Journal of Network and Computer Applications最新文献

{"title":"Machine learning-based IoT: Developing an energy-efficient and balanced clustering routing protocol (EEB-CR) for WSNs","authors":"Nguyen Duy Tan ,&nbsp;Thi-Thu-Huong Le","doi":"10.1016/j.jnca.2025.104269","DOIUrl":"10.1016/j.jnca.2025.104269","url":null,"abstract":"<div><div>Wireless sensor networks (WSNs) have become integral to the Internet of Things (IoT), supporting diverse applications such as healthcare, environmental monitoring, intrusion detection, military surveillance, and industrial automation. However, sensor nodes (SNs) in WSNs are constrained by limited computational capabilities and finite energy reserves, making energy efficiency a critical concern for IoT applications deployed over WSN infrastructure. This study proposes an Energy-Efficient and Balanced Cluster-based Routing protocol (EEB-CR) to improve the operational longevity and energy distribution of WSNs. The EEB-CR protocol operates in three systematic phases: balanced cluster formation, cluster head (CH) selection, and energy-aware route discovery. Initially, balanced clusters are formed using an enhanced fuzzy <span><math><mi>c</mi></math></span>-means algorithm integrated with a mechanism to reduce uneven energy usage among SNs. Subsequently, CHs are optimally selected based on local node density, residual energy, and Euclidean distance to the base station (or gateway), and the CH role is periodically rotated among cluster members to promote fairness in energy consumption. In the final phase, the Ford–Fulkerson algorithm is employed to establish both intra- and inter-cluster data transmission paths with the objective of minimizing communication overhead from SNs to the base station (BS). Performance evaluation conducted through NS2 simulations demonstrates that EEB-CR achieves superior energy distribution balance and improved network stability compared to benchmark protocols such as LEACH-C, TEZEM, PECR, and FC-GWO.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104269"},"PeriodicalIF":7.7,"publicationDate":"2025-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144664878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fine-grained access control with decentralized delegation for collaborative healthcare systems","authors":"Minghui Li ,&nbsp;Jingfeng Xue ,&nbsp;Yong Wang ,&nbsp;Tianwei Lei ,&nbsp;Zixiao Kong","doi":"10.1016/j.jnca.2025.104273","DOIUrl":"10.1016/j.jnca.2025.104273","url":null,"abstract":"<div><div>Collaborative treatment has emerged as a crucial approach for improving the quality and efficiency of medical services in modern healthcare systems. To support this paradigm, secure access control over electronic health records (EHR) and flexible delegation of patient permissions are essential for enabling efficient, privacy-preserving data sharing. This paper proposes a fine-grained access control scheme with decentralized permission delegation tailored for medical collaboration scenarios. To ensure fine-grained access control, we adopt a hybrid encryption scheme that combines a dual-key regression tree with Identity-Based Encryption with Wildcard Key Derivation (WKD-IBE) for efficient and scalable key management. This integration enables access control based on data attributes rather than user identities and adheres to the principle of minimal data disclosure. To support decentralized permission delegation, we extend the WKD-IBE scheme to enable patients to authorize multiple doctors to grant access permissions collaboratively. This extension ensures controlled delegation by enforcing a predefined threshold of doctors and requiring consensus on the requested access scope. Additionally, we provide both theoretical and practical security analyses, along with an implementation to demonstrate the scheme’s real-world applicability. Experimental results demonstrate that our scheme achieves lower authorization latency and better scalability in collaborative healthcare scenarios while maintaining comparable encryption efficiency.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104273"},"PeriodicalIF":7.7,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144664874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A proactive privacy-preserving framework for mobile trajectory sharing","authors":"Mohammad Hossein Farahnakiyan,&nbsp;Rasool Esmaeilyfard,&nbsp;Reza Javidan","doi":"10.1016/j.jnca.2025.104271","DOIUrl":"10.1016/j.jnca.2025.104271","url":null,"abstract":"<div><div>Location-Based Services (LBS) leverage Global Positioning System (GPS) data to deliver personalized services such as navigation and location-based advertising. However, the sensitive nature of trajectory data raises serious privacy risks, particularly in real-time applications. Existing privacy-preserving methods often rely on static obfuscation, uniform protection strategies, or reactive anonymization techniques that fail to adapt to individual user preferences or account for semantic characteristics of locations—leading to either excessive distortion or insufficient privacy. To address these limitations, we present PRISM, a novel and integrated privacy-preserving framework that fills this gap by combining three key innovations: (1) Hierarchical Semantic Mapping (HSM) for context-aware anonymization based on semantic sensitivity; (2) a proactive LSTM-based prediction model with backtracking attention that anticipates sensitive interaction points before data exposure; and (3) a user-specific privacy profile system that enables dynamic, personalized privacy control. Unlike previous methods, PRISM adapts privacy enforcement in real-time based on both predicted behavior and semantic context, significantly improving the balance between privacy and utility. Experiments on Geolife , Gowalla, Brightkite, and OpenStreetMap datasets show PRISM achieves a 40% reduction in Privacy-Preserving Time (PPT) and a 5% improvement in data utility, while ensuring robust privacy, as measured by the Location Privacy Index (LPI). PRISM’s dynamic, user-centric approach provides a scalable solution for safeguarding location data in modern real-world LBS applications.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104271"},"PeriodicalIF":7.7,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144664875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CEMA: Cost Effective Multi-Layered Autoscaling for Microservice based Applications","authors":"Numan Shafi,&nbsp;Muhammad Abdullah,&nbsp;Waheed Iqbal,&nbsp;Faisal Bukhari","doi":"10.1016/j.jnca.2025.104266","DOIUrl":"10.1016/j.jnca.2025.104266","url":null,"abstract":"<div><div>Microservices architecture offers flexibility, scalability, and modularity by dividing applications into small and independent services. However, traditional autoscaling methods often focus on the autoscaling of the container layer alone, leading to inefficiencies such as over-provisioning and under-provisioning of virtual machines (VMs). These inefficiencies can increase operational costs and energy consumption. To address these challenges, this paper presents a novel, cost-effective Multi-Layered Autoscaling (CEMA) strategy that includes service migration to optimize resource allocation across container and VM layers. CEMA leverages predictive autoscaling techniques to dynamically adjust the number of containers and VMs based on real-time workload demands. The strategy includes a service migration mechanism that moves containers from underutilized VMs to those with available capacity, enabling the shutdown of idle VMs and reducing energy consumption. Through extensive experimentation using real-world workloads, including the WorldCup, Wikipedia, Calgary, ClarkNet, and NASA, CEMA demonstrates significant improvements over existing autoscaling methods. Results show CEMA gives 11.7% more processed requests with 19% fewer SLO violations than the baseline methods. Moreover, CEMA reduces the 1.6<span><math><mo>×</mo></math></span> infrastructure cost as compared to baseline methods. This paper highlights CEMA’s potential to enhance the efficiency and sustainability of microservices-based applications in cloud environments.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104266"},"PeriodicalIF":7.7,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144597556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards understanding the behavior of image-based network intrusion detection systems","authors":"Ayah Abdel-Ghani ,&nbsp;Jezia Zakraoui ,&nbsp;Abdulaziz Al-Ali ,&nbsp;Abdelhak Belhi ,&nbsp;Sandy Rahme ,&nbsp;Abdelaziz Bouras","doi":"10.1016/j.jnca.2025.104254","DOIUrl":"10.1016/j.jnca.2025.104254","url":null,"abstract":"<div><div>Network Intrusion Detection Systems play a pivotal role in preventing cyber attacks by identifying threats within computer networks. Recent advancements in deep learning techniques positioned them as highly effective methods in detecting a diverse range of cyber attacks. However, the ”Black-Box” nature of deep models makes understanding their decisions very challenging, and renders them susceptible to adversarial attacks. In this paper, we propose the use of Explainable AI (XAI) approaches in deep-learning-based network traffic classifiers to validate their decisions’ rationale and soundness. In particular, we combine the popular Grad-CAM technique with a reverse lookup algorithm to explain models trained using image-transformed raw network traffic sessions, encompassing general, malware, and encrypted traffic data. Model behaviors were analyzed by mapping the highly impacting pixels to their corresponding raw features, to facilitate investigating the meaningfulness of the features learned by the model. Experimental results indicate cases of consistent highlighting of pixels associated with network layers across specific traffic types. However, models occasionally used unexpected features during the classification process, raising security vulnerability concerns that merit serious investigation. The proposed approach serves as a valid method to explain the behavior of general black-box image-based network traffic classification models and assess their robustness. The implementation code is available at <span><span>https://github.com/ayahdev/XAI-Image-Based-IDS</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104254"},"PeriodicalIF":7.7,"publicationDate":"2025-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144613103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing visibility on a science DMZ with P4-perfSONAR","authors":"Ali Mazloum ,&nbsp;Elie Kfoury ,&nbsp;Ali AlSabeh ,&nbsp;Jose Gomez ,&nbsp;Jorge Crichigno","doi":"10.1016/j.jnca.2025.104263","DOIUrl":"10.1016/j.jnca.2025.104263","url":null,"abstract":"<div><div>The Science Demilitarized Zone (Science DMZ) is a specialized network designed to facilitate the transfer of large-scale scientific data. One of the key elements of the Science DMZ is perfSONAR, an active performance measurement device that monitors end-to-end paths over multiple domains. Although versatile, perfSONAR faces limitations such as restricted visibility of events and coarse-grained measurements. This paper proposes a scheme that integrates P4 programmable data plane (PDP) switches with perfSONAR. P4 PDP switches are passively installed and operate on real-time traffic copies, providing flexibility to collect fine-grained custom measurements and report events in the data plane. This integration enables perfSONAR to collect per-flow granular statistics of actual traffic, identify a broader range of networking issues, and enhance visibility while reducing the overhead of active tests. Additionally, the scheme uses an adaptive linear prediction (LP) model that dynamically adjusts the rate of reports sent from the P4 PDP switch to perfSONAR, minimizing the storage and processing needed for the latter. Experimental results show that the system reduces the number of reports by a factor of five while maintaining a small and configurable relative mean error (RME).</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104263"},"PeriodicalIF":7.7,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144579778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A new segment routing with NEMO BSP based distributed mobility management approach in smart city network","authors":"Zainab Abdulsalam ,&nbsp;Shayla Islam ,&nbsp;Mohammad Kamrul Hasan ,&nbsp;Raenu Kolandaisamy ,&nbsp;Md Arafatur Rahman ,&nbsp;Hashim Elshafie ,&nbsp;Huda Saleh Abbas ,&nbsp;Ala Eldin Awouda ,&nbsp;Elankovan A. Sundararajan","doi":"10.1016/j.jnca.2025.104262","DOIUrl":"10.1016/j.jnca.2025.104262","url":null,"abstract":"<div><div>Due to high hop counts and complex inter-domain handover processing, the existing Distributed Mobility Management(DMM) framework in smart cities suffers from moderate delay and reliability issues during the handoff process in critical environments. These challenges hinder network efficiency, increasing latency, packet delivery costs, and reconfiguration requirements. In the present work, we proposed a novel Network Mobility Basic Support Protocol (NEMO BSP) with Segment Routing (SR) approach to enhance the network performance in distributed mobility management environments. The Segment Routing (SR) is integrated with existing network mobility methods to enhance performance. Also, we have proposed an algorithm NEMO-SR to reduce the hop count for data transmission. In previous research, the authors have reported various routing methods. However, the existing network mobility and routing methods mainly focus on the distributed mobility scheme of routers, which can improve performance to a certain extent. However, the segment routing-based distributed network mobility system can improve performance by optimizing the number of hop counts. SR enables optimized path selection and minimizes the overhead by reducing hop counts and reconfiguration needs. Thus, the proposed method can improve the key performance metrics such as Packet Delivery Cost (PDC), Latency, Tunnel Creation Rate (TCR), and Throughput. The proposed model introduces SR-specific tuning factors, which perform adaptive optimization and adjust the impact of SR on network metrics according to real-time conditions. This adaptive tuning is instrumental in high-mobility environments and data-intensive networks typical of 5G and Beyond 5G systems. SR minimizes signaling overhead and improves resource efficiency by effectively reducing the need for frequent tunnel reconfigurations. The performance of the proposed method is compared with the existing methods to analyze the performance. For the validation, both numerical analysis and simulation results were developed. The results prove that the proposed method supports mobility more efficiently, and the performance of the proposed method improves in terms of throughput, latency, PDC, and other parameters.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104262"},"PeriodicalIF":7.7,"publicationDate":"2025-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144597555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust and lightweighted mutual authentication scheme for drone swarm networks","authors":"Kiran Illyass,&nbsp;Zubair Baig,&nbsp;Naeem Syed","doi":"10.1016/j.jnca.2025.104264","DOIUrl":"10.1016/j.jnca.2025.104264","url":null,"abstract":"<div><div>Drones are being increasingly adopted across both military and commercial domains to serve remote rendering, monitoring, surveillance and service delivery operations. Drone swarms comprise multiple drones operating cohesively as a unified system to provide collective services. Each drone in a swarm must establish mutual trust with other drones to ensure authenticity in data exchange and also to prevent the compromise of a mission. Inter-drone communication links are vulnerable to cyber threats, including unauthorized access and spoofing. While most existing studies focus on authentication mechanisms for drone-to-stationary base stations, very little research work has explored inter-drone authentication protocols specifically designed for decentralized topologies. We propose a lightweight authentication scheme for inter-drone communication that leverages a dynamic challenge–response mechanism, hash-based message authentication code and authenticated encryption to facilitate mutual authentication. We validate the efficacy of the proposed protocol through extensive informal analysis based on the Dolev–Yao and the Canetti–Krawczyk threat models and through Scyther and random oracle-based formal analysis. We also compare the protocol’s performance with state-of-the-art authentication schemes to demonstrate its efficacy and efficiency. The results obtained demonstrate the supremacy of the protocol in cost-effective threat prevention for swarms of drones.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104264"},"PeriodicalIF":7.7,"publicationDate":"2025-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144589291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Sybil attack detection and traceability scheme based on temporal heterogeneous graph attention networks","authors":"Ye Chen,&nbsp;Yingxu Lai,&nbsp;Congai Zeng","doi":"10.1016/j.jnca.2025.104261","DOIUrl":"10.1016/j.jnca.2025.104261","url":null,"abstract":"<div><div>In the development and application of cooperative driving technology, Sybil attacks pose a serious threat to vehicle safety. Although existing detection schemes can identify erroneous information from Sybil nodes, they cannot prevent ongoing attacks and struggle to accurately trace their sources. The high concealment and intermittent message silences of attack sources are the root causes of this challenge. To address this, This paper propose a Sybil attack detection and tracing scheme based on a temporal heterogeneous graph attention network. Our method deeply integrates graph-structured data capturing vehicle behaviors, spatiotemporal characteristics, and dynamic traffic flow changes, and leverages graph attention to model complex interaction patterns among vehicles. This enables precise Sybil detection and physical tracing even during silent attack intervals. Experimental results on the VeReMi-Extension dataset demonstrate that our scheme achieves a Sybil node detection accuracy of 99.89% and successfully traces over 85% of attack source vehicles — a 50% improvement in tracing recall compared to existing approaches — effectively mitigating the threat of Sybil attacks. Notably, this work fills the existing research gap in tracking the physical locations of Sybil attackers.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104261"},"PeriodicalIF":7.7,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144563421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MOOO-RDQN: A deep reinforcement learning based method for multi-objective optimization of controller placement and traffic monitoring in SDN","authors":"Jue Chen,&nbsp;Yurui Ma,&nbsp;Wenjing Lv,&nbsp;Xihe Qiu,&nbsp;Junhao Wu","doi":"10.1016/j.jnca.2025.104253","DOIUrl":"10.1016/j.jnca.2025.104253","url":null,"abstract":"<div><div>Software Defined Networks (SDN) necessitates efficient controller placement strategies to address the NP-hard Controller Placement Problem (CPP), which involves minimizing propagation latency, balancing controller loads, and ensuring adaptability to dynamic network conditions. Traditional heuristic and deterministic algorithms face challenges in balancing optimality and computational efficiency, particularly in large-scale heterogeneous networks. This paper proposes Multi-Objective Optimization Oriented-Rainbow Deep Q Network (MOOO-RDQN), deep reinforcement learning framework that synergizes five advanced techniques, including double Q-learning, prioritized experience replay, dueling networks, multi-step learning, and noisy networks, to jointly optimize controller placement and switch-controller mapping. Experimental evaluations on real-world topologies demonstrate that MOOO-RDQN outperforms standard and state-of-the-art algorithms, achieving reductions of up to 42.49% in average controller-switch latency, 59.39% in worst-case latency, 30.56% in load imbalance, and 28.73% in training time. The solution gap from brute-force global optima remains below 15% across diverse network scales. Complementing the algorithmic innovation, we design an FPGA (Field-Programmable Gate Array) based traffic monitoring module utilizing CAN (Controller Area Network) interfaces and LED (Light-Emitting Diode) indicators to detect controller overloads in real-time. This hardware-software co-design not only validates the practicality of MOOO-RDQN but also lays the foundation for future works on closed-loop control plane optimization.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104253"},"PeriodicalIF":7.7,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144563505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}