Journal of Network and Computer Applications最新文献

{"title":"FastTSS: Accelerating tuple space search for fast packet classification in virtual SDN switches","authors":"Bing Xiong ,&nbsp;Jing Wu ,&nbsp;Guanglong Hu ,&nbsp;Jin Zhang ,&nbsp;Baokang Zhao ,&nbsp;Keqin Li","doi":"10.1016/j.jnca.2025.104112","DOIUrl":"10.1016/j.jnca.2025.104112","url":null,"abstract":"<div><div>The increasing tendency of network virtualization gives rise to extensive deployments of virtual switches in various virtualized platforms. However, virtual switches are encountered with severe performance bottlenecks with regards to their packet classification especially in the paradigm of Software-Defined Networking (SDN). This paper is thus motivated to design a fast packet classification scheme based on accelerated tuple space search, named as FastTSS, for virtual SDN switches. In particular, we devise a well-exploited cache with active exact flows to directly retrieve respective flow entries for most incoming packets, in virtue of the temporal locality of network traffic. Furthermore, we propose a novel hash algorithm to resolve the hash collisions of the cache, by providing three candidate locations for each inserted flow and making room for conflicting flow through kicking operation. As for the case of cache miss, we utilize the spatial locality of packet traffic to accelerate tuple space search, by dynamically sorting all tuples in terms of their reference frequencies and load factors. Eventually, we evaluate our designed packet classification scheme with physical network traffic traces by experiments. Extensive experimental results indicate that our designed FastTSS scheme outperforms the state-of-the-art ones with stable cache hit rates around 85% and the speedup of average search length up to 2.3, significantly promoting the packet classification performance of virtual SDN switches.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"236 ","pages":"Article 104112"},"PeriodicalIF":7.7,"publicationDate":"2025-01-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143083157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DRaft: A double-layer structure for Raft consensus mechanism","authors":"Jiaze Shang,&nbsp;Tianbo Lu,&nbsp;Yingjie Cai,&nbsp;Yanfang Li","doi":"10.1016/j.jnca.2025.104111","DOIUrl":"10.1016/j.jnca.2025.104111","url":null,"abstract":"<div><div>The Raft consensus algorithm is based on the design of the leader, which simplifies the replication of logs and node changes. Unfortunately, the heavy responsibility of system interaction, including receiving requests from clients, transmitting heartbeats and entries, falls solely on the leader. A design with a strong leader can lead to an imbalance in the workload of nodes, thereby causing limited scalability. Additionally, the replication of a sole entry imposes constraints on the throughput.</div><div>To alleviate these bottlenecks, we put forward a new solution, DRaft, which employs a double-layer architecture and multi-entry replication. To enable DRaft, we revamp the leader change mechanism by introducing Fi-leader and Se-leaders. Moreover, we incorporate a cache-buffer module into DRaft to enable concurrent entry replication. We present a theoretical framework composed of the CPF and CNF models to analyze the consensus success probability of DRaft. We expand DRaft to multi-layer Raft, and discover that the relationship between communication complexity and the number of nodes is proportional. Finally, we implement and evaluate DRaft, comparing its throughput and latency with those of BRaft and Engraft. We show that when 12K TPS is achieved, the latency of BRaft is twice that of DRaft.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"236 ","pages":"Article 104111"},"PeriodicalIF":7.7,"publicationDate":"2025-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143049626","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Internet of Things botnets: A survey on Artificial Intelligence based detection techniques","authors":"Moemedi Lefoane,&nbsp;Ibrahim Ghafir,&nbsp;Sohag Kabir,&nbsp;Irfan-Ullah Awan","doi":"10.1016/j.jnca.2025.104110","DOIUrl":"10.1016/j.jnca.2025.104110","url":null,"abstract":"<div><div>The Internet of Things (IoT) is a game changer when it comes to digitisation across industries. The Fourth Industrial Revolution (4IR), brought about a paradigm shift indeed, unlocking possibilities and taking industries to greater heights never reached before in terms of cost saving and improved performance leading to increased productivity and profits, just to mention a few. While there are more benefits provided by IoT, there are challenges arising from the complexities, limitations and requirements of IoT and key enabling technologies. Distributed Denial of Service (DDoS) attacks are among the most prevalent and dominant cyber-attacks that have been making headlines repeatedly in recent years. IoT technology has increasingly become the preferred technology for delivering these cyber-attacks. It does not come as a surprise that IoT devices are an attractive target for adversaries, as they are easy to compromise due to inherent limitations and given that they are deployed in large numbers. This paper reviews IoT botnet detection approaches proposed in recent years. Furthermore, IoT ecosystem components are outlined, revealing their challenges, limitations and key requirements that are vital to securing the whole ecosystem. These include cloud computing, Machine Learning (ML) and emerging wireless technologies: 5G and 6G.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"236 ","pages":"Article 104110"},"PeriodicalIF":7.7,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143049878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Fuzzy neural network based access selection in satellite–terrestrial integrated networks","authors":"Weiwei Jiang ,&nbsp;Yafeng Zhan ,&nbsp;Xin Fang","doi":"10.1016/j.jnca.2025.104108","DOIUrl":"10.1016/j.jnca.2025.104108","url":null,"abstract":"<div><div>Access selection has become a significant problem in satellite–terrestrial integrated networks (STINs) to determine the most suitable network. Existing solutions fail to solve the complexity and diversity challenges when user preferences are considered. In this study, the access selection problem in satellite–terrestrial integrated networks is considered, and user preferences for different network types are incorporated into the access selection decision-making process. This paper introduces fuzzy neural network (FNN) for access selection in STINs and contributes an improved FNN model with the African Vulture optimization algorithm to solve the access selection problem, which is proven to be better than the three sophisticated baselines in terms of convergence speed, blocking rate, system throughput, and user satisfaction. Compared with the traditional Fuzzy-Logic baseline, the proposed FNN model achieves an approximate 8% lower blocking rate, an approximate 40% higher system throughput, and an approximate 8% higher user satisfaction with an arrival rate of 10 requests per second in numerical experiments.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"236 ","pages":"Article 104108"},"PeriodicalIF":7.7,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143049876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A novel staged training strategy leveraging knowledge distillation and model fusion for heterogeneous federated learning","authors":"Debao Wang,&nbsp;Shaopeng Guan,&nbsp;Ruikang Sun","doi":"10.1016/j.jnca.2025.104104","DOIUrl":"10.1016/j.jnca.2025.104104","url":null,"abstract":"<div><div>Client-side data heterogeneity poses a significant challenge in Federated Learning (FL), limiting the effectiveness of global models. To address this, we propose a staged training approach combining Knowledge Distillation and model fusion. First, a regularized KD technique trains a robust teacher model on the server, transferring knowledge to student models to enhance convergence and reduce overfitting. Then, an adaptive parameter assignment mechanism intelligently combines the local and global models, enabling clients to integrate global knowledge with local features for improved accuracy. Experimental results on multiple image classification datasets demonstrate that our approach outperforms existing algorithms in both convergence speed and accuracy, particularly in highly heterogeneous scenarios. It effectively balances the global model’s generalization and local personalization, providing a robust solution for FL.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"236 ","pages":"Article 104104"},"PeriodicalIF":7.7,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143049881","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Efficient privacy-preserving ML for IoT: Cluster-based split federated learning scheme for non-IID data","authors":"Mohamad Arafeh ,&nbsp;Mohamad Wazzeh ,&nbsp;Hani Sami ,&nbsp;Hakima Ould-Slimane ,&nbsp;Chamseddine Talhi ,&nbsp;Azzam Mourad ,&nbsp;Hadi Otrok","doi":"10.1016/j.jnca.2025.104105","DOIUrl":"10.1016/j.jnca.2025.104105","url":null,"abstract":"<div><div>In this paper, we propose a solution to address the challenges of varying client resource capabilities in the IoT environment when using the SplitFed architecture for training models without compromising user privacy. Federated Learning (FL) and Split Learning (SL) are technologies designed to maintain privacy in distributed machine learning training. While FL generally offers faster training, it requires clients to train the entire neural network model, which may not be feasible for resource-limited IoT devices. Additionally, FL’s performance is heavily impacted by client data distribution and struggles with non-Independent and Identically Distributed (non-IID) data. In parallel, SL offloads part of the training to a server, enabling weak devices to participate by training only portions of the model. However, SL performs slower due to forced synchronization between the server and clients. Combining FL and SL can mitigate each approach’s limitations but also introduce new challenges. For instance, integrating FL’s parallelism into SL brings issues such as non-IID data and stragglers, where faster devices must wait for slower ones to complete their tasks. To address these challenges, we propose a novel two-stage clustering scheme: the first stage addresses non-IID clients by grouping them based on their weights, while the second stage clusters clients with similar capabilities to ensure that faster clients do not have to wait excessively for slower ones. To further optimize our approach, we develop a multi-objective client selection solution, which is solved using a genetic algorithm to select the most suitable clients for each training round based on their model contribution and resource availability. Our experimental evaluations demonstrate the superiority of our approach, achieving higher accuracy in less time compared to several benchmarks.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"236 ","pages":"Article 104105"},"PeriodicalIF":7.7,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143049877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Dynamically identify important nodes in the hypergraph based on the ripple diffusion and ant colony collaboration model","authors":"Peng Wang ,&nbsp;Guang Ling ,&nbsp;Pei Zhao ,&nbsp;Zhi-Hong Guan ,&nbsp;Ming-Feng Ge","doi":"10.1016/j.jnca.2025.104107","DOIUrl":"10.1016/j.jnca.2025.104107","url":null,"abstract":"<div><div>Identifying important nodes plays an indispensable role in analyzing and regulating networks, and hypergraphs, as a classic high-order network, can represent the complex connections between nodes more concisely and intuitively. However, most existing methods for identifying important nodes in a hypergraph architecture are static and have low accuracy. The only few dynamic methods are very complex and the results are highly random. In view of the above situation, this paper proposes a algorithm to dynamically identify important nodes in a hypergraph based on information dissemination dynamics (IDD). The algorithm mainly includes two models, namely the ripple diffusion model and the ant colony collaboration model. Through multiple experiments in data sets of different sizes, it was proved that the important nodes identified by IDD are generally stronger in all aspects than the important nodes identified by other comparison methods, and the degree of matching with the real important nodes set is also higher.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"236 ","pages":"Article 104107"},"PeriodicalIF":7.7,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143049883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ALB-TP: Adaptive Load Balancing based on Traffic Prediction using GRU-Attention for Software-Defined DCNs","authors":"Yong Liu ,&nbsp;Qian Meng ,&nbsp;Kefei Chen ,&nbsp;Zhonghua Shen","doi":"10.1016/j.jnca.2024.104103","DOIUrl":"10.1016/j.jnca.2024.104103","url":null,"abstract":"<div><div>With networks increasing in size and traffic bursting, Data Center Networks (DCNs), as the core infrastructure of High-Performance Computing (HPC), can require a high-performance, robust, and scalable load balancing method. However, existing research work has not yet met these design objectives well. In this paper, we design, analyze and evaluate a novel Adaptive Load Balancing based on Traffic Prediction (ALB-TP) for achieving these goals. ALB-TP uses Gate Recurrent Unit and Attention (GRU-Attention) model to dynamically predict the path congestion information of the whole network. Compared with the existing scheme of collecting congestion status information in a fixed time period, the proposed GRU-Attention model improves the timeliness and accuracy of congestion information collection. With global congestion awareness, ALB-TP, which forwards flows to the least congested path via the two-stage routing in the actual implementation, is more robust than existing congestion-agnostic schemes for the asymmetric topology. Additionally, ALB-TP adopts a distributed control structure to capture the congestion information of the entire network in parallel, which makes it more scalable than existing congestion-aware schemes for large-scale networks. Evaluations show that on the Fat-Tree topology, ALB-TP can effectively alleviate network congestion and balance flows on different paths. Compared to existing GRU and LSTM models, the proposed GRU-Attention model improves the accuracy of congestion information prediction by 28.2% on average. Simulation results show that the proposed ALB-TP scheme reduces the Flow Completion Time (FCT) by an average of 18.5% and also improves the throughput by an average of 31.6% compared to the existing schemes. Through theoretical design and experimental analysis, we can see that the proposed ALB-TP can effectively balance the traffic load on the asymmetric topology and achieve the design goal of load balancing. Compared with existing schemes, ALB-TP also has better performance advantages in terms of FCT, throughput, and accuracy of congestion information collection.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"236 ","pages":"Article 104103"},"PeriodicalIF":7.7,"publicationDate":"2025-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142967863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On and off the manifold: Generation and Detection of adversarial attacks in IIoT networks","authors":"Mohammad Al-Fawa’reh ,&nbsp;Jumana Abu-khalaf ,&nbsp;Naeem Janjua ,&nbsp;Patryk Szewczyk","doi":"10.1016/j.jnca.2024.104102","DOIUrl":"10.1016/j.jnca.2024.104102","url":null,"abstract":"<div><div>Network Intrusion Detection Systems (NIDS), which play a crucial role in defending Industrial Internet of Things (IIoT) networks, often utilize Deep Neural Networks (DNN) for their pattern recognition capabilities. However, these systems remain susceptible to sophisticated adversarial attacks, particularly on-manifold and off-manifold attacks, which skillfully evade detection. This paper addresses the limitations in existing research, focusing primarily on: the predominant focus on off-manifold attacks, while often overlooking subtler yet potent on-manifold attacks; a lack of consideration for the functional behavior of these attacks; reliance on detailed knowledge of the target NIDS for creating attacks; and the need for detailed knowledge about the creation process of adversarial attacks for effective detection. This paper introduces the Saliency Adversarial Autoencoder (SAAE), designed for generating on-manifold attacks through latent space perturbations. This dual-space perturbation approach enables SAAE to efficiently create stealthy attacks that blend with normal network behavior, posing significant challenges to state-of-the-art (SOTA) NIDS. To counter these advanced threats, we propose an attack-agnostic defence mechanism utilizing a fusion-based Autoencoder (AE) with disentangled representations. This defence is adept at detecting threats within the manifold, significantly enhancing NIDS robustness. Comparative assessments with SOTA DNN and Deep Reinforcement Learning (DRL) models highlight the effectiveness of our approach. The SAAE model markedly reduces True Positive Rates (TPR) in these systems. For DNNs, TPR dropped from 99.72% to 41.5%, and for DRLs, from 95.6% to 63.94%. Conversely, our defence model shows high TPR in detecting these attacks, registering 94% for DNNs and 92% for DRLs. Additionally, we release our dataset, named OOM-X-IIoTID<span><span>¹</span></span>, which includes On/Off manifold adversarial attacks, a first in the field, to facilitate further research and development in cybersecurity.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"235 ","pages":"Article 104102"},"PeriodicalIF":7.7,"publicationDate":"2024-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142889236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Light up that Droid! On the effectiveness of static analysis features against app obfuscation for Android malware detection","authors":"Borja Molina-Coronado ,&nbsp;Antonio Ruggia ,&nbsp;Usue Mori ,&nbsp;Alessio Merlo ,&nbsp;Alexander Mendiburu ,&nbsp;Jose Miguel-Alonso","doi":"10.1016/j.jnca.2024.104094","DOIUrl":"10.1016/j.jnca.2024.104094","url":null,"abstract":"<div><div>Malware authors have seen obfuscation as the mean to bypass malware detectors based on static analysis features. For Android, several studies have confirmed that many anti-malware products are easily evaded with simple program transformations. As opposed to these works, ML detection proposals for Android leveraging static analysis features have also been proposed as obfuscation-resilient. Therefore, it needs to be determined to what extent the use of a specific obfuscation strategy or tool poses a risk for the validity of ML Android malware detectors based on static analysis features. To shed some light in this regard, in this article we assess the impact of specific obfuscation techniques on common features extracted using static analysis and determine whether the changes are significant enough to undermine the effectiveness of ML malware detectors that rely on these features. The experimental results suggest that obfuscation techniques affect all static analysis features to varying degrees across different tools. However, certain features retain their validity for ML malware detection even in the presence of obfuscation. Based on these findings, we propose a ML malware detector for Android that is robust against obfuscation and outperforms current state-of-the-art detectors.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"235 ","pages":"Article 104094"},"PeriodicalIF":7.7,"publicationDate":"2024-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142889244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}