Computer Networks最新文献

{"title":"DR3DH: A DoS resistant extended triple Diffie–Hellman for mobile edge networks","authors":"Ala Altaweel,&nbsp;Ahmed Bouridane","doi":"10.1016/j.comnet.2025.111309","DOIUrl":"10.1016/j.comnet.2025.111309","url":null,"abstract":"<div><div>Mobile Edge Networks (MENs) are wireless networks that establish “close-to-end-users-clouds” to provide storage, computation, and communication services. MENs employ the Extended Triple Diffie–Hellman (X3DH) protocol to establish secret keys that provide end-to-end encryption among their nodes. X3DH relies on a cloud server that stores the public keys of the nodes to address the asynchronous scenarios when they operate offline. The cloud server in X3DH protocol represents a single point of failure (SPoF), as the exchange of secure keys is disrupted if the server fails or is compromised. Moreover, a malicious attacker, Eve, can launch various DoS attacks against the MEN nodes (e.g., packet dropping or packet modification) and wireless links (e.g., jamming) to disrupt the execution of X3DH during secure key exchange.</div><div>This paper proposes the DoS-Resistant-X3DH (DR3DH) protocol to resolve the SPoF of the cloud server in X3DH and to address packet dropping, packet modification, and jamming DoS attacks. DR3DH employs Reed–Solomon Erasure Coding to encode the X3DH public keys into fragments that are distributed into a set of storage nodes. These storage nodes, which are determined by an Integer Linear Programming (ILP) solver, are optimum. That is, they have lowest probabilities to launch packet dropping/modification attacks and lowest probabilities that the wireless links toward them are jammed. The authors evaluated DR3DH through trace-driven simulations in MATLAB using two mobility traces and a proof-of-concept implementation in Java. The authors also compared DR3DH with two approaches that employ Random and Greedy policies when selecting the storage nodes for keys fragments. The results demonstrate the resistance of DR3DH to DoS attacks, achieving a high success rate that outperforms the Random and Greedy approaches by between 13.6% and 83.0%. Additionally, the results confirm the feasibility of DR3DH under different mobility models and node speeds, as demonstrated by an evaluation in terms of (a) communication overhead (expected transmission count <span><math><mo>≤</mo></math></span>2.0 when 30% of nodes/links are compromised or jammed), (b) storage overhead (key fragments size <span><math><mo>≤</mo></math></span>1 KB), (c) ILP execution time (<span><math><mo>≤</mo></math></span>26 ms), and (d) total encoding and decoding time (<span><math><mo>≤</mo></math></span>9 ms).</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111309"},"PeriodicalIF":4.4,"publicationDate":"2025-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143891576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Toward auction-based edge AI: Orchestrating and incentivizing online transfer learning in edge networks","authors":"Yan Chen ,&nbsp;Lei Jiao ,&nbsp;Tuo Cao ,&nbsp;Ji Qi ,&nbsp;Gangyi Luo ,&nbsp;Sheng Zhang ,&nbsp;Sanglu Lu ,&nbsp;Zhuzhong Qian","doi":"10.1016/j.comnet.2025.111300","DOIUrl":"10.1016/j.comnet.2025.111300","url":null,"abstract":"<div><div>The edge AI service can procure external pre-trained models to “strengthen” its local edge models by conducting online transfer learning from the former to the latter to serve inference requests continuously and resiliently. In this paper, we present a modeling and algorithmic study of designing an auction-based mechanism to realize this scenario, while overcoming unique challenges of the interdependency between consecutive auctions, the intertwinement between system overhead and models’ inference performance, and the need of preserving desired economic properties in each auction. We first formulate a long-term social cost minimization problem, which is unsurprisingly intractable. We then design a group of polynomial-time online approximation algorithms that decouple the interdependency, solve each relaxed auction individually, and round the fractional decisions into integers to procure and deploy pre-trained models. Our algorithms also control online transfer learning on each edge by adapting the weights associated to different models and updating the edge model itself through streaming data. We rigorously prove the competitive ratio of our approach, the upper bound on the number of the inference mistakes, and the truthfulness and the individual rationality of each auction. Via extensive evaluations, we have validated the superior performance of our approach over multiple alternative methods.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111300"},"PeriodicalIF":4.4,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143878576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A model checking-based framework for testing security properties of protocols under development","authors":"Jiangyuan Yao ,&nbsp;Weiyang Xin ,&nbsp;Xia Yin ,&nbsp;Xingang Shi ,&nbsp;Zhiliang Wang ,&nbsp;Li Zhou ,&nbsp;Ting Jin","doi":"10.1016/j.comnet.2025.111259","DOIUrl":"10.1016/j.comnet.2025.111259","url":null,"abstract":"<div><div>It is important to validate the security properties of network protocols. Most validation methods either verify design models or test implementations. These two techniques are usually applied separately. For protocols under development (PUDs), which are under development and have yet to be issued as a final release, the specifications, implementations and even security properties may change. The use of verification or testing alone may not achieve satisfactory results. In this paper, we propose a security property testing framework for PUDs. Following this framework, we use several rounds of iterative validation to address changeful specifications, implementations and security properties. In each round, we combine verification and testing. We employ a model checker to facilitate verification of the design models. Then, we convert the verification results into executable test cases and test the prototype implementations. Developers can modify the specifications, implementations and security properties and subsequently perform another round of validation. Finally, they can obtain a version of the protocol that passes both verification and testing. We apply our method to two PUDs as case studies: the source address validation improvements (SAVI) and the stateful firewall application of software-defined networking (SDN). Our approach can expose vulnerabilities in different development versions. After several rounds of verification, testing and improvement, developers can release high-quality protocols.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111259"},"PeriodicalIF":4.4,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143874516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Joint content popularity and audience retention-aware live streaming over RSMA edge networks","authors":"Fayshal Ahmed ,&nbsp;The-Vinh Nguyen ,&nbsp;Nam-Phuong Tran ,&nbsp;Nhu-Ngoc Dao ,&nbsp;Sungrae Cho","doi":"10.1016/j.comnet.2025.111301","DOIUrl":"10.1016/j.comnet.2025.111301","url":null,"abstract":"<div><div>The exponential growth of high-quality live streaming services over cellular networks, particularly in heterogeneous environments facilitated by 6G, has underscored the need for novel wireless communication. To address this challenge, Rate Splitting Multiple Access (RSMA) has emerged as a promising interference management scheme in advanced cellular networks. This paper considers such a potential environment where the impacts of content popularity and audience retention are jointly investigated to maximize the average video resolution of live streaming services over RSMA edge networks. The complex problem is modeled as a Markov Decision Process and subsequently addressed using an appropriate reinforcement learning framework leveraging the Deep Deterministic Policy Gradient (DDPG) technique, named DDPG-BARMAS. Simulation results demonstrate that the proposed DDPG-BARMAS method significantly outperforms existing algorithms in terms of video resolution improvement, highlighting its potential as a robust solution for future wireless live-streaming services.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111301"},"PeriodicalIF":4.4,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143860457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"HERO: From High-dimensional network traffic to zERO-Day attack detection","authors":"Jesús F. Cevallos M.,&nbsp;Alessandra Rizzardi ,&nbsp;Sabrina Sicari ,&nbsp;Alberto Coen-Porisini","doi":"10.1016/j.comnet.2025.111264","DOIUrl":"10.1016/j.comnet.2025.111264","url":null,"abstract":"<div><div>Recent trends in zero-day attack (ZdA) detection use <em>collective</em> anomaly detection to give insights on out-of-distribution anomalies in a <em>zero-shot</em> fashion. Among these, existing frameworks propose the use of specialised labelling strategies to mimic a step-wise abstract anomaly detection algorithm that generalise ZdA-detection over low-dimensional traffic-flow statistics. To enlarge such applicative scenarios, this paper proposes <span>hero</span>, which is compatible with <strong>H</strong>igh-dimensional raw-network traffic captures when performing z<strong>ERO</strong>-day attack detection. To reach convergence over such a high-dimensional and noisy input space, <span>hero</span> decouples the <em>representation</em> task and the correspondent gradient updates from the <em>discriminative</em> task, following the <em>neural algorithmic reasoning</em> blueprint. Specifically, a neural processor is first trained on the discriminative task using synthetic data, and the weights are then frozen. A second training phase successfully optimises the encoding and decoding networks using raw-traffic captures and the algorithmically-aligned processor. Experiments with well-known intrusion detection datasets demonstrate the crucial advantage of using a two-stage training framework to achieve convergence. To the best of the authors’ knowledge, <span>hero</span> is the first deep learning-based instrument that performs collective anomaly detection and categorisation over raw network traffic on a zero-shot basis, i.e., without using labels.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111264"},"PeriodicalIF":4.4,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143864743","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A parallel and pipelined high speed Montgomery modular multiplier for IoT devices","authors":"Jiaxuan Wang ,&nbsp;Xiaofeng Wang ,&nbsp;Wenzheng Liu ,&nbsp;Qianqian Xing ,&nbsp;Xiaoyong Tang ,&nbsp;Tan Deng ,&nbsp;Ronghui Cao ,&nbsp;Mingfeng Huang","doi":"10.1016/j.comnet.2025.111282","DOIUrl":"10.1016/j.comnet.2025.111282","url":null,"abstract":"<div><div>Lightweight authentication of Internet of Things devices requires the efficient implementation of cryptographic Montgomery modular multiplier. However, current Montgomery modular multiplier exhibits limited optimization for data dependencies, resulting in increased idle cycles in the key operation units. In this paper, we propose a parallel and pipelined Montgomery Multiplier (PPMM). The design reduces the overall clock cycle time by leveraging the core unit and planning algorithm scheduling structure with less data dependency. Moreover, we design the multiplier-adder unit with appropriate number of bits and pipeline to improve the overall frequency and give the relevant formulas between clock cycles and radix. Finally, we give an optimized implementation on Xilinx Virtex-7 FPGA over general GF(p) for field sizes 256, 384, and 512 bits. Experiments show that the PPMM takes only <span><math><mrow><mn>0</mn><mo>.</mo><mn>123</mn><mspace></mspace><mi>μ</mi><mi>s</mi></mrow></math></span>, <span><math><mrow><mn>0</mn><mo>.</mo><mn>150</mn><mspace></mspace><mi>μ</mi><mi>s</mi></mrow></math></span> and <span><math><mrow><mn>0</mn><mo>.</mo><mn>190</mn><mspace></mspace><mi>μ</mi><mi>s</mi></mrow></math></span> to perform the high-radix modular multiplication of 256, 384 and 512 bits. Compared with other FPGA implementations, our design demonstrates superior performance in terms of speed and throughput. It achieves a higher throughput rate at greater bit counts, making it well-suited for security-intensive applications. Specifically, the 384-bits PPMM with appropriate ATP performance is nearly 2.6 times faster than the reference design.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111282"},"PeriodicalIF":4.4,"publicationDate":"2025-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143891575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"TND: Two-stage non-invasive defense of intrusion detection system from adversarial attack","authors":"Zhichao Hu ,&nbsp;Dewen Kong ,&nbsp;Junzhong Miao ,&nbsp;Qing Guo ,&nbsp;Gang Du ,&nbsp;Likun Liu ,&nbsp;Lina Ma ,&nbsp;Xiangzhan Yu","doi":"10.1016/j.comnet.2025.111287","DOIUrl":"10.1016/j.comnet.2025.111287","url":null,"abstract":"<div><div>Deep learning methods have demonstrated notable success in intrusion detection systems (IDS). However, these models exhibit inherent vulnerabilities to adversarial attacks, where minimal perturbations can cause misclassification. Current IDS implementations often lack built-in protections against such threats, creating exploitable security gaps. While existing defense approaches typically employ adversarial training or data purification to enhance robustness, they face critical limitations in online IDS scenarios: adversarial training requires computationally expensive model retraining that may degrade performance, while comprehensive data purification imposes significant resource overhead and risks misclassifying legitimate samples. To address these challenges, we propose <em>TND</em>—a novel two-stage non-invasive defense framework. <em>TND</em> first efficiently filters adversarial examples using Locality-Sensitive Hashing (LSH), then applies a contrastive learning-optimized denoising autoencoder for precise data purification. Experimental results show <em>TND</em> achieves 0.873 adversarial detection accuracy (comparable to MANDA’s 0.875) while reducing training time to just 3% of MANDA’s requirements. This yields superior operational efficiency, enabling 7% and 5% improvements in IDS classification rates on CICIDS2017 and NSL-KDD datasets respectively—without modifying the underlying IDS model. By combining low computational overhead with non-intrusive deployment, <em>TND</em> establishes a practical, scalable solution for real-world adversarial defense in IDS environments.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111287"},"PeriodicalIF":4.4,"publicationDate":"2025-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143852186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ScasDK—An all-in-one test platform for security assurance in 5G core networks","authors":"Francesco Mancini,&nbsp;Riccardo Marzilli,&nbsp;Sara Da Canal,&nbsp;Giuseppe Bianchi","doi":"10.1016/j.comnet.2025.111296","DOIUrl":"10.1016/j.comnet.2025.111296","url":null,"abstract":"<div><div>This paper introduces ScasDK, an innovative proxy-based framework designed to enable advanced security assurance testing within virtualized 5G Core Networks. Unlike conventional 5G-specific security assurance approaches meant to be employed in offline, certification-oriented testing, ScasDK utilizes programmable proxies between network functions, enabling testing directly within online environments—in principle even in production scenarios. Additionally, ScasDK allows third-party test labs and infrastructure providers to efficiently define, deploy, and manage not only the standardized Security Assurance Specifications (SCAS) tests established by 3GPP but also custom, scenario-specific testing methodologies. Seamlessly integrated into a DevSecOps pipeline, ScasDK was validated through comprehensive security assessments on three open-source 5G Core Networks, uncovering several vulnerabilities and identifying areas for improvement. The performance evaluation further demonstrates the feasibility of online testing, setting the stage for future security testing practices in 5G core networks.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111296"},"PeriodicalIF":4.4,"publicationDate":"2025-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143891570","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cross-domain trust aggregation in blockchain-based Internet of Things with dual-layer incentive mechanism","authors":"Fang Ye ,&nbsp;Zitao Zhou ,&nbsp;Yifan Wang ,&nbsp;Yibing Li ,&nbsp;Xiaoyu Geng","doi":"10.1016/j.comnet.2025.111297","DOIUrl":"10.1016/j.comnet.2025.111297","url":null,"abstract":"<div><div>Blockchain-based IoT (BIoT) has the potential to establish trust networks across different service domains, enabling reliable cross-domain collaboration for IoT resource exchange and driving related industries toward higher-end development. To address the scalability and cryptoeconomic security challenges of using blockchain to construct large-scale trust networks in IoT, this paper proposes a trust aggregation framework based on PoS restaking protocols, which allows sidechains to inherit and share part of the trust of the mainchain. To achieve efficient resource allocation and ensure incentive compatibility among participants in heterogeneous BIoT systems, this paper proposes a dual-layer incentive mechanism based on combinatorial contracts and multilateral auctions. Firstly, we design an independent contract-based incentive mechanism that reveals validators’ true risk preferences under asymmetric information and explores optimal reward and punishment design in the mainchain. Then, on this basis, we establish a corresponding combinatorial contract mechanism to provide optimal restaking incentives in sidechains. Secondly, we develop an auction-based incentive mechanism between the mainchain and sidechains, studying optimal strategies for allocation and payments under limited resources and uncertain sidechain demand. Additionally, to address potential collusion and cascade risks arising from increased corruption profits due to trust aggregation, we propose a reputation-based exemption mechanism to balance the benefits and risks of trust aggregation. Finally, we conduct detailed simulations to verify the feasibility and effectiveness of the proposed methods. Theoretical derivations and simulation results demonstrate that our approach can achieve mutual benefits for all parties, enhance the scalability and cryptoeconomic security of BIoT systems, promote efficient and reliable cross-domain IoT collaboration.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111297"},"PeriodicalIF":4.4,"publicationDate":"2025-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143864742","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Blockchain security threats: A comprehensive classification and impact assessment","authors":"Zhijun Wu,&nbsp;Hanwen Xu,&nbsp;Meng Yue,&nbsp;Yanrong Lu","doi":"10.1016/j.comnet.2025.111284","DOIUrl":"10.1016/j.comnet.2025.111284","url":null,"abstract":"<div><div>Blockchain technology has become a key force driving social, economic, and technological progress. Its features, such as decentralization, transparency, and immutability, have demonstrated enormous application potential across various fields, including finance, healthcare, government, and the Internet of Things. However, as the application of blockchain continues to expand, associated security issues have become increasingly prominent. The unique characteristics of blockchain systems present a series of complex challenges in terms of security. To clarify the security challenges and risks of blockchain technology, this paper provides a detailed and comprehensive literature review. This paper classifies the main security threats faced by blockchain technology systematically, according to its different layers. Based on this classification, we further refine the types of attacks and summarize them. In addition, we compile and organize the impact of each attack on blockchain systems and participants, making it easier to understand the damages caused by different attacks in a more intuitive and effective way. Finally, the paper identifies future research directions in blockchain security, offering guidance for researchers interested in further exploring this field.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"265 ","pages":"Article 111284"},"PeriodicalIF":4.4,"publicationDate":"2025-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143852301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}