通过软件定义网络和零信任架构保护基于边缘的智能城市网络

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2025-09-25 DOI:10.1016/j.jnca.2025.104341

Abeer Iftikhar , Faisal Bashir Hussain , Kashif Naseer Qureshi , Muhammad Shiraz , Mehdi Sookhak

{"title":"通过软件定义网络和零信任架构保护基于边缘的智能城市网络","authors":"Abeer Iftikhar , Faisal Bashir Hussain , Kashif Naseer Qureshi , Muhammad Shiraz , Mehdi Sookhak","doi":"10.1016/j.jnca.2025.104341","DOIUrl":null,"url":null,"abstract":"<div><div>Smart cities are rapidly evolving by adopting Internet of Things (IoT) devices, edge and cloud computing, and mobile connectivity. While these advancements enhance urban efficiency and connectivity, they also significantly increase the risk of cyber threats targeting critical infrastructure. Modern interdependent systems require flexible resilience, allowing them to adapt to changing conditions while maintaining core functions. Smart city networks, however, face unique security vulnerabilities due to their scale and heterogeneity. Altered to industry expectations and requirements, traditional security models are generally restrictive. With its \"never trust, always verify' motto, the Zero Trust (ZT) security model starkly differs from traditional models. ZT builds on network design by mandating real time identity verification, giving minimum access permission and mandating respect for the principle of least privilege. Software Defined Networking (SDN) extends one step further by offering central control over the network, policy based autonomous application and immediate response to anomalies. To address these challenges, our proposed Trust-based Resilient Edge Networks (TREN) framework integrates ZT principles to enhance smart city security. Under the umbrella of SDN controllers, SPP, the underpinning component of TREN, performs real time trust analysis and autonomous policy enforcement, for instance, applying high level threat defense mechanisms. TREN dynamically defends against advanced threats like DDoS and Sybil attacks by isolating malicious nodes and adapting defense tactics based on real-time trust and traffic analysis. Trust analysis and policy control modules provide dynamic adaptive coverage, permitting effective proactive defense. Mininet-based simulations demonstrate TREN's efficacy, achieving 95 % detection accuracy, a 20 % latency reduction, and a 25 % increase in data throughput when compared to baseline models.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"244 ","pages":"Article 104341"},"PeriodicalIF":8.0000,"publicationDate":"2025-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Securing edge based smart city networks with software defined Networking and zero trust architecture\",\"authors\":\"Abeer Iftikhar , Faisal Bashir Hussain , Kashif Naseer Qureshi , Muhammad Shiraz , Mehdi Sookhak\",\"doi\":\"10.1016/j.jnca.2025.104341\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Smart cities are rapidly evolving by adopting Internet of Things (IoT) devices, edge and cloud computing, and mobile connectivity. While these advancements enhance urban efficiency and connectivity, they also significantly increase the risk of cyber threats targeting critical infrastructure. Modern interdependent systems require flexible resilience, allowing them to adapt to changing conditions while maintaining core functions. Smart city networks, however, face unique security vulnerabilities due to their scale and heterogeneity. Altered to industry expectations and requirements, traditional security models are generally restrictive. With its \\\"never trust, always verify' motto, the Zero Trust (ZT) security model starkly differs from traditional models. ZT builds on network design by mandating real time identity verification, giving minimum access permission and mandating respect for the principle of least privilege. Software Defined Networking (SDN) extends one step further by offering central control over the network, policy based autonomous application and immediate response to anomalies. To address these challenges, our proposed Trust-based Resilient Edge Networks (TREN) framework integrates ZT principles to enhance smart city security. Under the umbrella of SDN controllers, SPP, the underpinning component of TREN, performs real time trust analysis and autonomous policy enforcement, for instance, applying high level threat defense mechanisms. TREN dynamically defends against advanced threats like DDoS and Sybil attacks by isolating malicious nodes and adapting defense tactics based on real-time trust and traffic analysis. Trust analysis and policy control modules provide dynamic adaptive coverage, permitting effective proactive defense. Mininet-based simulations demonstrate TREN's efficacy, achieving 95 % detection accuracy, a 20 % latency reduction, and a 25 % increase in data throughput when compared to baseline models.</div></div>\",\"PeriodicalId\":54784,\"journal\":{\"name\":\"Journal of Network and Computer Applications\",\"volume\":\"244 \",\"pages\":\"Article 104341\"},\"PeriodicalIF\":8.0000,\"publicationDate\":\"2025-09-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Network and Computer Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1084804525002383\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804525002383","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

通过采用物联网（IoT）设备、边缘和云计算以及移动连接，智慧城市正在迅速发展。虽然这些进步提高了城市效率和连通性，但也显著增加了针对关键基础设施的网络威胁的风险。现代相互依存的系统需要灵活的弹性，使它们能够适应不断变化的条件，同时保持核心功能。然而，由于其规模和异质性，智慧城市网络面临着独特的安全漏洞。随着行业期望和需求的改变，传统的安全模型通常是限制性的。零信任（Zero trust， ZT）安全模型以“永不信任，始终验证”为座右铭，与传统模型截然不同。ZT建立在网络设计的基础上，通过强制实时身份验证，提供最小访问权限和强制遵守最小特权原则。软件定义网络（SDN）通过提供对网络的集中控制，基于策略的自治应用和对异常的即时响应，进一步扩展了一步。为了应对这些挑战，我们提出的基于信任的弹性边缘网络（TREN）框架整合了ZT原则，以增强智慧城市安全。在SDN控制器的保护伞下，TREN的基础组件SPP执行实时信任分析和自主策略实施，例如，应用高级威胁防御机制。TREN通过隔离恶意节点，并根据实时信任和流量分析调整防御策略，动态防御DDoS和Sybil攻击等高级威胁。信任分析和策略控制模块提供动态自适应覆盖，实现有效的主动防御。与基线模型相比，基于miniet的仿真证明了TREN的有效性，实现了95%的检测精度，减少了20%的延迟，并增加了25%的数据吞吐量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Securing edge based smart city networks with software defined Networking and zero trust architecture

Smart cities are rapidly evolving by adopting Internet of Things (IoT) devices, edge and cloud computing, and mobile connectivity. While these advancements enhance urban efficiency and connectivity, they also significantly increase the risk of cyber threats targeting critical infrastructure. Modern interdependent systems require flexible resilience, allowing them to adapt to changing conditions while maintaining core functions. Smart city networks, however, face unique security vulnerabilities due to their scale and heterogeneity. Altered to industry expectations and requirements, traditional security models are generally restrictive. With its "never trust, always verify' motto, the Zero Trust (ZT) security model starkly differs from traditional models. ZT builds on network design by mandating real time identity verification, giving minimum access permission and mandating respect for the principle of least privilege. Software Defined Networking (SDN) extends one step further by offering central control over the network, policy based autonomous application and immediate response to anomalies. To address these challenges, our proposed Trust-based Resilient Edge Networks (TREN) framework integrates ZT principles to enhance smart city security. Under the umbrella of SDN controllers, SPP, the underpinning component of TREN, performs real time trust analysis and autonomous policy enforcement, for instance, applying high level threat defense mechanisms. TREN dynamically defends against advanced threats like DDoS and Sybil attacks by isolating malicious nodes and adapting defense tactics based on real-time trust and traffic analysis. Trust analysis and policy control modules provide dynamic adaptive coverage, permitting effective proactive defense. Mininet-based simulations demonstrate TREN's efficacy, achieving 95 % detection accuracy, a 20 % latency reduction, and a 25 % increase in data throughput when compared to baseline models.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.