Network Environment Research Articles

Two-factor Mutual Authentication with Fingerprint and MAC Address Validation

Mobile Ad hoc NETworks (MANET), unlike typical wireless networks, may be used spontaneously without the need for centralized management or network environment. Mobile nodes act as mediators to help multi-hop communications in such networks, and most instances, they are responsible for all connectivity tasks. MANET is a challenging endeavor because these systems can be attacked, which can harm the network. As a result, security concerns become a primary factor for these types of networks. This article aims to present an efficient two-factor smart card-based passcode authentication technique for securing legitimate users on an unprotected network. This scheme enables the password resetting feature. A secured mechanism for sharing keys is offered by using the hash function. We present a new two-factor mutual authentication technique based on an entirely new mechanism called the virtual smart card. Compared to authentication, the proposed method has fewer computation processes but is more time efficient since it is based on a hash function. Additionally, this approach is resistant to most attacker behaviors, such as Mutual authentication, Gateway node bypassing attacks, DoS attacks, replay attacks, Man in the middle attacks, and stolen smart device attacks. Experimental results validate the efficiency of this scheme, and its security is also analyzed.

Design and analysis of H∞$$ {H}_{\infty } $$ control strategies with dynamic event‐triggered schemes and quantizer in the presence of hybrid attacks

AbstractThis study explores the resilience of networked control systems (NCSs) against hybrid attacks, focusing on enhancing their performance. To mitigate excessive data transmission, the article introduces dynamic event‐triggered schemes and quantizer within the sensor‐to‐observer communication channel. The network environment is susceptible to various attacks, including denial‐of‐service (DoS) attacks and deception attacks. An augmented system model is formulated, and through the application of Lyapunov stability theory, conditions for ensuring the asymptotic stability of the system are established. The collaborative design of quantizer parameters, controller gain, and event‐triggered thresholds is achieved by solving linear matrix inequalities. Simulation‐based theoretical models have effectively demonstrated the reduction of the impact of network intrusions on NCSs, validating the proposed approach.

Research on Distributed Secure Storage Framework of Industrial Internet of Things Data Based on Blockchain

The conventional centralized Industrial Internet of Things (IIoT) framework is plagued by issues like subpar security performance and challenges related to storage expansion. This paper proposes a two-tier distributed secure storage framework based on blockchain for IIoT data. The authors first introduce the two-layer framework, which includes the edge network layer and the blockchain storage layer. The nodes in the edge network layer are classified into administrator nodes and ordinary nodes. It provides a lower latency network environment compared to cloud computing to preprocess raw industrial data. The blockchain storage layer provides storage space to keep data secure and traceable. Secondly, the authors propose a differentiated storage solution. Based on the timestamps of industrial data and the specific media access control (MAC) address, the Universally Unique Identifier (UUID) of the raw data is generated and uploaded to the blockchain for secure storage. Encrypt the corresponding raw data using the elliptic curve cryptography algorithm, and then upload it to InterPlanetary File System (IPFS) to expand the storage capacity of the blockchain. Deploy a smart contract on the blockchain to compare UUIDs for consistency in an automated, lightweight method to determine data integrity. Finally, we analyze the advantages brought by the integration of blockchain and IIoT. Additionally, the authors design comparative tests on different storage methods. The results prove that the security of this paper’s scheme is improved, and the storage performance is extended. Noteworthy enhancements include heightened throughput of data uploaded to the blockchain and minimized delay overhead.

Energy-Efficient Cooperative Transmission in Ultra-Dense Millimeter-Wave Network: Multi-Agent Q-Learning Approach

In beyond fifth-generation networks, millimeter wave (mmWave) is considered a promising technology that can offer high data rates. However, due to inter-cell interference at cell boundaries, it is difficult to achieve a high signal-to-interference-plus-noise ratio (SINR) among users in an ultra-dense mmWave network environment (UDmN). In this paper, we solve this problem with the cooperative transmission technique to provide high SINR to users. Using coordinated multi-point transmission (CoMP) with the joint transmission (JT) strategy as a cooperation diversity technique can provide users with higher data rates through multiple desired signals. Nonetheless, cooperative transmissions between multiple base stations (BSs) lead to increased energy consumption. Therefore, we propose a multi-agent Q-learning-based power control scheme in UDmN. To satisfy the quality of service (QoS) requirements of users and decrease the energy consumption of networks, we define a reward function while considering the outage and energy efficiency of each BS. The results show that our scheme can achieve optimal transmission power and significantly improved network energy efficiency compared with conventional algorithms such as no transmit power control and random control. Additionally, we validate that leveraging channel state information to determine the participation of each BS in power control contributes to enhanced overall performance.

Fault Tolerance Management Implementation from Medium-to-Large-Scale Networks

As network infrastructures grow in complexity, ensuring high availability and resilience becomes critical, especially for medium-to-large scale networks. This study focuses on the development and implementation of fault tolerance management within Software-defined networking (SDN) environments, aimed at minimizing downtime and enhancing network reliability. SDN’s centralized control and dynamic programmability provide an ideal framework for implementing efficient fault detection and recovery mechanisms. The proposed model leverages real-time monitoring, redundancy protocols, and adaptive rerouting strategies to mitigate the impact of node or link failures. Key components of the model include failover mechanisms, load balancing, and traffic rerouting algorithms, designed to maintain seamless network operations during failures. Through simulation and testing, the model demonstrates significant improvements in network resilience, reducing recovery time and ensuring uninterrupted service delivery. This research provides a comprehensive guide to implementing fault-tolerant networks using SDN, offering scalable solutions that can be adapted to various network sizes and configurations. The findings emphasize the potential of SDN to revolutionize fault management in modern network infrastructures, making it a crucial consideration for future network design and operations.

REMEDIATE: Improving Network and Middlebox Resilience With Virtualisation

ABSTRACTThe increasing demand for low‐latency, high‐bandwidth connectivity has introduced novel challenges to delivering strong resilience guarantees in production network environments. Closed hardware platforms, known as middleboxes, that lack visibility and support for state retention remain a key challenge for continuous service delivery during network failures. These middleboxes rarely employ recovery mechanisms of their own, inspiring renewed interest in the field of NFV in recent years due to this gap within the industry. The increasing availability of VNF capabilities in modern infrastructures offers an opportunity to exploit the flexibility of software and use hybrid architectures to improve resilience. REMEDIATE is a high‐availability service that propagates state between unmodified hardware middleboxes and backup PNF or VNF appliances. The platform utilises targeted packet mirroring to allow network devices to organically construct equivalent state and thus allow an easy transition between hardware and software. To demonstrate its viability, we have evaluated REMEDIATE against a wide range of common hardware middlebox use cases built using multiple open‐source packet processing frameworks. Results show upwards of 90% matching state with no observable delay to normal traffic or impact on its functionality.

Robust and energy-efficient RPL optimization algorithm with scalable deep reinforcement learning for IIoT

The increasing complexity and quantity of the Industrial Internet of Things (IIoT) pose new challenges to the traditional routing protocol for low-power and lossy networks (RPL) in terms of dynamic management, data transmission reliability, and energy efficiency optimization. This paper proposes a scalable deep reinforcement learning (DRL) algorithm with a multi-attention actor double critic model for routing optimization (MADC) to meet the requirements of IIoT for efficient and intelligent routing decisions while improving data transmission reliability and energy efficiency. Specifically, MADC employs the centralized training and decentralized execution (CTDE) learning paradigm to decouple the model’s training and inference tasks, which reduces the difficulty and computational cost of model learning and improves the training efficiency. In addition, a lightweight actor network based on multi-scale convolutional attention mechanism is designed in MADC, which can provide intelligent and real-time decision-making capabilities for resource-constrained nodes with low computational and storage complexities. Moreover, a scalable critic network utilizing multiple attention mechanisms is proposed. It is not only suitable for dynamic and changing network environments but also can more comprehensively and accurately evaluate local observation states, providing more accurate and efficient guidance for model optimization. Furthermore, MADC incorporates a double critic network architecture to mitigate potential overestimation issues during training, thereby ensuring the model’s robustness and reliability. Simulation results demonstrate that MADC outperforms existing RPL optimization algorithms in terms of energy efficiency, data transmission reliability, and adaptability.

Exploring optimal resource allocation methods for improved efficiency in flying ad-hoc network environments: a survey

Exploring optimal resource allocation methods for improved efficiency in flying ad-hoc network environments: a survey

Exploiting self-evolutionary strategies of components for Dynamic Heterogeneous Redundancy

The network security situation is increasingly serious. Traditional security equipment like firewalls and intrusion detection systems cannot prevent unknown risks due to their passive nature. Dynamic Heterogeneous Redundancy (DHR) actively defends by switching the attack surface and confusing attackers, becoming essential in modern network defense. However, existing DHR approaches based on scheduling algorithms struggle under high-intensity attacks due to resource limitations. To overcome this weakness, we propose a Genetic Algorithm and Particle Swarm Optimization (GAPSO), a novel DHR architecture. GAPSO provides real-time security awareness of host components, maps potential attacker paths, and calculates the risk probability of each component. High-risk components evolve into others in the pool during attacks. Experiments show that GAPSO significantly reduces system risk compared to scheduling-based DHR and effectively delays the hacker’s attack lifecycle. Additionally, we developed a prototype system and evaluated it in a real network environment, obtaining positive results.

SDN-Driven Security Framework for DDOS Attack Detection and Mitigation

The rising complexity and persistence of Distributed Denial of Service (DDoS) attacks, particularly low-rate variants, present significant challenges in detection and mitigation within Software-Defined Networking (SDN) environments. Existing detection systems often flood networks with alerts, burdening security personnel and delaying timely mitigation. Furthermore, many solutions are designed and tested in simulated conditions, limiting their real-world applicability. To address these challenges, we propose an SDN-based security framework enhanced with automated monitoring, detection, and mitigation capabilities, optimized for slow-rate DDoS attacks. Our framework was rigorously evaluated on a physical testbed, achieving mitigation efficiencies between 91.66% and 100% under varied attack conditions, thus proving its robustness in practical settings. Additionally, we introduce the SDN-SlowRate-DDoS dataset, designed to assist researchers and industry professionals in developing and testing intrusion detection solutions in more realistic scenarios. To further improve DDoS defense in SDN, we incorporate an ensemble online machine learning model that dynamically adapts to evolving attack patterns, enhancing accuracy across attack types and outperforming traditional models with a detection rate of 99.2% on benchmark datasets. This dual approach leverages both real-world testing and adaptive machine learning, advancing proactive DDoS threat management in SDN environments

Hybrid Algorithm Combining Bellman-Ford, Dijkstra, and Machine Learning for Dynamic Network Routing

Abstract: Optimizing routing in dynamic networks has emerged as an increasingly important problem today with re- duced latency, guaranteed connectivity and efficient data trans- fer under a variety of changing conditions. Among the more well known shortest path algorithms those of Bellman-Ford and Dijkstra’s have very notable advantages and disadvantages themselves; while Bellman-Ford has provisions against negative weighted edges and pays a penalty in computation, Dijkstra’s algorithm cannot work with negative weighted edges but is highly efficient. It introduces a new hybrid routing algorithm that makes intelligent choices between the classical Bellman-Ford and Dijk- stra’s using machine learning techniques. This model, through historical analysis of data on traffic data and network metrics, predicts the level of congestion and identifies that algorithm which is most efficient in the selection of a call for routing. It switches over to Bellman-Ford if congestion expectation is high or if it contains negative weights, whereas under stable network conditions, it employs Dijkstra’s due to its efficiency. Preliminary experiments reveal that this adaptive strategy optimizes both computation overhead and route selection accuracy in large scale dynamic networking environments. Our results indicate improvements in routing efficiency in complex networks based on predictive analytics from established algorithms

Research on High-Efficiency Routing Protocols for HWSNs Based on Deep Reinforcement Learning

In heterogeneous wireless sensor networks (HWSNs), optimizing energy efficiency presents significant challenges due to variations in node energy levels and the complexity of the network environment. This paper introduces an energy efficiency optimization algorithm for HWSNs based on the Deep Q-Network (HDQN). The algorithm aims to address these challenges by selecting the optimal information transmission path. The HDQN leverages energy differences between nodes and real-time environmental data to enhance network efficiency. Its reward function takes into account node distance, remaining energy, and relay node count to balance node participation and minimize overall energy consumption. The Deep Q-Network (DQN) uses the mean squared error for precise reward estimation, and an improved packet header structure supports effective routing decisions. Simulation results show that the HDQN significantly outperforms existing algorithms—EEHCHR, 2L-HMGEAR, NCOGA, DEEC, and SEP—in terms of energy efficiency, network lifetime, and robustness, demonstrating its potential to advance the performance of HWSNs. The research results of the paper provide a theoretical basis for future energy efficiency research in wireless communication and contribute to the study of the new generation of wireless networks.

APPROACH TO DETECTION OF ANOMALOUS NETWORK TRAFFIC USING LOF AND HBOS ALGORITHMS

The article is devoted to the problem of detecting anomalies in modern computer networks, which is one of the main threats to cyber security. With the development of Internet technologies, the number of devices and the volume of network traffic are constantly increasing, which leads to an increase in the risk of various cyber threats, such as DDoS attacks, zero-day attacks, and exploitation of protocol vulnerabilities. Abnormal network traffic can result from malicious activity and technical malfunctions, such as configuration errors or hardware failures. Specialised algorithms and methods of analysing large volumes of data are used to detect such threats. The paper considers the main methods of detecting anomalies in network traffic, including classical approaches and modern deep and machine learning methods. Special attention is paid to the efficiency of using methods based on convolutional neural networks, long-term memory and their combinations to detect anomalies. An analysis of the disadvantages and advantages of various approaches to detecting anomalous traffic, such as high computational requirements and the complexity of setting up models, is performed. Still, their effectiveness in analysing large volumes of data is noted. One of the main methods used for anomaly analysis is the local outlier algorithm, which compares the density of objects with their neighbours, allowing for the detection of anomalies in regional segments of the data. Another method is histogram-based outlier estimation, which is faster and more efficient using one-dimensional histograms for each variable. The work also explores the application of unsupervised machine learning methods, which allows for analysing network traffic in real time without the need for prior labelling of data. The article also considers the prospects of further testing the proposed methods in real networks. The combined use of LOF and HBOS balances anomaly detection accuracy and data processing speed, essential to ensure continuous system operation in high-load networks. The implementation of similar solutions in actual conditions requires further research, particularly regarding optimising the use of computing resources and adapting methods to the specific conditions of the network environment. Thus, the paper presents a thorough analysis of modern approaches to detecting anomalies in network traffic and substantiates the feasibility of their application in actual conditions to increase the effectiveness of cyber security.

DUdetector: A dual-granularity unsupervised model for network anomaly detection

Internet of Things (IoT) devices are often used as springboards for network intrusion due to the open nature of IoT protocol stacks that enable automatic inter-connection and data sharing among devices, so it is critical to develop network anomaly detection algorithms that can be deployed at important nodes such as gateways and routers. However, existing detection algorithms based on signature rules and supervised machine learning heavily rely on known anomaly types, yielding low detection accuracy when deployed in realistic network environments with a significant number of unknown attacks. With this in mind, we propose DUdetector, an unsupervised anomaly detection algorithm by employing Transformer and Conv1d&MaxPool1d AutoEncoder with residual connection (abbr., CM&RC-AE) to realize a dual-granularity learning from the perspective of segments and points, respectively. Specifically, we perform coarse-grained segment-level anomaly detection based on an improved Transformer to detect whether there is any anomalous traffic within a time window. Then, we perform fine-grained point-level anomaly detection based on CM&RC-AE for each packet within the problematic segment output by the first step. Extensive experiments on three datasets (SSDP Flood, Mirai and IDS2017) demonstrate that our DUdetector achieves a better performance than existing work: an F1-score of 95.98% for Mirai, and over 99.2% for both SSDP Flood and IDS2017, with false positive rates less than 0.5% for all three datasets.

Network Traffic Classification Analysis on Differentiated Services Code Point Using Deep Learning Models for Efficient Deep Packet Inspection

Network Traffic Classification Analysis on Differentiated Services Code Point Using Deep Learning Models for Efficient Deep Packet Inspection

APLICANDO METODOLOGIA BASEADA EM IDS, SOLUCIONANDO VULNERABILIDADES EM NUVEM (SAAS)

Advances in technology have led to the use of cloud systems, the storage and distribution of files over the Internet, especially Saas (Software as a Service), which is now widely used by businesses due to its great advantage of scalability and practicality. However, in the midst of this technology, there has been an increase in ransomware attacks, a type of malware designed to encrypt data storage areas on computers and servers, causing users to lose access to their data in the cloud. The main objective of this work is to apply a methodology based on IDS (Intrusion Detection Systems), using the Snort tool in a virtualized network environment in Oracle Virtualbox, on the Kali Linux virtual machine, to analyze and solve problems with ransomware attacks in the cloud. The goal is to present ideas and considerations to train users to take security measures against these attacks should they occur at any time, making the work of cybercriminals more difficult. To keep this storage environment clean and secure, we need the cooperation of the security software, with rules and alerts that are always up to date, together with the monitoring team.

Enhanced In-Network Caching for Deep Learning in Edge Networks

Enhanced In-Network Caching for Deep Learning in Edge Networks

Research on Security Situation Assessment and Prediction Model of Network System in Deep Learning Environment

With the development of the Internet, the network environment is increasingly complex, and the problem of network security is increasingly serious. Traditional passive network security technology has been unable to meet people’s current security needs, in this context, network security situation awareness arises at the historic moment. NSSA technology makes the traditional passive security into active security, from the analysis of unilateral elements to the analysis of the overall security. As key technology of situation perception, security situation assessment and prediction can evaluate and predict the network security situation at the overall level, help network security managers understand the overall network security changes and take protective measures in advance when predicting the dangerous state, which has important research significance. This paper mainly studies the situation assessment and prediction technology of network security, and puts forward the improved model and algorithm, which improves accuracy of situation assessment and prediction results. Prediction accuracy reaches 97.86%, and the efficiency of the situation assessment reaches 98.22%.

AI Based Resource Management for 5G Network Slicing: History, Use Cases, and Research Directions

ABSTRACT5G, 6G, and beyond networks promise to support vertical industrial services with strict QoS parameters, but the hardware‐based "one‐size‐fits‐all" model of legacy networks lacks the flexibility needed for diverse services. The foundation of 5G networks lies in softwarization, with network slicing, Software Defined Networking (SDN), and Network Function Virtualisation (NFV) serving as its core components. The network‐slicing‐based shared network environment necessitates an intelligent and flexible resource management approach. In this case, traditional approaches are no longer suitable for dealing with a dynamic network environment. With recent advancements, AI‐based approaches have the potential to manage resources autonomously. This paradigm shift underscores the need for deep and extensive investigation. However, existing literature on this subject is fragmented and lacks a cohesive overview of network slicing. To address these gaps, our review paper aims to provide a comprehensive scope of network slicing in a unified manner. In this sequence at first, this paper presented a conceptual overview of network slicing and enabling technologies, including SDN, NFV, and edge computing. Secondly, this paper identifies the relevant phases of resource management and presents AI‐based resource management for network traffic classification, admission, allocation, and scheduling. Finally, it also discusses the deployment of network slicing‐enabled key use cases and their practical deployment, the research gap, and open research challenges. To the best of our knowledge, this is the first attempt to critically analyze and present a consolidated review of the state of the art in network slicing resource management modules and network slicing‐enabled key industrial use cases. This paper aims to guide researchers in developing innovative solutions and assist network players in the practical deployment of network slices for industrial applications.

Children’s personal information and personal data protection under the laws of the EU, US and Vietnam

The explosion of information technology, besides its positive aspects, has raised many issues related to personal information and personal data in the network environment. Because children are vulnerable to abuse, fraud and exploitation, protecting children’s personal information and personal data is always of concern to many countries. From the concept and characteristics of personal information and personal data of children in Europe, the United States and Vietnam, it can be seen that children’s personal information and personal data protection is very necessary in every country today. This research focuses on the age considered a child, the child’s consent and his or her parental consent when providing and processing personal information or personal data of children under the laws of the EU, US and Vietnam. Therefore, the article proposes some recommendations related to the child’s consent and his or her parental consent in protecting children’s personal data in Vietnam.