Computer Communications最新文献

{"title":"AssociateChain: Scaling blockchain in cloud–edge-enabled Metaverse via associative sharding","authors":"Yi Li ,&nbsp;Jinsong Wang ,&nbsp;Hongwei Zhang ,&nbsp;Zening Zhao ,&nbsp;Yuemin Ding","doi":"10.1016/j.comcom.2025.108150","DOIUrl":"10.1016/j.comcom.2025.108150","url":null,"abstract":"<div><div>Blockchain has been extensively employed to strengthen the security and privacy of cloud–edge-enabled Metaverse due to its immutability, decentralization, and other key characteristics. However, limited scalability remains a significant barrier to its broader adoption. Sharding offers a promising solution for scaling blockchain, but existing schemes perform state and node sharding separately, ignoring the fact that, in cloud–edge computing, end devices are typically serviced by the nearest edge nodes to achieve a high quality of service (QoS). We define this characteristic as device–edge proximity. As a result, device states may be assigned to distant edge node shards, requiring transactions to be relayed over the wide-area network before reaching their assigned shards, thus introducing additional relay overhead and increasing the overall transaction latency. To address this challenge, we propose AssociateChain, which employs a two-stage associative sharding approach to minimize number of relay transactions. In the first stage, device states are grouped into shards based on historical transaction patterns. In the second stage, the edge node sharding process is modeled as a stable matching problem, optimizing the assignment of edge nodes based on the first-stage results and device–edge proximity. Furthermore, we introduce a double-check mechanism to strengthen resilience against potential takeover attacks. Although AssociateChain slightly increases sharding complexity from <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>n</mi><mo>)</mo></mrow></mrow></math></span> to <span><math><mrow><mi>O</mi><mrow><mo>(</mo><mi>k</mi><mrow><mo>(</mo><mi>n</mi><mo>+</mo><mn>1</mn><mo>)</mo></mrow><mo>)</mo></mrow></mrow></math></span>, where n is the number of nodes and k is the number of shards, experiments demonstrate that it reduces the relay transaction ratio by 90%, lowers relay delay by two orders of magnitude, and decreases total cost by 70%, significantly outperforming existing sharding schemes.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"237 ","pages":"Article 108150"},"PeriodicalIF":4.5,"publicationDate":"2025-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143808752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analysis of attack-defense game for advanced malware propagation control in cloud","authors":"Liang Tian ,&nbsp;Chenquan Gan ,&nbsp;Jiabin Lin ,&nbsp;Fengjun Shang ,&nbsp;Qingyi Zhu","doi":"10.1016/j.comcom.2025.108148","DOIUrl":"10.1016/j.comcom.2025.108148","url":null,"abstract":"<div><div>In modern society, cloud computing has emerged as an indispensable infrastructure. Nevertheless, as the cloud ecosystem grows increasingly vast and complex, a series of novel security challenges have surfaced, among which artificial intelligence (AI)-empowered advanced malware has provided network attackers with even more stealthy and potent weapons. While existing malware detection technologies can still maintain a certain level of defense against traditional security threats, the instant detection and response to these sophisticated AI-crafted threats become exceedingly difficult, consuming substantial remediation time and security resources. To address the balance between control costs and effectiveness, recognizing the intricately intertwined and dynamically interactive nature of the offensive and defensive parties, this paper introduces the framework of differential game theory, delving into the strategies for controlling the propagation of advanced malware in cloud environments. Firstly, we construct an advanced malware propagation control model targeting each virtual machine. On this basis, we define the specific categories of strategy selection for both the offensive and defensive sides, as well as their respective cost-benefit relationships, and formulate an attack-defense game problem. Subsequently, we rigorously demonstrate, from a mathematical theoretical perspective, that the optimal solution (i.e., Nash equilibrium) to the attack-defense game problem is indeed attainable, and we devise a dedicated accelerated algorithm for its solution. Finally, we conduct comparative experiments on three real-world datasets using three distinct strategies, and the analysis results show the effectiveness of our proposed method.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"237 ","pages":"Article 108148"},"PeriodicalIF":4.5,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143715339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LFIoTDI: A lightweight and fine-grained device identification approach for IoT security enhancement","authors":"Zaiting Xu,&nbsp;Qian Lu,&nbsp;Fei Chen,&nbsp;Hequn Xian","doi":"10.1016/j.comcom.2025.108149","DOIUrl":"10.1016/j.comcom.2025.108149","url":null,"abstract":"<div><div>The rapid development of the Internet of Things (IoT) has brought new challenges in device identification. Accurately identifying IoT devices connected to a network is vital for effective resource management, network planning, security threat detection, and handling anomalous traffic. However, existing traffic-based device identification approaches have shortcomings in terms of accuracy, stability, identification granularity, etc. In this study, we introduce LFIoTDI, a lightweight and fine-grained device identification method leveraging machine learning to enhance IoT security. Based on an innovative feature set, LFIoTDI can accomplish device identification on resources-constraint IoT devices with just a single network-layer packet. Additionally, a key feature of LFIoTDI is its use of the Message Queuing Telemetry Transport (MQTT) protocol for real-time updates to the device identification model, greatly enhancing the model’s scalability. Extensive evaluation experiments on the CIC, UNSW, and SMPS datasets demonstrate LFIoTDI’s exceptional performance, achieving accuracies of 99.08%, 98.15%, and 95.28%, respectively, while maintaining minimal system overhead. These results highlight its broad effectiveness in the IoT environment.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"237 ","pages":"Article 108149"},"PeriodicalIF":4.5,"publicationDate":"2025-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143704275","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LBMDTE: Multi-Domain Traffic Engineering in Distributed Software-Defined Networks","authors":"Kun Wang ,&nbsp;Guanghong Lv","doi":"10.1016/j.comcom.2025.108147","DOIUrl":"10.1016/j.comcom.2025.108147","url":null,"abstract":"<div><div>Large-scale Software-Defined Networks (SDN) applications rely on a distributed control architecture to manage network resources collaboratively among multiple subdomains. This requires multi-domain traffic engineering (TE) for reliable, comprehensive, and efficient traffic scheduling. However, the impact of control message traffic on link load has been ignored in previous multi-domain TE studies. Here, we explore a multi-objective load balancing scheme to address the traffic scheduling imbalance problem for the flat distributed architecture. First, we introduce four types of control message traffic and rules for intra-domain and inter-domain communication. Second, we develop a traffic optimization model to balance the controller load and minimize the maximum link utilization. Third, we propose a hierarchical routing algorithm to compute inter-domain routing, and then propose a heuristic Load Balancing Based Multi-Domain Traffic Engineering (LBMDTE) algorithm to address the optimization objective. Experiments conducted on three real networks and one synthetic network demonstrate that the control link traffic accounts for up to 11.32% of the total link traffic. Our proposed LBMDTE is able to jointly balance the controller load and the link load in comparison with other TE mechanisms.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"236 ","pages":"Article 108147"},"PeriodicalIF":4.5,"publicationDate":"2025-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143704025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Introducing and evaluating SWI-FEED: A smart water IoT framework designed for large-scale contexts","authors":"Antonino Pagano ,&nbsp;Domenico Garlisi ,&nbsp;Fabrizio Giuliano ,&nbsp;Tiziana Cattai ,&nbsp;Redemptor Jr Laceda Taloma ,&nbsp;Francesca Cuomo","doi":"10.1016/j.comcom.2025.108146","DOIUrl":"10.1016/j.comcom.2025.108146","url":null,"abstract":"<div><div>The digitalization of Water Distribution Systems (WDSs) is becoming a key objective in modern society. The increasing complexity of contemporary WDSs, driven by urbanization, fluctuating consumer demand, and limited resources, makes their management particularly challenging, especially in large-scale scenarios. This paper proposes the SWI-FEED framework designed to facilitate the widespread deployment of the Internet of Things (IoT) for enhanced monitoring and optimization of WDSs. The framework aims to investigate the utilization of massive IoT in monitoring and optimizing WDSs in different contexts, with a particular focus on four use cases such as optimal node activation, IoT gateways deployment, distributed leakage detection and water demand disaggregation. SWI-FEED has been tested with predefined network models available in the Open Water Analytics community public repository. Specifically, the four use cases are evaluated using a large network consisting of 4,419 sensor nodes, 3 tanks and 5,066 pipes. Overall, this comprehensive framework provides a holistic approach to address possible challenges of a WDS and optimize the efficiency of large-scale IoT deployments. It reduces the energy consumption of IoT devices within the WDS while enhancing leak detection and localization capabilities in real-world water networks. Our adopted theoretical methodology is based on graph theory, which allows IoT gateways to be strategically positioned to maximize network coverage and minimize infrastructure redundancy. This makes it possible to significantly reduce the number of gateways required and, consequently, the overall system energy consumption.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"237 ","pages":"Article 108146"},"PeriodicalIF":4.5,"publicationDate":"2025-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143697773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ASAP 2.0: Autonomous & proactive detection of malicious applications for privacy quantification in 6G network services","authors":"Catarina Silva ,&nbsp;João Felisberto ,&nbsp;João Paulo Barraca ,&nbsp;Paulo Salvador","doi":"10.1016/j.comcom.2025.108145","DOIUrl":"10.1016/j.comcom.2025.108145","url":null,"abstract":"<div><div>While 6G networks, reliant on software, promise significant advancements, the proliferation of diverse applications deployed closer to users poses considerable privacy challenges. To counter this, privacy-first software development, as advocated by DevPrivOps, becomes essential. While Privacy-Enhancing Technologies (PETs) are frequently used, their limitations are well-documented. DevPrivOps strives to reinforce software privacy through prioritization, compliance, transparency, optimization, and informed decision-making. A promising alternative to PETs involves quantifying privacy to guide development and pinpoint potential threats, thus enhancing application privacy before deployment on OpenSlice network services. Privacy-centric malicious application detection, amongst other features, is a key component of this privacy quantification framework, serving to inform users of potential harm from such applications. In this study, we focus on privacy-centric malicious application detection. ASAP 2.0, an autonomous system, identifies these threats by scrutinizing requested application permissions. Building on its antecedent, ASAP 2.0 employs a tuned autoencoder trained via unsupervised learning. By analyzing reconstruction errors, it differentiates between potentially harmful and benign applications. A dynamically adjusted threshold assists in the decision-making process. Our model, validated on three public datasets, achieved an average Matthews Correlation Coefficient (MCC) of 0.976, outperforming baseline models such as Logistic Regression and Decision Trees.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"237 ","pages":"Article 108145"},"PeriodicalIF":4.5,"publicationDate":"2025-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143697667","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Research on intelligent ship resilient network architecture based on SDN","authors":"Qing Hu ,&nbsp;Jiabing Liu ,&nbsp;Zhengfei Wang ,&nbsp;Haoyu Si ,&nbsp;Sinian Jin ,&nbsp;Ying Zhang ,&nbsp;Jinhai Li","doi":"10.1016/j.comcom.2025.108151","DOIUrl":"10.1016/j.comcom.2025.108151","url":null,"abstract":"<div><div>With the extensive adoption of information and communication technology (ICT) in the maritime field, intelligent ships are increasingly dependent on system integration, control, and data collection from devices. Real-time data transmission is essential for ensuring stable ship system operations. However, communication link failures frequently become key factors impacting data transmission. To this end, we propose an SDN-based intelligent ship network architecture, SDN-Intelligent Ship Network Architecture (SDISN), to simplify network management and enable centralized control of intelligent ships. On this basis, we design a link failure recovery model tailored for different maritime communication services to address the issue of sudden communication link failures. The model begins by collecting the status of the intelligent ship network and pre-defining backup flow rules for different maritime communication service flows. Considering the service flow characteristics, the optimization aims to minimize transmission delay and maximize switch TCAM utilization for life-safety communication flows and ship operational communication flows, respectively. For life-safety communication flows, we introduce a heuristic algorithm that progressively relaxes constraints. Meanwhile, we preload backup flow rules into switches. For ship operational communication flows, we apply a two-stage optimization algorithm, storing the relevant backup flow rules in the controller. Additionally, we propose a backup storage strategy for commercial communication flows based on dynamically adjusting the memory load of switches. Compared to existing approaches, the SDISN satisfies the need for real-time data transmission in intelligent ships while balancing resource consumption and fault response time in its link failure recovery mechanism. Lastly, experiments conduct on a testbed in a real network environment further validate the model's efficacy and efficiency.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"236 ","pages":"Article 108151"},"PeriodicalIF":4.5,"publicationDate":"2025-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143724549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Decentralized coordination for resilient federated learning: A blockchain-based approach with smart contracts and decentralized storage","authors":"Stefano Ferretti,&nbsp;Lorenzo Cassano,&nbsp;Gabriele Cialone,&nbsp;Jacopo D’Abramo,&nbsp;Filippo Imboccioli","doi":"10.1016/j.comcom.2025.108112","DOIUrl":"10.1016/j.comcom.2025.108112","url":null,"abstract":"<div><div>Machine Learning (ML) in distributed environments increasingly deals with sensitive data (like healthcare or financial records) that cannot be centrally stored or processed due to privacy concerns. Federated Learning (FL) addresses this by enabling model training across decentralized devices, but faces significant challenges including system reliability, node failures, and trust issues among participants. Traditional FL approaches often rely on centralized coordinators, creating single points of failure and potential security vulnerabilities. This paper presents a novel approach to FL that leverages smart contracts, blockchain, and decentralized storage to enhance the traceability and reliability of the learning process. Our proposed system architecture is fully decentralized, eliminating single points of failure and promoting cooperation through a rewarding mechanism. Unlike previous approaches that neglect node fault tolerance, we introduce a smart contract based scheme for managing node failures and electing the aggregator node. The presence of the smart contract, executed on a decentralized permissioned blockchain, provides reliability guarantees and eliminates the need for costly distributed algorithms in terms of message exchange. An experimental study is conducted to evaluate various aspects of the FL system. We present results related to the accuracy and effectiveness of the FL system on ML models. We also examine the performance related to the distribution of the weights of the ML model based on the use of IPFS. Furthermore, we analyze the performance of the smart contract in terms of gas consumption. Lastly, we investigate the impact of failures combined with incentive policies and aggregator election algorithms on the FL system. Our findings demonstrate the viability of the proposed approach, paving the way for more robust, reliable, and efficient FL systems.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"236 ","pages":"Article 108112"},"PeriodicalIF":4.5,"publicationDate":"2025-03-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143683860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A comprehensive survey of Network Digital Twin architecture, capabilities, challenges, and requirements for Edge–Cloud Continuum","authors":"Syed Mohsan Raza,&nbsp;Roberto Minerva,&nbsp;Noel Crespi,&nbsp;Maira Alvi,&nbsp;Manoj Herath,&nbsp;Hrishikesh Dutta","doi":"10.1016/j.comcom.2025.108144","DOIUrl":"10.1016/j.comcom.2025.108144","url":null,"abstract":"<div><div>Network Digital Twin (NDT) collects data from physical, virtual, and software components and supports real-time network performance analysis, emulation, and intelligent physical network control. This paper surveys the current state of NDT specifications and explores NDT benefits for Network Operators (NOs) and its possible roles in future network management. It discusses the NDT key components, architecture, and integration of Machine Learning and Artificial Intelligence models in the NDT. Further, it covers virtualization technology management, suitability of Software-Defined Networking capabilities, and simulation tools to empower NDT. Two perspectives make the position of this survey different from existing studies; first, it highlights NDT limitations regarding Edge–Cloud Continuum (ECC) contextualization. ECC is a purposeful trending integration of Edge and Cloud Computing, involving multiple stakeholders like Service Providers, Customers, and Platform or Infrastructure Providers. However, current NDT specifications have not mentioned the ways to benefit stakeholders other than NOs. We also discuss notable computing and communication technologies transformations necessary to consider during NDT modeling, the existing data models, and reusable vocabularies that can be extended to achieve a detailed ECC representation for all stakeholders, essentially for Service Providers and Customers. Secondly, a data model is proposed that covers descriptive and prescriptive features and aims to provide a granular representation of ECC components to meet stakeholders’ requirements and render particular user information views. Different explored NDT perspectives, and proposed data model reduces the impact of existing NDT limitations in ECC representation.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"236 ","pages":"Article 108144"},"PeriodicalIF":4.5,"publicationDate":"2025-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143683856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"INT-LLPP: Lightweight in-band network-wide telemetry with low-latency and low-overhead path planning","authors":"Penghui Zhang ,&nbsp;Hua Zhang ,&nbsp;Yuqi Dai ,&nbsp;Cheng Zeng ,&nbsp;Jingyu Wang ,&nbsp;Jianxin Liao","doi":"10.1016/j.comcom.2025.108142","DOIUrl":"10.1016/j.comcom.2025.108142","url":null,"abstract":"<div><div>With the increasing complexity of networks, network telemetry becomes a critical part of network management. However, existing network telemetry systems still suffer from excessive control overhead, forwarding overhead, and latency.</div><div>In this paper, we propose INT-LLPP, a novel in-band network-wide telemetry system with low-latency and low-overhead path planning. The network telemetry architecture of INT-LLPP is unique in that it only requires a set of probes to collect telemetry items for multiple service flows. Moreover, the proposed Probe Path Generation (PPG) algorithm optimizes the probe paths to reduce the forwarding overhead and achieve full network coverage. To balance the telemetry latency and control overhead, we propose an efficient algorithm called the Simulated Annealing Maximum Latency Setting (SAMLS) algorithm, which controls the length of the probe paths.</div><div>Simulation results show that INT-LLPP can reduce network telemetry control overhead by over 50% and reduce forwarding overhead by 5% to 10%. Moreover, INT-LLPP can lower telemetry latency by 30% to 40%.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"236 ","pages":"Article 108142"},"PeriodicalIF":4.5,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143683857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}