Journal of Network and Computer Applications最新文献

{"title":"Privacy-preserving and Verifiable Federated Learning with weighted average aggregation in edge computing","authors":"Shufen Niu ,&nbsp;Weiying Kong ,&nbsp;Lihua Chen ,&nbsp;Xusheng Zhou ,&nbsp;Ning Wang","doi":"10.1016/j.jnca.2025.104201","DOIUrl":"10.1016/j.jnca.2025.104201","url":null,"abstract":"<div><div>In Federated Learning (FL), clients collaborate with edge and cloud servers to train a global model without sharing raw data. However, cloud servers cannot be fully trusted due to the risk of malicious servers forging aggregation results to compromise model updates. Consequently, secure aggregation of local gradients and verification of the integrity of global parameters are crucial. While existing methods ensure the verifiability of aggregation results, few address the trade-off between verification and efficiency in edge computing. To bridge this gap, we propose a privacy-preserving and verifiable weighted averaging aggregation scheme for FL within a cloud–edge collaborative architecture. Our scheme employs a masking technique to compute the weighted gradients and data size of the clients, followed by Lagrange interpolation at the edge servers, and gradient aggregation by dual cloud servers. In this design, the two cloud servers cannot reconstruct a client’s local gradients, as each only receives partial interpolation points of the Lagrange polynomial, ensuring client privacy. Additionally, the edge servers can verify the correctness of the aggregation results using cross-verification, providing an efficient method with low computational overhead, and performance evaluations show that the masking overhead is independent of the number of clients. Security analysis shows the scheme guarantees secure, efficient privacy protection and verification.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104201"},"PeriodicalIF":7.7,"publicationDate":"2025-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143935118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Addressing security requirements in industrial IoT: A robust three-factor authentication scheme with enhanced features","authors":"Behnam Zahednejad,&nbsp;Chong-zhi Gao","doi":"10.1016/j.jnca.2025.104200","DOIUrl":"10.1016/j.jnca.2025.104200","url":null,"abstract":"&lt;div&gt;&lt;div&gt;Authentication and Key Agreement (AKA) is a critical component for ensuring access control for legitimate users in the Industrial Internet of Things (IIoT). Traditional three-factor AKA schemes rely on the user’s password, biometric data, and smart card to provide robust security. However, existing schemes often suffer from vulnerabilities, such as password guessing attacks, which can occur if either the biometric data or the smart card is compromised. Additionally, several crucial security requirements, including Perfect Forward Secrecy (PFS), user anonymity, un-traceability, and resistance to Ephemeral Secret Leakage (ESL) and node capture attacks, have remained unaddressed in prior approaches. This paper presents a comprehensive solution to these challenges by proposing an improved three-factor AKA scheme for IIoT. The scheme effectively integrates the three factors—biometric data, smart card, and password—to achieve three-factor security. These three factors include: (1) Biometric Data: The scheme uses fuzzy extractors to handle the inherent noise in biometric data while extracting consistent cryptographic keys. This ensures that even if the biometric template is compromised, the extracted key remains secure. (2) Smart Card: The smart card stores a securely hashed version of the user’s credentials and a unique identifier. It employs modular arithmetic on hash functions (e.g., SHA-256) to generate and manage session keys, ensuring lightweight yet robust security. (3) Password: The user’s password is combined with the biometric key and smart card data through a one-way hash function and modular arithmetic operations. This creates a multi-layered authentication mechanism that prevents password guessing attacks even if one factor is compromised. To address the critical security requirements, the proposed scheme employs the following techniques to realize a robust security: (i) Perfect Forward Secrecy (PFS): PFS is achieved using Elliptic Curve Diffie–Hellman (ECDH) key exchange over elliptic curves. Each session generates a unique ephemeral key pair, ensuring that even if long-term keys are compromised, past sessions remain secure. (ii) Resistance to Ephemeral Secret Leakage (ESL): The scheme incorporates key derivation functions (KDFs) and salted hashes to ensure that ephemeral secrets cannot be exploited even if leaked during a session. (iii) Resistance to Node Capture Attacks: To defend against node capture attacks, the scheme uses two sets of pseudo-identities and distributed secret sharing. The main pseudo-identity and secret key of the user are never stored in the sensor, ensuring that capturing a sensor node does not compromise the user’s credentials or the overall system. The security of the proposed scheme is rigorously analyzed using formal verification methods, including BAN logic and ProVerif, to demonstrate its resilience against known attack vectors. Experimental results show that the scheme achieves strong computational p","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104200"},"PeriodicalIF":7.7,"publicationDate":"2025-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143935019","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Dynamic charging location determination for energy level equalization optimization in wireless rechargeable sensor networks","authors":"Haoran Wang ,&nbsp;Jinglin Li ,&nbsp;Peng-Yong Kong ,&nbsp;Wendong Xiao","doi":"10.1016/j.jnca.2025.104199","DOIUrl":"10.1016/j.jnca.2025.104199","url":null,"abstract":"<div><div>In wireless rechargeable sensor networks, broadcast charging provides a promising and efficient node energy replenishment approach that allows mobile chargers (MCs) to charge multiple nodes simultaneously. However, MCs usually charge nodes at a fixed location in existing work, which may result in large variability in residual energy levels after charging. Such non-equalization in node energy levels can cause degradation of network robustness and quality of service, shortened network lifetime, and increased maintenance cost. Therefore, this paper focuses on optimizing strategy in broadcast charging to achieve fine energy redistribution, thus maximizing the equalization of node energy levels. Specifically, the energy difference index is first defined to characterize the equalization of node energy levels. Second, domain discretization is utilized to characterize the MC-accessible charging locations. Finally, a novel dynamic charging location determination algorithm (DCLD) based on reinforcement learning (RL) is proposed, which takes into account the dynamic changes of MC charging locations and realizes a fine-grained node received energy redistribution to improve the equalization of node energy level. In DCLD, RL is introduced to explore MC discrete candidate charging locations autonomously, and the dual Q-table update mechanism reduces the overestimation error. In addition, a prioritized replay buffer mechanism is applied to filter and utilize the high-value experiences to make the learning process faster and more stable. Extensive simulations show that DCLD significantly outperforms other approaches.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104199"},"PeriodicalIF":7.7,"publicationDate":"2025-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143918153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"HELP4DNS: Leveraging the programmable data plane for effective and robust defense against DDoS attacks on DNS","authors":"Mehmet Emin Şahin ,&nbsp;Mehmet Demirci","doi":"10.1016/j.jnca.2025.104198","DOIUrl":"10.1016/j.jnca.2025.104198","url":null,"abstract":"<div><div>DNS is a critical component of the Internet infrastructure, and securing it has been an active research domain, with a particular emphasis on countering DDoS attacks. With the rise of programmable data planes, novel defensive strategies taking advantage of their flexibility and line-rate packet processing capabilities have been developed to counter a range of DDoS attacks. This study proposes two novel methodologies against DNS flood and DNS amplification attacks within programmable data planes using P4. The first approach involves constraining the concurrent active queries per client to mitigate DNS query flood attacks, thereby ensuring that clients generating a high volume of requests adhere to predetermined limits. The proposed method uses concurrent query limits per client by employing a modified token bucket algorithm within an updatable Bloom filter data structure to track and limit DNS queries. This approach effectively rate limits malicious client requests, preventing server overload and safeguarding benign users from any resulting disruptions. The second method is a DNS firewall implemented on the P4 switch situated on the victim’s side to prevent DNS amplification attacks. The proposed firewall utilizes an updatable Bloom filter on a P4 switch, enabling stateful processing of DNS queries at the application layer. Additionally, it supports stateful tracking of fragmented DNS responses resulting from the Extension Mechanisms for DNS. While IP fragmentation occurs at the IP layer, the proposed approach achieves stateful tracking of fragmented DNS responses at the application layer. In this manner, only the responses corresponding to legitimate requests are forwarded among the received DNS responses by the victim, while responses stemming from DNS amplification attacks are blocked. Evaluation results have demonstrated that the proposed approach effectively blocks high-volume DNS amplification attack packets with minimal memory space requirements.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104198"},"PeriodicalIF":7.7,"publicationDate":"2025-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143903639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An Internet of Things platform for heterogeneous data integration: Methodology and application examples","authors":"M. Muñoz,&nbsp;M. Torres,&nbsp;J.D. Gil,&nbsp;J.L. Guzmán","doi":"10.1016/j.jnca.2025.104197","DOIUrl":"10.1016/j.jnca.2025.104197","url":null,"abstract":"<div><div>The Internet of Things (IoT) has revolutionized the industrial sector, yet digital transformation in this domain faces challenges due to the lack of standardized methodologies for IoT platform development. Many existing approaches struggle with issues such as data heterogeneity, lack of interoperability, and limited scalability when applied to large-scale industrial environments. In order to address the aforementioned gap, this work presents an IoT platform specifically designed for the agro-industrial sector, with interoperability as a core feature. Built using open technologies and an interoperable data model based on the OMA NGSI standard within the FIWARE framework, the platform enables seamless communication between heterogeneous devices and systems. Its scalable architecture allows the easy integration of new devices and scenarios. Additionally, the platform encapsulates industrial models (e.g., climate, production) as services and uses ETL processes to manage data heterogeneity, ensuring interoperability across systems. The platform, developed through a successful collaboration between academia and industry, has been validated in three sceneries that are exemplified in this work. To evaluate its scalability and performance, extensive load tests were conducted in a cloud environment, demonstrating its ability to handle high volumes of concurrent requests while maintaining efficient resource consumption.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104197"},"PeriodicalIF":7.7,"publicationDate":"2025-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143891376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A DDoS attack detection method based on IQR and DFFCNN in SDN","authors":"Meng Yue,&nbsp;Huayang Yan,&nbsp;Ruize Han,&nbsp;Zhijun Wu","doi":"10.1016/j.jnca.2025.104203","DOIUrl":"10.1016/j.jnca.2025.104203","url":null,"abstract":"<div><div>Software-Defined Networking (SDN) is an innovative network architecture that enhances network flexibility by decoupling the data plane from the control plane. However, SDN is also faces severe security threats. One of the most damaging threats is the Distributed Denial-of-Service (DDoS) attack, which can disrupt network functionality and adversely affect legitimate users. Current solutions against DDoS attacks in SDN encounter challenges such as inadequate feature extraction, limited generalization of detection models, and frequent requests for data from network devices. These issues result in low detection accuracy and high resource consumption. We propose a DDoS attack detection method based on abnormal alarm and deep detection. First, we use the anomaly detection capability of interquartile range (IQR) to monitor the packet_in message rate of each switch and design a dynamic threshold alarm algorithm. This algorithm can preliminarily identify abnormal switches. In addition, we propose an integrated-feature-selection method to expose the most-relevant flow features, and extract new SDN flowtable features. Based on these features, we design a Deep Feature Fusion Convolutional Neural Network (DFFCNN) model to execute deep DDoS attack detection. This model combines a self-attention mechanism with multi-scale features extraction, enhancing its ability to capture data patterns. Experimental results on three typical datasets—IDS2017, IDS2018, and DDoS2019—demonstrate that the proposed method achieves an average detection accuracy of 99.54 % and a false positive rate of 0.53 %. This represents an improvement of 1.65 % over existing detection methods and reduces the false positive rate by 1.38 %. Additionally, the proposed two-stage detection method decreases CPU utilization by an average of 12.8 % to the existing polling detection method.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104203"},"PeriodicalIF":7.7,"publicationDate":"2025-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143883148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Predictive safe delivery with machine learning and digital twins collaboration for decentralized crowdsourced systems","authors":"Feruz Elmay ,&nbsp;Maha Kadadha ,&nbsp;Rabeb Mizouni ,&nbsp;Shakti Singh ,&nbsp;Azzam Mourad ,&nbsp;Hadi Otrok","doi":"10.1016/j.jnca.2025.104196","DOIUrl":"10.1016/j.jnca.2025.104196","url":null,"abstract":"<div><div>Crowdsourced last-mile delivery leverages workers willing to complete delivery tasks posted by requesters for incentives through dedicated platforms. While this is effective and affordable, crowdsourced delivery faces significant challenges, including the workforce’s uncertain availability and capability to deliver packages safely, inadequate package monitoring, and a lack of trust among the participants. These issues have become increasingly pronounced due to the rapid growth of e-commerce, where last-mile delivery constitutes a substantial portion of overall delivery costs and delays. Existing centralized works attempt to tackle the uncertainty of workforce availability and capability by analyzing worker behavior or predicting the fulfillment success in the allocation mechanism. On the other hand, decentralized solutions introduce blockchain-based platforms for transparent and secure interaction and transaction recording to tackle the challenge of lack of trust. These existing approaches, however, overlook a critical aspect of crowdsourced delivery, where successful task completion relies not only on worker commitment but also on delivered package status. In response, this work proposes a comprehensive framework leveraging machine learning, blockchain, and digital twins for package safe and transparent delivery. The proposed approach utilizes machine learning models to predict the delivery success of packages off-chain secured using IPFS and smart contracts events. Subsequently, a task allocation mechanism hosted on a blockchain integrates the projected delivery success with the Quality of Service (QoS) metric to assign tasks to workers with an increased likelihood of successful completion. Package digital twins are designed and employed to monitor packages in real-time, providing transparent feedback on package status and delivery. The trained models demonstrate an average accuracy of 96% and an F1-score of 94%. Evaluation with real-world data revealed substantial enhancements: task success rates improved by 48%, quality of service by 41%, worker reputation by 26%, and package delivery quality by 16%.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104196"},"PeriodicalIF":7.7,"publicationDate":"2025-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143873940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A security authentication and key agreement scheme for railway space-ground integrated network based on ideal lattice","authors":"Yong Chen,&nbsp;Zhaofeng Xin,&nbsp;Bingwang Zhang,&nbsp;Junli Jia","doi":"10.1016/j.jnca.2025.104194","DOIUrl":"10.1016/j.jnca.2025.104194","url":null,"abstract":"<div><div>At present, the Global System for Mobile Communications- Railway (GSM-R) is widely used in high-speed railway, but it is a 2G narrowband system that cannot meet the needs of intelligent development of high-speed railways. In the future, space-ground integrated railway communication network will gradually become an inevitable trend of railway development. Aiming at the problems of identity non-mutual authentication, data privacy leakage and low communication efficiency in the railway space-ground integrated network, this paper proposes a space-ground integrated security authentication and key agreement scheme based on ideal lattice. Firstly, the public key cryptosystem based on ideal lattice is designed to complete the mutual authentication of identity between train, Middle Earth Orbit (BDS) satellite and Authentication Server Function/Unified Data Management (AUSF/UDM), which can effectively resist the man-in-the-middle attack and replay attacks. Secondly, a zero-knowledge proof non-interactive Schnorr protocol digital signature algorithm is proposed and a random number mechanism is added to ensure the secure transmission of authentication information and improve the communication efficiency while reducing the number of communication interactions. Then, the session key is generated using the ideal lattice key agreement mechanism and hash function, which ensures the forward and backward security of the session key. Finally, the proposed method has been analyzed for efficiency and security through ideal lattice correctness analysis, BAN logic theory proofs and Tamarin protocol simulation tool. The results show that the proposed method can not only resist DoS attacks and realize the traceability of malicious attacks, but also has low computational overhead, which can better satisfy the security requirements of next generation space-ground integrated railway communication system.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104194"},"PeriodicalIF":7.7,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143870050","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DRacv: Detecting and auto-repairing vulnerabilities in role-based access control in web application","authors":"Ke Xu ,&nbsp;Bing Zhang ,&nbsp;Jingyue Li ,&nbsp;Haitao He ,&nbsp;Rong Ren ,&nbsp;Jiadong Ren","doi":"10.1016/j.jnca.2025.104191","DOIUrl":"10.1016/j.jnca.2025.104191","url":null,"abstract":"<div><div>Traditional methods for analyzing Broken Access Control (BAC) vulnerabilities have limitations regarding low coverage of access control rules, high false positive rate (FPR). Additionally, state-of-the-art strategies for repairing BAC vulnerabilities utilizing statement-level replacement as a repair method may introduce new logical errors. To address these challenges, we propose a novel approach called DRacv (<u>D</u>etect and <u>R</u>epair <u>A</u>ccess <u>C</u>ontrol <u>V</u>ulnerabilities) to identify and auto-repair vulnerabilities in Role-Based Access Control (RBAC) mode used in web applications. To detect vulnerabilities, DRacv first constructs a Fine-grained Global Multi-attribute Architectural Navigation Graph model (<em>FG-MANG</em>) for web applications through dynamic execution and static analysis, which characterizes full relationships between roles, privileges, and accessible page resources. Based on access control rules extracted from <em>FG-MANG</em>, DRacv generates targeted attack payloads to detect BAC vulnerabilities, significantly reducing FPR and eliminating redundant attack payloads. To auto-repair the identified vulnerabilities, DRacv first precisely extracts access control privilege parameters, validation functions, and contextual statements to construct the patch code templates. These templates generate user- and role-level verification patch codes for different users and roles. Instead of changing the vulnerable code, the patch codes behave like firewalls. They are added as separate files and invoked by the web page with vulnerability to defend against access control compromises. DRacv was evaluated on 12 popular open-source web applications in PHP and JAVA. From the applications, DRacv identified 35 vulnerabilities (11 were new) with only one false positive, achieving an FPR of 2.78%. We also compared DRacv’s detection results with state-of-the-art studies. Results show that DRacv outperforms those studies regarding the number of vulnerabilities detected and FPR. Among the 35 vulnerabilities detected, DRacv automatically repaired 34 of them, achieving a repair rate of 97.14%. The evaluation results also show that DRacv auto-fixed more vulnerabilities than the two state-of-the-art auto-repairing methods.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104191"},"PeriodicalIF":7.7,"publicationDate":"2025-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143860208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Variational Deep Clustering approaches for anomaly-based cyber-attack detection","authors":"Van Quan Nguyen ,&nbsp;Viet Hung Nguyen ,&nbsp;Long Thanh Ngo ,&nbsp;Le Minh Nguyen ,&nbsp;Nhien-An Le-Khac","doi":"10.1016/j.jnca.2025.104182","DOIUrl":"10.1016/j.jnca.2025.104182","url":null,"abstract":"<div><div>Detecting network anomalies is a critical cybersecurity task, yet existing methods struggle with high-dimensional data and limited interpretability in latent space. These challenges hinder precise differentiation between normal and anomalous activities due to (i) the chaotic distribution of normal samples, (ii) the absence of constraints to optimize the normal region’s hypervolume leading to high false alarm rates, (iii) the lack of prior knowledge for estimating the probability distribution of normal data, and (iv) slow inference times.</div><div>This research introduces two innovative deep generative models: Deep Clustering Variational Auto-Encoder (DCVAE) and Deep Clustering Support Vector Data Description Variational Auto-Encoder (DC-SVDD-VAE), designed to enhance learning latent features for detecting network anomalies. Both models incorporate a clustering layer within the Encoder to discover a clustering architecture suitable for normal network data. They also leverage prior information, specifically a Gaussian probability distribution, to estimate the posterior distribution that generates normal network data. Additionally, the DC-SVDD-VAE model integrates SVDD layers, which refine the clustering structure by mapping it onto an optimally sized hypersphere before computing the posterior probability. These approaches improve the separation between normal and abnormal regions at latent space, making it easier to identify significant/distinguishing latent features.</div><div>Both models were evaluated in conjunction with seven distinct one-class anomaly detection methods to assess the efficiency of the proposed solutions and the robustness of the generated features. These detectors were assessed using well-known intrusion benchmark datasets, including NSL-KDD, UNSW-NB15, CIC-IDS-2017, CSE-CIC-IDS-2018, and CTU-13. The experimental findings revealed that both models outperformed existing baselines and state-of-the-art approaches in terms of accuracy. Furthermore, inference stage processing times showed a notable decrease.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"240 ","pages":"Article 104182"},"PeriodicalIF":7.7,"publicationDate":"2025-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143863318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}