TNSM Searchable Index

Author(s)	Title	Year	Publication	Keywords
Siyang Xu, Ze Fan, Zijian Zhou, Qiuyu Lu, Biao Zhang, Yu Wang, Xin Song	Minimizing the Cost of UAV-Assisted Marine Mobile Edge Computing System Based on Deep Reinforcement Learning	2026	Early Access	Autonomous aerial vehicles Energy consumption Optimization	To enable compute-intensive and delay-sensitive maritime services, unmanned surface vessels (USVs) can offload tasks to mobile edge computing (MEC) servers mounted on unmanned aerial vehicles (UAVs). However, jointly minimizing energy consumption and latency is challenging due to the strong coupling between communication, computation, and mobility under stringent quality-of-service (QoS) requirements. To capture this trade-off, we formulate a weighted energy–delay minimization problem that jointly optimizes one-to-one UAV–USV scheduling, task partitioning, and UAV trajectory. The resulting problem is particularly difficult due to a hybrid discrete–continuous decision space and strong temporal coupling under stringent feasibility constraints. To address this mixed-integer nonconvex optimization problem, we reformulate it as a Markov decision process (MDP) and develop a constraint-aware OU–TD3 algorithm that integrates differentiable scheduling relaxation, feasibility-aware action mapping, and adaptive OU–Gaussian mixed exploration for stable learning in high-dimensional continuous control. We further extend the formulation and solution to a cooperative multi-UAV MEC setting with signal-to-interference-plus-noise ratio (SINR)-coupled interference and coordination constraints. Extensive simulations with statistical evaluation demonstrate stable convergence and up to 54.2% cost reduction over baseline schemes, while maintaining robustness under realistic maritime disturbances.	10.1109/TNSM.2026.3664895
Zhiwei Yu, Chengze Du, Heng Xu, Ying Zhou, Bo Liu, Jialong Li	REACH: Reinforcement Learning for Efficient Allocation in Community and Heterogeneous Networks	2026	Early Access	Graphics processing units Computational modeling Reliability	Community GPU(Graphics Processing Unit) platforms are emerging as a cost-effective and democratized alternative to centralized GPU clusters for AI(Artificial Intelligence) workloads, aggregating idle consumer GPUs from globally distributed and heterogeneous environments. However, their extreme hardware/software diversity, volatile availability, and variable network conditions render traditional schedulers ineffective, leading to suboptimal task completion. In this work, we present REACH (Reinforcement Learning for Efficient Allocation in Community and Heterogeneous Networks), a Transformer-based reinforcement learning framework that redefines task scheduling as a sequence scoring problem to balance performance, reliability, cost, and network efficiency. By modeling both global GPU states and task requirements, REACH learns to adaptively co-locate computation with data, prioritize critical jobs, and mitigate the impact of unreliable resources. Extensive simulation results show that REACH improves task completion rates by up to 17%, more than doubles the success rate for high-priority tasks, and reduces bandwidth penalties by over 80% compared to state-of-the-art baselines. Stress tests further demonstrate its robustness to GPU churn and network congestion, while scalability experiments confirm its effectiveness in large-scale, high-contention scenarios.	10.1109/TNSM.2026.3663316
Muhammad Fahimullah, Michel Kieffer, Sylvaine Kerboeuf, Shohreh Ahvar, Maria Trocan	Decentralized Coalition Formation of Infrastructure Providers for Resource Provisioning in Coverage Constrained Virtualized Mobile Networks	2026	Early Access	Indium phosphide III-V semiconductor materials Resource management	The concept of wireless virtualized networks enables Mobile Virtual Network Operators (MVNOs) to utilize resources made available by multiple Infrastructure Providers (InPs) to set up a service. Nevertheless, existing centralized resource provisioning approaches fail to address such a scenario due to conflicting objectives among InPs and their reluctance to share private information. This paper addresses the problem of resource provisioning from several InPs for services with geographic coverage constraints. When complete information is available, an Integer Linear Program (ILP) formulation is provided, along with a greedy solution. An alternative coalition formation approach is then proposed to build coalitions of InPs that satisfy the constraints imposed by an MVNO, while requiring only limited information sharing. The proposed solution adopts a hedonic game-theoretic approach to coalition formation. For each InP, the decision to join or leave a coalition is made in a decentralized manner, relying on the satisfaction of service requirements and on individual profit. Simulation results demonstrate the applicability and performance of the proposed solution.	10.1109/TNSM.2026.3663437
Tuan-Vu Truong, Van-Dinh Nguyen, Quang-Trung Luu, Phi-Son Vo, Xuan-Phu Nguyen, Fatemeh Kavehmadavani, Symeon Chatzinotas	Accelerating Resource Allocation in Open RAN Slicing via Deep Reinforcement Learning	2026	Early Access		The transition to beyond-fifth-generation (B5G) wireless systems has revolutionized cellular networks, driving unprecedented demand for high-bandwidth, ultra low-latency, and massive connectivity services. The open radio access network (Open RAN) and network slicing provide B5G with greater flexibility and efficiency by enabling tailored virtual networks on shared infrastructure. However, managing resource allocation in these frameworks has become increasingly complex. This paper addresses the challenge of optimizing resource allocation across virtual network functions (VNFs) and network slices, aiming to maximize the total reward for admitted slices while minimizing associated costs. By adhering to the Open RAN architecture, we decompose the formulated problem into two subproblems solved at different timescales. Initially, the successive convex approximation (SCA) method is employed to achieve at least a locally optimal solution. To handle the high complexity of binary variables and adapt to time-varying network conditions, traffic patterns, and service demands, we propose a deep reinforcement learning (DRL) approach for real-time and autonomous optimization of resource allocation. Extensive simulations demonstrate that the DRL framework quickly adapts to evolving network environments, significantly improving slicing performance. The results highlight DRL’s potential to enhance resource allocation in future wireless networks, paving the way for smarter, self-optimizing systems capable of meeting the diverse requirements of modern communication services.	10.1109/TNSM.2026.3665553
Jiazhong Lu, Jimin Peng, Jian Shu, Jiali Yin, Xiaolei Liu	Adversarial Sample Based on Structured Fusion Noise for Botnet Detection in Industrial Control Systems	2026	Early Access		The industrial control system’s artificial intelligence-based botnet intrusion detection system has a high detection performance and efficiency in an environment without interference. However, these systems are not immune to evasion through adversarial samples. In this study, we introduce a feature extraction technique tailored for ICS botnet detection. This approach classifies traffic packets based on network traffic attributes and ICS-specific identification codes, encompassing the statuses of ICS devices, enhancing detection precision. Meanwhile, this strategy addresses challenges in ICS data collection and bolsters experimental efficacy. To build a comprehensive botnet intrusion dataset within an ICS, we concurrently utilized existing ICS devices to collect both standard ICS and botnet traffic. Additionally, we present an innovative adversarial sample generation method for botnet detection models, integrating both time-domain and frequency-domain noise. Testing under three real-world ICS attack scenarios revealed our technique can markedly degrade the classification performance of eight leading AI-based detection models, emphasizing its potential for evading AI-based ICS intrusion detectors.	10.1109/TNSM.2026.3665504
Ahmad Y. Alhusenat, Lei Lei, Jinjin Tian, Lihong Zhu, Tong-Xing Zheng, Symeon Chatzinotas	Dynamic Parallel Task Offloading and Sustainable On-Board Computing for Delay-Energy Optimization LEO Networks	2026	Early Access		Task offloading among low-earth orbit (LEO) satellites with on-board computing (OBC) is important for real-time applications. However, OBC is constrained by the battery capacity of LEO, which fluctuates with orbital dynamics and available solar power. This paper addresses the problem of energy sustainability and timeliness in LEO-OBC systems by proposing a sustainable OBC-LEO framework that combines parallel offloading strategies with dynamic energy management. This problem is formulated as a Markov decision process aiming to minimize the overall delay while satisfying the LEO satellite energy constraints and achieving a high task success rate. To balance immediate computational demands and long-term energy stability, a Lyapunov optimization-based dynamic parallel offloading (LODPO) algorithm is designed to make decisions dynamically within each time slot, integrated with subtask allocation based on a low-cost (SABLC) algorithm that dynamically adjusts task allocations. Finally, simulation results demonstrate that the LODPO framework achieves a significant reduction in execution delay, incurring only 34.0% of the delay cost of binary offloading. Most critically, it ensures exceptional reliability, with a task drop rate that is only 8.5% of that seen in binary offloading and 12.0% of that in the DQN-based approach. This ensures high responsiveness and dependability for mission-critical, delay-sensitive applications.	10.1109/TNSM.2026.3665512
Jordan F. Masakuna, Djeff K. Nkashama, Arian Soltani, Marc Frappier, Pierre M. Tardif, Froduald Kabanza	Enhancing Anomaly Alert Prioritization through Calibrated Standard Deviation Uncertainty Estimation with an Ensemble of Auto-Encoders	2026	Early Access	Uncertainty Standards Measurement	Deep auto-encoders (AEs) are widely employed deep learning methods in the field of anomaly detection across diverse domains (e.g., cybersecurity analysts managing large volumes of alerts, or medical practitioners monitoring irregular patient signals). In such contexts, practitioners often face challenges of scale and limited processing resources. To cope, strategies such as false positive reduction, human-in-the-loop review, and alert prioritization are commonly adopted. This paper explores the integration of uncertainty quantification (UQ) methods into alert prioritization for anomaly detection using ensembles of AEs. UQ models highlight doubtful classification decisions, enabling analysts to address the most certain alerts first, since higher certainty typically correlates with greater accuracy. Our study reveals a nuanced issue where applying UQ to ensembles of AEs can produce skewed distributions of large reconstruction errors (errors exceeding a pre-defined threshold), which may falsely suggest high uncertainty when standard deviation is used as the metric. Conventionally, a high standard deviation indicates high uncertainty. However, contrary to intuition, large reconstruction errors often reflect AE is strongly confident that an input is anomalous—not uncertainty about it. Moreover, ensembles of AEs generate reconstruction errors with varying ranges, complicating interpretation. To address this, we propose an extension that calibrates the standard deviation distribution of uncertainties, mitigating erroneous prioritization. Evaluation on 10 benchmark datasets demonstrates that our calibration approach improves the effectiveness of UQ methods in prioritizing alerts, while maintaining favorable trade-offs across other key performance metrics.	10.1109/TNSM.2026.3664298
Domenico Scotece, Giuseppe Santaromita, Claudio Fiandrino, Luca Foschini, Domenico Giustiniano	On the Scalability of Access and Mobility Management Function: the Localization Management Function Use Case	2026	Early Access	5G mobile communication Scalability Location awareness	The adoption of Service-Based Architecture (SBA) in 5G Core Networks (5GC) has significantly transformed the design and operation of the control plane, enabling greater flexibility and agility for cloud-native deployments. While the infrastructure has initially evolved by implementing key functions, there remains significant potential for additional services, such as localization, paving the way for the integration of the Location Management Function (LMF). However, the extensive functional decomposition within SBA leads to consequences, such as the increase of control plane operations. Specifically, we observe that the additional signaling traffic introduced by the presence of the LMF overwhelms the Access and Mobility Management Function (AMF) which is responsible for authentication and mobility. In fact, in mobile positioning, each connected mobile device requires a significant amount of control traffic to support location algorithms in the 5GC. To address this scalability challenge, we analyze the impact of three well-known optimization techniques on location procedures to reduce control message traffic in the specific context of the 5GC, namely a caching system, a request aggregation system, and a service scalability system. Our solutions are evaluated in an OpenAirInterface (OAI) emulated environment with real hardware. After the analysis in the emulated environment, we select the caching system – due to its feasibility – for being analyzed in a real 5G testbed. Our results demonstrate a significant reduction in the additional overhead introduced by the LMF, improving scalability by minimizing the impact on AMF processing time up to a 50% reduction.	10.1109/TNSM.2026.3664546
Qichen Luo, Zhiyun Zhou, Ruisheng Shi, Lina Lan, Qingling Feng, Qifeng Luo, Di Ao	Revisit Fast Event Matching-Routing for High Volume Subscriptions	2026	Early Access	Real-time systems Vectors Search problems	Although many scalable event matching algorithms have been proposed to achieve scalability for publish/subscribe services, the content-based pub/sub system still suffer from performance deterioration when the system has large numbers of subscriptions, and cannot support the requirements of real-time pub/sub data services. In this paper, we model the event matching problem as an existence problem which only care about whether there is at least one matching subscription in the given subscription set, differing from existing works that try to speed up the time-consuming search operation to find all matching subscriptions. To solve this existence problem efficiently, we propose DLS (Discrete Label Set), a novel subscription and event representation model. Based on the DLS model, we propose an event matching algorithm with O(Nd) time complexity to support real-time event matching for a large volume of subscriptions and high event arrival speed, where Nd is the node degree in overlay network. Experimental results show that the event matching performance can be improved by several orders of magnitude compared with traditional algorithms.	10.1109/TNSM.2026.3664517
Jing Huang, Yabo Wang, Honggui Han	SCFusionLocator: A Statement-Level Smart Contract Vulnerability Localization Framework Based on Code Slicing and Multi-Modal Feature Fusion	2026	Early Access	Smart contracts Feature extraction Location awareness	Smart contract vulnerabilities have led to over $20 billion in losses, but existing methods suffer from coarse-grained detection, two-stage “detection-then-localization” pipelines, and insufficient feature extraction. This paper proposes SCFusionLocator, a statement-level vulnerability localization framework for smart contracts. It adopts a novel code-slicing mechanism (via function call graphs and data-flow graphs) to decompose contracts into single-function subcontracts and filter low-saliency statements, paired with source code normalization to reduce noise. A dual-branch architecture captures complementary features: the code-sequence branch uses GraphCodeBERT (with data-flow-aware masking) for semantic extraction, while the graph branch fuses call/control-flow/data-flow graphs into a heterogeneous graph and applies HGAT for structural modeling. SCFusionLocator enables end-to-end statement-level localization by framing tasks as statement classification.We release BJUT_SC02, a large dataset of over 240,000 contracts with line-level labels for 58 vulnerability types. Experiments on BJUT_SC02, SCD, and MANDO datasets show SCFusionLocator outperforms 8 conventional tools and nearly 20 ML baselines, achieving over 90% average F1 at the statement level, with better generalization to similar unknown vulnerabilities, and remains competitive in contract-level detection.	10.1109/TNSM.2026.3664599
Shiyu Yang, Qunyong Wu, Zhanchao Huang, Zihao Zhuo	SGA-Seq: Station-aware Graph Attention Sequence Network for Cellular Traffic Prediction	2026	Early Access	Adaptation models Predictive models Spatiotemporal phenomena	Cellular traffic prediction is crucial for optimizing network resources and enhancing service quality. Despite progress in existing traffic prediction methods, challenges remain in capturing periodic features, spatial heterogeneity, and abnormal signals. To address these challenges, we propose a Station-aware Graph Attention Sequence Network (SGA-Seq). The core idea is to achieve accurate cellular traffic prediction by adaptively modeling station-specific spatiotemporal patterns and effectively handling complex traffic dynamics. First, we introduce a learnable temporal embedding mechanism to capture temporal features across multiple scales. Second, we design a station-aware graph attention network to model complex spatial relationships across stations. Additionally, by progressively separating regular and abnormal signals layer by layer, we enhance the model’s robustness. Experimental results demonstrate that SGA-Seq outperforms existing methods on five diverse mobile network datasets spanning different scales, including cellular traffic, mobility flow, and communication datasets. Notably, on the V-GCT dataset, our method achieves an 8.04% improvement in Root Mean Squared Error compared to the Spatiotemporal-aware Trend-Seasonality Decomposition Network. The code of SGA-Seq is available at https://github.com/OvOYu/SGA-Seq.	10.1109/TNSM.2026.3664401
Yuhao Chen, Jinyao Yan, Yuan Zhang, Lingjun Pu	WiLD: Learning-based Wireless Loss Diagnosis for Congestion Control with Ultra-low Kernel Overhead	2026	Early Access	Packet loss Kernel Linux	Current congestion control algorithms (CCAs) are inefficient in wireless networks due to the lack of distinction of congestion and wireless packet losses. In this work, we propose a simple yet effective learning-based wireless loss diagnosis (WiLD) solution for enhancing wireless congestion control. WiLD uses a neural network (NN) to accurately distinguish between wireless packet loss and congestion packet loss. To seamlessly cooperate with rule-based CCAs and make real-time decisions, we further implement WiLD in Linux kernel to avoid the frequent kernel-space communication. Specifically, we use a lightweight NN for inference and propose an integer quantization for WiLD deployment in various Linux versions. Real-world experiments and simulations demonstrate that WiLD can accurately differentiate the wireless and congestion packet loss with negligible CPU overhead (around 1% of WiLD vs. around 100% of learning-based algorithms such as Vivace and Aurora) and fast inference time (45% less compared to TensorFlow Lite). When combined with Cubic, WiLD-Cubic can achieve around 792%, 536%, 412%, 231%, 218%, 108%, 85% and 291% throughput improvement compared with BBRv2, Cubic, Westwood, Copa, Copa+, Vivace, Aurora and Indigo in the real network environment.	10.1109/TNSM.2026.3664422
Minxi Feng, Haotian Wu, Shahid Mumtaz, Jiaming Pei	Intent-based Network in Online Resource Allocation with Machine-learned Prediction	2026	Early Access	Resource management Internet of Things Uncertainty	The development of Internet-of-Things (IoT) services demands intelligent and adaptive mechanisms for online resource allocation under dynamic and uncertain environments. Intent-Based Networking (IBN) has emerged as a promising paradigm to align system behavior with high-level user intents. However, realizing intent-aware allocation in real time remains challenging due to uncertain resource availability and incomplete future information. This paper presents a modular framework that integrates semantic intent parsing, machine-learned resource prediction, and robust online decision-making. We propose IBN-ONMP, an IBN-based online resource allocation algorithm that leverages machine-learned predictions and adapts safety margins based on feedback to ensure feasibility and performance under uncertainty. We formally define the problem, establish theoretical guarantees including regret and competitive ratio bounds, and validate the approach on real-world and simulated datasets. Experimental results demonstrate that IBN-ONMP achieves high utility and robust performance across varying prediction error levels, which is consistent with theoretical analysis.	10.1109/TNSM.2026.3665018
Rui Huang, Qingling Li, Liangru Xie, Fei Shang	Dynamic Migration in Digital Twin-Enabled Industrial Internet: A Stochastic Network Calculus Approach	2026	Early Access	Delays Stability analysis Real-time systems	Digital Twin (DT) technology serves as a critical enabler in Cyber-Physical-Social Systems (CPSS), especially within Industry 5.0’s human-centric manufacturing paradigm. However, the computational intensity of processing real-time data in DT systems often leads to resource saturation and performance degradation at computation nodes. Dynamic service migration of digital twins by offloading computation-intensive tasks to resource-rich nodes to offer a promising solution, yet introduces challenges in preserving service quality during migration. Key issues include high delay, data inconsistency, service interruptions, and limited bandwidth compromising system stability. To address these challenges, this paper proposes a dynamic migration scheduling strategy for digital twins based on a Lyapunov optimization framework. Our approach integrates Stochastic Network Calculus (SNC) for Quality of Service (QoS) quantification and a persistent queue mechanism for reliability assurance. Theoretical analysis and extensive simulations demonstrate that the proposed algorithm achieves near-optimal performance with provable bounds, effectively minimizing migration-induced delay while maintaining service reliability. The results confirm that our framework consistently outperforms existing solutions in managing service migration within industrial internet systems.	10.1109/TNSM.2026.3665033
Bingnan Hou, Zhenzhong Yang, Xianzheng Meng, Xiaoyi Wang, Yifan Yang, Ling Hu, Xionglve Li, Zhiping Cai	HMap: Efficient Internet-wide IPv6 Scanning with Dynamic Search	2026	Early Access	Security Probes Routing	Internet-wide scanning is integral to network measurement and security analysis, but the expansive address space of IPv6 limits existing approaches in achieving efficient global-scale scans. This study introduces HMap, an innovative IPv6 scanner that markedly improves scan efficiency and coverage through the implementation of a dynamic search (DS) technique, relying solely on IPv6 routeable BGP prefixes. DS employs a dynamic feedback-driven probing strategy that uses information from previous replies to prioritize more promising address regions in subsequent scans. In Internet-wide scans over IPv6, encompassing both ping-like and traceroute-like scans with DS, HMap has demonstrated its capability to discover 2.29 million non-alias active target addresses, 0.13 million peripheries/middleboxes, and 1.61 million router interfaces, using only million-scale probes. This represents a noteworthy improvement of 1.91 times, 1.63 times, and 12.38 times, respectively, compared to current state-of-the-art alternatives. Additionally, by utilizing an efficient target generation algorithm (TGA) that more effectively leverages seed addresses, HMap expands the non-alias active address count to 44.05 million. This coverage spans 18.97 thousand ASes with a one-hour scan at a limited probing speed of 100 Kpps. The volume of active IPv6 addresses is 4.88 times larger than the currently disclosed largest IPv6 hitlists, providing a more diverse set of IPv6 networks. Unlike prior IPv6 scan studies that preclude their use for Internet-scale security analysis, we also conduct the Internet-wide security scans of IPv6 networks, focusing on the exposed internal IPv6 devices and security-sensitive services in IPv6 routers.	10.1109/TNSM.2026.3664795
Zhenliang Liu, Xing Fan, Baoning Niu	Node-based Blockchain Decentralization Measurement Model	2026	Early Access	Blockchains Peer-to-peer computing Economics	Blockchain decentralization refers to the characteristics of blockchain systems in which data storage, transaction verification, and ledger state updates are performed and maintained by distributed nodes, rather than relying on the servers of centralized institutions or organizational entities. It is one of the core features of blockchain systems to ensure security, anti-censorship, and system robustness. Quantifying the degree of blockchain decentralization helps identify potential centralization risks and evaluate the fairness of system architectures and governance mechanisms, and provides an important basis for the optimization design for improving consensus efficiency and resource allocation, as well as for evaluating the credibility and understanding the future development trends of blockchain systems in terms of scalability, application domains, and regulatory adaptability. Existing blockchain decentralization measurement methods rely on one or two dimensions, ignore trend analysis of the degree of decentralization, and lack standardized quantitative approaches, such as the consistent application of methods like the coefficient of variation or the information entropy, to enable objective and comparable assessments across different systems. Given that blockchain systems are composed of participating nodes, we adopt a node-centric perspective, and propose a Node-based Blockchain Decentralization Measurement Model (NBDMM). NBDMM uses ten key indicators extracted from three dimensions, node distribution, transaction-network centralization, and node reliability, to measure the degree of decentralization. Experimental results demonstrate that the proposed NBDMM effectively quantifies the level of decentralization across blockchain systems with varying consensus mechanisms. Moreover, findings indicate a trend toward increasing centralization in both Bitcoin and Ethereum, suggesting a gradual erosion of their originally decentralized nature.	10.1109/TNSM.2026.3665402
Ziyi Teng, Juan Fang, Neal N. Xiong	DOJS: A Distributed Online Joint Scheme to Optimize Cost in Mobile Edge Networks	2026	Early Access	Optimization Costs Resource management	Edge computing deploys computing and storage resources at the network edge, thereby providing services closer to terminal users. However, in edge networks, the mobility of terminals, the diversity of requests, and the dynamic nature of wireless channels pose significant challenges for efficiently allocating limited wireless and caching resources among multiple terminal devices. To address the issues of unbalanced network load and high caching costs caused by resource allocation in edge networks, we propose a Distributed Online Joint Optimization Scheme (DOJS). Specifically, we design a joint optimization scheme, referred to as DOJS, which combines centralized user association at the cloud with distributed cache placement at the base stations. This scheme analyzes the impact of terminal device association policies on caching costs and develops a caching cost model that integrates the activity level and content request probability of terminal devices. Based on this model, the relationship between user association selection and caching costs is analyzed, and a Game Theory-based User Association (GTUA) selection algorithm is proposed. In order to adapt to the dynamic characteristics of terminal-user requests in mobile edge networks, we develop a dynamic cache update method LS-TD3, which combines Long Short-Term Memory (LSTM) and Twin Delayed Deep Deterministic policy gradient (TD3). Specifically, we integrate the LSTM layer into the policy model framework of reinforcement learning to better predict the content popularity from dynamic time data, thus improving the accuracy of cache decision making. To further reduce computational complexity and enhance overall system performance, we employ a distributed optimization strategy to improve the dynamic caching decision process. Extensive experimental results demonstrate the superiority of the proposed algorithm in achieving inter-node load balancing and minimizing caching costs.	10.1109/TNSM.2026.3665360
Liang Kou, Xiaochen Pan, Guozhong Dong, Meiyu Wang, Chunyu Miao, Jilin Zhang, Pingxia Duan	Dynamic Adaptive Aggregation and Feature Pyramid Network Enhanced GraphSAGE for Advanced Persistent Threat Detection in Next-Generation Communication Networks	2026	Early Access	Feature extraction Adaptation models Computational modeling	Advanced Persistent Threats (APTs) pose severe challenges to Next-Generation Communication Networks (NGCNs) due to their stealthiness and NGCNs’ dynamic topology, while conventional GNN-based intrusion detection systems suffer from static aggregation and poor adaptability to unseen nodes. To address these issues, this paper proposes DAA-FPN-SAGE, a lightweight graph-based detection framework integrating Dynamic Adaptive Aggregation (DAA) and Multi-Scale Feature Pyramid Network (MSFPM). Leveraging GraphSAGE’s inductive learning capability, the framework effectively models unseen nodes or subgraphs and adapts to NGCN’s dynamic changes (e.g., elastic network slicing, online AI model updates)—a key advantage for handling NGCN’s real-time topological variations. The DAA module employs multi-hop attention to dynamically assign weights to neighbors at different hop distances, enhancing capture of hierarchical dependencies in multi-stage APT attack chains. The MSFPM module fuses local-global structural information via a gated feature selection mechanism, resolving dimensional inconsistency and enriching attack behavior representation. Extensive experiments on StreamSpot, Unicorn, and DARPA TC#3 datasets demonstrate superior performance, meeting detection requirements of large-scale NGCNs.	10.1109/TNSM.2026.3660650
Deemah H. Tashman, Soumaya Cherkaoui	Trustworthy AI-Driven Dynamic Hybrid RIS: Joint Optimization and Reward Poisoning-Resilient Control in Cognitive MISO Networks	2026	Early Access	Reconfigurable intelligent surfaces Reliability Optimization	Cognitive radio networks (CRNs) are a key mechanism for alleviating spectrum scarcity by enabling secondary users (SUs) to opportunistically access licensed frequency bands without harmful interference to primary users (PUs). To address unreliable direct SU links and energy constraints common in next-generation wireless networks, this work introduces an adaptive, energy-aware hybrid reconfigurable intelligent surface (RIS) for underlay multiple-input single-output (MISO) CRNs. Distinct from prior approaches relying on static RIS architectures, our proposed RIS dynamically alternates between passive and active operation modes in real time according to harvested energy availability. We also model our scenario under practical hardware impairments and cascaded fading channels. We formulate and solve a joint transmit beamforming and RIS phase optimization problem via the soft actor-critic (SAC) deep reinforcement learning (DRL) method, leveraging its robustness in continuous and highly dynamic environments. Notably, we conduct the first systematic study of reward poisoning attacks on DRL agents in RIS-enhanced CRNs, and propose a lightweight, real-time defense based on reward clipping and statistical anomaly filtering. Numerical results demonstrate that the SAC-based approach consistently outperforms established DRL base-lines, and that the dynamic hybrid RIS strikes a superior trade-off between throughput and energy consumption compared to fully passive and fully active alternatives. We further show the effectiveness of our defense in maintaining SU performance even under adversarial conditions. Our results advance the practical and secure deployment of RIS-assisted CRNs, and highlight crucial design insights for energy-constrained wireless systems.	10.1109/TNSM.2026.3660728
Abdinasir Hirsi, Mohammed A. Alhartomi, Lukman Audah, Mustafa Maad Hamdi, Adeb Salah, Godwin Okon Ansa, Salman Ahmed, Abdullahi Farah	Hybrid CNN-LSTM Model for DDoS Detection and Mitigation in Software-Defined Networks	2026	Early Access	Prevention and mitigation Denial-of-service attack Feature extraction	Software-Defined Networking (SDN) enhances programmability and control but remains highly vulnerable to distributed denial-of-service (DDoS) attacks. Existing solutions often adapt conventional methods without leveraging SDN’s native features or addressing real-time mitigation. This study introduces a novel hybrid deep learning framework for DDoS detection and mitigation in SDN, significantly advancing the state of the art. We develop a custom dataset in a Mininet–Ryu testbed that reflects realistic SDN traffic conditions, and employ a multistage feature selection pipeline to reduce redundancy and highlight the most discriminative flow attributes. A hybrid Convolutional Neural Network–Long Short-Term Memory (CNN-LSTM) model is then applied, capturing both spatial and temporal traffic patterns. The proposed system achieves 99.5% accuracy and a 97.7% F1-score, demonstrating a significant improvement over baseline ML and DL approaches. In addition, a lightweight and scalable mitigation module embedded in the SDN controller dynamically drops or reroutes malicious flows, enabling real-time, low-latency responsiveness. Experimental results across diverse topologies confirm the framework’s scalability and applicability in real-world SDN environments.	10.1109/TNSM.2026.3662819