AnalyticalSAR: Analytical Modeling for Blocking Performance with Security-Aware Reconfiguration in Spectrally-Spatially Elastic Optical Networks

The demand for secure communication in the age of quantum technologies has driven progress in quantum key distribution (QKD) techniques for optical networks. This research addresses the issues of high blocking probabilities (BPs) and the proper utilization of quantum resources in varying network loads by introducing a novel heuristic approach, termed dynamic security-aware quantum resource allocation (D-SQRA), designed for dynamic resource allocation in QKD-enabled optical networks. We propose two D-SQRA algorithms to employ an adaptive resource assignment (RA) strategy that concurrently addresses routing, wavelength, and time-slot selection while dynamically modifying security levels according to the real-time network load and resource availability. We evaluate the proposed D-SQRA performance against two conventional methods, namely, fixed security quantum resource allocation (F-SQRA) and baseline quantum resource allocation (B-QRA). We discuss the results for NSFNET and UBN24 topologies for network security performance metrics such as network security performance (NSP), BP, quantum key utilization (QKU), and time-slot utilization. The results show that the proposed D-SQRA algorithms provide significant improvement with respect to conventional techniques in addressing proper resource utilization and management by reducing BPs of the new incoming connection requests.

While enhanced cybersecurity options, mainly based around cryptographic functions, are needed overall speed and performance of a healthcare network may take priority in many circumstances. As such the overall security metrics and performance of those cryptographic functions in their embedded context needs to be understood in detail. Understanding those metrics has been the main aim of this research activity. This research reports on an implementation of one network security technology, Internet Protocol Security (IPSec), to evaluate security performance. This research simulates sensitive healthcare information being transferred over a network, and then measures data delivery times with selected security parameters for various communication types running under different operating systems. Based on our performance experiments, this research has indicated a number of network security metrics that need to be considered when designing and managing network security for healthcare-specific or non-healthcare-specific systems from security, performance and manageability perspectives. This research proposes distinct recommendations based on our test results to contribute to selecting the appropriate security metrics for achieving the correct balance between network security and performance.

A systematic evaluation of cybersecurity metrics for dynamic networks

Context: Security issues have increased recently because of the increased use of networking. The researchers have proposed many models, approaches, and models, for example, attack graphs. The attack graph model is a valuable tool for vulnerability analysis as well as for displaying all network paths. In general, attack graphs can be utilized for a variety of purposes, including the calculation of security metrics. Nonetheless, in order to sufficiently safeguard networks, a technique for gauging the security degree provided by these activities is required, as “you cannot improve what you cannot measure.” The security level of a system or network is typically represented by network security metrics in qualitative and quantitative ways. The network security metrics are typically employed to evaluate a system's security level and meet security objectives. Aim: This study aims to present a review of attack graph-based security metrics and analyse the previous work. Provides the limitations and issues the researchers faced to improve this important research area. Methodology: The attack graph security metrics field was thoroughly investigated in all research, and four databases—ScienceDirect, Web of Science (WoS), Scopus, and IEEE—were used to collect data between 2001 and 2022. Results: 46 papers were founded on attack graph security metrics with different methods and techniques based on the exclusion and inclusion criteria. The results of the taxonomy created three significant categories: proposed, implemented, reviewed, and surveyed. We believe this study will aid in highlighting research ability, which will subsequently broaden and establish new research topics.

Network Secunetwork security metric enables the direct measurement of the relative effectiveness of different security solutions. The results thus provide quantifiable evidences to assist security practitioners in choosing among those security solutions, which makes network security hardening a science rather than an art. The development of network security metrics has evolved from focusing on known vulnerabilities to considering also unknown zero day attacks. This chapter reviews the challenges and solutions in designing network security metrics for both known and unknown threats. Specifically, we first examine how CVSS scores may be combined based on attack graphs to measure the overall threat of residue vulnerabilites; we then estimate the resilience of networks against unknown vulnerabilities by counting the number of such vulnerabilities along the shortest attack path; finally, we model the effect of diversity on network security with respect to zero day attacks.

Cloud computing environments face persistent structural challenges in cost control, dynamic resource allocation, and security risk management, which traditional infrastructure approaches fail to address adequately. This systematic literature review aimed to synthesize empirical evidence on the application of artificial intelligence (AI) and machine learning (ML) models for cost optimisation, resource management, and security enhancement in cloud computing environments. Following the PRISMA 2020 guidelines and the Kitchenham-Charters methodology, a structured search was conducted across IEEE Xplore, Web of Science, ScienceDirect, and the ACM Digital Library, covering the period 2020-2025. From an initial pool of 216 records, 18 primary studies were selected after applying the PICOC framework, predefined inclusion and exclusion criteria, and a dual-reviewer quality assessment process yielding substantial inter-rater agreement (Cohen's κ = 0.86). The synthesized evidence demonstrates that predictive provisioning systems and intelligent load-balancing mechanisms reduce operational costs by up to 85%, metaheuristic algorithms such as the Whale Optimization Algorithm and Particle Swarm Optimization improve energy efficiency by 30%-40% and increase resource utilization by up to 80%, and deep learning-based intrusion detection systems achieve accuracy levels exceeding 92%. These findings confirm that AI constitutes a structural mechanism for strengthening economic efficiency, operational resilience, and the sustainability of cloud infrastructures. However, heterogeneity in simulation environments, limited validation in production-scale deployments, and insufficient coverage of virtual machine migration dynamics represent critical gaps requiring standardized benchmarking frameworks and empirical validation in hybrid and multicloud architectures. A quantitative synthesis (Table 1) reveals that metaheuristic algorithms achieve 30%-40% cost and energy efficiency improvements, while ensemble deep learning approaches attain >97% security threat detection rates.

By enabling a direct comparison of different security solutions with respect to their relative effectiveness, a network security metric may provide quantifiable evidences to assist security practitioners in securing computer networks. However, research on security metrics has been hindered by difficulties in handling zero-day attacks exploiting unknown vulnerabilities. In fact, the security risk of unknown vulnerabilities has been considered as something unmeasurable due to the less predictable nature of software flaws. This causes a major difficulty to security metrics, because a more secure configuration would be of little value if it were equally susceptible to zero-day attacks. In this paper, we propose a novel security metric, k-zero day safety, to address this issue. Instead of attempting to rank unknown vulnerabilities, our metric counts how many such vulnerabilities would be required for compromising network assets; a larger count implies more security because the likelihood of having more unknown vulnerabilities available, applicable, and exploitable all at the same time will be significantly lower. We formally define the metric, analyze the complexity of computing the metric, devise heuristic algorithms for intractable cases, and finally demonstrate through case studies that applying the metric to existing network security practices may generate actionable knowledge.

It is difficult to assess the security of modern enterprise networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) and security metrics (e.g., attack cost, shortest attack path) are widely used to systematically analyse the security posture of network systems. However, there are problems using them to assess the security of dynamic networks. First, the existing graphical security models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for dynamic networks such that their effectiveness to the dynamic changes in the network is still unknown. In this paper, we conduct a comprehensive analysis via simulations to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our experimental analysis shows that different security metrics have varying security posture changes with respect to changes in the network.

With the continuous development of network technology, the size and complexity of network data are increasing, network security has become a topic of constant concern, so the network environment for real-time detection and control, to ensure that the network security performance continues to improve to become an urgent problem to be solved. Therefore, new methods must be used to improve the performance of network security. Netflow, as a new technology, provides a new path for the improvement of network security performance. Therefore, on the basis of Netflow technology, this paper proposes a network security test method for Netflow network data analysis. It is to take source IP as the main research object, from the perspective of a network attack, to study the manifestation of Netflow network data in network security issues. By analyzing the abnormal behavior of IP access, the corresponding network security problem is simulated through practice. And its feature vector analysis and detection, and then use the algorithm of invalid links, network behavior scanning, network DOS attack, such as abnormal access behavior related IP analysis. So you can get an accurate network security problem.

Cloud computing has emerged as a pivotal innovation, facilitating businesses in obtaining scalable, adaptable, and economical IT resources. Nonetheless, the intricate nature of cloud infrastructure management may result in unpredictable expenses if resources are not utilized efficiently. As organizations progressively shift their operations to cloud platforms, there is an increasing demand for effective resource management and strategies aimed at cost optimization to avert issues such as over-provisioning, underutilization, and decline in performance. This paper investigates essential strategies for optimizing cloud resource utilization, including auto-scaling, workload placement, and appropriate resource sizing. It also emphasizes cost-reduction methods like intelligent pricing models and dynamic resource allocation. By reviewing contemporary research and established best practices, this study highlights the challenges that businesses encounter when managing cloud resources and proposes solutions to reduce operational costs without compromising performance. Through case studies and empirical evaluations, this paper outlines a framework for proficient cloud resource management that aligns technical capabilities with organizational objectives. The outcomes aim to furnish organizations with practical insights on enhancing their cloud performance while minimizing expenses associated with cloud services. Keywords Cloud computing, resource management, cost optimization, auto-scaling, cloud services,

In order to maximize the system capacity in third generation wireless system, efficient call admission and load control algorithms are required to handle the different services having diverse traffic patterns and Quality of Service (QoS) requirements. We propose an admission and load control algorithm that considers the network loading information, propagation conditions, and the interference level. The algorithm takes advantage of the new features of third-generation (3G) wireless system such as the reported pilot measurements, auxiliary pilot for smart antennas, and variable spreading gain. Dynamic resource allocation is employed to scale the amount of the assigned radio resources taking the network loading conditions and channel characteristics into consideration. The results show that integrating the voice service and the data service with high transmission rate (>144 Kbps) can be realized using efficient resource management.

Cloud computing is an on-demand service because it offers dynamic flexible resource allocation for reliable and guaranteed services in pay as-you-use manner. Because of the consistently increasing demands of the clients for services or resources, it gets hard to allocate resources accurately to the client demands to satisfy their solicitations and also to take care of the Service Level Agreements (SLA) gave by the service suppliers. Dynamic resource allocation problem is one of the most challenging problems in the resource management problems. The dynamic resource allocation in cloud computing has attracted attention of the research network in the last couple of years. Many researchers around the world have thought of new ways of facing this challenge. Ad-hoc parallel data handling has arisen to be one of the executioner applications for Infrastructure-as-a-Service (IaaS) cloud. Number of Cloud supplier companies has started to incorporate frameworks for parallel data handling in their item which making it easy for clients to access these services and to convey their programs. The handling frameworks which are at present utilized have been intended for static and homogeneous bunch arrangements. So the allocated resources may be inadequate for large parts of the submitted tasks and unnecessarily increase preparing cost and time. Again because of opaque nature of cloud, static allocation of resources is conceivable, yet the other way around in dynamic situations. The proposed new generic data handling framework is expected to expressly misuse the dynamic resource allocation in cloud for task scheduling and execution.

Networks are vulnerable. Attacks damage availability of network services and the reputation of the organizations. Researchers are trying hard to solve the puzzle of security. Nevertheless, the more we solve it, new challenges emerge and making it an unsolvable paradox. The security needs ‘measurement’ to catch up with the ever-increasing vectors, which in turn brings the ‘Security Metrics’ into the scene. Security metrics make the network more resilient and but they should be practical enough to make real-world predictions. To conceptualize and develop the metrics, one faces challenges as their development is easier said than done. This work explores the literature to find out the works done in this direction and highlights their merits besides analyzing the challenges in developing these metrics. We show ways to overcome these challenges along with the must-have ingredients of security metrics. This work aims to combine the strengths of best practices in developing efficient heuristics that accurately and inclusively assess the network security. We also propose four classes of network security metrics along with a simple methodology to develop the simple, effective and viable security metrics.

This paper explores the “Art of Network Monitoring and Security Enhancement Using AI-Driven Tools,” examining how artificial intelligence (AI) is revolutionizing network security by enhancing threat detection, incident response, and overall network resilience. Traditional security measures often struggle to keep pace with the dynamic nature of modern threats, leading to increased vulnerability and potential for significant disruption. AI, with its ability to analyse vast amounts of data, identify patterns, and make predictions, offers a powerful solution to these challenges. This paper delves into various AI/ML techniques, such as machine learning, deep learning, and natural language processing, and their applications in network security, including threat detection, intrusion prevention, incident response, and network traffic analysis. By embracing AI-driven solutions, organizations can effectively address the challenges of the evolving threat landscape and protect their critical assets in the digital age.

Data quality (DQ) is essential to achieve data trustworthiness, as it assures that data is free of errors, complete, and consistent. This paper proposes an approach to evaluate DQ in multichannel sensor networks and systems with heterogeneous data sources. The approach integrates various DQ indicators ranging from traditional data accuracy metrics to network security and business performance measures. It demonstrates the advantage of including security metrics into the DQ evaluation for the design optimization of data fusion procedures and even the whole data collection and communication systems. The DQ metrics composition and calculus are discussed. However, the major attention is paid to the analysis of the relationship between conventional data accuracy metrics and network security indicators.