Journal of Network and Computer Applications最新文献

{"title":"Blockchain-based Deep Learning Models for Intrusion Detection in Industrial Control Systems: Frameworks and Open Issues","authors":"Devi Priya V.S. ,&nbsp;Sibi Chakkaravarthy Sethuraman ,&nbsp;Muhammad Khurram Khan","doi":"10.1016/j.jnca.2025.104286","DOIUrl":"10.1016/j.jnca.2025.104286","url":null,"abstract":"<div><div>Critical infrastructure and industrial systems are both becoming more and more networked and equipped with computing and communications tools. To manage processes and automate them where possible, Industrial Control Systems (ICS) manage a variety of components, including monitoring tools and software platforms. More complicated data is now being run on the networks, including data(past), money(present), and brains (future). In order to predictably detect specific services and patterns (deep learning) and automatically check authenticity and transfer value (blockchain), deep learning and blockchain are integrated into the ICS network. Hence, we conducted a thorough examination of the models published in the literature in order to comprehend how to integrate machine learning and blockchain efficiently and successfully for intrusion detection services. We also provide useful guidance for future research in this area by noting significant issues that must be addressed before substantial deployments of IDS models in ICS.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104286"},"PeriodicalIF":8.0,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145108681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Unveiling cybersecurity mysteries: A comprehensive survey on digital forensics trends, threats, and solutions in network security","authors":"Tuba Arif ,&nbsp;David Camacho ,&nbsp;Jong Hyuk Park","doi":"10.1016/j.jnca.2025.104296","DOIUrl":"10.1016/j.jnca.2025.104296","url":null,"abstract":"<div><div>The field of digital forensics is undergoing a paradigm shift because security breaches are now occurring outside of conventional domains such as mobile devices, databases, networks, multimedia, cloud platforms, and the Internet of Things (IoT) all require a complete approach. This study report reveals a high level of ambiguities and process redundancies within the subdomains of digital forensics through the completion of a Systematic Literature Review (SLR). To address this, we suggest a high-level theoretical metamodel that unifies tasks, operations, procedures, and methods of research across many subdomains that will help forensic investigators during digital investigations to organize and integrate evidence. The study also discusses the necessity of global perspectives in research on digital forensics and provides a qualitative evaluation of past surveys, highlighting similar difficulties, obstacles, and key issues across domains, whereas earlier surveys concentrated on domains. The findings through examination offer a multidimensional knowledge of the difficulties in digital forensics and suggested metamodels help to create a more cohesive and integrated approach to digital investigations, establishing an environment for further study and collaborations in this crucial domain.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104296"},"PeriodicalIF":8.0,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145003700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ARMBoost+: Empowering stacking, ensemble, and boosting models for network intrusion detection with dynamic rule repository","authors":"Vullikanti Vivek ,&nbsp;Bharadwaj Veeravalli","doi":"10.1016/j.jnca.2025.104292","DOIUrl":"10.1016/j.jnca.2025.104292","url":null,"abstract":"<div><div>As network security threats become increasingly complex, the need for efficient and effective network intrusion detection systems (NIDS) is more important than ever. Machine learning (ML) has emerged as a promising solution for NIDS due to its ability to analyze large volumes of network traffic data and detect suspicious patterns. In this paper, we propose ARMBoost+ a novel integrated approach for NIDS using dynamic rule repository building with a combination of stacking, ensemble, and boosting ML models, and associative rule mining (ARM) and bloom filter techniques. ARMBoost+ approach involves generating frequent feature sets using ARM and building a feature repository using bloom filter to avoid duplicate patterns. We then use the feature repository to train the ML models, which are tested on live network traffic data to generate dynamic rules for the rule repository. The live traffic data allowed us to assess the performance and robustness of our NIDS under dynamic and unpredictable network scenarios. The dynamic rule repository is continuously updated with new attack patterns, ensuring that the NIDS is always up-to-date with the latest security threats. To evaluate the effectiveness of ARMBoost+, we conducted experiments using a publicly available datasets and compared the results to existing NIDS approaches. We tested our approach under various scenarios, including simulating ML models without ARM and without automated feature dropping, and using ARM and bloom filter. We employed several ML models, including Stacking Classifier (with logistic regression (LR), random forest (RF), and support vector machine (SVM)), Ensemble with SVM, AdaBoost with Decision Tree, Gradient Boosting, and XGBoosting. Our experimental results demonstrate that the proposed novel ARMBoost+ integrated approach outperforms existing NIDS approaches in terms of accuracy and detection rates. The combination of stacking, ensemble, and boosting ML models, along with ARM and bloom filter, proved to be highly effective in detecting network intrusions. The dynamic rule repository building approach allowed for continuous updating of the NIDS with the latest attack patterns, resulting in improved performance over time. Furthermore, ARMBoost+ approach showed robustness against various types of attacks, including denial-of-service (DoS) and port scanning attacks. We also observed that the inclusion of ARM and bloom filter resulted notable reduction in the False Positive Rate (FPR) by around 4.07% and improved the efficiency of the feature repository.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104292"},"PeriodicalIF":8.0,"publicationDate":"2025-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144921477","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Bitcoin attacks: A comprehensive study","authors":"Arieb Ashraf Sofi ,&nbsp;Ajaz Hussain Mir ,&nbsp;Zamrooda Jabeen","doi":"10.1016/j.jnca.2025.104297","DOIUrl":"10.1016/j.jnca.2025.104297","url":null,"abstract":"<div><div>Bitcoin, a widely recognized cryptocurrency, embodies features such as anonymity and decentralization. In the Bitcoin network, transactions are propagated between peers using a distributed database called a blockchain. To facilitate confidence in transactions, there is hardly any tolerance for attacks. However, the possibility of attacks exists. This paper is an attempt to examine different attacks targeting the Bitcoin network, encompassing their vulnerabilities, repercussions, and countermeasures. Various forms of attacks that might target the Bitcoin network are presented, with an exploration of their interconnections. The analysis delves into the intricacies of Bitcoin’s decentralized architecture, emphasizing the criticality of network security in maintaining its integrity.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104297"},"PeriodicalIF":8.0,"publicationDate":"2025-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144932454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Balancing function performance and cluster load in serverless computing: A reinforcement learning solution","authors":"Menglin Zhou ,&nbsp;Bingbing Zheng ,&nbsp;Li Pan ,&nbsp;Shijun Liu","doi":"10.1016/j.jnca.2025.104299","DOIUrl":"10.1016/j.jnca.2025.104299","url":null,"abstract":"<div><div>Serverless computing, as an emerging cloud computing service model, enables developers to focus on business logic without concerning underlying resource management by decomposing applications into fine-grained functions that execute on demand. However, in heterogeneous server cluster environments, the bursty and transient nature of function requests presents significant resource scheduling challenges. To ensure the performance of function execution, newly created function instances are often scheduled to nodes with abundant resources. This leads to resource allocation imbalances under high loads, which could potentially trigger node failures. In this paper we model function scheduling as an optimization problem that balances performance and load. We then propose a scheduling method based on the PPO algorithm, which guides decisions by analyzing node load and performance metrics in real time. For validation, we conducted experiments on the OpenFaaS platform using both real and simulated traces. The experimental results demonstrate that our method not only effectively reduces the risks associated with load imbalance but also achieves improvements in function performance.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104299"},"PeriodicalIF":8.0,"publicationDate":"2025-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144913115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance modelling and optimal stage assignment for multistage P4 switches","authors":"Geng-Li Zhou ,&nbsp;Steven S.W. Lee ,&nbsp;Ren-Hung Hwang ,&nbsp;Yin-Dar Lin ,&nbsp;Yuan-Cheng Lai","doi":"10.1016/j.jnca.2025.104295","DOIUrl":"10.1016/j.jnca.2025.104295","url":null,"abstract":"<div><div>P4 programmable switches typically consist of multiple computation stages, each capable of independently executing flow rules to achieve the desired network function (NF). A network function chain (NFC) can be implemented to provide a network service by concatenating a set of NFs. This paper focuses on studying the stage-to-NF assignment problem in multistage P4 switches. We propose a greedy-based stage assignment algorithm that has been proven to optimally solve such resource allocation problems. The algorithm's key feature is its ability to address load imbalances among the NFs by considering both the packet arrival and service rates of the NFs. During each iteration of the algorithm's execution, a set of stage assignments needs to be evaluated. To efficiently determine the average packet delay for each assignment, we have developed a queuing model and derive an analytical solution. The analytical results are verified through simulation, and the gap between them is found to be negligible. Additionally, the simulation results demonstrate the algorithm's superiority in handling load imbalances among NFs. The algorithm efficiently assigns stages such that, for a set of NFCs with a constant total input rate, altering the distribution of arrival rates among the NFCs results in similar average delays. The experimental instances indicate that the variation in delay remains within 8 % after altering the arrival rate distribution among the NFCs. Furthermore, we implemented a benchmark named “Equal Stage Assignment” in which each NF is assigned an equal number of stages. Compared to the Equal Stage Assignment algorithm, the proposed stage assignment algorithm can reduce the average delay by more than 20 %, particularly in cases where the loads between NFs are imbalanced.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104295"},"PeriodicalIF":8.0,"publicationDate":"2025-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144913116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MTRC: A self-supervised network intrusion detection framework based on multiple Transformers enabled data reconstruction with contrastive learning","authors":"Yufeng Wang ,&nbsp;Hao Xu ,&nbsp;Jianhua Ma ,&nbsp;Qun jin","doi":"10.1016/j.jnca.2025.104300","DOIUrl":"10.1016/j.jnca.2025.104300","url":null,"abstract":"<div><div>Nowadays, Network Intrusion Detection System (NIDS) is essential for identifying and mitigating network threats in increasingly complex and dynamic network environments. Due to the benefits of automatic feature extraction and powerful expressive capability, Deep Neural Networks (DNN) based NIDS has witnessed great deployment. Considering the extremely high annotation cost, i.e., the extreme difficulty of labeling anomalous samples in supervised DNN based NIDS schemes, practically, many NIDS schemes are unsupervised. which either use generative-based approaches, such as encoder-decoder structure to identify deviated samples without the labeled intrusion data, or employ discriminative-based methods by designing pretext tasks to construct additional supervisory signals from the given data. However, the former only generates a single reconstruction version for each input sample, lacking a holistic view of the latent distribution of input sample, while the latter focuses on learning the global perspective of samples, often neglecting internal structures. To address these issues, this paper proposes a novel self-supervised NIDS framework based on multiple Transformers enabled data reconstruction with contrastive learning, MTRC, through combining generative-based and discriminative-based paradigms. In detail, our paper's contributions are threefold. First, a cross-feature correlation module is proposed to convert each tabular network traffic record into an original data view that effectively captures the cross-feature correlations. Second, inspired by the idea of the multiple-view reconstruction and contrastive learning, multiple Encoder-Decoder structured Transformers are used to generate different views for each original data view, which intentionally make each reconstructed view semantically similar to the original data view, and while these reconstructed views diversified between each other, aiming to holistically capture the latent features of normal data samples. Experimental results on multiple real network traffic datasets demonstrate that MTRC outperforms state-of-the-art unsupervised and self-supervised NIDS schemes, achieving superior performance in terms of AUC-ROC, AUC-PR, and F1-score metrics. The MTRC source code is publicly available at: <span><span>https://github.com/sunyifen/MTRC</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104300"},"PeriodicalIF":8.0,"publicationDate":"2025-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144908813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DBASC: Decentralized blockchain-based architecture with integration of smart contracts for secure communication in VANETs","authors":"Righa Tandon ,&nbsp;Neeraj Sharma","doi":"10.1016/j.jnca.2025.104294","DOIUrl":"10.1016/j.jnca.2025.104294","url":null,"abstract":"<div><div>The need for secure and effective communication in vehicular networks is fundamental to the successful development of connected and autonomous vehicles. In this research, we propose a decentralized blockchain-based architecture for vehicular authentication and message exchange, using smart contracts to increase trust, and security. The process of authentication and the transferring of data has been intentionally segregated into blockchains and designed with regard to two types of velocities that have the ability to impact them, tailored to their specific functions and operational dynamics. The authentication blockchain uses a lightweight consensus mechanism specific to quickly verify the identity of entities, helping to form mutual trust. In contrast, the communication blockchain uses a heavier consensus mechanism to ensure integrity and traceability of the messages within the network. This means that there are two different types of consensus mechanisms on each of the blockchains; one which has a low concern for security to authenticate the ‘fact of identity’, and the second, which securely (i.e. conspirators accountability) maintain integrity and assurance for the contents of the messages shared on the second blockchain. The segregation of functionality thus had the effect of improving the performance and scalability of the entire network, and posing an additional layer of security, minimizing the attack surface, and reducing the complexity of consensus per blockchain. The smart contract form of the dual blockchain architecture successfully gives a secure, efficient, and scalable means of managing vehicle communication in decentralized intelligent transportation systems.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104294"},"PeriodicalIF":8.0,"publicationDate":"2025-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144898691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Real-time high-resolution hardware–software co-design neural architecture search for unmanned mobile platforms","authors":"ZiWen Dou,&nbsp;Jun Tian,&nbsp;HaiQuan Sang,&nbsp;MingMing Zhang","doi":"10.1016/j.jnca.2025.104282","DOIUrl":"10.1016/j.jnca.2025.104282","url":null,"abstract":"<div><div>Traditional manually designed high-resolution networks on mobile computing platforms often struggle to balance accuracy and inference speed. To address the issue of large computational costs in high-resolution neural networks, which makes them difficult to deploy on mobile computing platforms, we simplified the traditional multi-scale feature extraction process by reducing the three-branch fusion to a two-branch fusion, establishing a lightweight network-level search space. We applied gradient descent to iteratively optimize the two-layer parameters within the search space and used the pareto optimal algorithm to balance inference speed and accuracy. After convergence, we obtained a multi-scale feature extraction neural network structure that satisfies the balance inference speed and accuracy. When combined with different feature decoders, this structure enables real-time semantic segmentation and monocular depth estimation tasks on mobile platforms. An self-constructed unmanned mobile platform, built on a mobile computing platform, was used to collect image data from real-world environments to create a custom dataset. This dataset was used to validate the perception capabilities of the designed semantic segmentation and monocular depth estimation model on the mobile platform in real-world scenarios. The experiments demonstrate that our semantic segmentation model, designed for the NVIDIA NX mobile computing platform, achieves an accuracy of 71.7% for 1024 ×2048 high-resolution images, with an inference speed of 25.25 FPS. This represents a 39.2% improvement in inference speed over existing SOTA methods. Meanwhile, our monocular depth estimation model on the NVIDIA NX achieves an absolute relative error (Abs Rel) of 0.091, with an inference speed of 14.46 FPS. This method improves inference speed by 87.7% compared to existing methods, while preserving high accuracy. The code is available: <span><span>https://github.com/douziwenhit/RealtimeSeg</span><svg><path></path></svg></span> and <span><span>https://github.com/douziwenhit/RealtimeMDE</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104282"},"PeriodicalIF":8.0,"publicationDate":"2025-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144886391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Adaptive NDN caching: Leveraging dynamic behaviour for enhanced efficiency","authors":"Matta Krishna Kumari ,&nbsp;Nikhil Tripathi","doi":"10.1016/j.jnca.2025.104288","DOIUrl":"10.1016/j.jnca.2025.104288","url":null,"abstract":"<div><div>The TCP/IP architecture has been the backbone of the Internet for decades, but its host-centric design is becoming less suitable for the data-centric communication demands of today. As the demand for efficient content distribution and retrieval grows, Named Data Networking (NDN) emerges as a promising alternative. NDN shifts the focus from host-centric to data-centric networking, with packets routed based on content names rather than IP addresses. A key feature of NDN is in-network caching, which attempts to reduce latency, alleviate network congestion and enhance content availability. However, the known NDN caching schemes do not consider the dynamic content demand that changes with respect to time and location. This causes the end users to encounter relatively higher content access latency. To address this challenge, in this paper, we propose a novel dynamic behaviour strategy that can be integrated into the known NDN caching schemes. This strategy can enable the NDN routers to make cooperative decisions and move the content copy to an edge router that requests the content most frequently. We comprehensively evaluate the performance of state-of-the-art NDN caching schemes with and without our proposed dynamic strategy using several real-world topologies. Our experimental results show that incorporating dynamic behaviour into these schemes leads to significantly better outcomes in terms of CHR, content latency, and path stretch. Specifically, the best improvements include a threefold increase in CHR, an 80% reduction in content access latency, and nearly a 45% decrease in path stretch. As an aside, we also develop a framework for the Icarus simulator to automate the process of performance assessment of different NDN caching schemes on a large number of real-world topologies.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"243 ","pages":"Article 104288"},"PeriodicalIF":8.0,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144889351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}