Computer Networks最新文献_第4页

AsyncDefender: Dynamic trust adaptation and collaborative defense for Byzantine-robust asynchronous federated learning AsyncDefender：拜占庭鲁棒异步联邦学习的动态信任适应和协作防御

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-14 DOI: 10.1016/j.comnet.2025.111430

Yulong Bai , Ying Wang , Xiangrui Xu , Yuhang Yang , Hina Batool , Zahid Iqbal , Jiuyun Xu

{"title":"AsyncDefender: Dynamic trust adaptation and collaborative defense for Byzantine-robust asynchronous federated learning","authors":"Yulong Bai , Ying Wang , Xiangrui Xu , Yuhang Yang , Hina Batool , Zahid Iqbal , Jiuyun Xu","doi":"10.1016/j.comnet.2025.111430","DOIUrl":"10.1016/j.comnet.2025.111430","url":null,"abstract":"<div><div>Traditional synchronous federated learning approaches face efficiency challenges in resource-heterogeneous networks and high-latency environments. The appearance of asynchronous federated learning has solved some of these limitations. However, Byzantine fault-tolerant approaches that work well in synchronous environments face unique challenges in asynchronous federated learning, such as synchronous robust rules that cannot be applied to asynchronous scenarios and difficulty in coping with dynamic changes. To address these issues, we introduce AsyncDefender, one of the first solutions designed specifically for Byzantine fault tolerance in asynchronous federated learning.AsyncDefender supports fully asynchronous updates from edge clients, tolerates arbitrary latency, and has no limitation on the number of Byzantine clients. The core of our method is the dynamic allocation of aggregation degrees based on the similarity between client gradients and global model gradients. In addition, we employ collaborative filtering between reviewers and non-reviewers and bidirectional credibility assessments to identify and eliminate malicious updates accurately. Extensive qualitative and quantitative experiments demonstrate that AsyncDefender is not only more robust to a large number of malicious Byzantine clients but also converges faster and performs more stably than existing approaches.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111430"},"PeriodicalIF":4.4,"publicationDate":"2025-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144298432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Routing, modulation-level, core and spectrum assignment schemes for dynamic multicast traffic in SDM-EONs sdm - eon中动态组播流量的路由、调制级、核心和频谱分配方案

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-13 DOI: 10.1016/j.comnet.2025.111475

Sarah Sarraf-Maralaniyan, Akbar Ghaffarpour Rahbar

{"title":"Routing, modulation-level, core and spectrum assignment schemes for dynamic multicast traffic in SDM-EONs","authors":"Sarah Sarraf-Maralaniyan, Akbar Ghaffarpour Rahbar","doi":"10.1016/j.comnet.2025.111475","DOIUrl":"10.1016/j.comnet.2025.111475","url":null,"abstract":"<div><div>The throughput of each link in Elastic Optical Networks (EONs) is limited by the capacity of the corresponding fiber. For this reason, Space Division Multiplexed-Elastic Optical Networks (SDM-EONs) have been proposed. Resource allocation in SDM-EONs includes Routing, Modulation-Level, Core and Spectrum Assignment (RMCSA). Due to the growing popularity of various streaming services on the Internet, data multicasting has received much attention. In this article, we present eight main and eight secondary RMCSA schemes for dynamic multicast traffic in SDM-EONs. All these schemes use light-path approach with Multicast Incapable (MI) switches, which leads to cost reduction in the network, since it is no longer mandatory for the network switches to be Multicast Capable (MC), which are usually expensive and have complex architectures. In addition, they consider First Core Fit (FCF) and/or Crosstalk Aware (XTA) approaches for core allocation. We also propose Traffic Aware (TA) and Odd and Even Cores Aware (OECA) approaches. The schemes including TA approach are a combination of Multicast Two-part Two-path Two-direction Allocation (<span><math><mrow><msup><mrow><mrow><mi>MT</mi></mrow></mrow><mn>3</mn></msup><mrow><mi>A</mi></mrow></mrow></math></span>) and Overlay Multicast Spectrum-Flexible Member-Only Relay (OLMSFMOR) approaches. The schemes including OECA approach investigate the performance of the schemes when odd cores are only allocated to odd sub-requests and even cores are only allocated to even sub-requests. We analyze the proposed schemes in terms of time complexity and Bandwidth Blocking Probability (BBP) at different data rates.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111475"},"PeriodicalIF":4.4,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144329898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An efficient authentication scheme for vehicular networks based on Merkle tree 基于Merkle树的高效车载网络认证方案

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-13 DOI: 10.1016/j.comnet.2025.111429

Guijiang Liu , Hao Lu , Wenming Wang , Haiping Huang

{"title":"An efficient authentication scheme for vehicular networks based on Merkle tree","authors":"Guijiang Liu , Hao Lu , Wenming Wang , Haiping Huang","doi":"10.1016/j.comnet.2025.111429","DOIUrl":"10.1016/j.comnet.2025.111429","url":null,"abstract":"<div><div>The rapid development of vehicular networks has significantly enhanced driving safety and promoted the widespread application of intelligent transportation systems. However, in scenarios involving authentication between vehicles and servers, vehicular networks still face challenges such as privacy protection, low authentication efficiency, and heavy computational burdens. We propose an efficient and fast authentication scheme that allows vehicles to access the server multiple times quickly with a single authentication. The scheme combines elliptic curve groups, bilinear mappings, and Merkle Hash Trees to provide a more secure, scalable, and efficient access control mechanism. After the initial authentication, vehicles can perform subsequent access requests without repeated authentication, significantly reducing the authentication overhead and improving system performance. By using non-interactive zero-knowledge proofs and Merkle Hash Tree-based log structures, the scheme effectively ensures the integrity of access records and prevents replay attacks and unauthorized access. Through rigorous security proofs and detailed security analysis, we demonstrate that the proposed scheme meets the security requirements of vehicular networks and is capable of resisting a wide range of security attacks. Performance evaluation results show that the proposed scheme outperforms existing related schemes in terms of both communication and computational overhead.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111429"},"PeriodicalIF":4.4,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144314465","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

AntidoteFL: Enhancing defense against poisoning attacks in federated learning AntidoteFL：在联邦学习中增强对中毒攻击的防御

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-11 DOI: 10.1016/j.comnet.2025.111427

Yilong Liu , Hong Zhang , Miao Wang , Qiqi Xie , Zhibo Sun

{"title":"AntidoteFL: Enhancing defense against poisoning attacks in federated learning","authors":"Yilong Liu , Hong Zhang , Miao Wang , Qiqi Xie , Zhibo Sun","doi":"10.1016/j.comnet.2025.111427","DOIUrl":"10.1016/j.comnet.2025.111427","url":null,"abstract":"<div><div>Privacy-Preserving Federated Learning (PPFL) has emerged as a widely recognized paradigm in distributed machine learning security in recent years. Among various approaches, Homomorphic Encryption (HE) stands out as one of the most promising solutions to address privacy challenges. However, PPFL remains vulnerable to poisoning attacks, where the robust privacy protection offered by HE may inadvertently create opportunities for attackers. The submission of encrypted model updates by participants complicates anomaly detection. Existing defense mechanisms often rely on overly strong assumptions and tend to overlook the challenges posed by Non-Independent and Identically Distributed (Non-IID) data. To tackle these issues, we propose a novel privacy-preserving defense method, AntidoteFL, for cloud–edge–end computing, which employs the Cheon–Kim–Kim–Song (CKKS) scheme as the foundation for privacy protection. Specifically, we first introduce a Secure Differential Enhancement Mapping (SDEM) method that integrate Principal Component Analysis (PCA) and cosine similarity. It effectively distinguishes between benign and malicious model updates while preserving privacy. Then, we design a weight optimization mechanism with a piecewise continuous function to address the challenges of Non-IID data. Additionally, we propose a novel dynamic key mechanism that mitigates the risk of key leakage by randomizing the edge servers with decryption rights. Experiments on three benchmark datasets show that AntidoteFL effectively defends against various poisoning attacks in both IID and Non-IID scenarios, outperforming existing schemes.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111427"},"PeriodicalIF":4.4,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144279765","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Delay-aware multi-stage edge server placement and task offloading with budget constraint 具有预算约束的延迟感知多阶段边缘服务器放置和任务卸载

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-11 DOI: 10.1016/j.comnet.2025.111413

Endar Suprih Wihidayat , Sieteng Soh , Kwan-Wu Chin , Duc-Son Pham

{"title":"Delay-aware multi-stage edge server placement and task offloading with budget constraint","authors":"Endar Suprih Wihidayat , Sieteng Soh , Kwan-Wu Chin , Duc-Son Pham","doi":"10.1016/j.comnet.2025.111413","DOIUrl":"10.1016/j.comnet.2025.111413","url":null,"abstract":"<div><div>This paper introduces a novel network planning problem called Multi-stage Edge Server Deployment (M-ESD). The problem calls for a solution that (i) adds fixed edge servers to an existing Multi-access Edge Computing (MEC) network incrementally over multiple stages, e.g., in years, and (ii) optimizes the offloading of tasks to installed servers. More specifically, when upgrading a network, at each stage, the problem involves the following constraints: (i) budget (in $), (ii) server deployment cost (in $) and cost depreciation rate (in %), (iii) number of tasks and their increase rate (in %), and (iv) server storage capacity. The goal of M-ESD is to ensure the resulting network maximizes the average number of tasks that meet their delay requirement. This paper presents a Mixed Integer Linear Programming (MILP) model and a heuristic approach called M-ESD/H to solve the M-ESD problem. Simulation results on small networks show that M-ESD/H produces results that are within 13.6% of the optimal MILP solution. Further, it significantly reduces runtime and produces results in less than 0.1 s as compared to MILP, which failed to produce results in some networks after running for over 48 h. For large networks, M-ESD/H is compared against two versions of M-ESD that consider arbitrary budget allocation and/or edge server placement, i.e., M-ESD/A1 and M-ESD/A2. The results show that M-ESD/H outperforms both M-ESD/A1 and M-ESD/A2 across various options with varying numbers of stages, budget allocation, and tasks.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111413"},"PeriodicalIF":4.4,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144314464","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Driving innovation in 6G wireless technologies: The OpenAirInterface approach 推动6G无线技术的创新：OpenAirInterface方法

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-11 DOI: 10.1016/j.comnet.2025.111410

Florian Kaltenberger , Tommaso Melodia , Irfan Ghauri , Michele Polese , Raymond Knopp , Tien Thinh Nguyen , Sakthivel Velumani , Davide Villa , Leonardo Bonati , Robert Schmidt , Sagar Arora , Mikel Irazabal , Navid Nikaein

{"title":"Driving innovation in 6G wireless technologies: The OpenAirInterface approach","authors":"Florian Kaltenberger , Tommaso Melodia , Irfan Ghauri , Michele Polese , Raymond Knopp , Tien Thinh Nguyen , Sakthivel Velumani , Davide Villa , Leonardo Bonati , Robert Schmidt , Sagar Arora , Mikel Irazabal , Navid Nikaein","doi":"10.1016/j.comnet.2025.111410","DOIUrl":"10.1016/j.comnet.2025.111410","url":null,"abstract":"<div><div>The development of 6G wireless technologies is rapidly advancing, with the 3rd Generation Partnership Project (3GPP) entering the pre-standardization phase and aiming to deliver the first specifications by 2028. This paper explores the OpenAirInterface (OAI) project, an open-source initiative that plays a crucial role in the evolution of 5G and future 6G networks. OAI provides a comprehensive implementation of 3GPP and O-RAN compliant networks, including Radio Access Network (RAN), Core Network (CN), and software-defined User Equipment (UE) components. This paper details the history and evolution of OAI, its licensing model, and the various projects under its umbrella, such as RAN, the CN, and the Operations, Administration and Maintenance (OAM) projects. It also highlights the development methodology, Continuous Integration/Continuous Delivery (CI/CD) processes, and end-to-end systems powered by OAI. Furthermore, the paper discusses the potential of OAI for 6G research, focusing on spectrum, reflective intelligent surfaces, and Artificial Intelligence (AI)/Machine Learning (ML) integration. The open-source approach of OAI is emphasized as essential for tackling the challenges of 6G, fostering community collaboration, and driving innovation in next-generation wireless technologies.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111410"},"PeriodicalIF":4.4,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144322619","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Scalable Load Balancing scheme for wireless distributed controllers in SDDC SDDC无线分布式控制器的可扩展负载均衡方案

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-11 DOI: 10.1016/j.comnet.2025.111354

Mohamed Escheikh , Wiem Taktak , Kamel Barkaoui

{"title":"Scalable Load Balancing scheme for wireless distributed controllers in SDDC","authors":"Mohamed Escheikh , Wiem Taktak , Kamel Barkaoui","doi":"10.1016/j.comnet.2025.111354","DOIUrl":"10.1016/j.comnet.2025.111354","url":null,"abstract":"<div><div>In this paper, we introduce a Load Balancing (LB) system for large-scale distributed Software-Defined Networking (SDN) wireless control plane architectures. Our approach utilizes a hysteresis multiple-threshold method, employing a Continuous Time Markov Chain (CTMC) model and a control policy. This system evenly distributes excess traffic from an overloaded SDN controller (client) to lightly loaded neighboring controllers (servers). When a controller’s capacity reaches a certain threshold, indicating overload, the LB mechanism redirects incoming traffic to less burdened controllers based on a defined policy. The LB mechanism does not react immediately to load changes but rather provides scalable and dynamic capacity management, maintaining stability and ensuring efficiency. By doing so, it prevents frequent and unnecessary alterations in resource allocation. This paper extends previous work by exploring LB scenarios involving one client and up to three servers instead of configuration with one client and one server. We numerically demonstrate the effectiveness of our model through transient and steady-state analysis evaluations using performance metrics such as Average Aggregated Capacity (<span><math><mrow><mi>A</mi><mi>A</mi><mi>C</mi></mrow></math></span>), Transition Rate (<span><math><mrow><mi>T</mi><mi>R</mi></mrow></math></span>) and Blocking Probability (<span><math><mrow><mi>B</mi><mi>P</mi></mrow></math></span>). We particularly show how increasing the number of levels in a multi-level LB schema enhances resource allocation granularity by introducing additional layers of decision-making and distribution. Hence with more levels, the system can better distribute the workload across various tiers of servers based on their capabilities and current loads. As a result, it can achieve better resource utilization, improved performance, and enhanced scalability, ultimately leading to a more efficient and responsive LB solution.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111354"},"PeriodicalIF":4.4,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144291027","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Optimal adaptive scheduling to maximize throughput for battery constrained time-varying RF-powered systems 电池约束时变射频供电系统吞吐量最大化的最优自适应调度

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-11 DOI: 10.1016/j.comnet.2025.111414

Fangyu Zhou, Feng Shan, Weiwei Wu, Runqun Xiong, Junzhou Luo

{"title":"Optimal adaptive scheduling to maximize throughput for battery constrained time-varying RF-powered systems","authors":"Fangyu Zhou, Feng Shan, Weiwei Wu, Runqun Xiong, Junzhou Luo","doi":"10.1016/j.comnet.2025.111414","DOIUrl":"10.1016/j.comnet.2025.111414","url":null,"abstract":"<div><div>Radio Frequency (RF) wireless power transfer is a novel technique to address the energy hunger problem of modern wireless devices, for which power transfer and data transmission are coordinated by the “harvest-then-transmit” (HTT) protocol. Time-varying RF-powered systems is becoming a research trend and a significant progress has been made recently that proposes an optimal HTT-scheduling algorithm. However, previous research assume the core time-varying charging power function to be continuous, and the battery to be infinitely large, which ease the theoretical analysis. This paper considers a more practical discretely time-varying charging power function and battery overflow caused by limited capacity, and attack an even harder but important problem. We establish a set of optimality properties for the offline problem where the time-varying power transfer is known in advance. Based on these optimality properties, we propose a novel splitting line system, and an optimal iteration-based method to locate the s-lines for the Energy Critical Point (ECP) and Battery Full Point (BFP), respectively and adaptively. Following the optimality principles learned from the offline problem, we design an online heuristic, and its superior performance is demonstrated by simulations.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111414"},"PeriodicalIF":4.4,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144307894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Long and short flow buffer management in data center networks 数据中心网络中的长、短流缓冲管理

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-10 DOI: 10.1016/j.comnet.2025.111411

Xiaojuan Lu , Liying Chen , Kai Wang , Pingping Dong , Lianming Zhang

{"title":"Long and short flow buffer management in data center networks","authors":"Xiaojuan Lu , Liying Chen , Kai Wang , Pingping Dong , Lianming Zhang","doi":"10.1016/j.comnet.2025.111411","DOIUrl":"10.1016/j.comnet.2025.111411","url":null,"abstract":"<div><div>With the advent of multi-source interactive technologies, data center networks are generating a substantial number of short flows that necessitate rapid feedback. However, short flows and long flows have inherent differences. When they share the same buffer space, the performance of short flows is adversely affected by long flows. This results in delayed feedback for short flows, which in turn degrades the user experience. Currently, both short and long flows are managed through dynamic threshold settings or scheduling. However, the influence of long flows on short ones persists. This paper introduces a novel buffer management algorithm Long and Short Flow Buffer Management (LSBM) by dynamically fine-tuning the PFC threshold. LSBM assesses flow congestion by analyzing both space occupancy rates and flow rates while distinguishing threshold controls based on the distinct characteristics of long and short flows to facilitate optimal allocation of available buffer space. In large-scale simulations based on NS-3, experimental results indicate that compared to the original Data Center Quantized Congestion Notification (DCQCN), DCQCN+LSBM achieves lower completion times for short flows without compromising throughput. Furthermore, relative to Dynamic Threshold (DT) policy and Active Buffer Management (ABM), LSBM demonstrates improvements in average finish time for short flows by 52.7% and 26.5%, respectively, thereby achieving dual objectives in flow control and congestion management.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111411"},"PeriodicalIF":4.4,"publicationDate":"2025-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144279764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhanced DGA botnet domain detection and family classification via n-gram analysis and Hellinger distance 基于n-gram分析和Hellinger距离的增强DGA僵尸网络域检测和家族分类

IF 4.4 2区计算机科学

Computer Networks Pub Date : 2025-06-10 DOI: 10.1016/j.comnet.2025.111415

Jungmin Lee , Sungju Yun , Nahyun Kim , Yeonjoon Lee

{"title":"Enhanced DGA botnet domain detection and family classification via n-gram analysis and Hellinger distance","authors":"Jungmin Lee , Sungju Yun , Nahyun Kim , Yeonjoon Lee","doi":"10.1016/j.comnet.2025.111415","DOIUrl":"10.1016/j.comnet.2025.111415","url":null,"abstract":"<div><div>Bot masters spread malware to create botnets and use Domain Generation Algorithms (DGAs) to evade blacklist-based detection methods with numerous generated domains, posing a significant threat to network security. Since detection alone cannot halt malware operations, classifying DGA domains into their respective botnet families is essential for enabling targeted countermeasures and addressing vulnerabilities in infected systems. However, most existing approaches focus primarily on distinguishing DGA domains from legitimate ones and face challenges when classifying domains from DGA families with similar character distributions, highlighting the need for improved techniques. In response, we expand the focus to DGA family classification and conduct in-depth analyses using eXplainable Artificial Intelligence (XAI) techniques to explore the impact of n-grams on classification performance. These analyses reveal that n-gram preprocessing and Hellinger Distance (HD)-based features derived from n-gram probability distributions can significantly enhance classification performance. Building on these insights, we propose an integrated framework with two components, an N-gram-based Multi-scale One-Dimensional Convolutional Neural Network model (N-MODCNN) and a machine learning (ML) classifier utilizing HD features, for detecting and classifying DGA domains. N-MODCNN detects DGA domains from n-gram preprocessed inputs, and detected domains are classified into their respective botnet families by a soft ensemble approach that integrates predictions from N-MODCNN and the ML classifier, enabling robust and accurate classification. Experiments on recent public datasets show that our framework achieves up to 99% detection and classification accuracy. For families with similar character distributions, it achieves F1-scores exceeding 90%, representing improvements of up to 72 percentage points over existing methods.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"269 ","pages":"Article 111415"},"PeriodicalIF":4.4,"publicationDate":"2025-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144314463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0