Computer Networks最新文献

{"title":"Lightweight misbehavior detection in the internet of vehicles using knowledge distillation from large language models","authors":"Aishwarya R,&nbsp;Vetriselvi V,&nbsp;Aruna Gladys,&nbsp;Prahmodh R","doi":"10.1016/j.comnet.2026.112083","DOIUrl":"10.1016/j.comnet.2026.112083","url":null,"abstract":"<div><div>In the Internet of Vehicles (IoV), Vehicle-to-Everything (V2X) communication enables the exchange of periodic basic safety messages containing critical information such as speed and position between vehicles, infrastructure, networks, and pedestrians. These safety messages form the backbone of many safety-critical applications. However, they are susceptible to disruptions caused by faulty components or insider attacks, potentially leading to misinformation and chaos within the network due to attacks such as fixed position, random position, fixed speed, random speed, eventual stop, data replay, DoS, and sybil attacks. Previous research has explored machine learning and deep learning techniques for misbehavior detection. Nevertheless, significant challenges remain, particularly in detecting and classifying various attacks in the resource-constrained IoV devices. To address these challenges, this paper proposes a knowledge distillation-based approach that leverages the Large Language Model (LLM) as the teacher and an attention-based BiLSTM as the student model. The goal is to enhance misbehavior detection performance while reducing model complexity and detection time in IoV environments. The proposed framework incorporates data generation to enrich the teacher LLM with knowledge specific to the vehicular domain, followed by feature-based knowledge distillation from the fine-tuned teacher LLM to a lightweight student model, thereby enhancing feature learning and improving misbehavior detection. A distillation loss function is employed during training to effectively transfer the learned feature representations from the teacher to the student model, to improve the student model’s classification capabilities. Extensive experiments demonstrate that the teacher model generates high-quality synthetic data, and the proposed method significantly outperforms traditional deep learning approaches for misbehavior detection on the benchmark VeReMi extension dataset. Furthermore, the student model achieves 97% recall with reduced computational cost, model size, and attack detection time of 0.812 s, making it highly suitable for deployment in real-time, resource-limited IoV systems.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112083"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SCADANet: A novel dataset for SCADA cybersecurity and intrusion detection","authors":"Enes ALGUL ,&nbsp;Ferdi DOĞAN ,&nbsp;Ahmad Ayid Ahmad ,&nbsp;Onur POLAT","doi":"10.1016/j.comnet.2026.112087","DOIUrl":"10.1016/j.comnet.2026.112087","url":null,"abstract":"<div><div>This paper presents SCADANet, a new dataset tailored for cybersecurity research in Supervisory Control and Data Acquisition (SCADA) systems. SCADA systems are critical for automating essential infrastructure sectors, including energy, water, manufacturing, and transportation. However, their open network architectures, outdated software, and inadequate access controls expose them to cyber threats, risking service disruptions, physical damage, and threats to human safety and economic stability. To address these challenges, advanced cyber-physical security solutions are essential.</div><div>In this study, we generated a virtual SCADA network using the Modbus/TCP protocol and simulated both typical and SCADA-specific cyberattacks alongside normal network traffic. The resulting data was captured and analyzed using Wireshark, TShark, and JA4+ tools, then stored in a structured, multi-layered, labelled CSV format.</div><div>SCADANet was employed to train a deep learning-based intrusion detection system, utilizing proposed DeepNonLocalNN model, which achieved high accuracy by leveraging both local and global traffic patterns. With its comprehensive protocol coverage, realistic traffic scenarios, and open-access design, SCADANet serves as a valuable resource for advancing SCADA security research and makes a significant contribution to the field.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112087"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175051","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DenTC: An expandable framework for dynamic malicious traffic classification","authors":"Rui Chen ,&nbsp;Lailong Luo ,&nbsp;Bangbang Ren ,&nbsp;Deke Guo ,&nbsp;Changhao Qiu ,&nbsp;Shangsen Li ,&nbsp;Xiaodong Wang","doi":"10.1016/j.comnet.2026.112078","DOIUrl":"10.1016/j.comnet.2026.112078","url":null,"abstract":"<div><div>Malicious traffic classification is crucial for network security and the identification of malicious network activities. Currently, deep learning (DL)-based traffic classification techniques primarily learn features from static traffic datasets. However, network traffic is dynamic and constantly evolving, with new traffic types continuously emerging. This makes it difficult for existing static DL-based methods to meet the demands of dynamic traffic classification. On one hand, fine-tuning existing DL-based models with newly arrived data leads to catastrophic forgetting of previously learned knowledge; on the other hand, retraining the entire model using all available data introduces high data dependency. To circumvent these issues, we propose DenTC, a novel expandable framework for dynamic malicious traffic classification. DenTC offers three key advantages: (i) it incrementally learns from dynamic traffic without requiring retraining of the entire model; (ii) it mitigates catastrophic forgetting of past knowledge, achieving accurate and stable performance; and (iii) it minimizes data dependency, eliminating the need to store all old data. Unlike existing methods, we construct a dynamically expandable module that freezes the previously learned representation while extending new feature extractors to acquire new knowledge. To further reinforce the retention of past knowledge, a subset of representative samples from old classes is selected for subsequent training. To better learn discriminative features for new classes, we introduce an auxiliary loss function to the new feature extractor. Additionally, we employ weight alignment to correct the weights biased toward new classes. Trace-driven experiments show that DenTC maintains high and stable performance while incrementally learning dynamic network traffic, outperforming existing methods.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112078"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175047","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Certifiably robust and privacy-preserving federated learning against backdoor attacks","authors":"Mengyuan Li ,&nbsp;Xu Ma ,&nbsp;Zhenzhi Teng ,&nbsp;Hongwei Zhou ,&nbsp;Lifei Wei","doi":"10.1016/j.comnet.2026.112063","DOIUrl":"10.1016/j.comnet.2026.112063","url":null,"abstract":"<div><div>Federated learning is a distributed machine learning paradigm enabling multiple participants to collaboratively train models without sharing their data. Although federated learning offers significant privacy benefits, it also encounters several privacy and security challenges. These challenges include safeguarding model and data privacy while defending against malicious attacks, such as poisoning and backdoor attacks. Previous work has primarily focused on either privacy preservation or model robustness, with limited attention to addressing privacy and security simultaneously. Furthermore, existing privacy protection and robustness enhancement schemes often necessitate multiple client-server interactions, leading to significant communication costs. To address these issues, we propose CPFL, a federated learning scheme that is robust against backdoor attacks while preserving model privacy. Specifically, CPFL incorporates random smoothing into the federated learning framework to ensure certifiable robustness, while employing GAN to protect local data and model privacy. To enhance privacy and protect generator parameters from leakage, CPFL employs a two-trapdoor homomorphic encryption algorithm. Experiments on the MNIST, FMNIST, EMNIST, and SVHN datasets show that CPFL maintains strong performance irrespective of the proportion of backdoor attackers. Notably, CPFL achieves nearly a 10% increase in certified accuracy even when backdoor attackers constitute more than 50% of the participants.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112063"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175045","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MAE: Collaborative inference acceleration with efficient DNN partitioning and resource allocation in resource-constrained edge computing","authors":"Juan Fang,&nbsp;Yaxin An,&nbsp;Yaqi Liu,&nbsp;Ziyi Teng,&nbsp;Xiaoning Zhai,&nbsp;Heng Tang,&nbsp;Huijie Chen","doi":"10.1016/j.comnet.2026.112073","DOIUrl":"10.1016/j.comnet.2026.112073","url":null,"abstract":"<div><div>Mobile Edge Computing (MEC) serves as a critical architecture that empowers resource-constrained mobile terminals to provide neural network driven edge intelligence services. Its core challenge centers on addressing the efficiency bottleneck of Deep Neural Network (DNN) inference in edge-device collaboration scenarios. Although existing DNN partitioning techniques facilitate the cooperative deployment of computation-intensive DNNs between User Equipment (UEs) and edge servers (ES), these techniques impose a theoretical upper bound on optimal inference latency since they fundamentally fail to modify the DNN structure. Inspired by the widely adopted Mixture of Experts (MoE) paradigm, we introduce the Mixture of Adaptive Experts (MAE) framework, which is specifically designed for heterogeneous collaborative DNN inference in resource-constrained edge computing environments. Specifically, MAE reconfigures convolutional channels as specialized ”experts”; that is, only a sparse subset of these convolutional channels are activated during each inference process. This design significantly reduces intermediate feature transmission overhead while preserving model accuracy. Furthermore, MAE facilitates efficient model partitioning and the subsequent selection of expert models. Notably, MAE fundamentally transforms the computationally intractable resource scheduling challenge into an optimization problem defined by a monotonically decreasing function. To address this optimization problem, we propose an algorithm called MAE resource allocation which is capable of achieving the optimal solution in logarithmic time. Large-scale experiments on real-world heterogeneous DNN tasks showcase that our solution significantly improves overall system performance while guaranteeing inference accuracy, thereby conclusively validating its effectiveness and efficiency in practical edge computing environments.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112073"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175050","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Predictive mobility-aware service function chain migration in mobile edge computing: An approach based on hierarchical reinforcement learning","authors":"Tao Zou ,&nbsp;Xibai Rong ,&nbsp;Qiang Zhu","doi":"10.1016/j.comnet.2026.112071","DOIUrl":"10.1016/j.comnet.2026.112071","url":null,"abstract":"<div><div>Network function virtualization (NFV) is an emerging technology in mobile edge computing (MEC) that enables the provisioning of stable, low- delay network services for mobile end users. With the rapid growth of highly mobile user equipment, such as drones, the efficient management of service function chains (SFCs), composed of ordered virtual network functions (VNFs), has become a fundamental challenge. User mobility may lead to increased service delay, quality of service (QoS) violations, and degraded QoS, making live SFC migration indispensable. However, most recent studies overlook the temporal mismatch between user mobility dynamics and network service times, which often results in suboptimal resource allocation. Consequently, effective decision-making for live SFC migration remains an open challenge due to the highly dynamic environment and its strong dependency on user mobility patterns. In this paper, we develop a Predictive Mobility-aware SFC Migration framework based on Hierarchical Reinforcement Learning (PMM-HRL). PMM-HRL formulates the predictive mobility-aware live SFC migration problem as an integer nonlinear programming (ILP) problem, aiming to proactively acquire user mobility information and predict long-term user mobility patterns. The objective of PMM-HRL is to enhance network service provisioning by minimizing downtime, service delay, migration time, and resource usage. To this end, a long-sequence time-series forecasting (LSTF) model is embedded into PMM-HRL to predict long-term user mobility behaviors in advance. Based on the prediction outcomes, a hierarchical reinforcement learning framework is employed to derive optimal SFC migration strategies through coordinated two-level agent decision-making. Extensive evaluation results demonstrate that PMM-HRL significantly outperforms state-of-the-art approaches in terms of service delay, migration time, and service downtime across diverse user mobility scenarios.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112071"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Traffic burst relational graph attention network combined position encoding for traffic classification","authors":"Xi Xiao ,&nbsp;Zeming Wu ,&nbsp;Siji Chen ,&nbsp;Guangwu Hu ,&nbsp;Le Yu ,&nbsp;Qing Li ,&nbsp;Hao Li ,&nbsp;Qingjun Yuan","doi":"10.1016/j.comnet.2026.112072","DOIUrl":"10.1016/j.comnet.2026.112072","url":null,"abstract":"<div><div>Traffic classification has become an essential technology for information service providers. Existing methods use relational graph attention networks for traffic classification. However, they ignore the interaction information brought by traffic bursts in traffic sequences and the relational information between traffic bursts. As a result, these approaches often exhibit low precision and recall performance. To overcome the limitations of existing methods, we design a new burst position relational graph attention network (BP-RGAT) for traffic classification. We introduce the Heterogeneous Traffic Burst Graph (HTBG) to obtain more traffic interaction information. We also incorporate Relative Traffic Burst Position Encoding (RBPE) to capture sequence information between bursts. To evaluate the performance of BP-RGAT, we conduct experiments with four public datasets (i.e. ISCX-VPN2016, USTC-TFC2016, DADABox and CTU-13). The results show that BP-RGAT achieves the best accuracy across all datasets and strong overall performance across precision, recall, and F1 score compared to existing baseline methods.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112072"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"PrivacyGuard: A hierarchical privacy-preserving framework for IoT-fog-cloud architectures","authors":"Phat T. Tran-Truong ,&nbsp;Trung D. Mai ,&nbsp;Ha X. Son ,&nbsp;Phien Nguyen Ngoc ,&nbsp;Bang K. Le ,&nbsp;Khanh H. Vo ,&nbsp;Ngan N.T. Kim ,&nbsp;Triet M. Nguyen ,&nbsp;Anh T. Nguyen","doi":"10.1016/j.comnet.2026.112076","DOIUrl":"10.1016/j.comnet.2026.112076","url":null,"abstract":"<div><div>Fog computing enables low-latency IoT applications but introduces critical privacy risks when fog nodes are untrusted or compromised. Current privacy-preserving frameworks address either cloud security or basic fog-layer encryption, yet none provide comprehensive user-centric privacy enforcement with fine-grained preference composition for distributed IoT-fog-cloud architectures. However, the integration of fog computing–essential for reducing latency in time-critical IoT applications–introduces significant privacy risks when fog nodes are untrusted or compromised. Existing privacy-preserving frameworks primarily address either cloud security or basic fog-layer encryption, but fail to provide comprehensive, user-centric privacy enforcement that accommodates fine-grained preferences, multi-source data fusion, and regulatory compliance in distributed IoT-fog-cloud architectures. This paper presents PrivacyGuard, a novel four-tier privacy-preserving framework specifically designed for personal IoT data protection where fog infrastructure may be untrusted. PrivacyGuard introduces several key innovations: a dedicated edge layer enabling users to specify hierarchical privacy preferences with exceptions and prohibitions through intuitive interfaces; hierarchical data category and purpose taxonomies supporting fine-grained privacy control while maintaining GDPR compliance; privacy preference composition mechanisms automatically deriving least-privilege policies when fusing multi-source data; Trusted Execution Environment (TEE)-based privacy validation at fog nodes enabling secure computation on encrypted data without exposing sensitive information to potentially malicious operators; and hash-based validation result caching optimized for high-latency rural networks. We demonstrate through emulation that PrivacyGuard achieves sub-100ms single-request P99 latency (97.03ms), with graceful degradation to 2,059ms P99 under 100 concurrent users, 91.7% MITM resistance, and 6.37 ×  cache speedup.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112076"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146116731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Demand aggregation-based transmission in remote sensing satellite networks","authors":"Jing Chen ,&nbsp;Xiaoqiang Di ,&nbsp;Yuming Jiang ,&nbsp;Hui Qi ,&nbsp;Jinyao Liu ,&nbsp;Xu Yan","doi":"10.1016/j.comnet.2026.112066","DOIUrl":"10.1016/j.comnet.2026.112066","url":null,"abstract":"<div><div>As remote sensing satellite networks develop, directly linking user terminals to satellites to access data is becoming a key trend. To meet growing user demands while managing limited transmission resources, this paper proposes a Demand Aggregation-based Network Utility Maximization Transmission Scheme(DANUMTS). It uses the NDN architecture and demand aggregation based on spatio-temporal attributes of remote sensing data to prevent redundant data transmission and resource waste. The scheme also designs a demand-link matching matrix for demand selection at each hop and establishes a cooperative rate control model between terminals and networks. By applying the Lagrangian dual method, the model is divided into two subproblems to simplify the optimization process and enable real-time decision-making. Simulation results demonstrate that DANUMTS outperforms existing methods in terms of demand completion time, data rate, network throughput, and the number of completed demands, with more significant improvements when demand aggregation opportunities arise.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112066"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reinforcement learning and movement prediction for adaptive routing in opportunistic networks","authors":"Frederick Schindlegger ,&nbsp;Thomas Hupperich","doi":"10.1016/j.comnet.2026.112084","DOIUrl":"10.1016/j.comnet.2026.112084","url":null,"abstract":"<div><div>Opportunistic Networks are a type of mobile ad-hoc network in intermittent communication environments, allowing nodes to exchange data whenever they come into contact, making them particularly useful in areas with disruptions or limited infrastructure. Efficient routing is crucial for these networks and is required to adapt to dynamic topology changes. We propose a novel <em>Spray-Learn-Wait</em> routing protocol, utilizing clustering-based movement prediction and reinforcement learning to optimize the data exchange between nodes. Compared to established protocols like Epidemic, First Contact, and ProPHET, message delivery probability may be increased while reducing the network overhead ratio and the number of dropped messages. The protocol follows the principle of minimal data sharing within a network to meet sustainability and privacy requirements.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112084"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}