Last updated: 2026-06-30 05:01 UTC
All documents
Number of pages: 167
| Author(s) | Title | Year | Publication | Keywords | ||
|---|---|---|---|---|---|---|
| Soonbeom Kwon, Yusu Noh, Youngwoo Jang, Illyoung Choi, Byungchul Tak, In-geol Chun, Young-Kyoon Suh | Scalable and Robust Resource Provisioning via Adaptive Task Scheduling for Edge Devices | 2026 | Early Access | Schedules Scheduling Cloning Timing Educational institutions Computers Transcoding Videos Tail Edge computing Edge devices Edge server Resource augmentation Task distribution Kubernetes | Edge devices, such as wearables, drones, and CCTV systems, are vital for real-time data collection in urban intelligence. However, their limited computational and storage capacities pose significant challenges. While offloading to public clouds offers scalability, it often incurs high latency and operational costs. Conversely, centralizing workloads on edge servers may result in the underutilization of high-performance edge devices. To address these limitations, we introduce ERPF, a Kubernetes-based Edge Resource Provisioning Framework that augments the capabilities of heterogeneous edge environments. ERPF orchestrates dynamic volume provisioning, GPU-aware resource allocation, execution context migration, and adaptive task distribution to improve system flexibility and efficiency. Building on this, we propose a novel adaptive task scheduling technique, termed eATS, composed of three key mechanisms: (i) Partition Smoothing Scheme for stable task granularity control, (ii) Resilient Edge Reintegration for failure detection and task reassignment, and (iii) Competitive Task Cloning for speculative execution with fastest-result commitment. The proposed eATS scheme reduces task execution time by up to 27.6%, lowers partition size variability by 8.7×, and improves scheduling robustness across heterogeneous edge devices over the baseline. | 10.1109/TNSM.2026.3694238 |
| Wenying Wang, Mohammad S. Obaidat, Xuxun Liu, Kuei-Fang Hsiao | Node-Differentiated Resource Allocation for Media Access Control in Wireless Body Area Networks | 2026 | Early Access | Timing Resource management Media Access Control Protocols Body area networks Fuzzy sets Distance measurement Equations Information rates Throughput Wireless body area network (WBAN) medium access control (MAC) resource allocation continuous priority fuzzy inference system | Medium access control (MAC) is crucial for resource allocation in wireless body area networks (WBANs). However, existing MAC protocols often suffer from transmission conflicts and inefficient channel utilization. To address these issues, this paper proposes a Node-Differentiated Resource Scheduling (NDRS) MAC protocol, which dynamically allocates access resources based on node-specific requirements. This protocol employs a superframe structure consisting of a contention-based phase and a contention-free phase for data transmission. A Mamdani fuzzy inference system is utilized to calculate continuous node priorities. These priorities achieve fine-grained differentiation of node importance and thus serve as the foundation for transmission conflict minimization. During the contention-based phase, continuous and differentiated backoff times are assigned to nodes based on their priorities. These backoff times effectively reduce transmission collisions and enhance channel utilization. In the contention-free phase, time slots are preferentially allocated to nodes with higher priority, better channel utilization, and greater transmission reliability. This allocation thereby enhances channel usage efficiency and reduce transmission delays. This protocol is characterized by three key features: precise node prioritization, low transmission collisions, and high channel utilization. Extensive experimental results demonstrate that NDRS outperforms existing protocols in terms of average delay, throughput, packet loss ratio, and average energy consumption. | 10.1109/TNSM.2026.3700262 |
| Kunpeng Zheng, Huibin Zhang, Yongli Zhao, Yuan Cao, Wei Wang, Xin Li, Zhuangzhuang Ma, Lihan Zhao, Jie Zhang | Sun-Outage-Aware Topology Modeling and Adaptive Routing for Optical Satellite Networks | 2026 | Early Access | Sun Interrupters Joining processes Satellites Routing Algorithms Modeling Timing Topology Interference Optical inter-satellite links optical service connections optical satellite network sun outage topology modeling | Optical satellite networks, supported by optical inter-satellite links (OISLs), provide reliable and low-latency optical connectivity. However, periodic and predictable sun outage events significantly compromise OISL availability, leading to frequent OISL interruptions and reduced network reliability. Existing routing algorithms often overlook the regularity of sun outage-induced interrupts and their differentiated impacts on services, resulting in degraded service performance. To address this challenge, this paper proposes a sun outage-enhanced time discretization OISL model and introduces a sun outage link-aware routing (SOLR) algorithm. By incorporating joint awareness of sun outage patterns and service requirements, SOLR employs an adaptive optimization mechanism to dynamically adjust routing decisions within temporal windows. Experimental results demonstrate that SOLR extends stable path durations by 39.9%, reduces interruption rates by 28.5%, and decreases blocking rates by 36.4%, significantly outperforming link-state-based routing algorithms. By effectively mitigating the impact of sun outages, SOLR ensures continuous optical service connections. This interruption-tolerant framework bridges network modeling and service provisioning, offering a robust solution for mission-critical service in optical satellite networks. | 10.1109/TNSM.2026.3697856 |
| Arash Heidari, Jamal N. Al-Karaki | NOVA: A Self-Supervised Graph Framework for Real-Time Anomaly Detection in Internet of Vehicles | 2026 | Early Access | Context Internet of Vehicles Modeling Timing Vehicles Labeling Anomaly detection Matrices Vectors Joining processes Internet of Vehicles V2X Security Anomaly Detection Self-Supervised Learning Graph Neural Networks | The Internet of Vehicles (IoV) enables cooperative driving and real-time Vehicle-to-Everything (V2X) communication but remains vulnerable to behavioral and structural anomalies due to its dynamic, decentralized nature. Existing deep learning methods either overlook topological inconsistencies or ignore communication feature fidelity, while random-walk sampling introduces contextual noise. In this paper, we propose Network Observation for Vehicular Anomalies (NOVA), a self-supervised graph-based framework that detects both behavioral and structural anomalies in IoV networks without labeled data. NOVA models vehicular communications as attributed graphs and employs intimacy-guided subgraph sampling to extract meaningful neighborhoods. A Graph Convolutional Network (GCN)–based generative module reconstructs node attributes to reveal behavioral deviations, while a contrastive module validates structural coherence through embedding comparisons of real and perturbed contexts. Their hybrid anomaly score enables accurate, scalable, and real-time detection of compromised nodes. Performance results show that NOVA achieves state-of-the-art performance (98.7% accuracy, 98.1% F1), real-time throughput (~4.7k events/s at 5k msg/s), and strong robustness (AUROC 0.99, AUPRC 0.98, FAR 0.05) with near-linear scalability (≤40 ms latency for 50k vehicles). By integrating generative and contrastive self-supervised learning with context-aware sampling, NOVA significantly enhances IoV security, reliability, and adaptability. | 10.1109/TNSM.2026.3696324 |
| Heng Xu, Chengze Du, Zhiwei Yu, Letian Li, Ying Zhou, Bo Liu, Jialong Li | Distributed Flow Control for Efficient DNN Training Scheduling | 2026 | Early Access | Schedules Scheduling Training Timing Fluid flow Modeling Delays Joining processes Titanium Conferences Distributed DNN training priority queue flow scheduling | Distributed Deep Neural Network (DNN) training generates periodic, long-lived, and interdependent flows that contrast sharply with the short, bursty, and independent flows typical of traditional cloud services. Existing flow scheduling methods, optimized for cloud traffic, struggle to handle the structured communication of DNN workloads, while static schedulers remain brittle under the computation jitter and stochasticity inherent in multi-tenant AI clusters. We propose a distributed traffic control and scheduling framework called PQ, which shifts from fragile global synchronization to a token-based queuing concept. PQ utilizes standard priority queues in commercial switches as elastic buffers, dynamically mapping task urgency to traffic priorities based on specific scheduling policies, such as minimizing waiting time, thereby accelerating efficiency. Results show that PQ achieves stable communication interleaving 3.6× to 8.8× faster than reactive baselines like MLTCP and FQ. Furthermore, it significantly optimizes performance by reducing average iteration time by up to 29.2% while maintaining higher link utilization. | 10.1109/TNSM.2026.3704403 |
| Ibirisol Fontes Ferreira, Cassio Vinicius Serafim Prazeres, Maycon Leone Maciel Peixoto, Eiji Oki, Gustavo Bittencourt Figueiredo | Narrow: A Fair Routing Multicast Algorithm for Distributed Interactive Applications in Edge Networks | 2026 | Early Access | Delays Algorithms Timing Routing Measurement Servers Modeling Games Topology Joining processes Distributed interactive application edge computing multicast routing network virtualization overlay network shortest path k-shortest path delay and delay variation fairness | Recent research in networking has increasingly focused on addressing the challenges of edge network services. A crucial issue in this context is routing, which must account for quality-of-service requirements. In particular, multicast routing provides optimized network services for groups of people using the same application, which is advantageous for operators and application providers. However, latency-constrained routing poses challenges when integrating diverse requirements into the routing computation, particularly when fairness among users is required. This work addresses the fairness requirement in multicast-overlaid and virtualized networks by presenting a solution that improves the equity of group interactions in the routing service. Our proposal, named Narrow, achieves fairer group interaction by selecting improved path options for multicast routing in edge networks. We compared Narrow with the Fair Shortest Path Tree (FSPT) and Chains algorithms from related studies on delay-constrained routing. Simulations indicated that Narrow reduced the inter-destination delay deviation by up to 84% and 49% relative to FSPT and Chains, respectively, across topologies of varying sizes. Similarly, Narrow improved by more than 99% against FSPT and by 70% against Chains across topologies with varying node degrees. Depending on the number of allowed alternative paths, Narrow reduced the inter-destination delay deviation by more than 99% compared with FSPT and by 38% compared with Chains. In emulated distributed interactive application session experiments, Narrow delivered the fairest response time, reducing it by 89% and 86% relative to FSPT and Chains, respectively. Furthermore, fairness in players’ scores improved by 20% and 16%, respectively, yielding more equitable group interaction from the application’s perspective. | 10.1109/TNSM.2026.3704927 |
| Jeffrey Redondo, Nauman Aslam, Juan Zhang, Zhenhui Yuan | Optimising QoS in HD Map Updates: Cross-Layer Multi-Agent with Multi-task and Mixed-Dependence (MTMD) | 2026 | Early Access | Optimization Timing High definition video Quality of service Media Access Control Information rates Throughput Vehicles Modeling Videos Edge computing HD map hierarchical learning latency multi-agent offloading reinforcement learning | High-definition (HD) maps generated from autonomous vehicle (AV) sensor data are essential for enabling high levels of driving automation. However, offloading large volumes of raw sensory data to edge servers in dense vehicular ad hoc networks (VANETs) introduces significant latency due to network congestion and packet collisions. Existing solutions primarily focus on dynamically adjusting the minimum contention window (CWmin), while additional MAC-layer parameters — including the maximum contention window (CWmax) and interframe space number (IFSn) — remain largely underexplored. To address this, we propose a cross-layer multi-agent reinforcement learning (MARL) framework that jointly optimises CWmin–CWmax, IFSn, and transmission waiting time within IEEE 802.11p-compliant bounds. The proposed multi-task mixed-dependence (MTMD) framework decomposes the optimisation problem into specialised subtasks handled by selectively coupled agents, balancing coordination and scalability while avoiding the overhead of fully symmetric MARL or centralised hierarchical controllers. A lightweight orchestration layer coordinates agent interaction with the simulation environment via secure message exchange. Evaluated against standard EDCA and representative RL baselines, MTMD achieves latency reductions of 31%, 49%, 87.3%, and 64% for Voice, Video, HD Map, and Best-Effort traffic, respectively, confirming the effectiveness of structured multi-parameter optimisation for latency-critical vehicular applications. | 10.1109/TNSM.2026.3705270 |
| Shi-Xin Huang, Te-Chuan Chiu, Jing-Chih Lin, Cheng-Hsuan Kuo | EdgeCookie: A Mitigation Solution Against Threatening TCP DDoS Attack in Edge Cloud | 2026 | Early Access | Servers Switches TCP Floods Filtering Filters Architecture Computer architecture Security Kernel SYN Flood DRDoS Edge Computing Security | With the explosive growth of GenAI service requirements, the demand for digital infrastructure and cloud resources continues to increase. At the same time, distributed denial-of-service (DDoS) attacks – particularly TCP-based vectors such as SYN flood and emerging TCP distributed reflective denial-of-service (DRDoS) – have surged, posing a significant threat to service availability. Current mitigation strategies often fall short in effectively countering both attack types. Although the proliferation of edge computing offers opportunities to deploy mitigation closer to attack sources, it also introduces synchronization challenges across distributed edge servers. In this paper, we propose EdgeCookie, an edge-centric TCP flood attack mitigation architecture. EdgeCookie can mitigate TCP SYN floods, ACK floods, and emerging TCP reflection amplification attacks. Unlike existing switch-based defenses, EdgeCookie requires no specific hardware, making it suitable for running in resource-limited edge clouds. In the core mechanism, we introduce a novel HybridCookie that effectively solves synchronization challenges across distributed edge servers. Experimental results demonstrate that EdgeCookie can mitigate both TCP SYN flood and emerging TCP reflection amplification attacks without facing false positive issues, while maintaining high throughput and adding negligible latency to legitimate traffic. | 10.1109/TNSM.2026.3706627 |
| Huanlin Liu, Bing Ma, Yong Chen, Bo Liu, Haonan Chen, Jiachen Zou | Virtual Network Embedding Based on Hierarchical Reinforcement Learning for Admission Decision and Policy Fine-Tuning in Elastic Optical Network | 2026 | Early Access | Joining processes Elastic optical networks Algorithms Modeling Substrates Resource management Costing Costs Optimization Tuning Elastic optical network virtual network embedding graph convolutional network hierarchical reinforcement learning revenue-cost ratio | Network virtualization (NV) provides flexible services for diverse services by decoupling elastic optical network (EON) resources. Virtual optical network embedding aims to allocate the finite resources of EON to sequentially arriving virtual network requests (VNRs) with different resource demands. But existing methods have limitations, such as insufficient global optimization ability and a lack of awareness of link features. We propose a hierarchical reinforcement learning algorithm for admission decision and policy fine-tuning (HRL-ADPT), which achieves efficient virtual optical network embedding through a dual-layer collaborative optimization mechanism and a customized link-aware graph convolutional network (GCN) tailored for EON. The HRL framework decomposes the virtual network embedding process into two stages: 1) The upper-level agent generates admission decision and initial node embedding strategies based on topological and link features extracted by GCN, maximizing the revenue-cost ratio of individual VNR; 2) The lower-level agent dynamically fine-tunes the initial policy in combination with global resource load to optimize long-term resource utilization. The proximal policy optimization (PPO) algorithm is adopted as the basic training method. To address the sparse reward problem, the lower-level agent adopts a multi-objective intrinsic reward function, incorporating the revenue-cost ratio and load balancing to ensure local adjustments align with global objectives. Simulation experiments show that the proposed algorithm outperforms the compared NRM-VNE, MCTS-VNE, and HCMARL-VNE algorithms in terms of acceptance ratio, revenue-cost ratio, and spectrum utilization ratio. | 10.1109/TNSM.2026.3706998 |
| You-Chiun Wang, Meng-Yu Chou | Cooperative Route Management for Profit-Oriented Flows in Multi-Domain SDN Networks | 2026 | Early Access | Fluid flow Bandwidth Joining processes Software defined networking Management Routing Timing Measurement units Switches Modules (abstract algebra) multi-domain network Nash bargaining profit route management software-defined networking (SDN) | This paper investigates SDN for route management in multi-domain networks, where each domain is independently controlled and inter-domain cooperation is required for cross-domain routing. To capture traffic heterogeneity, each flow is associated with a profit.We propose CRM-PF (Cooperative Route Management for Profit-oriented Flows), a framework that jointly maximizes overall achieved profit (OAP) and minimizes packet loss rate (PLR). In CRM-PF, controllers perform intra-domain routing, coordinate cross-domain paths, and reroute flows under congestion. Link bandwidth is allocated based on flow category, unit profit, and demand, with a Nash bargaining game to resolve bandwidth contention on borrowed links. Simulation results show that CRM-PF improves throughput, reduces PLR, and increases OAP over existing methods, demonstrating its effectiveness for profit-oriented routing in multi-domain SDN networks. | 10.1109/TNSM.2026.3706677 |
| Mansoor Davoodi, Setareh Maghsudi | Efficient Resource Allocation under Adversary Attacks: A Decomposition-Based Approach | 2026 | Early Access | Resource management Optimization Modeling Algorithms Timing Costing Costs Probability Fluid flow Learning (artificial intelligence) Resource allocation Adversary Decomposition Bi-objective optimization Chance-constrained optimization Network flow | We address the problem of allocating limited resources in a network under persistent yet statistically unknown adversarial attacks. Each node in the network may be degraded, but not fully disabled, depending on its available defensive resources. The objective is twofold: to minimize total system damage and to reduce cumulative resource allocation and transfer costs over time. We model this challenge as a bi-objective optimization problem and propose a decomposition-based solution that integrates chance-constrained programming with network flow optimization. The framework separates the problem into two interrelated subproblems: determining optimal node-level allocations across time slots, and computing efficient inter-node resource transfers. We theoretically prove the convergence of our method to the optimal solution that would be obtained with full statistical knowledge of the adversary. We further establish an O(√T log(nT)) regret bound, showing that the average per-round performance gap shrinks as O(1/√T). Extensive simulations demonstrate that our method efficiently learns the adversarial patterns and achieves substantial gains in minimizing both damage and operational costs, comparing three benchmark strategies under various parameter settings. | 10.1109/TNSM.2026.3703620 |
| Ibirisol Fontes Ferreira, Eiji Oki | Forestall: A Prefetching Scheme for Domain Name System Resolver Cache Services | 2026 | Early Access | Prefetching Timing Servers Modeling Management Measurement Recording Ecosystems Tracking TV Domain name systems service architecture caching time-to-live renewal policy prefetching | The domain name system (DNS) is crucial to accessing Internet services by playing an essential role in facilitating this process for Internet users. Still, it affects the quality of experience within the Internet service chain. This impact includes the role of the resolver component, which can negatively influence the final user experience when consuming services. Some studies have developed strategies to reduce resolution time within the DNS resolver ecosystem by incorporating components into users’ devices to trigger resolution in advance, changing DNS service and cache algorithm implementation, or utilizing a complex and expensive service architecture that is not scalable for local DNS resolvers in edge deployments. This paper proposes a dynamic prefetching scheme called Forestall to reduce misses, including those caused by expired domain translation data, and to improve the overall performance of the resolver cache component. We model the prefetching scheme for DNS resolvers using DNS transactional information. We define a prefetching advising routine that advises on possible domains by observing past request patterns. We introduce two prefetching routines for efficient domain tracking and advising. We introduce miss-based metrics to measure the efficiency of the prefetching scheme and the potential resource trade-off associated with its deployment. The numerical results indicate that the prefetching scheme improves the performance of the DNS resolver cache component compared to well-deployed prefetching solutions on the Internet. Forestall reduces the miss ratio by more than 50%, depending on the dataset. In a specific workload, Forestall’s results with adjusted parameter combinations yield a decrease in the miss ratio of more than 16%, accompanied by a reasonable increase in additional fetches of around 35%. In terms of service latency that users perceive, Forestall achieves a reduction varying between 20% and 49%. | 10.1109/TNSM.2026.3704549 |
| Huijuan Zhu, Chenhao Zheng, Zhongyuan Liu, Yuan Zhang | Reliable Interpretations of Deep Learning-based Malware Detectors via Deep Q-Networks | 2026 | Early Access | Malware Signal detection Modeling Application programming interfaces Operating systems Androids Training Detectors Probability Conferences Android Malware detection Interpretation Deep Q-Networks | Deep learning has become widely used in Android malware detection, but its black-box nature raises trust concerns, limiting its use in critical security areas. To address this, various interpretation methods have been proposed. Unfortunately, these solutions often suffer from inconsistent results and poor adaptability to model updates. In this work, we propose XDQNMal, a Deep Q-Networks (DQN)-based global interpretation framework designed to uncover the critical features that drive decisions in deep learning-based malware detectors. To enhance the reliability of interpretation, XDQNMal captures API call frequency features derived from the runtime behavior of each application (App). Then, it unites a DQN model with the TabPFN detection model to work collaboratively, using variations in detection results as reward signals. These signals guide the DQN model to gradually identify the most impactful features as interpretations for the detection model’s decisions. Our experimental evaluation on real-world datasets demonstrates that the proposed XDQNMal framework generates reliable interpretation for deep learning-based malware detection models. For instance, suppressing the critical features identified by XDQNMal leads to an average decrease of 20.30% in the probability that the malicious sample is predicted as malicious, highlighting the pivotal role these features play in the model’s decision-making. | 10.1109/TNSM.2026.3699408 |
| Masoumeh Safkhani, Mohammad Reza Servati, Fatemeh Rezaei | HEIoT: A Novel Three-Factor Authentication Protocol for Enhanced Security in IoT and Next-Generation Networks | 2026 | Early Access | Authentication Internet of Things Protocols Security Smart devices Elliptic curve cryptography Modeling Error correction codes Biometrics Costing of Yuan et al.’s Protocol Authentication Multi-factor authentication Desynchronization attack Insider adversary Traceability attack User impersonation attack Elliptic Curve Cryptography (ECC) | The Internet has a significant impact on contemporary society, enabling a wide range of applications, including advanced cellular networks such as 4G, 5G, and 6G. Since these communications occur over shared or open channels, ensuring secure data exchange is of critical importance, as any weakness in the communication infrastructure may compromise system reliability. Device authentication in the Internet of Things (IoT) and user authentication in smart environments, such as smart homes, remain fundamental security challenges. As the first line of defense, authentication mechanisms must be robust, since vulnerabilities at this stage can expose the entire system to serious threats. To address these challenges, numerous authentication schemes based on cryptographic primitives, including Elliptic Curve Cryptography (ECC), have been proposed. In this paper, we present a comprehensive security analysis of an ECC-based three-factor authentication protocol proposed by Yuan et al. Our analysis shows that the protocol is vulnerable to desynchronization, user impersonation, traceability, and insider attacks, all of which succeed with probability 1 by exploiting at most two protocol phases. To mitigate these weaknesses, we propose an improved authentication scheme, called HEIoT. The proposed scheme is formally analyzed under the Real-or-Random (RoR) model to establish session-key security and is further verified using the Scyther tool. Moreover, a Python-based implementation is provided to demonstrate the practicality of the proposed protocol. Comparative results indicate that HEIoT achieves stronger security while maintaining acceptable communication, computational, and storage overhead. | 10.1109/TNSM.2026.3702041 |
| Weina Meng, Jiawen Shi, Xiaoqun Chen, Weinan Liu, Jiangjun Yuan | Time Period Selected Aggregation for Providing Hierarchical and Differentiated Services in Mobile Sensing | 2026 | Early Access | Modeling Timing Protocols Data aggregation Privacy Silicon Tin Encryption Equations Internet of Things Privacy-Preserving Data Aggregation Time Period Selection Mobile Sensing Differentiated Service Hierarchical Service | With the advancement of smart terminals and wireless networking technologies, mobile sensing has gained increasing popularity. A myriad of applications have emerged based on mobile sensing, with particular attention being drawn to data aggregation applications. Over the years, numerous studies have been conducted, ranging from initial approaches that did not address the issue of untrusted aggregators to more recent solutions capable of handling such challenges. In this paper, we introduce two novel types of data aggregation applications designed to offer hierarchical and differentiated services, alongside proposing two corresponding protocols equipped with privacy-preserving capabilities. These protocols ensure the protection of mobile users’ privacy concerning their sensed data in the presence of an untrusted aggregator, and are resilient against collusion attacks. Our protocols achieve constant key storage overhead (only 1 key per user), in stark contrast to other state-of-the-art schemes where the overhead grows linearly with the number of service levels. We perform a performance analysis of the proposed protocols using the building block protocol as a benchmark, which demonstrates their efficiency: each mobile user incurs a total energy cost of approximately 62.0 mJ per reporting round, with an average end-to-end aggregation latency of less than 10 milliseconds, demonstrating that the proposed protocols can be used in practical settings. While the proposed protocols rely on a trusted authority, a common assumption in existing privacy-preserving aggregation schemes, future work will explore decentralized key management to support fully trustless environments. | 10.1109/TNSM.2026.3704409 |
| Yahuza Bello, Ahmed Refaey, Ping Yang | Secure Multi-Timescale Orchestration for Zero-Trust Cross-Datacenter Networks | 2026 | Early Access | Authentication Optimization Resource management Modeling Costing Costs Timing Data centers Learning (artificial intelligence) Security Zero trust architecture hierarchical deep reinforcement learning cross-datacenter networks multi-timescale optimization resource management | The widespread deployment of geographically distributed Data Centers (DCs) has intensified the need for scalable and secure access control mechanisms across Cross-Datacenter Networks (CDNs). Zero Trust Architecture (ZTA) addresses this need by enforcing continuous authentication and authorization through Policy Decision Points (PDPs); however, determining where to deploy PDPs and how to dynamically assign authentication requests in the CDNs remains a challenging and NP-hard problem. This challenge arises from the tight coupling between long-term placement decisions and short-term, stochastic authentication workloads. In this paper, we formulate a joint PDP placement and authentication assignment problem for zero-trust-enabled CDNs that minimizes deployment cost, authentication assignment cost, bandwidth consumption, and the number of active PDP instances under resource constraints. To efficiently solve the problem, we propose a Hybrid Hierarchical Deep Reinforcement Learning (HHDRL) framework that decomposes decision-making across multiple time scales. A high-level Double Deep Q-Network (DDQN) agent learns long-term PDP placement policies, while multiple low-level Asynchronous Advantage Actor–Critic (A3C) agents perform real-time authentication assignment within each DC. Extensive simulations demonstrate that the proposed DDQN–A3C framework converges reliably and consistently outperforms benchmark schemes, including DDQN–A2C, a single-agent DDQN approach, and a greedy baseline, achieving lower overall system cost and improved scalability with modest computational overhead. | 10.1109/TNSM.2026.3707392 |
| Hwejae Lee, Seonghoon Jeong, Huy Kang Kim | J1939DB-IDS: SAE J1939 Dual-Branch Intrusion Detection System against Novel Attacks | 2026 | Early Access | Modeling Controller area networks Transformers Timing Windows Signal detection Vehicles Convolutional neural networks Sequential analysis Training Autoencoder In-vehicle networks SAE J1939 Two-stream architecture Unsupervised representation learning Few-shot threshold calibration | The Society of Automotive Engineers J1939 (SAE J1939) protocol is widely adopted in commercial vehicles, extending the controller area network (CAN) with specialized message types and transport mechanisms. Despite its prevalence, security research for SAE J1939 remains insufficient compared to CAN. We address this gap by building three datasets that contain 11 realistic protocol-specific attack scenarios. We propose an unsupervised representation-learning-based intrusion detection system (IDS) utilizing a dual-branch autoencoder with few-shot threshold calibration. The model compresses categorical features through a 1D-convolutional neural network and continuous features through a Transformer encoder, reconstructing fused representations to detect anomalies through reconstruction loss. By leveraging SAE J1939-specific fields such as parameter group numbers (PGN) and source addresses, the system captures complex inter-signal relationships. On three datasets, our model achieves an average F1-score of 0.9871, consistently outperforming state-of-the-art methods. Benchmarks on an NVIDIA Jetson AGX Xavier confirm real-time feasibility. These results validate our protocol-aware feature strategy, offering a scalable and deployable IDS for commercial vehicle networks. | 10.1109/TNSM.2026.3706666 |
| Behrooz Farkiani, Fan Liu, Ke Yang, John DeHart, Jyoti Parwatikar, Patrick Crowley | Hermes: A General-Purpose Proxy-Enabled Networking Architecture | 2026 | Early Access | Tunneling HTTP Joining processes Planing IP networks Internet TCP Architecture Computer architecture Servers Overlay Networking Proxy HTTP Architecture Tunneling Service Delivery MASQUE NDN Envoy | We introduce Hermes, a general-purpose networking architecture that aims to improve service delivery over the Internet. Hermes delegates networking responsibilities from applications and services to proxies and is designed as a portable, adaptable solution to four fundamental challenges of efficient service delivery over the Internet: end-to-end traffic management, backward compatibility, data-plane security and privacy models, and adaptable communication layers. The design centers on an overlay of reconfigurable proxies and HTTP tunneling and proxying techniques, utilizing assisting components to extend proxy functionality when needed. Through prototyping and emulation, we demonstrate that Hermes improves key performance metrics across multiple use cases: it provides backward compatibility through protocol translation and tunneling, improves reliability by delegating retry logic to proxies, enables unified policy-based Layer 3 routing across network segments, and serves as an efficient substrate for future architectures like NDN, facilitating their operation over the Internet. Beyond evaluating Hermes across various use cases, we measured the overhead of Hermes’ HTTP tunneling and proxying mechanisms and found it to be modest, typically under 2 ms per proxy pair traversal in an isolated collocated setup. Although the HTTP proxying and tunneling techniques used by Hermes increase single-connection processing overhead, we also show that, with up to 1,000 concurrent requests, proxies can amortize connection setup time and reduce end-to-end latency by utilizing connection pooling and multiplexing. | 10.1109/TNSM.2026.3705327 |
| Yiyang Li, Wei Wang, Yibo Wang, Qiaojun Hu, Weiliang Zhang, Yongli Zhao, Xiaoyu Wang, Jie Zhang | Computing-State Driven Proactive Congestion Control for AI Cluster Interconnect Networks | 2026 | Early Access | Timing Modeling Fluid flow Information rates Throughput Switches Training Data centers Conferences Joining processes large language model remote direct memory access congestion control algorithms distributed training | The rapid upgrade of computing power and the prosperity of large language model (LLM) in data center networks (DCNs) lead to a rigorous demand for ultra-low latency and high throughput. To mitigate the overhead of collective communication during distributed training (DT), Remote Direct Memory Access (RDMA) has been widely adopted in DCNs. Particularly, congestion control algorithms (CCAs) designed for RDMA have attracted much attention to mitigate performance deterioration under network congestion. However, through comprehensive analysis, we investigate that, due to sluggish end-to-end reaction and slow rate convergence, existing widely used reactive CCAs have several limitations in handling bursty traffic (e.g., AllReduce). Specifically, excessive packets are transmitted before senders activate the reaction and converge to the fair rate, which builds up a deep queue and may incur subsequent significant throughput loss. In this paper, we propose a computing-state driven proactive congestion control (CSPCC) with easy deployability. CSPCC consists of the congestion prediction module and the active congestion response module. It leverages current computing state to predict network congestion time and inform corresponding sources in advance. We provide a detailed introduction to the implementation of CSPCC. Then, we conducted small-scale hardware tests and large-scale simulations to evaluate the performance of CSPCC. On our testbed, under NCCL-TESTs, CSPCC improves throughput by 1.67%–13.35% and decreases switch queue occupancy by 28.33%–58.33% compared to DCQCN. Furthermore, under concurrent multi-job LLaMA training, it reduces end-to-end job completion time (JCT) by 5.3%–9.0%. | 10.1109/TNSM.2026.3705429 |
| Gergely Dobreff, Nóra Szlovencsák, Alija Pašić | A Framework for Disaster-Tolerant Slice Placement in Future Networks | 2026 | Early Access | Costing Costs Codes Routing Modeling Joining processes Bandwidth Encoding Network slicing Delays network slicing resiliency placement resource allocation service function chaining (SFC) ILP heuristic | Autonomous vehicles and telesurgery are placing increasing pressure on network operators to ensure that 5G and beyond networks can support a wide range of services with diverse and stringent requirements. Technologies such as Software-Defined Networking (SDN), Network Function Virtualization (NFV), and network slicing are key enablers for building an ecosystem capable of meeting these demanding conditions. Ensuring not only classical Quality of Service (QoS) metrics but also network resiliency is crucial, as failures in shared infrastructures can severely impact critical services. This paper addresses the problem of resilient network slice placement under arbitrary disasters or attacks, modeled as Shared Risk Link Group (SRLG) failure patterns. We propose an approach that guarantees strict end-to-end delay, bandwidth, and computing requirements while minimizing overall resource usage by accounting for potential failure scenarios. To this end, we introduce a Disaster-Tolerant Slice Placement Framework that enables network operators to define their own resilience scenarios and optimize the network accordingly. Several - routing and network coding–based - strategies are proposed and analyzed. We formulate the problem as an Integer Linear Program (ILP), analyze its computational complexity, and develop efficient heuristic algorithms to obtain near-optimal solutions. Extensive simulations demonstrate the effectiveness of the proposed methods in achieving resource-efficient and resilient network slice placement. The results show that high levels of resiliency can be achieved without excessive over-provisioning, positioning the proposed framework as an effective offline planning and benchmarking tool for 5G and beyond network design. | 10.1109/TNSM.2026.3706661 |