Computer Networks最新文献

{"title":"QoS optimization strategy based on D-GNN for LEO satellite-assisted aviation networks","authors":"Yunhe Sun ,&nbsp;Yuhe Yang ,&nbsp;Ammar Hawbani ,&nbsp;Liang Zhao ,&nbsp;Dongsheng Yang ,&nbsp;Ammar Muthanna ,&nbsp;Rafia Ghoul","doi":"10.1016/j.comnet.2025.111741","DOIUrl":"10.1016/j.comnet.2025.111741","url":null,"abstract":"<div><div>Low Earth Orbit (LEO) satellite networks offer a wide coverage, high bandwidth solution for aeronautical communications. However, the dynamic nature of both aviation and satellites leads to frequent communication link switches, significantly impacting the Quality of Service (QoS). We propose a comprehensive QoS optimization framework encompassing communications path selection and adaptive antenna orientation adjustment for LEO satellite aviation networks. For path selection optimization, we develop a Dynamic Graph Neural Network (D-GNN) algorithm to minimize link interruptions and enhance network stability. Regarding antenna orientation, an adaptive optimization algorithm has been implemented to dynamically adjust the angular relationship between satellites and aircraft, effectively mitigating transmission delays that would otherwise result from insufficient antenna pointing precision. The simulation results demonstrate that our proposed approach significantly improves QoS in the satellite environment by enhancing resource utilization, execution time, hop counts, and transmission delay.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"273 ","pages":"Article 111741"},"PeriodicalIF":4.6,"publicationDate":"2025-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145271065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"RF-AbVib: Environment-independent vibration monitoring using COTS RFID devices","authors":"Min Li ,&nbsp;Guangxuan Bai ,&nbsp;Di Gao ,&nbsp;Shuai Wang ,&nbsp;Siye Wang ,&nbsp;Yanfang Zhang ,&nbsp;Yue Feng","doi":"10.1016/j.comnet.2025.111738","DOIUrl":"10.1016/j.comnet.2025.111738","url":null,"abstract":"<div><div>Endowing IoT devices with self-security monitoring capabilities without relying on external hardware marks a significant advancement in the field. RFID-equipped smart cabinets, while providing robust protection for sensitive items such as documents and electronic devices, remain vulnerable to violent break-ins or physical disturbances such as slapping and shaking, which produce characteristic vibration patterns. We demonstrated that the cabinet’s integral RFID system can inherently detect such vibrations, thus enhancing its self-security. However, overcoming environmental dependency remains a critical challenge: variations in the shape, size, material, and spatial arrangement of items inside the cabinet interfere with RFID signal propagation, resulting in complex multipath effects that compromise vibration-sensing accuracy and weaken security detection. To address this limitation and enable self-security monitoring, we proposed RF-AbVib, a novel solution that utilizes commercial off-the-shelf RFID readers in conjunction with a fixed reference tag mounted on the inner wall of the cabinet to achieve environment-independent vibration monitoring. We pre-trained and fine-tuned a meta-learning model to enable RF-AbVib to process variable-length data and adapt to diverse environmental conditions. Furthermore, we proposed a bilateral threshold filtering (BTF) algorithm combined with discrete wavelet transform (DWT) to remove outliers and hardware noise while preserving subtle vibration features in RFID signals. Evaluated across 31 distinct environments, RF-AbVib achieved 95.59 % accuracy in detecting three abnormal behaviors with only one sample, regardless of the reference tag’s position, orientation, or type. Relevant data has been uploaded to the <span><span>RF-AbVib dataset</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111738"},"PeriodicalIF":4.6,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145220812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Defense against backdoor attacks in federated learning with robust adaptive learning rates","authors":"Hongtao Li ,&nbsp;Yongjun Fang ,&nbsp;Jie Wang ,&nbsp;Xianglin Li ,&nbsp;Bo Wang","doi":"10.1016/j.comnet.2025.111720","DOIUrl":"10.1016/j.comnet.2025.111720","url":null,"abstract":"<div><div>Federated Learning (FL) serves as a privacy-preserving paradigm that not only protects user privacy, but also improves model generalization ability and data security. However, by launching a backdoor attack, a vicious client can embed the backdoor in a the global model to deviate the direction of the model update, leading to the desired misclassification. To defend against backdoor attacks, we proposes a Robust Adaptive Learning Rate method (RALR). RALR takes into account the way of voting the gradient symbols of the clients by dimension, which means that no single client will have too much power. In addition, RALR adaptively finds the learning threshold so that the symbol voting value of each dimension reaches a certain number before it can participate in the global aggregation, and the bad influence of backdoor attackers on the global model training will be weakened as a result. In addition, the introduction of the sign gradient mechanism effectively protects the privacy of the update parameters. RALR not only ensures the performance of the main task under different experimental conditions, but also effectively eliminates the backdoor. The experimental results show that the robust adaptive learning rate method can defend against the backdoor attack very effectively. The successful rate of the attack is reduced to 1.9 % compared to the existing defense.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111720"},"PeriodicalIF":4.6,"publicationDate":"2025-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145220811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A provably efficient in-network computing services deployment approach for security burst","authors":"Danyang Zheng ,&nbsp;Chao Wang ,&nbsp;Honghui Xu ,&nbsp;Wenyi Tang ,&nbsp;Yihan Zhong ,&nbsp;Xiaojun Cao","doi":"10.1016/j.comnet.2025.111737","DOIUrl":"10.1016/j.comnet.2025.111737","url":null,"abstract":"<div><div>The emerging in-network computing (INC) technique delegates computations to the network data plane, enabling clients' data to be processed during transmission. However, processing transmitted data within INC-enabled network devices may lead to security concerns and broaden the attack surface as sensitive data can be exposed during computation, making the network more susceptible to various cyber-attacks. To protect against such cyber-attacks, especially in security-sensitive applications such as finance and healthcare, clients might periodically enhance service security requirements regarding the importance of their to-be-transmitted data. This periodic security enhancement is called a “security burst” (SEB). To meet such enhancement, one may implement security-aware network functions (S-NFs) like firewall and deep packet inspection on smart routers or switches along the forwarding path while maximizing the re-utilization of this path. Despite the growing interest in INC and security service deployment, existing solutions typically assume static security requirements and overlook the dynamic, on-demand security enhancements such as SEBs. Furthermore, prior approaches rarely consider the re-utilization of existing in-path services, leading to higher additional costs. To fill this gap, this work shows pioneering efforts in tackling SEB for INC-enabled services. Assuming that re-employing the resources along the original forwarding path does not incur bandwidth cost, we formally establish a novel problem called INC-enabled Service Migration for SEB (ISME) to optimize additional cost and prove its NP-hardness. To solve this problem, we design an efficient cost-security-burst (CSB) measure and develop an innovative CSB measure-based security enhancement (CSB-SE) algorithm, which is mathematically proved to be logarithm approximate. Extensive simulations show that CSB-SE guarantees logarithm-approximate performance and outperforms the benchmark by an average of 37.11 % regarding the total service cost and 102.38 % in terms of the additional cost.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111737"},"PeriodicalIF":4.6,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145220818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Adversarial attack and defence of federated learning-based network traffic classification in edge computing environment","authors":"Azizi Ariffin ,&nbsp;Faiz Zaki ,&nbsp;Hazim Hanif ,&nbsp;Nor Badrul Anuar","doi":"10.1016/j.comnet.2025.111739","DOIUrl":"10.1016/j.comnet.2025.111739","url":null,"abstract":"<div><div>Network Traffic Classification (NTC) is vital for network management and security. However, as internet traffic volume increases, centralised model training causes scalability and privacy issues for NTC. To address these issues, distributing NTC model training to multiple edge clients via Federated Learning (FL) provides a solution by reducing latency, improving system scalability, and preserving data privacy. Nonetheless, the distributed nature of FL makes it vulnerable to various adversarial attacks from multiple clients, consequently degrading the model's performance. Most studies focus on a limited range of attacks, often overlooking more advanced and subtle threats, such as backdoor attacks and those based on Generative Adversarial Networks (GANs). Despite the growing attack complexity, existing defensive measures in the NTC domain struggle to mitigate multiple adversarial attack types simultaneously. To validate this claim, this study investigates the vulnerabilities of FL-based NTC training against four types of adversarial attacks: label flipping (LF) and model poisoning, and introduces customized backdoor and GAN-based attack scenarios tailored specifically to FL-based NTC training. When evaluated using the ISCX-VPN 2016 dataset, the results demonstrate that FL-based NTC is vulnerable to all four types of adversarial attacks. For instance, the LF attack reduced accuracy by 98.66 % in a collusive scenario, while the backdoor attack achieved a 40 % success rate. In comparison, the GAN attack lowered the F1 score of the target class by 18 %. Therefore, to strengthen the defense against adversarial attacks, this study proposes a robust conceptual defense framework capable of defending against multiple adversarial attack types simultaneously. The framework incorporates remote attestation scoring, hierarchical training, and an adaptive aggregation mechanism and conducts logic analysis to evaluate its effectiveness. The analysis demonstrates that it successfully maintains the model with 76 % accuracy under multiple adversarial attacks during training compared to an 80 % reduction without defensive measures.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111739"},"PeriodicalIF":4.6,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145220809","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DSAFL:Decentralized secure aggregation with communication path optimization for cross-silo federated learning","authors":"Ling Li ,&nbsp;Cheng Guo ,&nbsp;Xinyu Tang ,&nbsp;Yining Liu","doi":"10.1016/j.comnet.2025.111732","DOIUrl":"10.1016/j.comnet.2025.111732","url":null,"abstract":"<div><div>Cross-Silo Federated Learning (CSFL) facilitates collaborative machine learning (ML) across organizations by locally training models and centrally aggregating model updates. Currently, this approach is shifting to decentralized aggregation due to the limitations of centralized aggregation such as single-point failures and network congestion. However, existing decentralized aggregation methods often suffer from privacy leakage and high communication cost. To address these issues, we propose DSAFL, a decentralized secure aggregation scheme for CSFL. In DSAFL, we present a staged secure aggregation method based on multi-key homomorphic encryption, which enables load-balanced collaborative aggregation computation across clients while preserving model update confidentiality and providing verifiability of the aggregation result. DSAFL optimizes communication paths by jointly considering communication cost and reliability, enabling cost-efficient and robust secure aggregation across diverse network topologies, and further reduces communication cost through non-interactive decryption. The security analysis proves that DSAFL is semi-honestly secure and resistant to client collusion attacks. The experimental results confirm the practicality and applicability of DSAFL, and show significant advantages in both accuracy and privacy. With a combination of computational balancing, low communication cost, and privacy preservation, DSAFL provides a solution for enabling sustainable ML collaboration across organizations.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111732"},"PeriodicalIF":4.6,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145220814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"When the weakest model sees the threat: An explainable ensemble learning system for detecting network attacks","authors":"Céline Minh ,&nbsp;Kevin Vermeulen ,&nbsp;Cédric Lefebvre ,&nbsp;Philippe Owezarski ,&nbsp;William Ritchie","doi":"10.1016/j.comnet.2025.111730","DOIUrl":"10.1016/j.comnet.2025.111730","url":null,"abstract":"<div><div>The growing importance of network security is driven by two major challenges. First, the ever-increasing volume of network traffic, which exceeds human processing capabilities. Second, the rising frequency and sophistication of new attacks require advanced and intelligent analysis to detect. To make critical decisions, such as blocking traffic from a specific IP address, security analysts need to understand why network intrusion detection systems are raising alarms. This highlights the limitations of relying on machine learning models whose internal decision-making processes are not transparent, often referred to as “black boxes”. The key issue is their lack of interpretability when justifying critical security actions. Consequently, this paper emphasizes the need for providing explainable machine learning solutions. To detect new attacks effectively, we focus on behavioral approaches - specifically, analyzing short time windows of aggregated traffic to identify abnormal patterns - by experimenting with various unsupervised machine learning detectors. We found that these detectors often provide complementary results: they do not always agree on the same detections, and in some cases, a globally less effective detector can be the only one capable of accurately identifying a specific attack. This underlines the importance of adopting an ensemble approach to combine the strengths and perspectives of different models. Our contributions are threefold. First, we introduce a stacking-based ensemble learning strategy that improves detection accuracy by incorporating minority reports, going beyond standard majority-voting methods. Second, we present a visual representation technique that converts anomaly scores into heatmaps, making the system’s outputs more interpretable to human analysts. Third, we leverage convolutional neural networks to process these visual representations, simulating human reasoning and enhancing pattern recognition while maintaining transparency. Overall, we develop and evaluate an unsupervised, explainable system capable of detecting even previously unknown network attacks, combining the strengths of ensemble learning and visual interpretability.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"273 ","pages":"Article 111730"},"PeriodicalIF":4.6,"publicationDate":"2025-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145271056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FuzzyDoo: A framework for finding flaws in the 5G landscape","authors":"Rosario G. Garroppo,&nbsp;Michele Pagano,&nbsp;Gabriele Pongelli","doi":"10.1016/j.comnet.2025.111734","DOIUrl":"10.1016/j.comnet.2025.111734","url":null,"abstract":"<div><div>The increasing complexity and criticality of 5G networks demand rigorous security testing methodologies, particularly in black-box environments where source code access is restricted. This paper introduces FuzzyDoo, an open-source, mutation-based structure-aware fuzzing framework designed to assess the robustness and security of 5G Core (5GC) network functions under black-box conditions. FuzzyDoo advances the state of the art by enabling dynamic test message generation for encrypted communications, supporting extensible protocol integration, and facilitating flexible deployment of monitoring components in multi-system environments. The paper details the framework modular architecture – to the best of our knowledge, the first of its kind in the open-source domain – and demonstrates its efficacy through experimental evaluations on three open-source 5GC frameworks. These experiments reveal implementation-specific vulnerabilities and underscore FuzzyDoo diagnostic capabilities for root cause analysis.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111734"},"PeriodicalIF":4.6,"publicationDate":"2025-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145220815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards trustworthy digital twins collaboration in the internet of things: An overview of essential design guidelines","authors":"Claudio Marche ,&nbsp;Michele Nitti","doi":"10.1016/j.comnet.2025.111733","DOIUrl":"10.1016/j.comnet.2025.111733","url":null,"abstract":"<div><div>The growth of the Internet of Things (IoT), characterized by billions of interconnected devices represented by Digital Twins (DTs), poses significant challenges in ensuring reliable communication. While Service Level Agreements (SLAs) and Key Performance Indicators (KPIs) offer a foundation for performance monitoring, they are insufficient in decentralized scenarios where devices frequently interact without knowing each other. In this context, Trust Management Systems (TMSs) emerge as a possible solution to support cooperation, evaluating the reliability of both data and DTs. In this context, this paper addresses the problem of trust in the IoT by modeling interactions among DTs through a game-theory approach, where each DT is seen as a game-rational player. Based on this model, we derive a set of design guidelines for the development of TMSs that consider both errors and malicious behaviours. Furthermore, we apply these guidelines to assess and compare several recognized TMSs from the literature, highlighting their strengths and limitations.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111733"},"PeriodicalIF":4.6,"publicationDate":"2025-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145220817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"How to Poison an xApp: Dissecting Backdoor Attacks to Deep Reinforcement Learning in Open Radio Access Networks","authors":"Andrea Lacava ,&nbsp;Stefano Maxenti ,&nbsp;Leonardo Bonati ,&nbsp;Salvatore D’Oro ,&nbsp;Alina Oprea ,&nbsp;Tommaso Melodia ,&nbsp;Francesco Restuccia","doi":"10.1016/j.comnet.2025.111727","DOIUrl":"10.1016/j.comnet.2025.111727","url":null,"abstract":"<div><div>The development of Open Radio Access Network (RAN) cellular systems is being propelled by the integration of Artificial Intelligence (AI) techniques. While AI can enhance network performance, it expands the attack surface of the RAN. For instance, the need for datasets to train AI algorithms and the use of open interface to retrieve data in real time paves the way to data tampering during both training and inference phases. In this work, we propose MalO-RAN, a framework to evaluate the impact of <em>data poisoning</em> on O-RAN intelligent applications. We focus on AI-based xApps taking control decisions via Deep Reinforcement Learning (DRL), and investigate backdoor attacks, where tampered data is added to training datasets to include a backdoor in the final model that can be used by the attacker to trigger potentially harmful or inefficient pre-defined control decisions. We leverage an extensive O-RAN dataset collected on the Colosseum network emulator and show how an attacker may tamper with the training of AI models embedded in xApps, with the goal of favoring specific tenants after the application deployment on the network. We experimentally evaluate the impact of the SleeperNets and TrojDRL attacks and show that backdoor attacks achieve up to a 0.9 attack success rate. Moreover, we demonstrate the impact of these attacks on a live O-RAN deployment implemented on Colosseum, where we instantiate the xApps poisoned with MalO-RAN on an O-RAN-compliant Near-real-time RAN Intelligent Controller (RIC). Results show that these attacks cause an average network performance degradation of 87 %.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"273 ","pages":"Article 111727"},"PeriodicalIF":4.6,"publicationDate":"2025-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145229940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}