOIUrl":"https://doi.org/10.1109/TNET.2024.3438292","url":null,"abstract":"Software-Defined Wide Area Networks (SD-WANs) offer a promising opportunity to enhance the performance of Traffic Engineering (TE). With the help of Software-Defined Networking (SDN), TE can promptly respond to traffic changes and maintain network performance by leveraging a global network view. One of the key benefits of SDN for TE is path programmability, which is empowered by SDN controllers to enable dynamic adjustments of flows’ forwarding paths. However, controller failures pose new challenges for SD-WANs since path programmability could be decreased due to the increasing number of offline flows, leading to potential TE performance degradation. Existing recovery solutions mainly focus on recovering path programmability for improving unpredictable network performance but cannot guarantee consistently satisfactory TE performance as expected, since path programmability can only indirectly evaluate network performance. In this paper, we propose EPIC to ensure robust TE performance under controller failures. We observe that frequently rerouted flows could greatly influence TE performance. Enlightened by this, EPIC introduces a novel metric called the TE performance-centric ratio to assess the relevance of different path programmability values for TE performance. The key idea of EPIC lies in identifying frequently rerouted flows during TE operations and prioritizing recovery of the path programmability of these flows under controller failures. We formulate an optimization problem to maximize TE performance-centric path programmability and propose an efficient heuristic algorithm to solve this problem. Evaluation results demonstrate that EPIC can improve average load balancing performance by up to 55.6% compared with baselines.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"4871-4884"},"PeriodicalIF":3.0,"publicationDate":"2024-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142858969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jiongyu Dai;Usama Saeed;Ying Wang;Yanjun Pan;Haining Wang;Kevin T. Kornegay;Lingjia Liu
{"title":"Detection of Overshadowing Attack in 4G and 5G Networks","authors":"Jiongyu Dai;Usama Saeed;Ying Wang;Yanjun Pan;Haining Wang;Kevin T. Kornegay;Lingjia Liu","doi":"10.1109/TNET.2024.3421371","DOIUrl":"https://doi.org/10.1109/TNET.2024.3421371","url":null,"abstract":"Despite the promises of current and future cellular networks to increase security, privacy, and robustness, 5G networks are designed to streamline discovery and initiate connections with limited computation and communication costs, leading to the predictability of control channels. This predictability enables signal-level attacks, particularly on unprotected initial access signals. To assess vulnerability in access control and enhance robustness in cellular networks, we present a strategic approach leveraging O-RAN architecture in this paper that detects and classifies signal-level attacks for actionable countermeasure defense. We evaluate attack scenarios of various power levels on both 4G/LTE-Advanced and 5G communication systems. We categorize the types of attack models based on the attack cost: Overshadowing and Jamming. Overshadowing represents low attack power categories with time and frequency synchronization, while Jamming represents un-targeted attacks that cause similar quality-of-service degradation as overshadowing attacks but require high power levels. Our detection strategy relies on supervised machine-learning models, specifically a Reservoir Computing (RC) based supervised learning approach that leverages physical and MAC-layer information for attack detection and classification. We demonstrate the efficacy of our detection strategy through extensive experimental evaluations using the O-RAN platform with software-defined radios (SDRs) and commercial off-the-shelf (COTS) user equipment (UEs). Empirical results show that our method can classify the change in statistics caused by most overshadowing and jamming attacks with more than 95% classification accuracy.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"4615-4628"},"PeriodicalIF":3.0,"publicationDate":"2024-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142858959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"VERCEL: Verification and Rectification of Configuration Errors With Least Squares","authors":"Abhiram Singh;Sidharth Sharma;Ashwin Gumaste","doi":"10.1109/TNET.2024.3422035","DOIUrl":"https://doi.org/10.1109/TNET.2024.3422035","url":null,"abstract":"We present Vercel, a network verification and automatic fault rectification tool that is based on a computationally tractable, algorithmically expressive, and mathematically aesthetic domain of linear algebra. Vercel works on abstracting out packet headers into standard basis vectors that are used to create a port-specific forwarding matrix \u0000<inline-formula> <tex-math>$mathcal {A}$ </tex-math></inline-formula>\u0000, representing a set of packet headers/prefixes that a router forwards along a port. By equating this matrix \u0000<inline-formula> <tex-math>$mathcal {A}$ </tex-math></inline-formula>\u0000 and a vector b (that represents the set of all headers under consideration), we are able to apply least squares (which produces a column rank agnostic solution) to compute which headers are reachable at the destination. Reachability now simply means evaluating if vector b is in the column space of \u0000<inline-formula> <tex-math>$mathcal {A}$ </tex-math></inline-formula>\u0000, which can efficiently be computed using least squares. Further, the use of vector representation and least squares opens new possibilities for understanding network behavior. For example, we are able to map rules, routing policies, what-if scenarios to the fundamental linear algebraic form, \u0000<inline-formula> <tex-math>$mathcal {A}x=b$ </tex-math></inline-formula>\u0000, as well as determine how to configure forwarding tables appropriately. We show Vercel is faster than the state-of-art such as NetPlumber, Veriflow, APKeep, AP Verifier, when measured over diverse datasets. Vercel is almost as fast as Deltanet, when rules are verified in batches and provides better scalability, expressiveness and memory efficiency. A key highlight of Vercel is that while evaluating for reachability, the tool can incorporate intents, and transform these into auto-configurable table entries, implying a recommendation/correction system.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"4600-4614"},"PeriodicalIF":3.0,"publicationDate":"2024-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142858961","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"IEEE/ACM Transactions on Networking Information for Authors","authors":"","doi":"10.1109/TNET.2024.3473569","DOIUrl":"https://doi.org/10.1109/TNET.2024.3473569","url":null,"abstract":"","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 5","pages":"4551-4551"},"PeriodicalIF":3.0,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10720544","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142442973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}