Computer Networks最新文献

{"title":"Graph-based fast-flux domain detection using graph neural networks","authors":"Wei Xiong ,&nbsp;Yang Wang ,&nbsp;Haiyang Jiang ,&nbsp;Hongtao Guan","doi":"10.1016/j.comnet.2026.112075","DOIUrl":"10.1016/j.comnet.2026.112075","url":null,"abstract":"<div><div>Fast-flux domains are frequently exploited by cybercriminals to perform various attacks, making their detection crucial for maintaining network security. Traditional detection methods rely on manually defined statistical indicators to characterize the spatial distribution of a domain’s associated hosts, including the resolved hosts and authoritative name servers. However, given the increasingly decentralized nature of internet services, these statistical indicators may fail to capture the feature completely, resulting in inaccurate detection. To address this limitation, our proposed method leverages a graph structure to not only provide a more comprehensive representation of the existing feature but also incorporate a supplementary feature considering the spatial distribution between a domain’s client and the resolved hosts assigned to it. At the same time, we customize a graph sampling method to avoid significant increase in detection time caused by excessive graph size. To determine whether the constructed graph represents a fast-flux or benign domain, twelve types of Graph Neural Network (GNN) models, formed by pairwise combinations of three graph convolution methods and four graph pooling methods, are examined. Evaluation datasets are constructed from both public sources and real-world data, demonstrating that the GAT-SAG model performs optimally among the twelve GNN models and significantly outperforms state-of-the-art statistics-based models in terms of accuracy, with only a tolerable increase in time consumption.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112075"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An efficient physical layer information reconciliation protocol","authors":"Xingyu Xiao,&nbsp;Gang Xin,&nbsp;Jian Zhang,&nbsp;Kexin Wang,&nbsp;Jianing Guo","doi":"10.1016/j.comnet.2026.112080","DOIUrl":"10.1016/j.comnet.2026.112080","url":null,"abstract":"<div><div>We consider the information reconciliation problem in physical layer key generation and proposes an interactive reconciliation protocol based on forward error correction (FEC) codes. Unlike traditional interactive reconciliation protocols that directly transmit parity bits, this protocol leverages the correlated randomness between the communicating parties to leak less information. The proposed protocol achieves high reconciliation efficiency while requiring significantly fewer communication rounds. For a frame length of 65536, the reconciliation efficiency of this protocol surpasses that of LDPC-based reconciliation protocol and the communication rounds required is substantially lower than that of both the original Cascade protocol and its improved variants.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112080"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Investigation of advanced persistent threats network-based tactics, techniques and procedures","authors":"Almuthanna Alageel ,&nbsp;Sergio Maffeis","doi":"10.1016/j.comnet.2026.112069","DOIUrl":"10.1016/j.comnet.2026.112069","url":null,"abstract":"<div><div>The scarcity of data and the high complexity of Advanced Persistent Threats (APTs) attacks have created challenges in comprehending their behavior and hindered the exploration of effective detection techniques. To create an effective APT detection strategy, it is important to examine the Tactics, Techniques, and Procedures (TTPs) that have been reported by the industry. These TTPs can be difficult to classify as either malicious or legitimate. When developing an approach for the next generation of network intrusion detection systems (NIDS), it is necessary to take into account the specific context of the attack explained in this paper.</div><div>In this study, we select 33 APT campaigns based on the fair distribution over the past 22 years to observe the evolution of APTs over time. We focus on their evasion techniques and how they stay undetected for months or years. We found that APTs cannot continue their operations without C&amp; C servers, which are mostly addressed by Domain Name System (DNS). We identify several TTPs used for DNS, such as Dynamic DNS, typosquatting, and TLD squatting. The next step for APT operators is to start communicating with a victim. We found that the most popular protocol to deploy evasion techniques is using HTTP(S) with 81% of APT campaigns. HTTP(S) can evade firewall filtering and pose as legitimate web-based traffic. DNS protocol is also widely used by 45% of APTs for DNS resolution and tunneling. We also investigated the excessive use of fallback channels to evade NIDS that rely on volume-based features. We identify that 60.6% of APT campaigns split their traffic over multiple IP addresses. We also highlight other TTPs that can also be equipped during a campaign, such as non-application protocols or data obfuscation, which are frequently found in our analysis. In conclusion, we outline a roadmap for the future development of next-generation APT detection systems. Our study highlights the necessity of innovative solutions to counter evolving attack patterns, improve threat visibility, and reinforce proactive defense strategies.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112069"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient level-3 secure certificateless signature against malicious KGC attacks for IoT","authors":"Yi-Fan Tseng,&nbsp;Chieh-Han Wu","doi":"10.1016/j.comnet.2026.112094","DOIUrl":"10.1016/j.comnet.2026.112094","url":null,"abstract":"<div><div>Certificateless Signature (CLS), introduced by Al-Riyami and Paterson at ASIACRYPT 2003, is a breakthrough approach to address the key escrow problem of ID-based primitives. Recently, numerous pairing-free certificateless signature (PF-CLS) schemes have been proposed to adapt to the prevalent environment of IoT. These schemes aim to reduce computation and communication costs, thus further enhancing processing speeds. However, a semi-trusted key generation center (KGC) remains potentially insecure in real-world scenarios, making it vulnerable to malicious-but-passive attacks. In this work, we introduce a new pairing-free certificateless signature scheme that is secure against malicious-but-passive KGC attacks. Our scheme also achieves Girault’s level-3 security, allowing a user to claim repudiation if the KGC is misbehaving. Compared with other CLS schemes, the proposed scheme is both faster and more secure. Even when compared with existing pairing-free CLS schemes, the verification cost of our scheme is <span><math><mrow><mn>33</mn><mo>%</mo><mspace></mspace><mo>−</mo><mspace></mspace><mn>52</mn><mo>%</mo></mrow></math></span> lower than the others. When compared to pairing-based CLS with the same security properties, our scheme reduces computation costs by up to 99%. To the best of our knowledge, our scheme is the first pairing-free CLS that simultaneously achieves Girault’s level-3 security and security against malicious-but-passive KGC attacks.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112094"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Downlink resource allocation for IRS-aided indoor VLC considering link blockage","authors":"Huanlin Liu ,&nbsp;Wencai Wang ,&nbsp;Yong Chen ,&nbsp;Haonan Chen ,&nbsp;Yang Hu ,&nbsp;Wenjie Song ,&nbsp;Yangyang Hou","doi":"10.1016/j.comnet.2026.112092","DOIUrl":"10.1016/j.comnet.2026.112092","url":null,"abstract":"<div><div>Intelligent Reflecting Surface (IRS) has provided an innovative approach for solving communication link blocking issues in Visible Light Communication (VLC). Its programmability and beamforming capability can provide a flexible backup link for communication where line of sight is blocked, greatly reducing the probability of line of sight being affected by obstructions in VLC systems. Our work is devoted to investigating the role of IRS in VLC system while considering link blockage caused by obstructions and putting forward a method for resource management in IRS-aided downlink VLC system. To this end, we establish an IRS-aided indoor VLC link blockage model and propose a Joint optimization for User Association, IRS Configuration and Power Allocation (JUAICPA) to maximize the system’s data rate. In JUAICPA, we introduce a stable marriage matching algorithm to optimize the user association and IRS configuration. Moreover, we present a dynamic power allocation method based on remaining power to address the power allocation issue. Comparing to other algorithms, Simulation results show that the proposed JUAICPA can improve the system’s data rate at least 3.5% higher when the number of users is 15, benefiting from its insights on resource management of IRS-aided VLC system.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112092"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Quantum-enhanced adaptive scheduling for real-time IoT task optimization in fog-cloud systems","authors":"Afshin Yaghoobi,&nbsp;Mahsa Nazemi Harandi","doi":"10.1016/j.comnet.2026.112088","DOIUrl":"10.1016/j.comnet.2026.112088","url":null,"abstract":"<div><div>Real-time data gathering and processing for applications such as traffic control is made possible by the Internet of Things (IoT) technology, which has become a disruptive force in smart urban environments. The necessity for effective scheduling to handle resource-intensive and latency-sensitive workloads in fog-cloud systems has increased due to the quick spread of IoT devices. Dynamic network conditions and task dependencies provide serious problems for traditional scheduling techniques. In order to optimize task scheduling, this study presents the <strong>Q</strong>uantum-<strong>E</strong>nhanced <strong>A</strong>daptive <strong>S</strong>cheduling (QEAS) framework, a novel hybrid method that combines Deep Reinforcement Learning (DRL) and quantum annealing. QEAS models task interdependencies using Dynamic Directed Acyclic Graphs (DAGs) and adjusts to network changes in real time. The suggested approach prioritizes latency-critical processes and reduces resource overhead by dynamically distributing jobs among fog and cloud layers. When tested with CloudSim 5.0 in a synthetic fog-cloud environment, QEAS shows notable gains above baseline techniques. In addition to guaranteeing no deadline breaches and improving resource usage, the experimental findings show a 22% reduction in energy consumption, a 25% decrease in latency (94% jobs under 10 ms), a 24% drop in operational costs, and a 25–40% reduction in migration overhead.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112088"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Causality aware explainable deep reinforcement learning with adaptive attention mechanisms for scalable resource orchestration in 6G wireless networks","authors":"Salman Khan ,&nbsp;Woong-Kee Loh ,&nbsp;Hamid Ullah ,&nbsp;Javed Ali Khan ,&nbsp;Alexios Mylonas","doi":"10.1016/j.comnet.2026.112074","DOIUrl":"10.1016/j.comnet.2026.112074","url":null,"abstract":"<div><div>The emerging sixth generation (6G) wireless networks are expected to enable ultra dense, heterogeneous and AI native environments, supporting mission critical applications with stringent requirements on latency, scalability and interpretability. However, conventional Deep Reinforcement Learning (DRL) based resource management frameworks lack transparency, struggle with high-dimensional state spaces and fail to adapt effectively under dynamic network conditions. To address these challenges, this article proposed a novel Causality Aware Explainable Deep Reinforcement Learning (CE-DRL) framework that integrates causal inference with adaptive attention mechanisms for scalable and interpretable resource orchestration in 6G environments. Besides that the proposed framework also construct dynamic causal graphs to identify and prune inactive features to reduce the complexity and enhance convergence ratio. Additionally, a dual layer adaptive attention mechanism is added to refine both the temporal and spatial features under varying network loads. The framework further embeds explainable AI (XAI) components such as saliency maps and layer wise relevance propagation to offer transparent decision traces. Extensive simulations were performed on a virtualized 6G testbed to demonstrate the performance of proposed framework. The obtained results signify that CE-DRL outperforms other baseline DRL algorithms to reduce the latency upto 35%, energy efficiency upto 28% and increase the throughput by 14% and explainability factor upto 170% as a percentage ratio and ensure a reliable and scalable AI driven resource orchestration for real-time 6G wireless infrastructures.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112074"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175004","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Design and evaluation of a robust and explainable intrusion detection framework for 5G/B5G networks","authors":"Nasim Nezhadsistani ,&nbsp;Mohsen Tajgardan ,&nbsp;Mahdi Rabbani ,&nbsp;Weijie Niu ,&nbsp;Burkhard Stiller","doi":"10.1016/j.comnet.2026.112100","DOIUrl":"10.1016/j.comnet.2026.112100","url":null,"abstract":"<div><div>As Fifth-generation (5G) networks advance towards future 6G technology, they provide enhanced capabilities in terms of data rates, latency, and connectivity. The expanding and heterogeneous landscape further extends the attack surface with increasing vulnerability to a wide range of dynamic cyber threats. Traditional Intrusion Detection Systems, relying on static signature-based methods, face significant challenges in detecting novel attacks in such complex environments. This paper proposes an explainable hybrid AE-XGBoost framework to address these gaps. In this proposed framework, the deep autoencoder serves as the backbone for two primary tasks: learning robust features from high-dimensional traffic data and synthesizing high-quality samples for minority, underrepresented attack classes. It effectively forms a class-balanced dataset. This is further extended to integrate Shapley Additive Explanations (SHAP), which provide needed interpretability. The framework robustness is determined by an extensive evaluation strategy. Extensive experiments are conducted using a 5-fold cross-validation and cross-dataset validation using three different datasets. The experimental results demonstrate the model effectiveness and promising generalization across the different datasets. Across these settings, the proposed IDS achieves F1-scores between approximately 0.96 and 0.999 and AUC values above 0.97, with only minor performance differences between original and synthetic test samples. SHAP-based analysis further reveals that a small subset of 5G- and TCP-level features consistently dominates the predictions, offering actionable explanations for security analysts. This provides a successful, scalable, and reliable security measure that proves effective and appropriate for 6G mobile network implementations in the near future.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112100"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175010","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Adaptive ring-synchronized hierarchical routing for energy-efficient and congestion-aware data dissemination in mobile wireless sensor networks","authors":"MingXing Lu ,&nbsp;Zhao Wang ,&nbsp;Hongbo Fan","doi":"10.1016/j.comnet.2026.112077","DOIUrl":"10.1016/j.comnet.2026.112077","url":null,"abstract":"<div><div>A vital part of the Internet of Things (IoT) ecosystem, Mobile Wireless Sensor Networks (MWSNs) allow for intelligent monitoring in dynamic settings including smart cities, healthcare, and disaster management. Quality of Service (QoS) is harmed by the difficulties brought about by the mobility of sensor and sink nodes, such as unequal energy consumption, congestion close to mobile sinks, and unstable routing. This research suggests the Bio-Inspired Dynamic Swarm Routing (BDSR) protocol, an energy-adaptive and self-organizing routing architecture made for large-scale MWSNs, as a solution to these problems. To accomplish congestion-aware and energy-balanced communication, BDSR combines dynamic energy clustering, swarm-driven ring adaptation, and predictive pheromone learning. Based on local pheromone gradients, queue usage, and residual energy, the protocol automatically modifies cluster formation and routing weights. Compared to state-of-the-art techniques like SMEOR, AECR, MSHRP, and Hybrid GS-MBO, extensive NS-2 simulations demonstrate that BDSR increases throughput by 47%, lowers latency and end-to-end delay by 52%, and prolongs network lifetime by 38%. For high-mobility IoT applications that need real-time, energy-efficient, and congestion-tolerant data dissemination, the results validate the scalability and resilience of BDSR.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112077"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimizing handover decisions with skipping mechanisms in 5G mmWave UDNs using reinforcement learning","authors":"Abate Selamawit Chane,&nbsp;Harun Ur Rashid,&nbsp;Kamrul Hasan,&nbsp;Awoke Loret Abiy,&nbsp;Seong Ho Jeong","doi":"10.1016/j.comnet.2026.112081","DOIUrl":"10.1016/j.comnet.2026.112081","url":null,"abstract":"<div><div>The rapid evolution of 5G and emerging technologies is reshaping cellular network architectures. In order to support the growing demands for these technologies, many network designs now incorporate Ultra-Dense Networks (UDNs), particularly in the millimeter wave (mmWave) operations, where dense base station layouts are utilized to overcome propagation challenges and improve capacity. However, such dense deployments significantly complicate mobility management by triggering more frequent handovers, leading to increased signaling overhead and frequent service disruption, as many of these handovers are redundant or offer minimal benefit. To minimize interruptions caused by frequent handovers (HOs), effective handover decision strategies are critical. Several existing schemes have been developed for low to medium mobility scenarios and typically rely on static decision policies, which fail to account for the dynamic nature of the network. Others apply reinforcement learning techniques, yet their evaluations are often restricted to limited mobility settings and lack validation under high-speed conditions. To address these limitations, we propose a handover decision framework based on deep reinforcement learning (DRL) to intelligently suppress unnecessary handovers in mmWave UDNs. The framework leverages the Advantage Actor-Critic (A2C) algorithm, which is well-suited for learning optimal policies in dynamic network environments. A handover skipping strategy is incorporated to improve mobility robustness. Performance is evaluated using handover rate and throughput as key metrics. Experimental results demonstrate that the proposed scheme effectively learns optimal handover behavior through extensive training and outperforms several benchmark approaches from prior studies. As user speed increases, the proposed approach exhibits the most stable handover performance, with only a 28.74% increase in handover rate and outperforms the baselines, which show increases ranging from 60.7% to 91.6%. It also demonstrates strong resilience to mobility-induced degradation, with just a 10% drop in throughput, significantly lower than the 21.3% to 57.1% drops observed in the baseline schemes. In high-speed scenarios, the integration of dynamic handover skipping further improves the algorithm’s performance, yielding an 82.1% increase in cumulative reward and a 39% improvement in throughput.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112081"},"PeriodicalIF":4.6,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146175052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}