Journal of Network and Computer Applications最新文献

{"title":"CEMA: Cost Effective Multi-Layered Autoscaling for Microservice based Applications","authors":"Numan Shafi,&nbsp;Muhammad Abdullah,&nbsp;Waheed Iqbal,&nbsp;Faisal Bukhari","doi":"10.1016/j.jnca.2025.104266","DOIUrl":"10.1016/j.jnca.2025.104266","url":null,"abstract":"<div><div>Microservices architecture offers flexibility, scalability, and modularity by dividing applications into small and independent services. However, traditional autoscaling methods often focus on the autoscaling of the container layer alone, leading to inefficiencies such as over-provisioning and under-provisioning of virtual machines (VMs). These inefficiencies can increase operational costs and energy consumption. To address these challenges, this paper presents a novel, cost-effective Multi-Layered Autoscaling (CEMA) strategy that includes service migration to optimize resource allocation across container and VM layers. CEMA leverages predictive autoscaling techniques to dynamically adjust the number of containers and VMs based on real-time workload demands. The strategy includes a service migration mechanism that moves containers from underutilized VMs to those with available capacity, enabling the shutdown of idle VMs and reducing energy consumption. Through extensive experimentation using real-world workloads, including the WorldCup, Wikipedia, Calgary, ClarkNet, and NASA, CEMA demonstrates significant improvements over existing autoscaling methods. Results show CEMA gives 11.7% more processed requests with 19% fewer SLO violations than the baseline methods. Moreover, CEMA reduces the 1.6<span><math><mo>×</mo></math></span> infrastructure cost as compared to baseline methods. This paper highlights CEMA’s potential to enhance the efficiency and sustainability of microservices-based applications in cloud environments.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104266"},"PeriodicalIF":7.7,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144597556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards understanding the behavior of image-based network intrusion detection systems","authors":"Ayah Abdel-Ghani, Jezia Zakraoui, Abdulaziz Al-Ali, Abdelhak Belhi, Sandy Rahme, Abdelaziz Bouras","doi":"10.1016/j.jnca.2025.104254","DOIUrl":"https://doi.org/10.1016/j.jnca.2025.104254","url":null,"abstract":"Network Intrusion Detection Systems play a pivotal role in preventing cyber attacks by identifying threats within computer networks. Recent advancements in deep learning techniques positioned them as highly effective methods in detecting a diverse range of cyber attacks. However, the ”Black-Box” nature of deep models makes understanding their decisions very challenging, and renders them susceptible to adversarial attacks. In this paper, we propose the use of Explainable AI (XAI) approaches in deep-learning-based network traffic classifiers to validate their decisions’ rationale and soundness. In particular, we combine the popular Grad-CAM technique with a reverse lookup algorithm to explain models trained using image-transformed raw network traffic sessions, encompassing general, malware, and encrypted traffic data. Model behaviors were analyzed by mapping the highly impacting pixels to their corresponding raw features, to facilitate investigating the meaningfulness of the features learned by the model. Experimental results indicate cases of consistent highlighting of pixels associated with network layers across specific traffic types. However, models occasionally used unexpected features during the classification process, raising security vulnerability concerns that merit serious investigation. The proposed approach serves as a valid method to explain the behavior of general black-box image-based network traffic classification models and assess their robustness.","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"4 1","pages":""},"PeriodicalIF":8.7,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144613103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Spectrum-efficient hybrid protection with dedicated and shared paths in elastic optical data center networks","authors":"Xu Zhang ,&nbsp;Hankun Zeng ,&nbsp;Chuan Feng ,&nbsp;Yuxin Xu ,&nbsp;Fan Zhang ,&nbsp;Xiaoxue Gong ,&nbsp;Lei Guo","doi":"10.1016/j.jnca.2025.104238","DOIUrl":"10.1016/j.jnca.2025.104238","url":null,"abstract":"<div><div>Spectral efficiency is essential for ensuring the survivability of service requests that require multi-level protection in elastic optical data center networks (EODCNs). To tackle the survivability issue, we first create a system model that includes a network model, a service request model, and a dedicated and shared paths model. Next, we develop an integer linear programming (ILP) model aimed at minimizing the maximum index of allocated frequency slots (FSs) for various service requests with dedicated path protection (DPP) and shared backup path protection (SBPP) levels. Following this, we propose a spectrum-efficient hybrid protection algorithm (SEHPA) for survivable routing, modulation level, and spectrum assignment. Finally, we solve the ILP problem in a small-scale topology and evaluate the SEHPA algorithm in different large-scale topologies. Simulation results indicate that the SEHPA algorithm can reduce the percentage of unserviced requests by 16.1% while utilizing fewer network resources.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104238"},"PeriodicalIF":7.7,"publicationDate":"2025-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144589290","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing visibility on a science DMZ with P4-perfSONAR","authors":"Ali Mazloum ,&nbsp;Elie Kfoury ,&nbsp;Ali AlSabeh ,&nbsp;Jose Gomez ,&nbsp;Jorge Crichigno","doi":"10.1016/j.jnca.2025.104263","DOIUrl":"10.1016/j.jnca.2025.104263","url":null,"abstract":"<div><div>The Science Demilitarized Zone (Science DMZ) is a specialized network designed to facilitate the transfer of large-scale scientific data. One of the key elements of the Science DMZ is perfSONAR, an active performance measurement device that monitors end-to-end paths over multiple domains. Although versatile, perfSONAR faces limitations such as restricted visibility of events and coarse-grained measurements. This paper proposes a scheme that integrates P4 programmable data plane (PDP) switches with perfSONAR. P4 PDP switches are passively installed and operate on real-time traffic copies, providing flexibility to collect fine-grained custom measurements and report events in the data plane. This integration enables perfSONAR to collect per-flow granular statistics of actual traffic, identify a broader range of networking issues, and enhance visibility while reducing the overhead of active tests. Additionally, the scheme uses an adaptive linear prediction (LP) model that dynamically adjusts the rate of reports sent from the P4 PDP switch to perfSONAR, minimizing the storage and processing needed for the latter. Experimental results show that the system reduces the number of reports by a factor of five while maintaining a small and configurable relative mean error (RME).</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104263"},"PeriodicalIF":7.7,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144579778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A new segment routing with NEMO BSP based distributed mobility management approach in smart city network","authors":"Zainab Abdulsalam ,&nbsp;Shayla Islam ,&nbsp;Mohammad Kamrul Hasan ,&nbsp;Raenu Kolandaisamy ,&nbsp;Md Arafatur Rahman ,&nbsp;Hashim Elshafie ,&nbsp;Huda Saleh Abbas ,&nbsp;Ala Eldin Awouda ,&nbsp;Elankovan A. Sundararajan","doi":"10.1016/j.jnca.2025.104262","DOIUrl":"10.1016/j.jnca.2025.104262","url":null,"abstract":"<div><div>Due to high hop counts and complex inter-domain handover processing, the existing Distributed Mobility Management(DMM) framework in smart cities suffers from moderate delay and reliability issues during the handoff process in critical environments. These challenges hinder network efficiency, increasing latency, packet delivery costs, and reconfiguration requirements. In the present work, we proposed a novel Network Mobility Basic Support Protocol (NEMO BSP) with Segment Routing (SR) approach to enhance the network performance in distributed mobility management environments. The Segment Routing (SR) is integrated with existing network mobility methods to enhance performance. Also, we have proposed an algorithm NEMO-SR to reduce the hop count for data transmission. In previous research, the authors have reported various routing methods. However, the existing network mobility and routing methods mainly focus on the distributed mobility scheme of routers, which can improve performance to a certain extent. However, the segment routing-based distributed network mobility system can improve performance by optimizing the number of hop counts. SR enables optimized path selection and minimizes the overhead by reducing hop counts and reconfiguration needs. Thus, the proposed method can improve the key performance metrics such as Packet Delivery Cost (PDC), Latency, Tunnel Creation Rate (TCR), and Throughput. The proposed model introduces SR-specific tuning factors, which perform adaptive optimization and adjust the impact of SR on network metrics according to real-time conditions. This adaptive tuning is instrumental in high-mobility environments and data-intensive networks typical of 5G and Beyond 5G systems. SR minimizes signaling overhead and improves resource efficiency by effectively reducing the need for frequent tunnel reconfigurations. The performance of the proposed method is compared with the existing methods to analyze the performance. For the validation, both numerical analysis and simulation results were developed. The results prove that the proposed method supports mobility more efficiently, and the performance of the proposed method improves in terms of throughput, latency, PDC, and other parameters.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104262"},"PeriodicalIF":7.7,"publicationDate":"2025-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144597555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust and lightweighted mutual authentication scheme for drone swarm networks","authors":"Kiran Illyass,&nbsp;Zubair Baig,&nbsp;Naeem Syed","doi":"10.1016/j.jnca.2025.104264","DOIUrl":"10.1016/j.jnca.2025.104264","url":null,"abstract":"<div><div>Drones are being increasingly adopted across both military and commercial domains to serve remote rendering, monitoring, surveillance and service delivery operations. Drone swarms comprise multiple drones operating cohesively as a unified system to provide collective services. Each drone in a swarm must establish mutual trust with other drones to ensure authenticity in data exchange and also to prevent the compromise of a mission. Inter-drone communication links are vulnerable to cyber threats, including unauthorized access and spoofing. While most existing studies focus on authentication mechanisms for drone-to-stationary base stations, very little research work has explored inter-drone authentication protocols specifically designed for decentralized topologies. We propose a lightweight authentication scheme for inter-drone communication that leverages a dynamic challenge–response mechanism, hash-based message authentication code and authenticated encryption to facilitate mutual authentication. We validate the efficacy of the proposed protocol through extensive informal analysis based on the Dolev–Yao and the Canetti–Krawczyk threat models and through Scyther and random oracle-based formal analysis. We also compare the protocol’s performance with state-of-the-art authentication schemes to demonstrate its efficacy and efficiency. The results obtained demonstrate the supremacy of the protocol in cost-effective threat prevention for swarms of drones.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104264"},"PeriodicalIF":7.7,"publicationDate":"2025-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144589291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Sybil attack detection and traceability scheme based on temporal heterogeneous graph attention networks","authors":"Ye Chen,&nbsp;Yingxu Lai,&nbsp;Congai Zeng","doi":"10.1016/j.jnca.2025.104261","DOIUrl":"10.1016/j.jnca.2025.104261","url":null,"abstract":"<div><div>In the development and application of cooperative driving technology, Sybil attacks pose a serious threat to vehicle safety. Although existing detection schemes can identify erroneous information from Sybil nodes, they cannot prevent ongoing attacks and struggle to accurately trace their sources. The high concealment and intermittent message silences of attack sources are the root causes of this challenge. To address this, This paper propose a Sybil attack detection and tracing scheme based on a temporal heterogeneous graph attention network. Our method deeply integrates graph-structured data capturing vehicle behaviors, spatiotemporal characteristics, and dynamic traffic flow changes, and leverages graph attention to model complex interaction patterns among vehicles. This enables precise Sybil detection and physical tracing even during silent attack intervals. Experimental results on the VeReMi-Extension dataset demonstrate that our scheme achieves a Sybil node detection accuracy of 99.89% and successfully traces over 85% of attack source vehicles — a 50% improvement in tracing recall compared to existing approaches — effectively mitigating the threat of Sybil attacks. Notably, this work fills the existing research gap in tracking the physical locations of Sybil attackers.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104261"},"PeriodicalIF":7.7,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144563421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MOOO-RDQN: A deep reinforcement learning based method for multi-objective optimization of controller placement and traffic monitoring in SDN","authors":"Jue Chen,&nbsp;Yurui Ma,&nbsp;Wenjing Lv,&nbsp;Xihe Qiu,&nbsp;Junhao Wu","doi":"10.1016/j.jnca.2025.104253","DOIUrl":"10.1016/j.jnca.2025.104253","url":null,"abstract":"<div><div>Software Defined Networks (SDN) necessitates efficient controller placement strategies to address the NP-hard Controller Placement Problem (CPP), which involves minimizing propagation latency, balancing controller loads, and ensuring adaptability to dynamic network conditions. Traditional heuristic and deterministic algorithms face challenges in balancing optimality and computational efficiency, particularly in large-scale heterogeneous networks. This paper proposes Multi-Objective Optimization Oriented-Rainbow Deep Q Network (MOOO-RDQN), deep reinforcement learning framework that synergizes five advanced techniques, including double Q-learning, prioritized experience replay, dueling networks, multi-step learning, and noisy networks, to jointly optimize controller placement and switch-controller mapping. Experimental evaluations on real-world topologies demonstrate that MOOO-RDQN outperforms standard and state-of-the-art algorithms, achieving reductions of up to 42.49% in average controller-switch latency, 59.39% in worst-case latency, 30.56% in load imbalance, and 28.73% in training time. The solution gap from brute-force global optima remains below 15% across diverse network scales. Complementing the algorithmic innovation, we design an FPGA (Field-Programmable Gate Array) based traffic monitoring module utilizing CAN (Controller Area Network) interfaces and LED (Light-Emitting Diode) indicators to detect controller overloads in real-time. This hardware-software co-design not only validates the practicality of MOOO-RDQN but also lays the foundation for future works on closed-loop control plane optimization.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104253"},"PeriodicalIF":7.7,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144563505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Integrated probabilistic clustering and Deep Reinforcement Learning for bias mitigation and device heterogeneity of Federated Learning in edge networks","authors":"Neha Singh ,&nbsp;Mainak Adhikari","doi":"10.1016/j.jnca.2025.104259","DOIUrl":"10.1016/j.jnca.2025.104259","url":null,"abstract":"<div><div>Federated Learning (FL) enables decentralized and collaborative training on resource-constrained Edge Devices (EDs) while preserving data privacy by avoiding raw data transmission. However, traditional FL approaches face challenges such as non-independent and identically distributed (non-IID) data, biased model aggregation due to device heterogeneity, and inefficiencies caused by stragglers during model updates. We propose a novel Hierarchical Deep Reinforcement Learning-based Probabilistic Federated Learning (Hier-FedDRL) strategy to address these limitations. This framework combines local and central Deep Reinforcement Learning (DRL) agents with a probabilistic clustering approach to manage heterogeneous devices and optimize resource allocation dynamically. Local DRL agents optimize intra-cluster operations, including training and resource distribution, while the central DRL agent oversees global model updates and inter-cluster coordination.</div><div>To ensure balanced aggregation and mitigate biases, the proposed framework employs Gaussian Mixture Models (GMMs) for clustering EDs based on their data distributions and resource characteristics. Additionally, a dynamic contribution-based aggregation technique is introduced to fairly weigh updates from diverse EDs, reducing biases in the global model. The performance of Hier-FedDRL is evaluated in a cloud-based setup, where Docker containers are used to simulate EDs and Google Kubernetes Engine clusters for cloud orchestration. Experimental results over benchmark datasets demonstrate that the proposed Hier-FedDRL achieves 4%–6% higher accuracy, reduces convergence time by 7%–10%, and lowers bias in the global model by 25%, outperforming state-of-the-art FL approaches while effectively addressing data and resource heterogeneity.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104259"},"PeriodicalIF":7.7,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144535513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MTD-FRD: Malicious traffic detection method based on feature representation and conditional diffusion model","authors":"Saihua Cai ,&nbsp;Wenjun Zhao ,&nbsp;Jinfu Chen ,&nbsp;Yige Zhao ,&nbsp;Shengran Wang","doi":"10.1016/j.jnca.2025.104256","DOIUrl":"10.1016/j.jnca.2025.104256","url":null,"abstract":"<div><div>With the rapid development of computer network, security issues are more serious. Malicious traffic detection can effectively discover the malicious behaviors in network activities through detecting the malicious traffic in large-scale network traffic, and it has become an important mean to maintain the cyberspace security. However, traditional malicious traffic detection methods analyze the traffic behavior by processing the network traffic in the formats such as PCAP, CSV and gray-scale images, they cannot fully extract the deep association information in network traffic, leading to the problems such as unclear feature representations. In addition, data imbalance problem existing in network traffic can cause the training of detection model to bias towards normal traffic, and further resulting in high false negatives and weakening the model’s ability to recognize new types of attacks, which seriously affects the accuracy of malicious traffic detection models. This paper proposes a malicious traffic detection method called MTD-FRD, which accurately detects the malicious traffic via introducing feature representation of RGB images, conditional diffusion model and bidirectional traffic channel attention long and short-term memory network (BTCA_LSTM). Firstly, the feature representation of RGB images is constructed for preserving the detailed structural features and distribution information of network traffic, which improves the feature characterization ability. And then, a network conditional diffusion model is proposed to denoise the original network traffic, which utilizes the distribution conditions of RGB images and their own features to generate the high-quality RGB images for solving the data imbalance problem. Finally, a BTCA_LSTM model is constructed to achieve efficient malicious traffic detection by extracting the fine-grained features, local features and contextual correlations in the RGB images after data augmentation. Experimental results on three widely used network traffic show that compared with five state-of-the-arts, the proposed MTD-FRD method is able to improve the TPR, F1-measure and Accuracy by 1.34%–7.51%, 1.40%–7.51% and 1.30%–12.28%, as well as reduce the FPR by 0.022%–0.484%, it also achieves more stable detection validity.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104256"},"PeriodicalIF":7.7,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144522688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}