Journal of Network and Computer Applications最新文献

{"title":"Lightweight verifiable privacy preserving federated learning","authors":"Li Zhang ,&nbsp;Bing Tang ,&nbsp;Jianbo Xu","doi":"10.1016/j.jnca.2025.104335","DOIUrl":"10.1016/j.jnca.2025.104335","url":null,"abstract":"<div><div>Federated learning (FL) has garnered considerable attention owing to its capability of accomplishing model training through the sharing local models without accessing training datasets. Nevertheless, it has been demonstrated that the shared models still possess sensitive information related to the training data. Moreover, there is a possibility that malicious aggregation servers can return manipulated global models. While the verification problem in FL has been explored in existing schemes, most of these schemes employ bilinear pairing operations and homomorphic hash computations dependent on the model’s dimension, leading to substantial computational costs. Additionally, some schemes necessitate multiple parties to collectively manage one or more sets of confidential keys for privacy preservation and validation, which renders them vulnerable to collusion attacks between certain clients and servers. Consequently, we propose a privacy-preserving federated learning mechanism under a dual-server architecture. This mechanism adopts a coding matrix computation-based approach to ensure the privacy security of local models at the client side and achieves the aggregation of local models through collaborative efforts between two servers situated at the server side. To verify the correctness of the aggregated model, a Model Verification Code (MVC) mechanism is designed. By effectively combining the MVC mechanism with the coded matrix computation, there is no requirement for all clients to possess identical sets of confidential keys during the privacy preservation and verification process. Meanwhile, this ensures the fulfillment of security requirements under the malicious threat posed by the server. The computational overhead of this mechanism remains low since it avoids the application of complex cryptographic primitives. We perform extensive experiments on real datasets, and the experimental results further demonstrate the proposed scheme exhibits lightweight characteristics while ensuring the validity and usability of the model.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"244 ","pages":"Article 104335"},"PeriodicalIF":8.0,"publicationDate":"2025-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145160066","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"3D UAV path planning based on an improved TD3 deep reinforcement learning for data collection in an urban environment","authors":"Mohammad Nazemi Jenabi,&nbsp;Hadi Asharioun,&nbsp;Mahdi Pourgholi","doi":"10.1016/j.jnca.2025.104336","DOIUrl":"10.1016/j.jnca.2025.104336","url":null,"abstract":"<div><div>With the rapid growth in the number of users and services in communication networks, unmanned aerial vehicles (UAVs) are expected to play a significant role in future wireless communication systems. One of the key applications of UAVs is data collection in Internet of Things (IoT) networks. This paper addresses a three-dimensional (3D) UAV path planning optimization problem aimed at minimizing the completion time of data collection in urban environments, taking into account real-world constraints such as frequent communication link blockages between UAVs and sensors caused by buildings. To tackle this challenge, we propose an improved Deep Reinforcement Learning (DRL) algorithm, referred to as the Dropout-Based Prioritized TD3 Algorithm (DPTD3). This method integrates the TD3 algorithm with the Prioritized Experience Replay Buffer (PER) strategy and introduces a new Actor network architecture incorporating the Dropout technique. Simulation results demonstrate that the proposed 3D UAV path planning approach reduces both data collection time and UAV energy consumption compared to a two-dimensional (2D) path planning method. Furthermore, the results indicate that during training, the DPTD3 algorithm outperforms other state-of-the-art DRL approaches in terms of both stability and performance.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"244 ","pages":"Article 104336"},"PeriodicalIF":8.0,"publicationDate":"2025-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145160068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secure event-triggered control for vehicle platooning against dual deception attacks","authors":"Ali Nikoutadbir ,&nbsp;Sajjad Torabi ,&nbsp;Sadegh Bolouki","doi":"10.1016/j.jnca.2025.104323","DOIUrl":"10.1016/j.jnca.2025.104323","url":null,"abstract":"<div><div>This paper addresses the challenge of achieving secure consensus in a vehicular platoon under dual deception attacks using an event-triggered control approach. The platoon consists of a leader and multiple follower vehicles that intermittently exchange position and velocity information to maintain stability. The study focuses on two types of deception attacks: gain modification attacks, where controller gains are manipulated, and false data injection attacks, which compromise sensor and control data integrity to destabilize the platoon. The research analyzes the duration, frequency, and impact of these attacks on system stability. To address these challenges, a robust event-triggered control scheme is proposed to ensure secure consensus despite the attacks. Sufficient consensus conditions are derived for both distributed static and dynamic event-triggered control schemes, considering constraints on attack duration and frequency. The influence of system matrices and triggering parameters on attack resilience is also analyzed. Additionally, a topology-switching scheme is introduced as a mitigation strategy when attack conditions exceed tolerable limits. The effectiveness of the proposed methodology is validated through simulations across various case studies, demonstrating its ability to maintain platoon stability under dual deception attacks.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104323"},"PeriodicalIF":8.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145157537","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Autoformer-based mobility and handoff-aware prediction for QoE enhancement in adaptive video streaming in 4G/5G networks","authors":"Maram Helmy ,&nbsp;Mohamed S. Hassan ,&nbsp;Mahmoud H. Ismail ,&nbsp;Usman Tariq","doi":"10.1016/j.jnca.2025.104324","DOIUrl":"10.1016/j.jnca.2025.104324","url":null,"abstract":"<div><div>Traditional Adaptive Bitrate (ABR) algorithms in Dynamic Adaptive Streaming over HTTP (DASH) rely on basic throughput estimation techniques that often struggle to quickly adapt to network fluctuations. As users move across different transportation modes or change from one access point to another (e.g., Wi-Fi to cellular networks or between 4G/5G cells), available bandwidth can vary sharply, causing interruptions, abrupt quality shifts, which impact the ability of conventional ABR algorithms to provide seamless playback and maintain high quality-of-experience (QoE). To address these issues, this paper introduces a novel and comprehensive framework that significantly enhances the adaptability and intelligence of ABR algorithms. The proposed solution integrates three key components: a transformer-based throughput prediction model, a Mobility-Aware Throughput Prediction engine (MATH-P), and a Handoff-Aware Throughput Prediction engine (HATH-P). The transformer-based model outperforms state-of-the-art approaches in predicting throughput for both 4G and 5G networks, leveraging its ability to capture complex temporal patterns and long-term dependencies. The MATH-P engine adapts throughput predictions to varying mobility scenarios, while the HATH-P one manages seamless transitions by accurately predicting 4G/5G handoff events and selecting the appropriate throughput prediction model. The proposed systems were integrated into existing ABR algorithms, replacing traditional throughput estimation techniques. Experimental results demonstrate that the MATH-P and HATH-P engines significantly improve video streaming performance, reducing stall durations, enhancing video quality, and ensuring smoother playback.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104324"},"PeriodicalIF":8.0,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145121249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"PRAETOR:Packet flow graph and dynamic spatio-temporal graph neural network-based flow table overflow attack detection method","authors":"Kaixi Wang ,&nbsp;Yunhe Cui ,&nbsp;Guowei Shen ,&nbsp;Chun Guo ,&nbsp;Yi Chen ,&nbsp;Qing Qian","doi":"10.1016/j.jnca.2025.104333","DOIUrl":"10.1016/j.jnca.2025.104333","url":null,"abstract":"<div><div>The flow table overflow attack on SDN switches is considered to be a destructive attack in SDN. By exhausting the computing and storage resources of SDN switches, this attack severely disrupts the normal communication functions of SDN networks. Graph neural networks are now being employed to detect flow table overflow attacks in SDN. When a flow graph is constructed, flow features are commonly utilized as nodes to represent the characteristics of flow table overflow attacks. However, a graph solely relying on these nodes and attributes may not fully encompass all the nuances of the flow table overflow attack. Additionally, GNN model may be difficult in capturing the graph information between different flow graphs over time, thus decreasing the detection accuracy of packet flow graph. To address these issues, we introduce PRAETOR, a detection method for flow table overflow attacks that leverages a packet flow graph and a dynamic spatio-temporal graph neural network. More particularly, The PaFlo-Graph algorithm and the EGST model are introduced by PRAETOR. The PaFlo-Graph algorithm generates a packet flow graph for each flow. It utilizes packet information to construct the graph with more detail, thereby better reflecting the characteristics of flow table overflow attacks. The EGST model is a dynamic spatio-temporal graph convolutional network designed to detect flow table overflow attacks by analyzing packet flow graphs. Experiments were conducted under two network topologies, where we used tcpreplay to replay packets from the bigFlow dataset to simulate SDN network flow. We also employed sFlow to sample packet features. Based on the sampled data, two datasets were constructed, each containing 1,760 network flows. For each packet, eight key features were extracted to represent its characteristics. The evaluation metrics include TPR, TNR, accuracy, precision, recall, F1-score, confusion matrix, ROC curves, and PR curves. Experimental results show that the proposed PaFlo-Graph algorithm generates more detailed flow graphs compared to KNN and CRAM, resulting in an average improvement of 6.49% in accuracy and 8.7% in precision. Furthermore, the overall detection framework, PRAETOR, achieves detection accuracies of 99.66% and 99.44% on Topo1 and Topo2, respectively. The precision scores reach 99.32% and 99.72%, and the F1-scores are 99.57% and 100%, respectively, indicating superior detection performance compared to other methods.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104333"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145121251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ST-MemA: Leveraging Swin Transformer and memory-enhanced LSTM for encrypted traffic classification","authors":"Zhiyuan Li ,&nbsp;Yujie Jin","doi":"10.1016/j.jnca.2025.104329","DOIUrl":"10.1016/j.jnca.2025.104329","url":null,"abstract":"<div><div>Traffic classification is essential for effective intrusion detection and network management. However, with the pervasive use of encryption technologies, traditional machine learning-based and deep learning-based methods often fall short in capturing the fine-grained details in encrypted traffic. To address these limitations, we propose a memory-enhanced LSTM model based on Swin Transformer for multi-class encrypted traffic classification. Our approach first reconstructs raw encrypted traffic by converting each flow into single-channel images. A hierarchical attention network, incorporating both byte-level and packet-level attention, then performs comprehensive feature extraction on these traffic images. The resulting feature maps are subsequently classified to identify traffic flow categories. By combining the long-term dependency capabilities of LSTM with the Swin Transformer’s strengths in feature extraction, our model effectively captures global features across diverse traffic types. Furthermore, we enhance LSTM with memory attention, enabling the model to focus on more fine-grained information. Experimental results on three public datasets—USTC-TFC2016, ISCX-VPN2016, and CIC-IoT2022 show that our model, ST-MemA, improves the classification accuracy to 99.43%, 98.96% and 98.21% and <span><math><msub><mrow><mi>F</mi></mrow><mrow><mn>1</mn></mrow></msub></math></span>-score to 0.9936, 0.9826 and 0.9746, respectively. The results also demonstrate that our proposed model outperforms current state-of-the-art models in classification accuracy and computational efficiency.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104329"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145094148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fault-tolerant 3-D topology construction of UAV-BSs for full coverage of users with different QoS demands","authors":"Xijian Luo ,&nbsp;Jun Xie ,&nbsp;Liqin Xiong ,&nbsp;Yaqun Liu ,&nbsp;Yuan He","doi":"10.1016/j.jnca.2025.104332","DOIUrl":"10.1016/j.jnca.2025.104332","url":null,"abstract":"<div><div>Deploying Unmanned aerial vehicle mounted base stations (UAV-BSs) in post-disaster areas or battlefields, where the ground infrastructures are missing or destroyed, can quickly restore communication coverage. Due to the unstable and hostile properties of the environments, the ability to maintain the connectivity of the UAV-BSs network should be considered. In this paper, we study the deployment of UAV-BSs to provide full coverage for users with different quality of service (QoS) demands. The objective is to minimize the number of UAV-BSs under the constraints of user demands and UAV-BS service abilities. Besides, in absence of ground base stations, we also aim to construct a bi-connected topology for the UAV-BS network. However, the formulated problem, as a special instance of the geometric disk cover (GDC) problem, is NP-hard. To tackle this problem, we propose a heuristic algorithm, named Improved QoS-Prior Coverage and bi-Connectivity (IQP2C), by separately solving the user coverage and bi-connected topology construction subproblems. Firstly, IQP2C provides full coverage for users with minimum covering UAVs. Then, we propose an altitude-cluster-based method extending from the 2-D Hamilton cycle to construct bi-connectivity for the UAV-BS network. Simulation results validate the effectiveness of IQP2C in meeting different QoS demands and constructing fault-tolerant topology. Moreover, IQP2C outperforms other baselines in terms of minimized number of UAV-BSs for user coverage, minimized number of UAV-BSs for bi-connectivity as well as running time.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104332"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145094146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Artificial intelligence-enhanced zero-knowledge proofs for privacy-preserving digital forensics in cloud environments","authors":"Khizar Hameed ,&nbsp;Faiqa Maqsood ,&nbsp;Zhenfei Wang","doi":"10.1016/j.jnca.2025.104331","DOIUrl":"10.1016/j.jnca.2025.104331","url":null,"abstract":"<div><div>This paper proposed an Artificial Intelligence (AI) enhanced Zero Knowledge Proofs (ZKPs) based comprehensive framework used to improve security, privacy, scalability and efficiency in forensic investigations for the multi-cloud environment, a growing concern for cybersecurity and digital forensics domains. With the growing invulnerability of data storage and inefficient processing in cloud computing landscapes, forensic investigations confront privacy preservation, data integrity, and interoperability issues amongst various cloud providers. Despite existing frameworks, there are few adaptive solutions that holistically solve these challenges. To address such issues and challenges, we propose a suite of frameworks, including an Adaptive Multi-Cloud Forensic Integration Framework (A-MCFIF), Multi-Factor Access Control Framework (MACF), Adaptive ZKP Optimization Framework (AZOF), and Privacy Enhanced Data Security Framework (PDSF) to bridge this gap. Incorporating AI-enhanced ZKP and Multi-Factor Authentication (MFA), these frameworks secure data and improve the efficiency of proof generation and verification while meeting privacy regulations such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). Our extensive evaluation of the proposed framework included computing efficiency, memory consumption, data handling efficiency, scalability, overall performance, and cost-effectiveness. We also analyse verification latency to assess the framework’s real-time processing capabilities, which overcome existing solutions. Furthermore, our research includes cloud-specific threat models such as insider threats and data breaches and shows the benefits of the proposed framework for counteracting these risks by proving mathematical and empirical security against privacy breaches. Finally, we bring new insights and contribute to the development of secure, privacy-compliant, and efficient forensic processes, which are elaborated as a comprehensive solution for more reconstructive forensic initiatives in increasingly sophisticated cloud environments.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104331"},"PeriodicalIF":8.0,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145121250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FlowTracker: A refined and versatile data plane measurement approach","authors":"Xinyue Jiang ,&nbsp;Chunming Wu ,&nbsp;Zhengyan Zhou ,&nbsp;Di Wang ,&nbsp;Dezhang Kong ,&nbsp;Muhammad Khurram Khan ,&nbsp;Xuan Liu","doi":"10.1016/j.jnca.2025.104334","DOIUrl":"10.1016/j.jnca.2025.104334","url":null,"abstract":"<div><div>To acquire per-hop flow level information, existing works have made significant contributions to offloading network measurement onto data center switches. Despite this, they still pose challenges due to increasingly complex measurement tasks and massive network traffic. In this paper, we introduce FlowTracker, a flow measurement primitive in the data plane. Our key innovation is a hash-based data structure with constant size and collision resolution, which allows fine-grained and real-time monitoring of various flow statistics. We have fully implemented a FlowTracker prototype on a testbed and used real-world packet traces to evaluate its performance. The results demonstrate FlowTracker’s efficiency under different measurement tasks. For example, with <span><math><mo>∼</mo></math></span>0.5 MB of memory, FlowTracker can accurately estimate 98% heavy hitter out of 25K flows, with an average relative error of 1.28%. It also achieves 92.27% higher accuracy in packet delay estimation and 121.83% higher flow set coverage compared to competitors with only 64 KB of memory. Furthermore, FlowTracker imposes minimal overhead, requiring just <span><math><mo>∼</mo></math></span>0.04% extra bandwidth for large-scale network processing. With these capabilities, FlowTracker can provide network operators with deep insights and efficient flow control of their networks.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"244 ","pages":"Article 104334"},"PeriodicalIF":8.0,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145134833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Secure and efficient data collaboration in cloud computing: Flexible delegation via hierarchical attribute-based signature","authors":"Wenrui Jiang,&nbsp;Yongjian Liao,&nbsp;Qishan Gao,&nbsp;Han Xu,&nbsp;Hongwei Wang","doi":"10.1016/j.jnca.2025.104328","DOIUrl":"10.1016/j.jnca.2025.104328","url":null,"abstract":"<div><div>Data collaboration allows multiple parties to jointly share and modify data stored in the cloud server. As unauthorized users may create or modify the shared data as they want by tampering with requests sent by authorized users to replace them with what the unauthorized users want to send, secure data collaboration in cloud computing requires data integrity protection of requests and precise privilege verification of users. However, while maintaining data integrity, it is difficult for current signature schemes to achieve the following demands: fine-grained access control, high scalability, a flexible and controllable hierarchical delegation mechanism, and efficient signing and verification. Therefore, we designed a scalable and flexible hierarchical attribute-based signature (HABS) model and proposed a signing policy HABS construction using the linear secret sharing scheme to construct an access structure. Furthermore, we proved the unforgeability of our HABS scheme in the standard model. We also analyzed and tested the performance of our HABS scheme and related scheme, and we found that our scheme has less signing computation consumption in large-scale systems with complex policies. Finally, we provided a specified application scenario of HABS used in data collaboration based on cloud computing.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104328"},"PeriodicalIF":8.0,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145094149","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}