TNSM Searchable Index

Author(s)	Title	Year	Publication	Keywords
Shihab Hasan, Tarek Sheltami, Ashraf Mahmoud	From Detection to Policy: Calibrated and Explainable Closed-Loop DDoS Management in 5G/B5G Networks	2026	Early Access	5G mobile communication Modeling Signal detection	Closed-loop Distributed Denial-of-Service (DDoS) mitigation in Fifth Generation (5G) networks must balance attack blocking with operational safety by minimizing collateral damage to benign users. Network operators using the Network Data Analytics Function (NWDAF) face a dilemma: existing Machine Learning (ML)-based security solutions provide binary classifications but lack a mechanism to translate model outputs into quantifiable, proportional, and automated mitigation actions. This paper proposes a two-stage management framework that maps network analytics to graduated mitigation decisions using a risk-calibrated decision gate and severity-based policy thresholds. First, Isotonic Regression calibrates model outputs and triggers mitigation only for high-confidence detections, reducing false-positive harm. Second, for admitted threats, the Dynamic Mitigation Severity Score (DMSS) quantifies severity by aggregating normalized Shapley Additive exPlanations (SHAP) contributions of key 5G features. Thresholds optimized to minimize benign terminations select one of three actions: Terminate, Throttle, or Monitor. Experiments on a public 5G DDoS testbed show that, unlike deep learning baselines prone to severe collateral damage, the framework maintains high threat coverage while nearly eliminating benign terminations. Calibration further reduces Expected Calibration Error (ECE) and improves probability reliability. The DMSS ranks volumetric floods as the most severe attacks, and sensitivity analysis shows stable policy thresholds across operating points. The resulting 3rd Generation Partnership Project (3GPP)-aligned framework supports closed-loop mitigation and explicit control of the trade-off between security coverage and operational safety in 5G/Beyond 5G (B5G) networks.	10.1109/TNSM.2026.3701638
Ke Yu, Xiaofeng Tao, Shen Wang, Chaojie Guo	Game-Theoretic Defense of SYN Flood Attacks in B5G Cloud-Edge-Terminal Networks	2026	Early Access		The emergence of beyond-fifth-generation (B5G) networks and the increasing demand for Internet of Things (IoT) requires deploying a cloud-edge-terminal computing network with the Software Defined Network as the controller. However, this network is vulnerable to various threats, notably SYN flood attacks. This paper adopts queuing theory and game theory to explore Mobile Edge Computing (MEC) attack and defense interaction in different IoT businesses. Moreover, we propose a utility model of the packet flow in MEC networks featuring the delay and packet loss rate in the SYN flood attacks. For the attacker and defender’s strategy, we use game theory to model the interaction between strategy and resource allocation. A search algorithm analyzing MEC cell impact on strategy selection is developed, and we investigate the impact of the attacker’s possession of prior knowledge versus lack thereof regarding MEC cell characteristics under SYN flood attacks. The proposed game models are solved, and the results show that under the defender’s strategy, the attacker has no chance to launch SYN flood attacks under the defender’s defense cost of four times MEC computing resources; the cost of defense resources is lower than other related schemes.	10.1109/TNSM.2026.3695918
Yifan Dong, Jinyong Chang, Kaijing Ling, Siqi Wu	Blockchain-Assisted Integrity Auditing Scheme with Key-Exposure Resistance in Cloud Storage Setting	2026	Early Access		A cloud audit scheme is a security mechanism that helps cloud users detect whether their data stored on cloud servers is integral. The issue of key exposure is a serious security threat to cloud audit scheme. The reason lies in that once the user’s authentication key is exposed, most existing audit schemes will become insecure. Meanwhile, existing implementation schemes often introduce third-party auditor (TPA) to assist users in performing audit tasks, and even to update user’s key against key-exposure attacks. However, it is well-known that TPA’s core function is to perform audit tasks and it is not entirely trustworthy. The key update operation based on TPA is not realistic in practical applications. In this article, we propose an identity-based cloud auditing scheme, which resists key-exposure attack by regularly issuing new secret keys to users by the key generation center. The identity-based property guarantees that user’s public identity is unchanged. Moreover, in order to prevent TPA from obtaining users’ stored data content through the audit process, an audit mechanism based on the smart contracts of Blockchain will also be given. In addition, introducing a “two-dimensional” partitioning mechanism on data file can greatly reduce the burden of tag generation. Finally, security and performance analyses will be conducted on the proposed scheme. The results show that our scheme has good properties in terms of key-exposure resilience and privacy-protection on stored data, and also has good performance advantages in the implementation process.	10.1109/TNSM.2026.3700880
Brijesh Kotaria, Anand Prakash Rawal, Om Jee Pandey, Prasenjit Chanak	Gain-Based Ant Colony Optimization–Driven Data Routing Mechanism for IoT-Enabled Sensor Networks	2026	Early Access		A Wireless Sensor Network (WSN) is a major component of any Internet of Things (IoT)-based system. In WSNs, a Mobile Sink (MS) collects sensed data from deployed sensor nodes by visiting Rendezvous Points (RPs) in an energy-efficient manner. The presence of mobile obstacles in WSNs significantly reduces network performance by increasing data transmission delay and degrading overall operation. This paper proposes an Energy-Efficient Intelligent Obstacle Avoidance Data Routing Scheme (EEIOADRS) for IoT-enabled WSNs. It effectively identifies and avoids mobile obstructions with minimal message passing and low delay. A heuristic-based Minimum Spanning Tree algorithm is used to find an optimal path among all Grid Cell Heads (GCHs) for MS-based data gathering. Furthermore, Gain-Based Dynamic Ant Colony Optimization is used to construct an optimal mobile obstacle-free path for MS-based data collection. It significantly reduces data transmission delay and enhances overall network performance. Extensive simulations demonstrate that the proposed scheme significantly improves network performance. The proposed approach improves network lifetime by 50.84% relative to OMCSO, 42.34% relative to CSOBUG, and 39.83% relative to OASPP. Additionally, simulation results indicate that the proposed scheme enhances network throughput by 47.15% compared to OMCSO, 36.69% compared to CSOBUG, and 33.76% compared to OASPP.	10.1109/TNSM.2026.3702432
Mohamad Khattar Awad, Marwa Kandil Mohammed, Eiman Mohammed Alotaibi	A Knowledge Transfer-enabled Reinforcement Learning-based Approach for Services Routing in Software-defined Networks	2026	Early Access		The increasing demand for energy-aware, yet service-assured networking has expanded the importance of Software-Defined Networks (SDN), where it emerged as a promising paradigm to improve the flexibility of communication networks by separating the network control plane from the data plane. However, achieving energy-efficient routing while guaranteeing Quality of Service (QoS) remains a challenging task for effective network management, as traditional algorithms fail to adapt to dynamic traffic demands. This paper introduces the Double critics with Priority Replay Buffer DDPG agent-based Routing framework (DP-DRRouting), an energy-efficient and QoS-aware routing architecture for SDN. Unlike existing Reinforcement Learning (RL)-based solutions that suffer from scalability limitations, unstable learning behavior, and slow convergence, particularly in dynamic environments. The proposed architecture core is a Double-Critic with Priority Replay Buffer Deep Deterministic Policy Gradient (DP-DDPG) agent that reduces reward overestimation and enhances stability. To further enhance adaptability, we integrate a direct-policy transfer learning mechanism that enables the agent to fine-tune its knowledge under topology changes without retraining from scratch. DP-DRRouting operates on path-level decisions, optimizing simultaneously for delay, packet loss ratio, throughput, and energy efficiency. The results show that DP-DRRouting achieves up to 12% energy efficiency and 50% throughput improvement compared to Open Shortest Path First (OSPF), while adapting to link failures with 40% throughput gains. These improvements confirm that the proposed framework provides a stable and adaptive routing solution that achieves near-optimal performance under varying traffic loads and topology changes.	10.1109/TNSM.2026.3702330
Ehsan Etezadi, Farhad Arpanaei, Carlos Natalino, Erik Agrell, Paolo Monti, Marija Furdek	Fragmentation- and QoT-Aware RBMSA with Spectrum Defragmentation in Dynamic Multi-Band Elastic Optical Networks	2026	Early Access		Multi-band elastic optical networks (MB-EONs) transmit information in multiple bands to increase the available capacity. However, they suffer from quality of transmission (QoT) degradation caused by the inter-channel stimulated Raman scattering effect, which requires addressing through tailored resource assignment. Additionally, dynamically arriving and departing optical service requests generate spectrum fragmentation (SF), where spectrum resources become scattered into non-continuous chunks and aggravate service blocking ratio (SBR) even when the total available bandwidth is sufficient. To jointly address these challenges, we propose an SF- and QoT-aware algorithm for routing, band, modulation format, and spectrum assignment (RBMSA), along with proactive spectrum defragmentation (SD), referred to as SFQA-defrag. The algorithm considers SF metrics and QoT levels of available channels across multiple candidate paths to ensure that the QoT requirements are met while minimizing the SF. The SD process proactively reorganizes spectrum allocation to reduce fragmentation by consolidating the spectrum gaps, which leads to lower blocking of future requests. The SFQA-defrag algorithm is evaluated against benchmark algorithms that independently consider either QoT or SF in three reference backbone topologies. The results demonstrate that SFQA-defrag significantly reduces the SBR and SF compared to benchmarks, albeit with a slight increase in the average path length.	10.1109/TNSM.2026.3702377
Zhiyuan Ren, Xinke Jian, Wenchi Cheng, Kun Yang	The Landscape of Fairness: An Axiomatic and Predictive Framework for Network QoE Sensitivity	2026	Early Access		Evaluating network-wide fairness is challenging because it is not a static property but one highly sensitive to Service Level Agreement (SLA) parameters. This paper introduces a complete analytical framework to transform fairness evaluation from a single-point measurement into a proactive engineering discipline centered on a predictable sensitivity landscape. Our framework is built upon a QoE-Imbalance metric whose form is not an ad-hoc choice, but is uniquely determined by a set of fundamental axioms of fairness, ensuring its theoretical soundness. To navigate the fairness landscape across the full spectrum of service demands, we first derive a closed-form covariance rule. This rule provides an interpretable, local compass, expressing the fairness gradient as the covariance between a path’s information-theoretic importance and its parameter sensitivity. We then construct phase diagrams to map the global landscape, revealing critical topological features such as robust “stable belts” and high-risk “dangerous wedges”. Finally, an analysis of the landscape’s curvature yields actionable, topology-aware design rules, including an optimal “Threshold-First” tuning strategy. Ultimately, our framework provides the tools to map, interpret, and navigate the landscape of system sensitivity, enabling the design of more robust and resilient networks.	10.1109/TNSM.2026.3702766
Deemah H. Tashman, Soumaya Cherkaoui	Trustworthy AI-Driven Dynamic Hybrid RIS: Joint Optimization and Reward Poisoning-Resilient Control in Cognitive MISO Networks	2026	Early Access	Reconfigurable intelligent surfaces Reliability Optimization	Cognitive radio networks (CRNs) are a key mechanism for alleviating spectrum scarcity by enabling secondary users (SUs) to opportunistically access licensed frequency bands without harmful interference to primary users (PUs). To address unreliable direct SU links and energy constraints common in next-generation wireless networks, this work introduces an adaptive, energy-aware hybrid reconfigurable intelligent surface (RIS) for underlay multiple-input single-output (MISO) CRNs. Distinct from prior approaches relying on static RIS architectures, our proposed RIS dynamically alternates between passive and active operation modes in real time according to harvested energy availability. We also model our scenario under practical hardware impairments and cascaded fading channels. We formulate and solve a joint transmit beamforming and RIS phase optimization problem via the soft actor-critic (SAC) deep reinforcement learning (DRL) method, leveraging its robustness in continuous and highly dynamic environments. Notably, we conduct the first systematic study of reward poisoning attacks on DRL agents in RIS-enhanced CRNs, and propose a lightweight, real-time defense based on reward clipping and statistical anomaly filtering. Numerical results demonstrate that the SAC-based approach consistently outperforms established DRL base-lines, and that the dynamic hybrid RIS strikes a superior trade-off between throughput and energy consumption compared to fully passive and fully active alternatives. We further show the effectiveness of our defense in maintaining SU performance even under adversarial conditions. Our results advance the practical and secure deployment of RIS-assisted CRNs, and highlight crucial design insights for energy-constrained wireless systems.	10.1109/TNSM.2026.3660728
Arash Heidari, Jamal N. Al-Karaki	NOVA: A Self-Supervised Graph Framework for Real-Time Anomaly Detection in Internet of Vehicles	2026	Early Access	Context Internet of Vehicles Modeling	The Internet of Vehicles (IoV) enables cooperative driving and real-time Vehicle-to-Everything (V2X) communication but remains vulnerable to behavioral and structural anomalies due to its dynamic, decentralized nature. Existing deep learning methods either overlook topological inconsistencies or ignore communication feature fidelity, while random-walk sampling introduces contextual noise. In this paper, we propose Network Observation for Vehicular Anomalies (NOVA), a self-supervised graph-based framework that detects both behavioral and structural anomalies in IoV networks without labeled data. NOVA models vehicular communications as attributed graphs and employs intimacy-guided subgraph sampling to extract meaningful neighborhoods. A Graph Convolutional Network (GCN)–based generative module reconstructs node attributes to reveal behavioral deviations, while a contrastive module validates structural coherence through embedding comparisons of real and perturbed contexts. Their hybrid anomaly score enables accurate, scalable, and real-time detection of compromised nodes. Performance results show that NOVA achieves state-of-the-art performance (98.7% accuracy, 98.1% F1), real-time throughput (~4.7k events/s at 5k msg/s), and strong robustness (AUROC 0.99, AUPRC 0.98, FAR 0.05) with near-linear scalability (≤40 ms latency for 50k vehicles). By integrating generative and contrastive self-supervised learning with context-aware sampling, NOVA significantly enhances IoV security, reliability, and adaptability.	10.1109/TNSM.2026.3696324
Sandushan Ranaweera, Ying He, Beeshanga Jayawickrama, Xu Wang, Ren Ping Liu, Wei Ni	NetMOS: Topology-Aware VoIP MOS Prediction via Attention–Recurrent GNNs	2026	Early Access	Modeling Graph neural networks Internet telephony	The Mean Opinion Score (MOS) is a standard metric for assessing the Quality of Experience (QoE) in Voice over IP (VoIP) applications. Accurate prediction of how network conditions influence MOS is critical for network planning, operation, and optimization. This requires modeling traffic flows with application-level granularity, which significantly increases both the dimensionality and structural complexity of the learning task. The ability to achieve efficient, robust, and generalizable data-driven learning in the presence of such complexity depends critically on the careful design of model architectures. This paper presents NetMOS, a Graph Neural Network (GNN) architecture specifically crafted to model IP networks and predict VoIP MOS scores. NetMOS models IP networks as heterogeneous graphs and designs a two-stage Message Passing Neural Network (MPNN) to capture both permutation invariant and sequential dependencies in traffic flow and network interactions. It uses a Gated Recurrent Unit (GRU) layer to model the ordered influence of links along a traffic path and introduces a customized attention layer with Sigmoid activations to model the cumulative effects of multiple flows on the links. Simulations demonstrate that NetMOS consistently outperforms conventional GNN-based baselines across diverse network topologies in Mean Absolute Error (MAE), R² score, Pearson correlation, and Spearman correlation. NetMOS generalizes effectively beyond the training topology, maintaining high prediction accuracy on unseen network topologies and varying network activity durations without retraining. NetMOS also provides MOS predictions 44×–170× faster than packet-level simulations.	10.1109/TNSM.2026.3701762
Masoumeh Safkhani, Mohammad Reza Servati, Fatemeh Rezaei	HEIoT: A Novel Three-Factor Authentication Protocol for Enhanced Security in IoT and Next-Generation Networks	2026	Early Access	Authentication Internet of Things Protocols	The Internet has a significant impact on contemporary society, enabling a wide range of applications, including advanced cellular networks such as 4G, 5G, and 6G. Since these communications occur over shared or open channels, ensuring secure data exchange is of critical importance, as any weakness in the communication infrastructure may compromise system reliability. Device authentication in the Internet of Things (IoT) and user authentication in smart environments, such as smart homes, remain fundamental security challenges. As the first line of defense, authentication mechanisms must be robust, since vulnerabilities at this stage can expose the entire system to serious threats. To address these challenges, numerous authentication schemes based on cryptographic primitives, including Elliptic Curve Cryptography (ECC), have been proposed. In this paper, we present a comprehensive security analysis of an ECC-based three-factor authentication protocol proposed by Yuan et al. Our analysis shows that the protocol is vulnerable to desynchronization, user impersonation, traceability, and insider attacks, all of which succeed with probability 1 by exploiting at most two protocol phases. To mitigate these weaknesses, we propose an improved authentication scheme, called HEIoT. The proposed scheme is formally analyzed under the Real-or-Random (RoR) model to establish session-key security and is further verified using the Scyther tool. Moreover, a Python-based implementation is provided to demonstrate the practicality of the proposed protocol. Comparative results indicate that HEIoT achieves stronger security while maintaining acceptable communication, computational, and storage overhead.	10.1109/TNSM.2026.3702041
Maad Ebrahim, Abdelhakim Hafid	Fully Distributed Fog Load Balancing with Multi-Agent Reinforcement Learning	2026	Early Access		Distributed fog computing environments demand efficient resource management to support real-time Internet of Things (IoT) applications. This paper proposes a fully distributed load-balancing framework based on multi-agent reinforcement learning (MARL), where independent agents learn to manage heterogeneous fog resources without centralized control or inter-agent coordination. The agents jointly optimize a global objective that minimizes workload waiting delay (reduces overall fog queue accumulation) while ensuring fair resource utilization. We evaluated agents’ dynamic adaptation to unpredictable load bursts through transfer learning in simulated fog environments with heterogeneous, unbalanced, and geographically distributed fog nodes. Compared to centralized RL, learning localized policies within smaller collaboration regions allows our distributed agents to achieve superior performance (up to 70.1% reduction in average waiting delay), reduces state-action space, accelerates convergence (6× faster), and scales efficiently as the network grows. In addition, we analyze the impact of realistic interval-based state observation (using a protocol like Gossip) to evaluate the trade-off between performance and practical deployment constraints. Compared to the unrealistic assumption of real-time state availability before every decision, a Gossip interval of 3 seconds in our simulations reduces the state observation overhead by a factor of 9.5×, ensuring the solution is viable for real-world deployment.	10.1109/TNSM.2026.3702570
Xinxiu Liu, Peng Yu, Honglin Fang, Wenjing Li, Long Qu, Dingshi Liao, Shaoyong Guo, Xuesong Qiu, Zhaowei Qu, Song Guo	Diffusion-Based Preemptive Service Migration for Proactive Fault-Tolerant in 6G Edge Networks	2026	Early Access	Modeling Optimization Timing	The evolution of 6G networks introduces heterogeneous services with stringent computing and latency demands. However, constrained edge resources, intricate task dependencies, and dynamic network fluctuations intensify resource contention, increasing the risk of node faults and service interruption. Current fault-tolerant methodologies lack the necessary adaptability to handle the coupled complexity of task interdependencies and volatile resource states, leading to sub-optimal decisions or excessive system overhead. To address these challenges, this paper innovatively proposes TransDiffuse—an intelligent preemptive service migration framework for 6G edge networks. First, the framework employs a Transformer-GAT hybrid model to capture long-range temporal load dynamics and spatial topological constraints, enabling accurate failure prediction. Second, to navigate the trade-off between migration overhead and service robustness, we devise a diffusion-based decision module. This module efficiently explores the discrete combinatorial solution space to synthesize near-optimal service orchestration. Furthermore, a comprehensive evaluation system is constructed to validate the effectiveness of TransDiffuse. Experiments demonstrate that TransDiffuse reduces energy consumption by 32.4%, decreases task completion time by 25.6%, and improves resource balance by 18.7%, while keeping service violations below 5%. This work achieves joint optimization of energy, delay, and resource efficiency, offering a robust solution for resilient service orchestration in 6G edge networks.	10.1109/TNSM.2026.3701457
Vu Khanh Quy, Abdellah Chehri, Suayb S. Arslan, Nguyen Thi Thanh Hue, Chu Thi Minh Hue	Adaptive Fog–Cloud Resource Optimization Framework for Consumer Healthcare IoT Systems	2026	Early Access	Internet of Things Medical services Clouds	The development of the healthcare industry is closely tied to the history of human development. The integration of sensing, communication, computing, and control technologies, along with cloud-based solutions, enables the realization of the Internet of Things concept and forms a series of Internet of Healthcare Things (IoHT) applications. However, providing realtime health services is one of the most important challenges for IoHT systems. To address this issue, a fog computing architecture (FC) is proposed as an additional computing layer to support the cloud computing layer, aiming to reduce service response time, computing costs, and energy consumption. In this study, we conduct a comprehensive evaluation to optimize resource allocation for hospitals under the constraints of scale and patient volume, as well as SLA thresholds. Then, we provide recommendations to optimize investment costs for computing infrastructure supporting real-time health services. Finally, we discuss challenges and open issues.	10.1109/TNSM.2026.3701581
Wenying Wang, Mohammad S. Obaidat, Xuxun Liu, Kuei-Fang Hsiao	Node-Differentiated Resource Allocation for Media Access Control in Wireless Body Area Networks	2026	Early Access	Timing Resource management Media Access Control	Medium access control (MAC) is crucial for resource allocation in wireless body area networks (WBANs). However, existing MAC protocols often suffer from transmission conflicts and inefficient channel utilization. To address these issues, this paper proposes a Node-Differentiated Resource Scheduling (NDRS) MAC protocol, which dynamically allocates access resources based on node-specific requirements. This protocol employs a superframe structure consisting of a contention-based phase and a contention-free phase for data transmission. A Mamdani fuzzy inference system is utilized to calculate continuous node priorities. These priorities achieve fine-grained differentiation of node importance and thus serve as the foundation for transmission conflict minimization. During the contention-based phase, continuous and differentiated backoff times are assigned to nodes based on their priorities. These backoff times effectively reduce transmission collisions and enhance channel utilization. In the contention-free phase, time slots are preferentially allocated to nodes with higher priority, better channel utilization, and greater transmission reliability. This allocation thereby enhances channel usage efficiency and reduce transmission delays. This protocol is characterized by three key features: precise node prioritization, low transmission collisions, and high channel utilization. Extensive experimental results demonstrate that NDRS outperforms existing protocols in terms of average delay, throughput, packet loss ratio, and average energy consumption.	10.1109/TNSM.2026.3700262
Pablo Benlloch-Caballero, Pablo Salva-Garcia, Qi Wang, Jose M. Alcaraz-Calero	COREX: Framework for distributed digital twins of 5G/6G network topologies and automated experiment executions	2026	Early Access	5G mobile communication Emulation Timing	The rapid evolution of Beyond 5G (B5G) and 6G networks demands advanced research frameworks that enable the emulation and digital twinning of complex network topologies, the automation of experiments, and the investigation of cybersecurity challenges. This paper introduces CORE eXecutor (COREX), a novel automation framework designed to orchestrate the setup of emulated 5G/6G network topologies, execute predefined use cases and cyber ranges, and facilitate cybersecurity experiments. COREX interacts with key autonomous network domains —Access, Edge, Transport, and Core—while supporting multi-tenancy, user mobility, and end-to-end resource management. The experimental evaluation demonstrates the framework efficiency and scalability. Results show that execution time increases with the number of User Equipment (UE), ranging from 699 to 1191 seconds, due to the setup stage, where the orchestrator provides the network topology across multiple physical machines. Bandwidth tests indicate that the framework maintains expected performance at lower loads (128 Mbps) with up to 99.9% bandwidth efficiency at the Edge segment. The framework’s ability to automate experiment execution has been validated through a self-protection loop cybersecurity use case, demonstrating its capability to detect, plan, and mitigate cybersecurity threats in 5G / 6G networks. COREX presents a significant advancement in network emulation, providing researchers with a powerful tool to explore 5G and 6G cybersecurity, optimise network performance, and refine autonomous network principles.	10.1109/TNSM.2026.3699692
Songtao Peng, Yiping Chen, Xincheng Shu, Wu Shuai, Shenhao Fang, Zhongyuan Ruan, Qi Xuan	MAD-MulW: A Multi-Window Anomaly Detection Framework for BGP Security Events	2026	Early Access	Modeling Windows Timing	In recent years, various international security events have occurred frequently and interacted between real society and cyberspace. Traditional traffic monitoring mainly focuses on the local anomalous status of events due to a large amount of data. BGP-based event monitoring makes it possible to perform differential analysis of international events. For many existing traffic anomaly detection methods, we have observed that the window-based noise reduction strategy effectively improves the success rate of time series anomaly detection. Motivated by this, we propose an unsupervised anomaly detection model, MAD-MulW, which introduces a multi-window serial framework. The W-GAT module adaptively updates sample weights within the window to reduce noise, while the W-LAE module captures temporal trends through predictive reconstruction, enhancing inter-class separation. Our model has been experimentally validated on multiple BGP anomalous events with an average F1 score of over 90%, which demonstrates the significant improvement effect of the stage windows and adaptive strategy on the efficiency and stability of the timing model. The source code is available at://github.com/2024ChenYP/MAD-MulW.	10.1109/TNSM.2026.3696319
Wenyi Wang, Junchang Wang, Yu Hong, Lei Han, Xin He, Weibei Fan, Zixuan Guan, Xiaolong Zheng, Fu Xiao	LLT: Lossless Transmission using Local Recirculation for WANs	2026	Early Access	Fluid flow Wide area networks Data centers	As distributed applications increasingly span geographically distributed data centers, the demand for high-performance, long-distance transmission has been continuously growing. While intra-data-center networks have employed techniques like remote direct memory access (RDMA) to meet these design goals, extending these techniques toWANs presents unique challenges. WANs notably suffer from inherent packet losses due to buffer overflows in routers and switches, leading to decreased throughput and making distributed applications barely usable. This paper proposes Lossless Transmission (LLT), a novel buffer management scheme for enabling lossless WAN transport. LLT intelligently integrates on-chip switch buffers with an off-chip caching system to absorb traffic bursts that would otherwise cause packet loss. Its data plane logic uses a multi-level threshold system to selectively offload only critical flows during congestion. A closed-loop control protocol, managed by a stateful flow table, ensures these offloaded packets are later re-injected with guaranteed lossless and in-order delivery, effectively protecting latency-sensitive applications from retransmission overhead. We evaluate LLT using both ns-3 simulations and P4-programmable devices. The experimental results show that in typical use cases (RTT > 30ms), LLT improves link bandwidth utilization by 1.9% to 29.5% and reduces the P99 percentile tail latency by 17% to 66% in WANs compared to the state-of-the-art solutions. Overall, LLT provides a scalable, efficient, and reliable framework for long-distance data transmission, addressing critical challenges in WANs. Additionally, LLT eliminates the need for expensive WAN infrastructure modifications.	10.1109/TNSM.2026.3699483
Huijuan Zhu, Chenhao Zheng, Zhongyuan Liu, Yuan Zhang	Reliable Interpretations of Deep Learning-based Malware Detectors via Deep Q-Networks	2026	Early Access	Malware Signal detection Modeling	Deep learning has become widely used in Android malware detection, but its black-box nature raises trust concerns, limiting its use in critical security areas. To address this, various interpretation methods have been proposed. Unfortunately, these solutions often suffer from inconsistent results and poor adaptability to model updates. In this work, we propose XDQNMal, a Deep Q-Networks (DQN)-based global interpretation framework designed to uncover the critical features that drive decisions in deep learning-based malware detectors. To enhance the reliability of interpretation, XDQNMal captures API call frequency features derived from the runtime behavior of each application (App). Then, it unites a DQN model with the TabPFN detection model to work collaboratively, using variations in detection results as reward signals. These signals guide the DQN model to gradually identify the most impactful features as interpretations for the detection model’s decisions. Our experimental evaluation on real-world datasets demonstrates that the proposed XDQNMal framework generates reliable interpretation for deep learning-based malware detection models. For instance, suppressing the critical features identified by XDQNMal leads to an average decrease of 20.30% in the probability that the malicious sample is predicted as malicious, highlighting the pivotal role these features play in the model’s decision-making.	10.1109/TNSM.2026.3699408
Soonbeom Kwon, Yusu Noh, Youngwoo Jang, Illyoung Choi, Byungchul Tak, In-geol Chun, Young-Kyoon Suh	Scalable and Robust Resource Provisioning via Adaptive Task Scheduling for Edge Devices	2026	Early Access	Schedules Scheduling Cloning	Edge devices, such as wearables, drones, and CCTV systems, are vital for real-time data collection in urban intelligence. However, their limited computational and storage capacities pose significant challenges. While offloading to public clouds offers scalability, it often incurs high latency and operational costs. Conversely, centralizing workloads on edge servers may result in the underutilization of high-performance edge devices. To address these limitations, we introduce ERPF, a Kubernetes-based Edge Resource Provisioning Framework that augments the capabilities of heterogeneous edge environments. ERPF orchestrates dynamic volume provisioning, GPU-aware resource allocation, execution context migration, and adaptive task distribution to improve system flexibility and efficiency. Building on this, we propose a novel adaptive task scheduling technique, termed eATS, composed of three key mechanisms: (i) Partition Smoothing Scheme for stable task granularity control, (ii) Resilient Edge Reintegration for failure detection and task reassignment, and (iii) Competitive Task Cloning for speculative execution with fastest-result commitment. The proposed eATS scheme reduces task execution time by up to 27.6%, lowers partition size variability by 8.7×, and improves scheduling robustness across heterogeneous edge devices over the baseline.	10.1109/TNSM.2026.3694238