Last updated: 2026-07-10 05:01 UTC
All documents
Number of pages: 168
| Author(s) | Title | Year | Publication | Keywords | ||
|---|---|---|---|---|---|---|
| Domenico Tortola, Mauro Orrù, Paolo Mori, Laura Ricci | E-CUBE: A Cross-Chain Erasmus+ Management System | 2026 | Early Access | Educational institutions Protocols Management Blockchains Timing Gases Costing Costs Consortia Finance Blockchain Layer 2 Cross-chain Cosmos Erasmus+ | This paper presents E-CUBE (Erasmus+ through Cosmos Unified Blockchain Environment), a decentralized application for managing the student mobility in the context of the Erasmus+ program using blockchain technology and crosschain solutions. Built on the Cosmos framework and its Inter- Blockchain Communication protocol, E-CUBE enables seamless interoperability between independent blockchain networks operated by national university consortia for Erasmus+ program management. Each university consortium runs its own customized blockchain, reflecting country-specific regulations, while a shared hub chain facilitates secure and verifiable cross-chain exchanges. The system supports and automates critical Erasmus+ processes, such as student registration, Erasmus+ application submission, Learning Agreement management, and credit transfer— in order to reduce manual workload and ensure consistency across institutions. E-CUBE’s architecture also supports dynamic operations like extending or ending a mobility period early, with all data synchronized across chains via cross-chain exchanges. A working prototype was developed and deployed in a distributed environment, obtained by deploying a total of 10 nodes across the entire European territory, in order to simulate realistic cross-border mobility scenarios. Experimental evaluations show that the system maintains low latency, and incurs minimal gas fees per operation, confirming its technical feasibility and efficiency for real-world deployment in higher education. | 10.1109/TNSM.2026.3710003 |
| Masoumeh Safkhani, Mohammad Reza Servati, Fatemeh Rezaei | HEIoT: A Novel Three-Factor Authentication Protocol for Enhanced Security in IoT and Next-Generation Networks | 2026 | Early Access | Authentication Internet of Things Protocols Security Smart devices Elliptic curve cryptography Modeling Error correction codes Biometrics Costing of Yuan et al.’s Protocol Authentication Multi-factor authentication Desynchronization attack Insider adversary Traceability attack User impersonation attack Elliptic Curve Cryptography (ECC) | The Internet has a significant impact on contemporary society, enabling a wide range of applications, including advanced cellular networks such as 4G, 5G, and 6G. Since these communications occur over shared or open channels, ensuring secure data exchange is of critical importance, as any weakness in the communication infrastructure may compromise system reliability. Device authentication in the Internet of Things (IoT) and user authentication in smart environments, such as smart homes, remain fundamental security challenges. As the first line of defense, authentication mechanisms must be robust, since vulnerabilities at this stage can expose the entire system to serious threats. To address these challenges, numerous authentication schemes based on cryptographic primitives, including Elliptic Curve Cryptography (ECC), have been proposed. In this paper, we present a comprehensive security analysis of an ECC-based three-factor authentication protocol proposed by Yuan et al. Our analysis shows that the protocol is vulnerable to desynchronization, user impersonation, traceability, and insider attacks, all of which succeed with probability 1 by exploiting at most two protocol phases. To mitigate these weaknesses, we propose an improved authentication scheme, called HEIoT. The proposed scheme is formally analyzed under the Real-or-Random (RoR) model to establish session-key security and is further verified using the Scyther tool. Moreover, a Python-based implementation is provided to demonstrate the practicality of the proposed protocol. Comparative results indicate that HEIoT achieves stronger security while maintaining acceptable communication, computational, and storage overhead. | 10.1109/TNSM.2026.3702041 |
| Jing Zhang, Chao Luo, Rui Shao | MTG-GAN: A Masked Temporal Graph Generative Adversarial Network for Cross-Domain System Log Anomaly Detection | 2026 | Early Access | Anomaly detection Adaptation models Generative adversarial networks Feature extraction Data models Load modeling Accuracy Robustness Contrastive learning Chaos Log Anomaly Detection Generative Adversarial Networks (GANs) Temporal Data Analysis | Anomaly detection of system logs is crucial for the service management of large-scale information systems. Nowadays, log anomaly detection faces two main challenges: 1) capturing evolving temporal dependencies between log events to adaptively tackle with emerging anomaly patterns, 2) and maintaining high detection capabilities across varies data distributions. Existing methods rely heavily on domain-specific data features, making it challenging to handle the heterogeneity and temporal dynamics of log data. This limitation restricts the deployment of anomaly detection systems in practical environments. In this article, a novel framework, Masked Temporal Graph Generative Adversarial Network (MTG-GAN), is proposed for both conventional and cross-domain log anomaly detection. The model enhances the detection capability for emerging abnormal patterns in system log data by introducing an adaptive masking mechanism that combines generative adversarial networks with graph contrastive learning. Additionally, MTG-GAN reduces dependency on specific data distribution and improves model generalization by using diffused graph adjacency information deriving from temporal relevance of event sequence, which can be conducive to improve cross-domain detection performance. Experimental results demonstrate that MTG-GAN outperforms existing methods on multiple real-world datasets in both conventional and cross-domain log anomaly detection. | 10.1109/TNSM.2026.3654642 |
| Deemah H. Tashman, Soumaya Cherkaoui | Trustworthy AI-Driven Dynamic Hybrid RIS: Joint Optimization and Reward Poisoning-Resilient Control in Cognitive MISO Networks | 2026 | Early Access | Reconfigurable intelligent surfaces Reliability Optimization Security MISO Array signal processing Vectors Satellites Reflection Interference Beamforming cascaded channels cognitive radio networks deep reinforcement learning dynamic hybrid reconfigurable intelligent surfaces energy harvesting poisoning attacks | Cognitive radio networks (CRNs) are a key mechanism for alleviating spectrum scarcity by enabling secondary users (SUs) to opportunistically access licensed frequency bands without harmful interference to primary users (PUs). To address unreliable direct SU links and energy constraints common in next-generation wireless networks, this work introduces an adaptive, energy-aware hybrid reconfigurable intelligent surface (RIS) for underlay multiple-input single-output (MISO) CRNs. Distinct from prior approaches relying on static RIS architectures, our proposed RIS dynamically alternates between passive and active operation modes in real time according to harvested energy availability. We also model our scenario under practical hardware impairments and cascaded fading channels. We formulate and solve a joint transmit beamforming and RIS phase optimization problem via the soft actor-critic (SAC) deep reinforcement learning (DRL) method, leveraging its robustness in continuous and highly dynamic environments. Notably, we conduct the first systematic study of reward poisoning attacks on DRL agents in RIS-enhanced CRNs, and propose a lightweight, real-time defense based on reward clipping and statistical anomaly filtering. Numerical results demonstrate that the SAC-based approach consistently outperforms established DRL base-lines, and that the dynamic hybrid RIS strikes a superior trade-off between throughput and energy consumption compared to fully passive and fully active alternatives. We further show the effectiveness of our defense in maintaining SU performance even under adversarial conditions. Our results advance the practical and secure deployment of RIS-assisted CRNs, and highlight crucial design insights for energy-constrained wireless systems. | 10.1109/TNSM.2026.3660728 |
| Jeffrey Redondo, Nauman Aslam, Juan Zhang, Zhenhui Yuan | Optimising QoS in HD Map Updates: Cross-Layer Multi-Agent with Multi-task and Mixed-Dependence (MTMD) | 2026 | Early Access | Optimization Timing High definition video Quality of service Media Access Control Information rates Throughput Vehicles Modeling Videos Edge computing HD map hierarchical learning latency multi-agent offloading reinforcement learning | High-definition (HD) maps generated from autonomous vehicle (AV) sensor data are essential for enabling high levels of driving automation. However, offloading large volumes of raw sensory data to edge servers in dense vehicular ad hoc networks (VANETs) introduces significant latency due to network congestion and packet collisions. Existing solutions primarily focus on dynamically adjusting the minimum contention window (CWmin), while additional MAC-layer parameters — including the maximum contention window (CWmax) and interframe space number (IFSn) — remain largely underexplored. To address this, we propose a cross-layer multi-agent reinforcement learning (MARL) framework that jointly optimises CWmin–CWmax, IFSn, and transmission waiting time within IEEE 802.11p-compliant bounds. The proposed multi-task mixed-dependence (MTMD) framework decomposes the optimisation problem into specialised subtasks handled by selectively coupled agents, balancing coordination and scalability while avoiding the overhead of fully symmetric MARL or centralised hierarchical controllers. A lightweight orchestration layer coordinates agent interaction with the simulation environment via secure message exchange. Evaluated against standard EDCA and representative RL baselines, MTMD achieves latency reductions of 31%, 49%, 87.3%, and 64% for Voice, Video, HD Map, and Best-Effort traffic, respectively, confirming the effectiveness of structured multi-parameter optimisation for latency-critical vehicular applications. | 10.1109/TNSM.2026.3705270 |
| Behrooz Farkiani, Fan Liu, Ke Yang, John DeHart, Jyoti Parwatikar, Patrick Crowley | Hermes: A General-Purpose Proxy-Enabled Networking Architecture | 2026 | Early Access | Tunneling HTTP Joining processes Planing IP networks Internet TCP Architecture Computer architecture Servers Overlay Networking Proxy HTTP Architecture Tunneling Service Delivery MASQUE NDN Envoy | We introduce Hermes, a general-purpose networking architecture that aims to improve service delivery over the Internet. Hermes delegates networking responsibilities from applications and services to proxies and is designed as a portable, adaptable solution to four fundamental challenges of efficient service delivery over the Internet: end-to-end traffic management, backward compatibility, data-plane security and privacy models, and adaptable communication layers. The design centers on an overlay of reconfigurable proxies and HTTP tunneling and proxying techniques, utilizing assisting components to extend proxy functionality when needed. Through prototyping and emulation, we demonstrate that Hermes improves key performance metrics across multiple use cases: it provides backward compatibility through protocol translation and tunneling, improves reliability by delegating retry logic to proxies, enables unified policy-based Layer 3 routing across network segments, and serves as an efficient substrate for future architectures like NDN, facilitating their operation over the Internet. Beyond evaluating Hermes across various use cases, we measured the overhead of Hermes’ HTTP tunneling and proxying mechanisms and found it to be modest, typically under 2 ms per proxy pair traversal in an isolated collocated setup. Although the HTTP proxying and tunneling techniques used by Hermes increase single-connection processing overhead, we also show that, with up to 1,000 concurrent requests, proxies can amortize connection setup time and reduce end-to-end latency by utilizing connection pooling and multiplexing. | 10.1109/TNSM.2026.3705327 |
| Shuang Zheng, Xing Zhang, Michael Sheng, Haixu Wang, Wenbo Wang | Beam Hopping Low Earth Orbit Satellite Resource Allocation for Differentiated Services and Robustness Analysis under Model Attacks | 2026 | Early Access | Beams Satellites Resource management Modeling Optimization Schedules Scheduling Low earth orbit satellites Algorithms Bridges LEO satellite communications deep reinforcement learning digital twin resource allocation adversarial attack | Beam hopping (BH)-enabled Low Earth Orbit (LEO) satellites play a pivotal role in next-generation communication networks, providing global coverage, improving spectrum efficiency, and supporting flexible adaptation to heterogeneous service demands. To fully exploit these capabilities, artificial intelligence (AI) techniques are increasingly employed for dynamic resource allocation and power management. However, limited onboard resources and potential adversarial perturbations pose challenges to both efficiency and robustness. To address these issues, we leverage digital twin technology to accurately capture the spatio-temporal dynamics of user–satellite visibility, providing precise state information for decision-making. Building on this, we formulate a joint optimization framework for BH scheduling and power allocation as a Markov Decision Process and propose the BRIDGE—BH with Reinforcement learning incorporating Integrated Dirichlet and Gumbel-TopK Exploration—which integrates a quality of service (QoS)-driven subchannel scheduling mechanism to ensure efficient and differentiated resource allocation. The model’s robustness is systematically evaluated under three classical adversarial attacks. Simulation results demonstrate that our approach achieves superior energy efficiency, service throughput, and fairness, while the robustness analysis shows stable performance under the considered bounded adversarial perturbations. | 10.1109/TNSM.2026.3710750 |
| Yahuza Bello, Ahmed Refaey, Ping Yang | Secure Multi-Timescale Orchestration for Zero-Trust Cross-Datacenter Networks | 2026 | Early Access | Authentication Optimization Resource management Modeling Costing Costs Timing Data centers Learning (artificial intelligence) Security Zero trust architecture hierarchical deep reinforcement learning cross-datacenter networks multi-timescale optimization resource management | The widespread deployment of geographically distributed Data Centers (DCs) has intensified the need for scalable and secure access control mechanisms across Cross-Datacenter Networks (CDNs). Zero Trust Architecture (ZTA) addresses this need by enforcing continuous authentication and authorization through Policy Decision Points (PDPs); however, determining where to deploy PDPs and how to dynamically assign authentication requests in the CDNs remains a challenging and NP-hard problem. This challenge arises from the tight coupling between long-term placement decisions and short-term, stochastic authentication workloads. In this paper, we formulate a joint PDP placement and authentication assignment problem for zero-trust-enabled CDNs that minimizes deployment cost, authentication assignment cost, bandwidth consumption, and the number of active PDP instances under resource constraints. To efficiently solve the problem, we propose a Hybrid Hierarchical Deep Reinforcement Learning (HHDRL) framework that decomposes decision-making across multiple time scales. A high-level Double Deep Q-Network (DDQN) agent learns long-term PDP placement policies, while multiple low-level Asynchronous Advantage Actor–Critic (A3C) agents perform real-time authentication assignment within each DC. Extensive simulations demonstrate that the proposed DDQN–A3C framework converges reliably and consistently outperforms benchmark schemes, including DDQN–A2C, a single-agent DDQN approach, and a greedy baseline, achieving lower overall system cost and improved scalability with modest computational overhead. | 10.1109/TNSM.2026.3707392 |
| Soonbeom Kwon, Yusu Noh, Youngwoo Jang, Illyoung Choi, Byungchul Tak, In-geol Chun, Young-Kyoon Suh | Scalable and Robust Resource Provisioning via Adaptive Task Scheduling for Edge Devices | 2026 | Early Access | Schedules Scheduling Cloning Timing Educational institutions Computers Transcoding Videos Tail Edge computing Edge devices Edge server Resource augmentation Task distribution Kubernetes | Edge devices, such as wearables, drones, and CCTV systems, are vital for real-time data collection in urban intelligence. However, their limited computational and storage capacities pose significant challenges. While offloading to public clouds offers scalability, it often incurs high latency and operational costs. Conversely, centralizing workloads on edge servers may result in the underutilization of high-performance edge devices. To address these limitations, we introduce ERPF, a Kubernetes-based Edge Resource Provisioning Framework that augments the capabilities of heterogeneous edge environments. ERPF orchestrates dynamic volume provisioning, GPU-aware resource allocation, execution context migration, and adaptive task distribution to improve system flexibility and efficiency. Building on this, we propose a novel adaptive task scheduling technique, termed eATS, composed of three key mechanisms: (i) Partition Smoothing Scheme for stable task granularity control, (ii) Resilient Edge Reintegration for failure detection and task reassignment, and (iii) Competitive Task Cloning for speculative execution with fastest-result commitment. The proposed eATS scheme reduces task execution time by up to 27.6%, lowers partition size variability by 8.7×, and improves scheduling robustness across heterogeneous edge devices over the baseline. | 10.1109/TNSM.2026.3694238 |
| Zhizhou He, Mohammad Shojafar, Rahim Tafazolli | Service-oriented Attention HAPPO for xApps Coordination in Digital Twin Enabled AI-RAN | 2026 | Early Access | Modeling Open RAN Training Learning (artificial intelligence) Quality of service Digital twins Seeds (agriculture) Beams Delays Joining processes Open RAN xApps coordination digital twin multi-agent reinforcement learning attention | Coordinating multiple heterogeneous xApps in Open Radio Access Networks (O-RAN) is challenging because real-time inter-xApp synchronization introduces communication overhead, latency, and scalability bottlenecks under live deployments. This paper proposes an attention-based Heterogeneous-Agent Proximal Policy Optimization (HAPPO) framework that coordinates four heterogeneous xApps—power control, resource-block allocation, access control, and beam selection—through a Digital Twin (DT)-enabled training pipeline. The framework combines (i) hybrid actor heads supporting mixed continuous/discrete actions, (ii) task-aware self-attention for implicit coordination without predefined communication graphs, and (iii) DT-based asynchronous experience collection with delay modelling, online correction, and safe rollback. We further validate that the learned attention aligns with the physical coupling between xApps (Pearson ρ = 0.78±0.04), establishing an interpretable link between the policy and underlying network dependencies. On a VIAVI O-RAN RIC emulator across 10 random seeds, the proposed scheme attains a 91.2% aggregate QoS score and 1.05 ms inference latency, improves per-slice SLA satisfaction by up to 6.4% over strong MARL baselines (FACMAC, MAPPO, CommNet), and reaches the 80%-of-final performance level 1.49× faster than the attention-free counter-part. Improvements are statistically significant (p < 0.05, paired two-sided Welch t-tests with Holm–Bonferroni correction across baselines; under fluctuating UE demands and diverse service-level requirements). | 10.1109/TNSM.2026.3710685 |
| Yongqiang Dong, Jiangnan Sun, Jiawen Li, Yongbo Liu | Learning to Configure Like Engineers: Manual Guided Network Configuration Sketch Generation | 2026 | Early Access | Modeling Syntactics Large language models Manuals Retrieval augmented generation Optimization Generators Grounding Design methodology Joining processes Network Configuration Automation Intent-Based Networking Large Language Models Retrieval-Augmented Generation | Network configuration automation is a key component of intelligent network operations aiming to transform user intents into executable device configurations. Most existing approaches take a paradigm of parameter filling within predefined sketches, where the sketches have to be crafted manually by engineers and user intents are expressed in a specific format. Other studies follow a routine of synthesizing configurations directly from natural-language intents, taking advantage of large language models (LLMs) and retrieval augmented generation techniques. The results are yet far from satisfactory in practice due to the complexity of the network configuration requirements. A recently proposed example-driven configuration synthesis method (CEGS), attempts to learn from configuration examples provided by vendors. However, its effectiveness is bounded by example coverage, and the method struggles to generalize to new scenarios. To address this, we present LCLE, an end-to-end sketch generation framework that learns how to configure networks from device configuration guides and command references, much as human engineers do. Specifically, LCLE automatically generates configuration sketches from natural-language intents by LLMs with a structured device configuration model (DCM) extracted from vendor manuals. The DCM organizes configuration workflows, command syntax, and view hierarchies into a unified knowledge base that supports LCLE’s retrieval-augmented generation through a three-stage pipeline of intent parsing, sketch generation, and sketch optimization. Extensive experiments on Huawei and Cisco devices show that LCLE significantly improves the semantic completeness and syntactic correctness of the generated configuration sketches. In addition, the framework can be easily extended to new devices and protocols through DCM updates, promising a scalable solution for automated network configuration. | 10.1109/TNSM.2026.3710600 |
| Zihan Jia, Chen Chen, Alia Asheralieva, Lin Guan, Ziren Xiao | HAN: Adaptive DRL-based Congestion Control via Model Uncertainty | 2026 | Early Access | Modeling Algorithms Uncertainty Learning (artificial intelligence) Information rates Throughput Training Delays Bandwidth Design methodology Congestion Control Deep Reinforcement Learning Transport Protocols | Congestion control (CC) algorithms are commonly categorized as rule-based, learning-based, and hybrid approaches. Rule-based methods such as Cubic and BBR provide predictable behavior and low overhead, but they often adapt poorly to dynamic or previously unseen network conditions. Deep reinforcement learning (DRL)-based CC algorithms can improve adaptability and average performance, yet they still suffer from limited generalization, unsafe exploration, instability, and long-tail latency in unfamiliar environments. Hybrid designs attempt to combine the strengths of both families by guiding DRL agents with expert policies. However, training-time expert guidance can restrict exploration, impose a performance ceiling, and, in some designs, unintentionally reward fallback-triggering actions. We propose HAN (Hybrid with Adaptive Uncertainty-based Navigation), a hybrid CC framework that switches between a learned DRL policy and a traditional CC algorithm according to model uncertainty at inference time. Rather than constraining the learning process with expert rules, HAN estimates the confidence of DRL decisions and selectively defers to a traditional CC algorithm when uncertainty is high. This uncertainty-aware mechanism preserves the adaptability of DRL while improving stability and robustness across diverse network scenarios. We compare HAN with state-of-the-art CC algorithms under varying bandwidth, buffer size, random loss, and heterogeneous network environments. Empirical results show that HAN achieves up to 83% higher throughput and reduces average latency by 36% compared with existing CC methods. These findings highlight the potential of uncertainty-aware decision-making for future CC algorithm design. | 10.1109/TNSM.2026.3711195 |
| David Kule Mukuhi, Leo Mendiboure, Rami Langar, Rodrigue Fargeon, Sylvain Cherrier, Marion Berbineau, Pierre-Yves Petton | Application-aware Slicing for FRMCS: A Deep Reinforcement Learning Approach | 2026 | Early Access | The Future Railway Mobile Communication System (FRMCS) will replace GSM-R to support safety-critical and high-throughput applications over a limited 5–10 MHz spectrum. Railway services range from ultra-reliable train control, such as European Train Control System and Automatic Train Operation, to bandwidth-intensive video surveillance and best-effort passenger Wi-Fi, each with distinct requirements. Existing network slicing solutions designed for public 5G networks focus on aggregate slice-level guarantees, neglecting heterogeneous application requirements and the strong channel fluctuations induced by high-speed train mobility. To overcome this limitation, we propose in this paper an Application-Driven Slice Scheduling (ADSS) approach tailored for railway communications. ADSS leverages Deep Reinforcement Learning combined with channel-aware resource allocation to dynamically assign Resource Blocks, ensuring application-level Service Level Agreement (SLA) fulfillment. Evaluations on real Signal-to-Noise Ratio traces from trains traveling at speeds up to 350 km/h, demonstrate that ADSS achieves superior application-level SLA satisfaction, reduces violation gaps, and improves spectral efficiency compared to heuristic and state-of-the-art schedulers. | 10.1109/TNSM.2026.3710830 | |
| Lion Steger, Liming Kuang, Johannes Zirngibl, Georg Carle, Oliver Gasser | Still on Target? An Evaluation of IPv6 Target Generation Algorithms | 2026 | Early Access | Internet measurements are a crucial foundation of IPv6-related research. Due to the infeasibility of full address space scans for IPv6 however, those measurements rely on collections of reliably responsive, unbiased addresses, as provided e.g., by the IPv6 Hitlist service. Although used for various use cases, the hitlist provides an unfiltered list of responsive addresses, the hosts behind which can come from a range of different networks and devices, such as web servers, customer-premises equipment (CPE) devices, and Internet infrastructure. In this paper, we demonstrate the importance of tailoring hitlists in accordance with the research goal in question. By using PeeringDB we classify hitlist addresses into six different network categories, uncovering that 42% of hitlist addresses are in ISP networks. Moreover, we show the different behavior of those addresses depending on their respective category, e.g., ISP addresses exhibiting a relatively low lifetime. Furthermore, we analyze different Target Generation Algorithms (TGAs), which are used to increase the coverage of IPv6 measurements by generating new responsive targets for scans. We use seed sets, e.g., based on the categorized Hitlist. We evaluate the performance of TGAs under various conditions and find generated addresses to show vastly differing responsiveness levels for different TGAs. Furthermore, we evaluate of algorithm run times and differences between multiple TGA runs. | 10.1109/TNSM.2026.3705935 | |
| Madhura Adeppady, Yenchia Yu, Ali Rahmanian, Ahmed Ali-Eldin Hassan, Carla Fabiana Chiasserini | Efficient Management of Composite Heterogeneous Applications at the Network Edge | 2026 | Early Access | Central Processing Unit Servers Resource management Costing Costs Modeling Joining processes Timing Memory Measurement Mobile edge computing Stateless and stateful microservices Application deployment and migration Service management | Edge computing is a promising paradigm for deploying latency-sensitive applications (Apps) as it brings resources closer to end users. Edge Apps often adopt a microservice (MS) architecture, breaking monolithic Apps into lightweight, containerized MSs that can be dynamically and independently deployed. However, managing such Apps involves three key challenges: (i) optimizing the placement of MSs to reduce both response time and resource overhead, (ii) handling MS migration or relocation as users move while minimizing App service disruption (App downtime), and (iii) enabling MS sharing across Apps while ensuring performance guarantees. We formulate this as an optimization problem, named Multi-microservice Application Placement (MAP), prove its NP-hardness, and introduce STEP (State and Topology-aware Edge-MS Placement), a polynomial-time heuristic. STEP distinguishes itself from prior work by: (i) jointly considering stateful and stateless MS characteristics in deployment decisions, (ii) exploiting MS shareability to reduce resource usage, (iii) balancing response latency, App downtime, and resource utilization, and (iv) leveraging multiple versions of the same MS to adapt quality of service to available edge resources. Our results in a small-scale scenario show that STEP achieves near-optimal performance with only 7% higher CPU cost than the optimal solution. Large-scale real-time experiments on a Kubernetes cluster demonstrate that STEP consistently outperforms competing methods, achieving up to 50% lower deployment costs while delivering 50% gain in app quality and saving 15% in radio resources with over 90% request success rates. | 10.1109/TNSM.2026.3709656 |
| Florian Wiedner, Alexander Daichendt, Jonas Andre, Georg Carle | Utilizing Hardware-Supported Containers for Low-Latency Networking | 2026 | Early Access | Applications requiring low-latency packet processing are challenging for today’s network and service management when resources are limited and must be shared. Containers are suitable, but achieving connectivity between containers exclusively in software is unsuitable for low-latency requirements. The impact of network latencies in containerized environments has received comparatively less attention, particularly in comparison to research on virtual machines. This paper analyzes throughput and network latencies in container-based networks on a single host featuring single-root input/output virtualization, Linux Containers, and commercial off-the-shelf hardware. We conduct measurements using a state-of-the-art measurement methodology to identify tail-latency behavior, achieving a resolution of 1.25 μs. We evaluate a single flow in a line topology with up to 64 containers and a complex topology with 38 flows and 12 container nodes. The experiments demonstrate that pinning interrupt request handlers to non-uniform memory access nodes increases throughput and decreases latencies. Furthermore, we identify data translation lookaside buffer misses, rescheduling interrupts, and soft interrupt floods as critical challenges causing spikes in latencies while isolation remains impossible. Our findings identify bottlenecks for real-time container applications. A comparison with VM measurements shows that containers can achieve latencies up to 60 μs lower. We support in this paper, network and service management in deciding on the underlying virtualization technology for packet-processing applications by providing recommendations accordingly. | 10.1109/TNSM.2026.3711934 | |
| Liang Chen, Xiaoding Wang, Limei Lin, Yanze Huang, Siwei Zheng | Defense in Depth: Architectural Homology for Adversarially Robust Semantic Communication | 2026 | Early Access | Semantic communication framework based on deep encoder–decoder architectures are increasingly vulnerable to adversarial attacks, wherein imperceptible input perturbations can induce significant misclassifications, posing critical risks to next-generation communication networks. To address this challenge, we introduce TopAliSC-KG, a holistic robust learning framework designed to fortify semantic communication against adversarial threats through a multi-layered defense strategy. Our approach integrates two complementary mechanisms: a homology graph-aligned adversarial training module that embeds topological constraints into the model optimization process to promote structural invariance, and a knowledge-guided semantic consistency module that utilizes auxiliary models to inject stable, high-level semantic information into the training loop. Together, these components establish a defense-in-depth architecture that enhances resilience across data, feature, and model levels. Extensive evaluations across diverse channel conditions, signal-to-noise ratios, and adversarial attack scenarios show that TopAliSC-KG consistently improves adversarial accuracy by 0.32%–3.39%, with the knowledge guidance mechanism contributing a further 0.11%–0.21% gain. This work provides a validated, multi-framework defense strategy suitable for securing semantic communication in mission-critical applications, advancing both the security and reliability of intelligent communication systems. | 10.1109/TNSM.2026.3705940 | |
| Shi-Xin Huang, Te-Chuan Chiu, Jing-Chih Lin, Cheng-Hsuan Kuo | EdgeCookie: A Mitigation Solution Against Threatening TCP DDoS Attack in Edge Cloud | 2026 | Early Access | Servers Switches TCP Floods Filtering Filters Architecture Computer architecture Security Kernel SYN Flood DRDoS Edge Computing Security | With the explosive growth of GenAI service requirements, the demand for digital infrastructure and cloud resources continues to increase. At the same time, distributed denial-of-service (DDoS) attacks – particularly TCP-based vectors such as SYN flood and emerging TCP distributed reflective denial-of-service (DRDoS) – have surged, posing a significant threat to service availability. Current mitigation strategies often fall short in effectively countering both attack types. Although the proliferation of edge computing offers opportunities to deploy mitigation closer to attack sources, it also introduces synchronization challenges across distributed edge servers. In this paper, we propose EdgeCookie, an edge-centric TCP flood attack mitigation architecture. EdgeCookie can mitigate TCP SYN floods, ACK floods, and emerging TCP reflection amplification attacks. Unlike existing switch-based defenses, EdgeCookie requires no specific hardware, making it suitable for running in resource-limited edge clouds. In the core mechanism, we introduce a novel HybridCookie that effectively solves synchronization challenges across distributed edge servers. Experimental results demonstrate that EdgeCookie can mitigate both TCP SYN flood and emerging TCP reflection amplification attacks without facing false positive issues, while maintaining high throughput and adding negligible latency to legitimate traffic. | 10.1109/TNSM.2026.3706627 |
| Xiwen Liao, Supeng Leng, Ke Zhang, Yao Sun, Muhammad Ali Imran | Spatiotemporal Resource Orchestration for LLM Inference in Vehicular-Edge Networks | 2026 | Early Access | Modeling Large language models Vehicles Servers Timing Optimization Joining processes Resource management Educational institutions Vehicular ad hoc networks Large language model task orchestration resource allocation vehicular-edge networks | Large Language Models (LLMs) have been increasingly applied to intelligent vehicular systems for tasks such as scene understanding, intent reasoning, and natural language interaction. However, their inference demands exceed onboard processing capabilities, making low-latency on-vehicle inference impractical. Although edge computing can partially offload computation, the prolonged nature of LLM inference often causes execution to exceed the residence time of vehicles within edge coverage areas, leading to frequent service interruption. To address these challenges, we propose a collaborative spatiotemporal resource orchestration architecture for LLM inference in vehicular-edge networks (CoInfer). CoInfer exploits the intrinsic decomposability of LLM inference by modeling each request as a Directed Acyclic Graph (DAG) of interdependent subtasks, which are then scheduled, migrated, and aggregated along the road network to preserve end-to-end inference continuity. To improve latency and resource efficiency, CoInfer integrates multi-agent reinforcement learning for coarse-grained task orchestration with a reactive scheduler for fine-grained resource adaptation, forming a closed-loop service optimization under dynamic resource conditions. The simulation results demonstrate that CoInfer achieves a task success ratio of up to 96.0% and reduces the end-to-end inference latency by 35.7% compared to representative baselines. | 10.1109/TNSM.2026.3710972 |
| Chenchen Xu, Fulong Chen, Darong Huang, Hongchao Li, Xin Hong, Taochun Wang | RDTSM: Robust Defense Based on Trusted Shadow Model Against Poisoning Attacks for Federated Learning | 2026 | Early Access | Modeling Shadow mapping Federated learning Toxicology Accuracy Servers Conferences Labeling Training Educational institutions Federated learning poisoning attack shadow model shadow dataset robust aggregation rule | Federated learning enables collaborative model training without sharing raw data, but remains vulnerable to poisoning attacks from malicious clients. These adversarial participants craft harmful updates to degrade global model performance or induce targeted misclassification. Without trusted reference gradients, the central model cannot be properly aggregated only based on updates provided by untrustworthy clients. In this paper, we propose RDTSM, a robust defense method based on a trusted shadow model. By leveraging a clean shadow dataset, the central server generates reference updates and evaluates each client’s update via a reputation scoring mechanism. A clustering algorithm is then applied to identify and exclude suspicious updates before model aggregation. Extensive experiments on MNIST, Fashion-MNIST, and CIFAR-10 demonstrate that RDTSM consistently outperforms state-of-the- art defenses across a wide range of poisoning attacks. Notably, RDTSM maintains high accuracy even when the proportion of malicious clients is large, and remains robust under varying degrees of data heterogeneity and shadow dataset sizes. This robustness stems from the fact that shadow-guided reputation scores of benign and malicious clients remain well separated under homogeneous attack patterns, even when malicious clients constitute the majority. These results show RDTSM’s effectiveness and practicality for secure federated learning in adversarial environments. | 10.1109/TNSM.2026.3710818 |