TNSM Searchable Index

Author(s)	Title	Year	Publication	Keywords
Arash Heidari, Jamal N. Al-Karaki	NOVA: A Self-Supervised Graph Framework for Real-Time Anomaly Detection in Internet of Vehicles	2026	Early Access	Context Internet of Vehicles Modeling	The Internet of Vehicles (IoV) enables cooperative driving and real-time Vehicle-to-Everything (V2X) communication but remains vulnerable to behavioral and structural anomalies due to its dynamic, decentralized nature. Existing deep learning methods either overlook topological inconsistencies or ignore communication feature fidelity, while random-walk sampling introduces contextual noise. In this paper, we propose Network Observation for Vehicular Anomalies (NOVA), a self-supervised graph-based framework that detects both behavioral and structural anomalies in IoV networks without labeled data. NOVA models vehicular communications as attributed graphs and employs intimacy-guided subgraph sampling to extract meaningful neighborhoods. A Graph Convolutional Network (GCN)–based generative module reconstructs node attributes to reveal behavioral deviations, while a contrastive module validates structural coherence through embedding comparisons of real and perturbed contexts. Their hybrid anomaly score enables accurate, scalable, and real-time detection of compromised nodes. Performance results show that NOVA achieves state-of-the-art performance (98.7% accuracy, 98.1% F1), real-time throughput (~4.7k events/s at 5k msg/s), and strong robustness (AUROC 0.99, AUPRC 0.98, FAR 0.05) with near-linear scalability (≤40 ms latency for 50k vehicles). By integrating generative and contrastive self-supervised learning with context-aware sampling, NOVA significantly enhances IoV security, reliability, and adaptability.	10.1109/TNSM.2026.3696324
Xin Hu, Xiantao Jiang, F. Richard Yu, Victor C.M. Leung	Enhancing Adaptive Video Streaming through Bandwidth Prediction with Deep Reinforcement Learning	2026	Early Access	Algorithms Videos Bit rate	With the development of HTTP-based video streaming, Adaptive Bitrate (ABR) algorithms have become crucial for optimizing video quality. These algorithms dynamically select the bitrate of video chunks based on factors such as network throughput and playback buffer occupancy. However, the volatility of network throughput, conflicting Quality of Experience (QoE) objectives, and cascading effects in decision-making pose significant challenges for ABR algorithms to accurately determine bitrate selections, leading to substantial revenue losses for content providers. This paper proposes a bandwidth prediction-based ABR algorithm for video streaming, termed the BPA algorithm, which consists of two components: a Bandwidth Prediction Model (BPM) and a Bitrate Selection Model (BSM). The BPM leverages a Bidirectional Long Short-Term Memory (BiLSTM) network for bandwidth prediction, while the BSM adopts an Actor-Critic reinforcement learning framework. A reward function based on bandwidth prediction accuracy is proposed, and an end-to-end joint optimization loss function is designed to train the model for optimal video bitrate selection. Under various network conditions, the BPA algorithm outperforms existing baseline algorithms, achieving an improvement of nearly 31.9% compared to traditional heuristic methods and a 9% enhancement over other deep reinforcement learning-based approaches. The BPA algorithm demonstrates excellent performance in terms of bitrate smoothness and QoE.	10.1109/TNSM.2026.3696658
Kunpeng Zheng, Huibin Zhang, Yongli Zhao, Yuan Cao, Wei Wang, Xin Li, Zhuangzhuang Ma, Lihan Zhao, Jie Zhang	Sun-Outage-Aware Topology Modeling and Adaptive Routing for Optical Satellite Networks	2026	Early Access	Sun Interrupters Joining processes	Optical satellite networks, supported by optical inter-satellite links (OISLs), provide reliable and low-latency optical connectivity. However, periodic and predictable sun outage events significantly compromise OISL availability, leading to frequent OISL interruptions and reduced network reliability. Existing routing algorithms often overlook the regularity of sun outage-induced interrupts and their differentiated impacts on services, resulting in degraded service performance. To address this challenge, this paper proposes a sun outage-enhanced time discretization OISL model and introduces a sun outage link-aware routing (SOLR) algorithm. By incorporating joint awareness of sun outage patterns and service requirements, SOLR employs an adaptive optimization mechanism to dynamically adjust routing decisions within temporal windows. Experimental results demonstrate that SOLR extends stable path durations by 39.9%, reduces interruption rates by 28.5%, and decreases blocking rates by 36.4%, significantly outperforming link-state-based routing algorithms. By effectively mitigating the impact of sun outages, SOLR ensures continuous optical service connections. This interruption-tolerant framework bridges network modeling and service provisioning, offering a robust solution for mission-critical service in optical satellite networks.	10.1109/TNSM.2026.3697856
Jing Zhang, Chao Luo, Rui Shao	MTG-GAN: A Masked Temporal Graph Generative Adversarial Network for Cross-Domain System Log Anomaly Detection	2026	Early Access	Anomaly detection Adaptation models Generative adversarial networks	Anomaly detection of system logs is crucial for the service management of large-scale information systems. Nowadays, log anomaly detection faces two main challenges: 1) capturing evolving temporal dependencies between log events to adaptively tackle with emerging anomaly patterns, 2) and maintaining high detection capabilities across varies data distributions. Existing methods rely heavily on domain-specific data features, making it challenging to handle the heterogeneity and temporal dynamics of log data. This limitation restricts the deployment of anomaly detection systems in practical environments. In this article, a novel framework, Masked Temporal Graph Generative Adversarial Network (MTG-GAN), is proposed for both conventional and cross-domain log anomaly detection. The model enhances the detection capability for emerging abnormal patterns in system log data by introducing an adaptive masking mechanism that combines generative adversarial networks with graph contrastive learning. Additionally, MTG-GAN reduces dependency on specific data distribution and improves model generalization by using diffused graph adjacency information deriving from temporal relevance of event sequence, which can be conducive to improve cross-domain detection performance. Experimental results demonstrate that MTG-GAN outperforms existing methods on multiple real-world datasets in both conventional and cross-domain log anomaly detection.	10.1109/TNSM.2026.3654642
Emilio Paolini, Andrea Pinto, Luca Valcarenghi, Flavio Esposito	Programmable In-Network Aggregation for Communication-Aware Federated Learning in 5G RANs	2026	Early Access	Modeling Timing Training	Federated Learning (FL) enables collaborative model training without sharing raw data, making it attractive for privacy-preserving applications at the wireless edge. However, when executed over real 5G networks, FL performance degrades due to uplink congestion, heterogeneous client capabilities, and intermittent connectivity. Most existing approaches attempt to mitigate these issues indirectly by optimizing clients (through adaptive participation, local training, or selection strategies) or by optimizing models (via pruning, quantization, or compression), but they ignore potential network bottlenecks. This paper introduces FLAG, an FL architecture that embeds innetwork aggregation directly into 5G gNodeBs, transforming the network into an active participant in the learning process. In particular, FLAG performs parameter aggregation at line rate within the 5G Service Data Adaptation Protocol layer and incorporates three mechanisms: Partial-Contribution Correction for loss-tolerant averaging, a timer-driven pipeline for real-time scheduling, and a deadline-based grouping strategy to mitigate stragglers. Experiments with realistic wireless emulation show that FLAG achieves up to 5.1× faster time-to-accuracy and maintains accuracy within 0.8% of a loss-free baseline, while reducing gNB-to-server bandwidth by aggregating pergNB rather than per-client. FLAG requires no modifications to clients or the parameter server, demonstrating how 5G-aware system design can make federated learning scalable, efficient, and resilient under real-world wireless conditions.	10.1109/TNSM.2026.3697723
Ting Li, Lingxian Chen, Jing Wen, Yinlong Liu, Haiqiang Chen, Kai Yang	ASTFNet: An Adaptive Spatio-Temporal Fault Prediction Framework for Dynamic Edge Networks	2026	Early Access	Modeling Timing Topology	Edge computing plays a critical role in supporting low-latency IoT applications, yet the susceptibility of edge nodes to faults can disrupt services and degrade Quality of Service (QoS). Fault prediction offers a proactive solution by identifying potential failures through spatio-temporal feature learning from historical observations. However, existing spatio-temporal prediction models are typically designed for fixed network topologies with predefined input-output structures, which limits their effectiveness in dynamic edge networks where nodes are frequently added or removed. Adapting these models to topology variations often requires full retraining or architectural redesign, resulting in substantial computational overhead and limited real-time applicability. To overcome these limitations, this paper proposes ASTFNet, an adaptive spatio-temporal fault prediction framework for dynamic edge networks. The framework integrates a spatio-temporal fault prediction model that incorporates node identity embeddings to enable flexible representation learning under evolving topologies and an adaptive fine-tuning mechanism that detects topology changes and performs targeted model updates without full retraining. Experiments on real-world datasets demonstrate that ASTFNet significantly reduces retraining time while maintaining high prediction accuracy and achieves robust performance under dynamic node additions and removals.	10.1109/TNSM.2026.3698582
Mariusz Głąbowski, Sławomir Hanczewski, Damian Kmiecik, Maciej Stasiak, Joanna Weissenberg	Modeling of multi-service queueing systems with traffic overflow	2026	Early Access	Modeling Probability Servers	This article proposes an analytical model of a multi-service hierarchical system with multi-service overflow traffic. To model the primary and secondary resources of this system, the state-dependent queue service discipline was used. In order to model the secondary resources with the dedicated queue for overflow traffic, the Hayward’s approach was generalized and applied. To evaluate its accuracy, the results of analytical modeling were compared with the data obtained during the simulation experiments carried out in the study. Both the data presented in the article and the results obtained by the present authors in numerous comparative studies clearly indicate that the proposed model makes it possible to evaluate the values of the blocking probability with the accuracy that provides its reliable practical application at the stage of network dimensioning. The overflow mechanism has particular significance in networks with limited resources, such as mobile networks.	10.1109/TNSM.2026.3696894
Awaneesh Kumar Yadav, Ravi Kumar, An Braeken, Madhusanka Liyanage	A Provably Secure Multifactor Authentication and Key Exchange Protocol with Anonymity for Next-Generation IoT	2026	Early Access	Internet of Things Authentication Protocols	With the rapid surge in IoT devices, communication between the IoT devices and the server becomes more frequent. Since IoT devices are considered at the edge of the networks, their communication is completely exposed to the server, making them prone to several attacks. In addition to this, IoT devices have limited energy and computational resources. Therefore, there is an impelling necessity for an authentication mechanism suitable for security and taking into account the resource constraints. This paper shows that a recently proposed protocol by Daojing et al. is prone to serious attacks such as stolen device attacks, suffers from integrity violations, and does not offer perfect forward secrecy. We propose an alternative and more secure authentication mechanism for this type of model and also show that this protocol offers better performance with respect to the state-of-the-art. The proposed protocol achieves reductions of 75%, 40%, 36%, and 71% in computational, communication, storage, and energy consumption costs, respectively. Additionally, the protocol only has two communication phases. Furthermore, prototype implementation and simulation with the NS3 tool are carried out to show the applicability of the proposed work in real-time scenarios.	10.1109/TNSM.2026.3696671
Soonbeom Kwon, Yusu Noh, Youngwoo Jang, Illyoung Choi, Byungchul Tak, In-geol Chun, Young-Kyoon Suh	Scalable and Robust Resource Provisioning via Adaptive Task Scheduling for Edge Devices	2026	Early Access	Schedules Scheduling Cloning	Edge devices, such as wearables, drones, and CCTV systems, are vital for real-time data collection in urban intelligence. However, their limited computational and storage capacities pose significant challenges. While offloading to public clouds offers scalability, it often incurs high latency and operational costs. Conversely, centralizing workloads on edge servers may result in the underutilization of high-performance edge devices. To address these limitations, we introduce ERPF, a Kubernetes-based Edge Resource Provisioning Framework that augments the capabilities of heterogeneous edge environments. ERPF orchestrates dynamic volume provisioning, GPU-aware resource allocation, execution context migration, and adaptive task distribution to improve system flexibility and efficiency. Building on this, we propose a novel adaptive task scheduling technique, termed eATS, composed of three key mechanisms: (i) Partition Smoothing Scheme for stable task granularity control, (ii) Resilient Edge Reintegration for failure detection and task reassignment, and (iii) Competitive Task Cloning for speculative execution with fastest-result commitment. The proposed eATS scheme reduces task execution time by up to 27.6%, lowers partition size variability by 8.7×, and improves scheduling robustness across heterogeneous edge devices over the baseline.	10.1109/TNSM.2026.3694238
Ricardo Yaben, Emmanouil Vasilomanolakis	Digital ghost ships: abandoned, neglected, and obsolete IoT & OT devices exposed to the Internet	2026	Early Access	Internet Security Protocols	The rapid adoption of Internet of Things (IoT) and Operational Technology (OT) devices to control systems remotely has introduced significant cybersecurity challenges. Attackers have compromised millions of such devices over the years, exploiting their lack of management and weak cybersecurity. This paper examines cybersecurity issues of neglected, obsolete, and abandoned IoT and OT devices exposed to the Internet. To unify these issues under an umbrella term, we coined the term Digital Ghost Ships (DGSs). Our work focuses on identifying DGSs using common scanning tools to find indicators of security misconfigurations and misuse. Moreover, we compare two Internet-wide scans conducted two years apart, focusing on security issues in eight IoT and OT protocols: MQTT, CoAP, XMPP, Modbus, OPC UA, RTPS, DNP3, and BACnet. During our first scan (S1) we found 675,896 DGSs, and 75,007 during our second scan (S2). Lastly, we examine the IP reputation of the vulnerable devices and find that 7,424 (S1) and 792 (S2) DGSs were reported at least once.	10.1109/TNSM.2026.3699092
Huijuan Zhu, Chenhao Zheng, Zhongyuan Liu, Yuan Zhang	Reliable Interpretations of Deep Learning-based Malware Detectors via Deep Q-Networks	2026	Early Access	Malware Signal detection Modeling	Deep learning has become widely used in Android malware detection, but its black-box nature raises trust concerns, limiting its use in critical security areas. To address this, various interpretation methods have been proposed. Unfortunately, these solutions often suffer from inconsistent results and poor adaptability to model updates. In this work, we propose XDQNMal, a Deep Q-Networks (DQN)-based global interpretation framework designed to uncover the critical features that drive decisions in deep learning-based malware detectors. To enhance the reliability of interpretation, XDQNMal captures API call frequency features derived from the runtime behavior of each application (App). Then, it unites a DQN model with the TabPFN detection model to work collaboratively, using variations in detection results as reward signals. These signals guide the DQN model to gradually identify the most impactful features as interpretations for the detection model’s decisions. Our experimental evaluation on real-world datasets demonstrates that the proposed XDQNMal framework generates reliable interpretation for deep learning-based malware detection models. For instance, suppressing the critical features identified by XDQNMal leads to an average decrease of 20.30% in the probability that the malicious sample is predicted as malicious, highlighting the pivotal role these features play in the model’s decision-making.	10.1109/TNSM.2026.3699408
Wenyi Wang, Junchang Wang, Yu Hong, Lei Han, Xin He, Weibei Fan, Zixuan Guan, Xiaolong Zheng, Fu Xiao	LLT: Lossless Transmission using Local Recirculation for WANs	2026	Early Access	Fluid flow Wide area networks Data centers	As distributed applications increasingly span geographically distributed data centers, the demand for high-performance, long-distance transmission has been continuously growing. While intra-data-center networks have employed techniques like remote direct memory access (RDMA) to meet these design goals, extending these techniques toWANs presents unique challenges. WANs notably suffer from inherent packet losses due to buffer overflows in routers and switches, leading to decreased throughput and making distributed applications barely usable. This paper proposes Lossless Transmission (LLT), a novel buffer management scheme for enabling lossless WAN transport. LLT intelligently integrates on-chip switch buffers with an off-chip caching system to absorb traffic bursts that would otherwise cause packet loss. Its data plane logic uses a multi-level threshold system to selectively offload only critical flows during congestion. A closed-loop control protocol, managed by a stateful flow table, ensures these offloaded packets are later re-injected with guaranteed lossless and in-order delivery, effectively protecting latency-sensitive applications from retransmission overhead. We evaluate LLT using both ns-3 simulations and P4-programmable devices. The experimental results show that in typical use cases (RTT > 30ms), LLT improves link bandwidth utilization by 1.9% to 29.5% and reduces the P99 percentile tail latency by 17% to 66% in WANs compared to the state-of-the-art solutions. Overall, LLT provides a scalable, efficient, and reliable framework for long-distance data transmission, addressing critical challenges in WANs. Additionally, LLT eliminates the need for expensive WAN infrastructure modifications.	10.1109/TNSM.2026.3699483
Songtao Peng, Yiping Chen, Xincheng Shu, Wu Shuai, Shenhao Fang, Zhongyuan Ruan, Qi Xuan	MAD-MulW: A Multi-Window Anomaly Detection Framework for BGP Security Events	2026	Early Access	Modeling Windows Timing	In recent years, various international security events have occurred frequently and interacted between real society and cyberspace. Traditional traffic monitoring mainly focuses on the local anomalous status of events due to a large amount of data. BGP-based event monitoring makes it possible to perform differential analysis of international events. For many existing traffic anomaly detection methods, we have observed that the window-based noise reduction strategy effectively improves the success rate of time series anomaly detection. Motivated by this, we propose an unsupervised anomaly detection model, MAD-MulW, which introduces a multi-window serial framework. The W-GAT module adaptively updates sample weights within the window to reduce noise, while the W-LAE module captures temporal trends through predictive reconstruction, enhancing inter-class separation. Our model has been experimentally validated on multiple BGP anomalous events with an average F1 score of over 90%, which demonstrates the significant improvement effect of the stage windows and adaptive strategy on the efficiency and stability of the timing model. The source code is available at://github.com/2024ChenYP/MAD-MulW.	10.1109/TNSM.2026.3696319
Pablo Benlloch-Caballero, Pablo Salva-Garcia, Qi Wang, Jose M. Alcaraz-Calero	COREX: Framework for distributed digital twins of 5G/6G network topologies and automated experiment executions	2026	Early Access	5G mobile communication Emulation Timing	The rapid evolution of Beyond 5G (B5G) and 6G networks demands advanced research frameworks that enable the emulation and digital twinning of complex network topologies, the automation of experiments, and the investigation of cybersecurity challenges. This paper introduces CORE eXecutor (COREX), a novel automation framework designed to orchestrate the setup of emulated 5G/6G network topologies, execute predefined use cases and cyber ranges, and facilitate cybersecurity experiments. COREX interacts with key autonomous network domains —Access, Edge, Transport, and Core—while supporting multi-tenancy, user mobility, and end-to-end resource management. The experimental evaluation demonstrates the framework efficiency and scalability. Results show that execution time increases with the number of User Equipment (UE), ranging from 699 to 1191 seconds, due to the setup stage, where the orchestrator provides the network topology across multiple physical machines. Bandwidth tests indicate that the framework maintains expected performance at lower loads (128 Mbps) with up to 99.9% bandwidth efficiency at the Edge segment. The framework’s ability to automate experiment execution has been validated through a self-protection loop cybersecurity use case, demonstrating its capability to detect, plan, and mitigate cybersecurity threats in 5G / 6G networks. COREX presents a significant advancement in network emulation, providing researchers with a powerful tool to explore 5G and 6G cybersecurity, optimise network performance, and refine autonomous network principles.	10.1109/TNSM.2026.3699692
Wenying Wang, Mohammad S. Obaidat, Xuxun Liu, Kuei-Fang Hsiao	Node-Differentiated Resource Allocation for Media Access Control in Wireless Body Area Networks	2026	Early Access	Timing Resource management Media Access Control	Medium access control (MAC) is crucial for resource allocation in wireless body area networks (WBANs). However, existing MAC protocols often suffer from transmission conflicts and inefficient channel utilization. To address these issues, this paper proposes a Node-Differentiated Resource Scheduling (NDRS) MAC protocol, which dynamically allocates access resources based on node-specific requirements. This protocol employs a superframe structure consisting of a contention-based phase and a contention-free phase for data transmission. A Mamdani fuzzy inference system is utilized to calculate continuous node priorities. These priorities achieve fine-grained differentiation of node importance and thus serve as the foundation for transmission conflict minimization. During the contention-based phase, continuous and differentiated backoff times are assigned to nodes based on their priorities. These backoff times effectively reduce transmission collisions and enhance channel utilization. In the contention-free phase, time slots are preferentially allocated to nodes with higher priority, better channel utilization, and greater transmission reliability. This allocation thereby enhances channel usage efficiency and reduce transmission delays. This protocol is characterized by three key features: precise node prioritization, low transmission collisions, and high channel utilization. Extensive experimental results demonstrate that NDRS outperforms existing protocols in terms of average delay, throughput, packet loss ratio, and average energy consumption.	10.1109/TNSM.2026.3700262
Haoyu Luo, Ming Liu, Shaojian Qiu, Xiao Liu	FaaSAdapter: An Adaptive Resource Configuration Framework for Serverless Workflows at the Edge	2026	Early Access	Optimization Resource management Modeling	Serverless computing has emerged as a promising deployment paradigm for edge scenarios, owing to its efficient resource utilization and flexible provisioning enabled by Function-as-a-Service (FaaS). In Serverless environment, developers are required to configure resources for functions to balance cost efficiency and performance. However, determining appropriate resource allocations for the functions running at the edge is a challenge due to the dynamic nature of the environment. This challenge is further compounded when managing serverless workflows composed of multiple interconnected functions with complex dependencies. To address such an challenge, we present FaaSAdapter, an efficient runtime resource configuration framework for workflow functions, aiming at conserving computational resources at the edge while ensuring timely response to user requests. Different from existing dynamic resource configuration methods that incrementally determine resource schemes for only the immediate subsequent workflow function, FaaSAdapter predicts the execution times of all the unexecuted functions across various resource configurations and determines an optimal configuration schema for the function instances based on the current execution progress. Then, it updates the configuration schema as needed during runtime. Comprehensive experiments demonstrate that FaaSAdapter ensures satisfactory response time of user requests with lowest resource consumption.	10.1109/TNSM.2026.3695591
Yifan Dong, Jinyong Chang, Kaijing Ling, Siqi Wu	Blockchain-Assisted Integrity Auditing Scheme with Key-Exposure Resistance in Cloud Storage Setting	2026	Early Access		A cloud audit scheme is a security mechanism that helps cloud users detect whether their data stored on cloud servers is integral. The issue of key exposure is a serious security threat to cloud audit scheme. The reason lies in that once the user’s authentication key is exposed, most existing audit schemes will become insecure. Meanwhile, existing implementation schemes often introduce third-party auditor (TPA) to assist users in performing audit tasks, and even to update user’s key against key-exposure attacks. However, it is well-known that TPA’s core function is to perform audit tasks and it is not entirely trustworthy. The key update operation based on TPA is not realistic in practical applications. In this article, we propose an identity-based cloud auditing scheme, which resists key-exposure attack by regularly issuing new secret keys to users by the key generation center. The identity-based property guarantees that user’s public identity is unchanged. Moreover, in order to prevent TPA from obtaining users’ stored data content through the audit process, an audit mechanism based on the smart contracts of Blockchain will also be given. In addition, introducing a “two-dimensional” partitioning mechanism on data file can greatly reduce the burden of tag generation. Finally, security and performance analyses will be conducted on the proposed scheme. The results show that our scheme has good properties in terms of key-exposure resilience and privacy-protection on stored data, and also has good performance advantages in the implementation process.	10.1109/TNSM.2026.3700880
Ke Yu, Xiaofeng Tao, Shen Wang, Chaojie Guo	Game-Theoretic Defense of SYN Flood Attacks in B5G Cloud-Edge-Terminal Networks	2026	Early Access		The emergence of beyond-fifth-generation (B5G) networks and the increasing demand for Internet of Things (IoT) requires deploying a cloud-edge-terminal computing network with the Software Defined Network as the controller. However, this network is vulnerable to various threats, notably SYN flood attacks. This paper adopts queuing theory and game theory to explore Mobile Edge Computing (MEC) attack and defense interaction in different IoT businesses. Moreover, we propose a utility model of the packet flow in MEC networks featuring the delay and packet loss rate in the SYN flood attacks. For the attacker and defender’s strategy, we use game theory to model the interaction between strategy and resource allocation. A search algorithm analyzing MEC cell impact on strategy selection is developed, and we investigate the impact of the attacker’s possession of prior knowledge versus lack thereof regarding MEC cell characteristics under SYN flood attacks. The proposed game models are solved, and the results show that under the defender’s strategy, the attacker has no chance to launch SYN flood attacks under the defender’s defense cost of four times MEC computing resources; the cost of defense resources is lower than other related schemes.	10.1109/TNSM.2026.3695918
Deemah H. Tashman, Soumaya Cherkaoui	Trustworthy AI-Driven Dynamic Hybrid RIS: Joint Optimization and Reward Poisoning-Resilient Control in Cognitive MISO Networks	2026	Early Access	Reconfigurable intelligent surfaces Reliability Optimization	Cognitive radio networks (CRNs) are a key mechanism for alleviating spectrum scarcity by enabling secondary users (SUs) to opportunistically access licensed frequency bands without harmful interference to primary users (PUs). To address unreliable direct SU links and energy constraints common in next-generation wireless networks, this work introduces an adaptive, energy-aware hybrid reconfigurable intelligent surface (RIS) for underlay multiple-input single-output (MISO) CRNs. Distinct from prior approaches relying on static RIS architectures, our proposed RIS dynamically alternates between passive and active operation modes in real time according to harvested energy availability. We also model our scenario under practical hardware impairments and cascaded fading channels. We formulate and solve a joint transmit beamforming and RIS phase optimization problem via the soft actor-critic (SAC) deep reinforcement learning (DRL) method, leveraging its robustness in continuous and highly dynamic environments. Notably, we conduct the first systematic study of reward poisoning attacks on DRL agents in RIS-enhanced CRNs, and propose a lightweight, real-time defense based on reward clipping and statistical anomaly filtering. Numerical results demonstrate that the SAC-based approach consistently outperforms established DRL base-lines, and that the dynamic hybrid RIS strikes a superior trade-off between throughput and energy consumption compared to fully passive and fully active alternatives. We further show the effectiveness of our defense in maintaining SU performance even under adversarial conditions. Our results advance the practical and secure deployment of RIS-assisted CRNs, and highlight crucial design insights for energy-constrained wireless systems.	10.1109/TNSM.2026.3660728
Awaneesh Kumar Yadav, Madhusanka Liyanage, An Braeken	An Improved and Provably Secure EDHOC Protocol Supporting the Extended Canetti–Krawczyk (eCK) Security Model	2026	Vol. 23, Issue	Aerospace and electronic systems Telemetry Central Processing Unit	Transport Layer Security (TLS) is considered to be the most used standard security protocol for the Internet of Things (IoT). However, as TLS was originally designed for computer networks, it is not optimal with respect to efficiency. Therefore, a new protocol called Object Security for Constrained RESTful Environments (OSCORE) has been standardized for securing constrained devices. Currently, the Ephemeral Diffie Hellman Over COSE (EDHOC) protocol, which is a key exchange protocol to define a session key used in OSCORE, is also in the process of being standardized. This paper shows that the four authentication modes of the EDHOC protocol are vulnerable in the extended Canetti–Krawczyk (eCK) security model, which is a common security model used in IoT. In addition, also resistance to Distributed Denial of Service (DDoS) attacks is weak. Taking this into account, we propose two new variants of EDHOC. The first variant, EDHOC2, is able to overcome both issues but has a slightly higher cost for communication, computation, storage, and energy consumption. The second variant, EDHOC3, offers only additional protection in the eCK security model and has, on average, similar, even better performance in one authentication mode, compared to EDHOC. Additionally, the Real-Or-Random (ROR) logic and Scyther validation tool are employed to ensure the security of the designed variants. Furthermore, a prototype implementation is conducted to demonstrate the real-time deployment of the designed versions.	10.1109/TNSM.2026.3690530