Computer Networks最新文献

{"title":"A trust and bundling-based task allocation scheme to enhance completion rate and data quality for mobile crowdsensing","authors":"Yunchuan Kang ,&nbsp;Houbing Herbert Song ,&nbsp;Tian Wang ,&nbsp;Shaobo Zhang ,&nbsp;Mianxiong Dong ,&nbsp;Anfeng Liu","doi":"10.1016/j.comnet.2025.111189","DOIUrl":"10.1016/j.comnet.2025.111189","url":null,"abstract":"<div><div>In Mobile CrowdSensing (MCS), task bundling has shown promise in improving task completion rate by pairing unpopular tasks with popular ones. However, existing methods often assume truthful data from workers, an assumption misaligned with real-world MCS scenarios. Workers tend to submit low-quality or false data to maximize their rewards, particularly given the Information Elicitation Without Verification (IEWV) problem, which hinders the detection of dishonest behavior. To address this, we propose a Trust and Bundling-based Task Allocation (TBTA) scheme to enhance task completion rates and data quality at a low cost. The TBTA scheme includes three main strategies: (1) a trusted worker identification algorithm that evaluates workers' trust degrees by considering the IEWV challenge, allowing for the selection of reliable workers and thus ensuring higher data quality; (2) a task bundling method using the Non-dominated Sorting Genetic Algorithm II to bundle unpopular tasks with popular ones strategically, maximizing platform utility and completion rates; and (3) an optimal allocation algorithm that assigns trusted workers to tasks best suited to their capabilities, thus improving data reliability and minimizing costs. Experimental results demonstrate that compared to the state-of-the-art methods, the TBTA scheme achieves a 15.54 % improvement in task completion rate, and a 1.83 % reduction in worker travel distance.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111189"},"PeriodicalIF":4.4,"publicationDate":"2025-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143593480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hidden AS link prediction based on random forest feature selection and GWO-XGBoost model","authors":"Zekang Wang,&nbsp;Fuxiang Yuan,&nbsp;Ruixiang Li,&nbsp;Meng Zhang,&nbsp;Xiangyang Luo","doi":"10.1016/j.comnet.2025.111164","DOIUrl":"10.1016/j.comnet.2025.111164","url":null,"abstract":"<div><div>Internet AS-level topology measurement is crucial for improving network stability and security. The presence of hidden AS links poses a challenge for accurately measuring the AS-level topology. Link prediction serves as a primary technical approach for discovering hidden AS links. However, the effectiveness of existing methods is susceptible to features and model hyperparameters, necessitating improvements in prediction performance. In this paper, a hidden AS link prediction method based on random forest feature selection and a GWO-XGBoost model is proposed. First, BGP data is preprocessed to eliminate erroneous information from AS paths, and suitable AS triplets for training the prediction model are constructed. Then, the traffic volume and ratio at the first and last nodes of these triplets are analyzed to extract four new features. These are combined with features extracted by typical methods to form an initial prediction feature set. Additionally, the random forest algorithm is used to select initial features, remove redundant features, and construct an optimal feature subset. Finally, the initial prediction model XGBoost is trained using the optimal feature subset, while the Grey Wolf Optimizer (GWO) algorithm is employed to search for optimal hyperparameters, thus constructing a fusion model GWO-XGBoost that achieves hidden AS link prediction. Extensive experiments are conducted on the AS-level topology with 81,998 nodes and 401,925 links collected from RouteViews and RIPE RIS projects. The results show that the proposed method has significant advantages over the typical prediction methods <em>TopoScope</em> and <em>LOC-TopoScope</em>. The prediction accuracy increases by 5.30% and 3.96%, respectively, and the number of discovered hidden AS links increases by 23.76% and 6.08%, respectively.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111164"},"PeriodicalIF":4.4,"publicationDate":"2025-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143601654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Joint optimization of VNF deployment and UAV trajectory planning in Multi-UAV-enabled mobile edge networks","authors":"Junbin Liang,&nbsp;Qiao He","doi":"10.1016/j.comnet.2025.111163","DOIUrl":"10.1016/j.comnet.2025.111163","url":null,"abstract":"<div><div>Multi-Unmanned Aerial Vehicle (UAV)-enabled mobile edge networks have emerged as a promising networking paradigm that uses multiple UAVs with limited communication and computation capacities as edge servers to traverse along planned trajectories to visit designated ground users (GUs) for providing network services in partial or no network coverage areas, e.g., disaster areas. Based on network virtualization technology, network services can be flexibly provisioned as virtual network functions (VNFs) deployed at the UAVs. However, given a set of UAVs with initial locations and a set of VNF requests from different GUs on different locations, how to deploy the on-demand VNFs on the limited-capacities UAVs with consideration that which UAV should carry which VNFs to serve which requests, and then plan trajectories for each UAV to visit their target GUs to complete its serving task, aiming to minimize both the energy consumption of the UAVs and the cost of UAVs accepting requests, is a challenging problem, where the cost UAVs accepting requests is composed of the instantiation cost of deploying VNFs and the computing cost of processing GU requests in the VNFs. In this paper, since the VNF deployment and the UAV trajectory planning have coupling effect, we focus on joint optimization of the two operations. We firstly formulate it as a nonconvex mixed integer non-linear programming problem. Then, we propose a hierarchical hybrid deep reinforcement learning algorithm based on jointly optimizing discrete and continuous action to solve the problem. Finally, we evaluate the performance of the proposed algorithm and the simulation results demonstrate its effectiveness.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111163"},"PeriodicalIF":4.4,"publicationDate":"2025-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143580696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Design and evaluation of an Autonomous Cyber Defence agent using DRL and an augmented LLM","authors":"Johannes Loevenich ,&nbsp;Erik Adler ,&nbsp;Tobias Hürten ,&nbsp;Roberto Rigolin F. Lopes","doi":"10.1016/j.comnet.2025.111162","DOIUrl":"10.1016/j.comnet.2025.111162","url":null,"abstract":"<div><div>In this paper, we design and evaluate an Autonomous Cyber Defence (ACD) agent to monitor and act within critical network segments connected to untrusted infrastructure hosting active adversaries. We assume that modern network segments use software-defined controllers with the means to host ACD agents and other cybersecurity tools that implement hybrid AI models. Our agent uses a hybrid AI architecture that integrates deep reinforcement learning (DRL), augmented Large Language Models (LLMs), and rule-based systems. This architecture can be implemented in software-defined network controllers, enabling automated defensive actions such as monitoring, analysis, decoy deployment, service removal, and recovery. A core contribution of our work is the construction of three cybersecurity knowledge graphs that organise and map data from network logs, open source Cyber Threat Intelligence (CTI) reports, and vulnerability frameworks. These graphs enable automatic mapping of Common Vulnerabilities and Exposures (CVEs) to offensive tactics and techniques defined in the MITRE ATT&amp;CK framework using Bidirectional Encoder Representations from Transformers (BERT) and Generative Pre-trained Transformer (GPT) models. Our experimental evaluation of the knowledge graphs shows that BERT-based models perform better, with precision (83.02%), recall (75.92%), and macro F1 scores (58.70%) significantly outperforming GPT models. The ACD agent was evaluated in a Cyber Operations Research (ACO) gym against eleven DRL models, including Proximal Policy Optimisation (PPO), Hierarchical PPO, and ensembles under two different attacker strategies. The results show that our ACD agent outperformed baseline implementations, with its DRL models effectively mitigating attacks and recovering compromised systems. In addition, we implemented and evaluated a chatbot using Retrieval-Augmented Generation (RAG) and a prompting agent augmented with the CTI reports represented in the cybersecurity knowledge graphs. The chatbot achieved high scores on generation metrics such as relevance (0.85), faithfulness (0.83), and semantic similarity (0.88), as well as retrieval metrics such as contextual precision (0.91). The experimental results suggest that the integration of hybrid AI systems with knowledge graphs can enable the automation and improve the precision of cyber defence operations, and also provide a robust interface for cybersecurity experts to interpret and respond to advanced cybersecurity threats.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111162"},"PeriodicalIF":4.4,"publicationDate":"2025-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143562749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CAEAID: An incremental contrast learning-based intrusion detection framework for IoT networks","authors":"Zinuo Yin ,&nbsp;Hongchang Chen ,&nbsp;Hailong Ma ,&nbsp;Tao Hu ,&nbsp;Luxin Bai","doi":"10.1016/j.comnet.2025.111161","DOIUrl":"10.1016/j.comnet.2025.111161","url":null,"abstract":"<div><div>Nowadays, the swiftly advancing and intricately diverse IoT node devices produces high-dimensional, discrete, and temporally dynamic network traffic feature data. The ensuing data distribution sparsity and concept drift can critically impair the effectiveness of traditional deep learning-based intrusion detection models. To address these issues, we propose an incremental contrastive learning-based intrusion detection framework for IoT networks, CAEAID. On one hand, to tackle the high-dimensional sparse distribution of traffic, we construct a contrastive autoencoder. It effectively learns low-dimensional latent representations of IoT traffic features by minimizing the distance between similar samples while maximizing the distance between dissimilar samples. Subsequently, we identify abnormal traffic based on distance. The contrastive autoencoder clarifies the boundaries of traffic categories and alleviates the challenges posed by high-dimensional sparse spaces. Simultaneously, we apply improved extreme value theory to fit IoT traffic features and adaptively establish thresholds for detecting extreme discrete anomalous traffic for auxiliary analysis. On the other hand, to handle concept drift, CAEAID creates a pseudo-labeled dataset based on detection consistency, enabling incremental learning and periodic model updates for adaptive detection. Experimental results indicate that compared to other advanced methods, CAEAID improves the accuracy on the IoTID20 and CICIDS2018 datasets by at least 1.15% and 1.72%, respectively. Furthermore, the framework demonstrates superior performance in precision, recall, and F1-score.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111161"},"PeriodicalIF":4.4,"publicationDate":"2025-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143551383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enabling efficient collection and usage of network performance metrics at the edge","authors":"Antonio Calagna ,&nbsp;Stefano Ravera ,&nbsp;Carla Fabiana Chiasserini","doi":"10.1016/j.comnet.2025.111158","DOIUrl":"10.1016/j.comnet.2025.111158","url":null,"abstract":"<div><div>Microservices (MSs)-based architectures have become the de facto standard for designing and implementing edge computing applications. In particular, by leveraging Network Performance Metrics (NPMs) coming from the Radio Access Network (RAN) and sharing context-related information, AI-driven MSs have demonstrated to be highly effective in optimizing RAN performance. In this context, this work addresses the critical challenge of ensuring efficient data sharing and consistency by proposing a holistic platform that regulates the collection and usage of NPMs. We first introduce two reference platform architectures and detail their implementation using popular, off-the-shelf database solutions. Then, to evaluate and compare such architectures and their implementation, we develop PACE, a highly configurable, scalable, MS-based emulation framework of producers and consumers of NPMs, capable of realistically reproducing a broad range of interaction patterns and load dynamics. Using PACE on our cloud computing testbed, we conduct a thorough characterization of various NPM platform architectures and implementations under a spectrum of realistic edge traffic scenarios, from loosely coupled control loops to latency- and mission- critical use cases. Our results reveal fundamental trade-offs in stability, availability, scalability, resource usage, and energy footprint, demonstrating how PACE effectively enables the identification of suitable platform solutions depending on the reference edge scenario and the required levels of reliability and data consistency.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111158"},"PeriodicalIF":4.4,"publicationDate":"2025-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143551386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LM-Hunter: An NLP-powered graph method for detecting adversary lateral movements in APT cyber-attacks at scale","authors":"Mario Pérez-Gomariz ,&nbsp;Fernando Cerdán-Cartagena ,&nbsp;Jess García","doi":"10.1016/j.comnet.2025.111181","DOIUrl":"10.1016/j.comnet.2025.111181","url":null,"abstract":"<div><div>APT (Advanced Persistent Threat) actors are highly skilled cyber attackers who employ sophisticated techniques to infiltrate and maintain unauthorized access to a network over an extended period. In the APT lifecycle, lateral movement stands out as a critical stage where intruders escalate privileges and move across the network to expand their control and access to sensitive data. While solutions such as UEBA (User and Entity Behavior Analytics) or graph analysis have been proposed to identify lateral movements, their application in real-world cybersecurity incidents remains impractical in terms of both scalability and performance. This paper introduces LM-Hunter, a new robust and efficient method for identifying stealth adversaries moving laterally through the network at scale. LM-Hunter takes advantage of graphs and Transformers, a specific architecture within NLP (Natural Language Processing), to learn the network dynamics for hunting the most suspicious lateral movements of the users. The method is validated in a real-world cybersecurity incident at a Fortune 500 company, one of the largest corporations in the United States, demonstrating its capability to identify adversarial lateral movements in large enterprise networks. LM-Hunter enhances the threat detection capabilities of Incident Response and Threat Hunting teams in real-world scenarios. The application of the method is facilitated by releasing LM-Hunter as an open-source tool, expanding the arsenal of cybersecurity teams for combating cyber threats.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111181"},"PeriodicalIF":4.4,"publicationDate":"2025-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143580697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Soft failure detection and identification in optical networks using cascaded deep learning model","authors":"Subhendu Ghosh,&nbsp;Aneek Adhya","doi":"10.1016/j.comnet.2025.111159","DOIUrl":"10.1016/j.comnet.2025.111159","url":null,"abstract":"<div><div>Due to malfunction of network devices and surge in physical layer impairments, the quality of transmission (QoT) in backbone optical networks may degrade. If the cause of the degradation is not timely diagnosed and addressed adequately, it may deteriorate into a hard failure. In this study, we consider the external cavity laser (ECL) malfunction-, erbium-doped fiber amplifier (EDFA) malfunction-, and nonlinear interference-related soft failures. We propose a software-defined optical network (SDON)-based soft failure detection and identification strategy using a cascaded deep learning model. Time-series QoT data of normal and degraded lightpaths obtained through the optical performance monitoring equipment is used to train the proposed cascaded deep learning model. In the first stage, a long short-term memory-based autoencoder (LSTM-AE) model is used as a binary classifier to identify the anomalous time-series sequences. Subsequently, an LSTM-based multiclass classifier is used to identify the type of soft failure. Our proposed approach shows an accuracy of 99.70%.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111159"},"PeriodicalIF":4.4,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143580694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"UGL: A comprehensive hybrid model integrating GCN and LSTM for enhanced intrusion detection in UAV controller area networks","authors":"Ying Du ,&nbsp;Yilong Li ,&nbsp;Pu Cheng ,&nbsp;Zhijie Han ,&nbsp;Yanan Wang","doi":"10.1016/j.comnet.2025.111157","DOIUrl":"10.1016/j.comnet.2025.111157","url":null,"abstract":"<div><div>The Unmanned Aerial Vehicle Controller Area Network (UAVCAN) is a lightweight communication protocol based on the Controller Area Network (CAN) bus, designed to facilitate communication among various components within unmanned aerial vehicles (UAVs). Traditional CAN-based intrusion detection and anomaly monitoring methods primarily target vehicle networks, rendering them less adaptable and effective for UAV systems due to differences in network structure and data patterns. UAV networks encounter significant challenges, including limited information density and a reduced number of electronic components. To address these challenges, this paper introduces two key innovations to enhance security in UAV networks. First, Based on the extended dataset, we propose a novel graph construction method specifically designed for scenarios where UAVs have only a few Electronic Control Unit (ECU) nodes, effectively enhancing the information density. Secondly, this study designs an innovative network attack detection model called UAV-GCNLSTM (UGL), which combines the efficiency of Graph Convolutional Networks (GCN) in capturing network topology with the capability of Long Short-Term Memory networks (LSTM) in processing sequential data. Experimental results demonstrate that the UGL model achieves an accuracy of 1.0000 for Flooding attacks, 0.9854 for Fuzzy attacks, and 0.9635 for Replay attacks, significantly outperforming the compared models.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111157"},"PeriodicalIF":4.4,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143551384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Scalable Octagonal-Cross-By-Pass-Torus topology for the on-chip-communication","authors":"Usman Ali Gulzari ,&nbsp;Waqar Farooq ,&nbsp;Syed Nasir Mehmood Shah ,&nbsp;Naveed Ahmad ,&nbsp;Hessam Sarjoughian ,&nbsp;Iftikhar Ahmed Khan ,&nbsp;Sheraz Anjum","doi":"10.1016/j.comnet.2025.111178","DOIUrl":"10.1016/j.comnet.2025.111178","url":null,"abstract":"<div><div>This research presents the Scalable Octagonal-Cross-By-Pass-Torus (Octa-CBP-Torus) network topology design for Network-on-chip communication. Recently, we presented the Octagonal-Cross-By-Pass-Mesh (Octa-CBP-Mesh), CBP-Mesh, and CBP-Torus topologies, which outclassed its modified 2-Diamesinoal-mesh competitors. The effectiveness of the cross-by-pass (CBP) links in the CBP-Mesh and CBP-Torus designs played a pivotal role in enhancing the capabilities of the network characteristics and the overall performance of the topologies. Furthermore, with the addition of CBP-Links in the CBP-Mesh design, we presented the Octa-CBP-Mesh network which is improved from its predecessor and its competitors’ topologies. This study presents the Torus version of the Octa-CBP-Mesh design network topology. The addition of Torus-Links in the proposed Octa-CBP-Torus design reduces network diameter and improves the other network parameters as the increases the bisection-width, path diversity, and tolerance and reduces average numbers of hops from its competitor topologies. The syntactic and embedded application traffic traces were applied to the proposed Octa-CBP-Torus and compared with its competitor topologies. The simulation results showed that the Octa-CBP-Torus is better and outclasses the performance in network latency, and throughput, and slightly increased in network energy and power consumption than its competitor.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111178"},"PeriodicalIF":4.4,"publicationDate":"2025-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143642188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}