Last updated: 2026-07-18 05:01 UTC
All documents
Number of pages: 169
| Author(s) | Title | Year | Publication | Keywords | ||
|---|---|---|---|---|---|---|
| Ci-Yi Hung, Li-Yu Yang, Li-Der Chou | LMM: A Reinforcement-Learning-Based Mitigation Mechanism of Lateral Movement in Kubernetes | 2026 | Early Access | Modeling Advanced driver assistance systems Containers Timing Probability Learning (artificial intelligence) Security Sequences Sequential analysis Training Lateral Movement Kubernetes Security Reinforcement Learning Markov Chain Event Tracking Dynamic Defense | With the growing adoption of microservices architecture, Kubernetes—while offering a variety of built-in security modules—remains vulnerable to lateral movement due to its highly interconnected network architecture and frequent misconfigurations in permission settings. This study proposes the Lateral Movement Mitigation (LMM) mechanism, which integrates event tracking, risk assessment, and reinforcement learning (RL) to enhance Kubernetes' defense against lateral movement. LMM leverages Falco with custom rules to capture container-level events and utilizes a high-order Markov chain to construct a transition probability matrix for estimating the likelihood of command sequences. These transition probabilities are then used for risk assessment and provided as input states to the RL agent. The RL agent selects mitigation actions based on recommendations from the MITRE ATT&CK framework, thereby dynamically strengthening Kubernetes' native security modules. Experiments show that LMM improves accuracy by 17.00% over Warp and F1-score by 23.30% over ADA in Kubernetes namespace bypass. In the Role-Based Access Control (RBAC) misconfiguration, LMM outperforms Warp by 18.53% in accuracy and 28.27% in F1-score. In terms of mitigation latency, LMM achieves up to 98.54% and 98.38% faster response times compared to Warp and ADA, respectively, demonstrating its effectiveness and real-time responsiveness. In summary, LMM combines monitoring, risk modeling, and automated decision-making to deliver an efficient and accurate proactive solution against lateral movement in Kubernetes. | 10.1109/TNSM.2026.3713179 |
| Soonbeom Kwon, Yusu Noh, Youngwoo Jang, Illyoung Choi, Byungchul Tak, In-geol Chun, Young-Kyoon Suh | Scalable and Robust Resource Provisioning via Adaptive Task Scheduling for Edge Devices | 2026 | Early Access | Schedules Scheduling Cloning Timing Educational institutions Computers Transcoding Videos Tail Edge computing Edge devices Edge server Resource augmentation Task distribution Kubernetes | Edge devices, such as wearables, drones, and CCTV systems, are vital for real-time data collection in urban intelligence. However, their limited computational and storage capacities pose significant challenges. While offloading to public clouds offers scalability, it often incurs high latency and operational costs. Conversely, centralizing workloads on edge servers may result in the underutilization of high-performance edge devices. To address these limitations, we introduce ERPF, a Kubernetes-based Edge Resource Provisioning Framework that augments the capabilities of heterogeneous edge environments. ERPF orchestrates dynamic volume provisioning, GPU-aware resource allocation, execution context migration, and adaptive task distribution to improve system flexibility and efficiency. Building on this, we propose a novel adaptive task scheduling technique, termed eATS, composed of three key mechanisms: (i) Partition Smoothing Scheme for stable task granularity control, (ii) Resilient Edge Reintegration for failure detection and task reassignment, and (iii) Competitive Task Cloning for speculative execution with fastest-result commitment. The proposed eATS scheme reduces task execution time by up to 27.6%, lowers partition size variability by 8.7×, and improves scheduling robustness across heterogeneous edge devices over the baseline. | 10.1109/TNSM.2026.3694238 |
| Madhura Adeppady, Yenchia Yu, Ali Rahmanian, Ahmed Ali-Eldin Hassan, Carla Fabiana Chiasserini | Efficient Management of Composite Heterogeneous Applications at the Network Edge | 2026 | Early Access | Central Processing Unit Servers Resource management Costing Costs Modeling Joining processes Timing Memory Measurement Mobile edge computing Stateless and stateful microservices Application deployment and migration Service management | Edge computing is a promising paradigm for deploying latency-sensitive applications (Apps) as it brings resources closer to end users. Edge Apps often adopt a microservice (MS) architecture, breaking monolithic Apps into lightweight, containerized MSs that can be dynamically and independently deployed. However, managing such Apps involves three key challenges: (i) optimizing the placement of MSs to reduce both response time and resource overhead, (ii) handling MS migration or relocation as users move while minimizing App service disruption (App downtime), and (iii) enabling MS sharing across Apps while ensuring performance guarantees. We formulate this as an optimization problem, named Multi-microservice Application Placement (MAP), prove its NP-hardness, and introduce STEP (State and Topology-aware Edge-MS Placement), a polynomial-time heuristic. STEP distinguishes itself from prior work by: (i) jointly considering stateful and stateless MS characteristics in deployment decisions, (ii) exploiting MS shareability to reduce resource usage, (iii) balancing response latency, App downtime, and resource utilization, and (iv) leveraging multiple versions of the same MS to adapt quality of service to available edge resources. Our results in a small-scale scenario show that STEP achieves near-optimal performance with only 7% higher CPU cost than the optimal solution. Large-scale real-time experiments on a Kubernetes cluster demonstrate that STEP consistently outperforms competing methods, achieving up to 50% lower deployment costs while delivering 50% gain in app quality and saving 15% in radio resources with over 90% request success rates. | 10.1109/TNSM.2026.3709656 |
| Deemah H. Tashman, Soumaya Cherkaoui | Trustworthy AI-Driven Dynamic Hybrid RIS: Joint Optimization and Reward Poisoning-Resilient Control in Cognitive MISO Networks | 2026 | Early Access | Reconfigurable intelligent surfaces Reliability Optimization Security MISO Array signal processing Vectors Satellites Reflection Interference Beamforming cascaded channels cognitive radio networks deep reinforcement learning dynamic hybrid reconfigurable intelligent surfaces energy harvesting poisoning attacks | Cognitive radio networks (CRNs) are a key mechanism for alleviating spectrum scarcity by enabling secondary users (SUs) to opportunistically access licensed frequency bands without harmful interference to primary users (PUs). To address unreliable direct SU links and energy constraints common in next-generation wireless networks, this work introduces an adaptive, energy-aware hybrid reconfigurable intelligent surface (RIS) for underlay multiple-input single-output (MISO) CRNs. Distinct from prior approaches relying on static RIS architectures, our proposed RIS dynamically alternates between passive and active operation modes in real time according to harvested energy availability. We also model our scenario under practical hardware impairments and cascaded fading channels. We formulate and solve a joint transmit beamforming and RIS phase optimization problem via the soft actor-critic (SAC) deep reinforcement learning (DRL) method, leveraging its robustness in continuous and highly dynamic environments. Notably, we conduct the first systematic study of reward poisoning attacks on DRL agents in RIS-enhanced CRNs, and propose a lightweight, real-time defense based on reward clipping and statistical anomaly filtering. Numerical results demonstrate that the SAC-based approach consistently outperforms established DRL base-lines, and that the dynamic hybrid RIS strikes a superior trade-off between throughput and energy consumption compared to fully passive and fully active alternatives. We further show the effectiveness of our defense in maintaining SU performance even under adversarial conditions. Our results advance the practical and secure deployment of RIS-assisted CRNs, and highlight crucial design insights for energy-constrained wireless systems. | 10.1109/TNSM.2026.3660728 |
| Weilin Wang, Xiaojing Fan, Huachun Zhou, Jingfu Yan, Aoran Huang | A Collaborative Mechanism for Edge-Offloading and Intelligent Intrusion Detection Services | 2026 | Early Access | Algorithms Security Training Timing Modeling Signal detection Resource management Servers Delays Learning (artificial intelligence) Mobile edge computing service collaboration intrusion detection deep reinforcement learning | Mobile edge computing (MEC) is a promising technology for supporting computing-intensive and delay-sensitive applications. The network operator can enhance users’ personalized service experiences by implementing advanced offloading solutions. However, existing schemes often overlook security risks posed by malicious users, and struggle to balance quality of service (QoS) and security capabilities. To this end, we propose a collaborative mechanism for edge offloading and intelligent intrusion detection services to optimize personalized service experiences for normal users at the task level. First, we introduce a new optimization model, Collaboration of Edge Offloading and Intelligent Intrusion Detection Services (CEOI2DS), tailored for MEC environments with malicious users, considering security decisions, resource allocation, and function placement decision-making steps. It aims to maximize the operator’s average long-term revenue while meeting QoS requirements and resource constraints, encouraging the operator to deliver optimal security capabilities while ensuring personalized QoS for users. Then, to tackle this problem, we design a Collaborative Three-Agent Deep Reinforcement Learning (CTADRL) algorithm. Three agents conduct collaborative training and decision-making by interacting with the MEC environment. They comprehensively analyze user requirements, risk probabilities, and network resource status to formulate optimal service policies, enhancing the overall experience for normal users. Experimental results demonstrate that under different user risk probabilities and computing resources, the proposed mechanism and algorithm exhibit better adaptability and stability regarding processing success rate and revenue. | 10.1109/TNSM.2026.3713143 |
| Tong Li, Shicheng Wei, Wencheng Yang, Yan Li | HotPatchCaps: A Capsule Network with Runtime Hot Patching for Zero-Day API Attack Detections | 2026 | Early Access | Modeling Application programming interfaces Security Signal detection Runtime Training Poles and zeros Labeling Conferences Routing API security Runtime defence Zero-day attack detection Capsule networks Hot patching | Modern services are awash in Application Programming Interfaces (APIs), yet most security pipelines end at predeployment testing using fuzzers and scanners. This leaves a runtime gap where payload obfuscation and other evolving request-visible misuse patterns outpace static rules and slow retraining cycles. We present HotPatchCaps, an expert-in-the-loop runtime framework that closes this gap by hot patching expert knowledge into a capsule architecture without retraining. HotPatchCaps fuses Term Frequency–Inverse Document Frequency (TF–IDF) statistics on request tokens with security cues such as parameter names, encodings, and payload substrings, and employs slot-controlled routing to amplify semantically relevant evidence into interpretable capsule activations. New rules arrive as lightweight runtime patches that can be injected on the fly, aligning with operational practice while preserving the generalization of learned models. We evaluated the CSIC 2010 dataset and the ATRDF 2023 dataset in both in-distribution and zero-day settings against classical machine learning (ML) and deep baselines. Experimental results demonstrate that HotPatchCaps consistently improves accuracy and recall at competitive precision and remains robust under label noise and schema drift. By turning expert knowledge into patchable capsule priors, HotPatchCaps provides a practical path from testing to on-call defence for API-centric systems. | 10.1109/TNSM.2026.3713465 |
| Mohammad Rasool Momeni, Abdollah Jabbari, Carol Fung | An Efficient, Secure, and Privacy-Preserving Communication Protocol for Drone-Assisted Disaster Management in Smart Cities | 2026 | Early Access | Drones Authentication Protocols Security Physical unclonable function Modeling Internet of Things Disasters Terminology Resistance Drone Smart City IoD-enabled Services Privacy Security Group Authentication | Drones (also referred to as unmanned aerial vehicles) have attracted significant attention within smart city ecosystems due to their ability to detect crises promptly and provide real-time support for disaster management services. However, the increasing risks of cyber and physical attacks, along with potential private data leaks, present substantial challenges to their deployment in smart city environments. In this paper, we propose a secure communication protocol that leverages a novel group authentication scheme (GAS), tailored for disaster management services in smart cities. The proposed scheme enables both group key agreement among drones and individual session key establishment between each drone and the control center (CC). Hence, our protocol preserves data confidentiality, message integrity, and data privacy, and verifies the authenticity of communicating parties. We employ physically unclonable functions (PUFs) and reverse fuzzy extractors to withstand critical threats, including physical attacks and machine learning (ML)-based modeling attacks. Our protocol also uses lightweight cryptographic primitives, such as hash-based message authentication codes (HMACs) and exclusive-OR (XOR) operations to ensure efficiency. Comprehensive security analysis using formal proofs and the Scyther tool demonstrates that the proposed scheme resists various attacks while preserving data privacy in IoD-enabled services. Ultimately, performance analysis results confirm that the proposed protocol is efficient and feasible. | 10.1109/TNSM.2026.3714291 |
| Shi-Xin Huang, Te-Chuan Chiu, Jing-Chih Lin, Cheng-Hsuan Kuo | EdgeCookie: A Mitigation Solution Against Threatening TCP DDoS Attack in Edge Cloud | 2026 | Early Access | Servers Switches TCP Floods Filtering Filters Architecture Computer architecture Security Kernel SYN Flood DRDoS Edge Computing Security | With the explosive growth of GenAI service requirements, the demand for digital infrastructure and cloud resources continues to increase. At the same time, distributed denial-of-service (DDoS) attacks – particularly TCP-based vectors such as SYN flood and emerging TCP distributed reflective denial-of-service (DRDoS) – have surged, posing a significant threat to service availability. Current mitigation strategies often fall short in effectively countering both attack types. Although the proliferation of edge computing offers opportunities to deploy mitigation closer to attack sources, it also introduces synchronization challenges across distributed edge servers. In this paper, we propose EdgeCookie, an edge-centric TCP flood attack mitigation architecture. EdgeCookie can mitigate TCP SYN floods, ACK floods, and emerging TCP reflection amplification attacks. Unlike existing switch-based defenses, EdgeCookie requires no specific hardware, making it suitable for running in resource-limited edge clouds. In the core mechanism, we introduce a novel HybridCookie that effectively solves synchronization challenges across distributed edge servers. Experimental results demonstrate that EdgeCookie can mitigate both TCP SYN flood and emerging TCP reflection amplification attacks without facing false positive issues, while maintaining high throughput and adding negligible latency to legitimate traffic. | 10.1109/TNSM.2026.3706627 |
| Matheus Dória, Ricardo Silva, Carlos Lima, Daniel Luna, Allan Martins, Paulo Eduardo, Augusto Neto, Vicente Sousa | Open RAN KPI Monitoring: a Dynamic Energy-Aware Framework | 2026 | Early Access | Monitoring Open RAN Central Processing Unit Accuracy Measurement Key performance indicator 5G mobile communication Frequency Signal to noise ratio Optimization 5G Open RAN xApp E2 Energy saving | Open RAN emerged to break out of vendor lock-in constraints, enabling specialized control-plane applications with well-defined open and standardized interfaces. In a monitoring-oriented Real-Time Radio Access Network Intelligent Controller, xApps typically collect Key Performance Indicators (KPIs) at fixed intervals, which can overload the system when very frequent reporting is required. This paper introduces a new Open RAN KPI monitoring framework that outperforms fixed-interval solutions by dynamically adjusting the KPI collection timescale at runtime, using Risk Analysis of monitored KPI accuracy loss to balance monitoring needs and resource usage. A prototype built with OpenAirInterface and FlexRIC shows reduced E2 signaling overhead and significant energy savings. Extrapolating to large-scale scenarios, the framework demonstrates potential savings of up to 608.48 kWh per day (18,254.4 kWh per month), equivalent to an estimated reduction of 0.99 tons of CO2 emissions. | 10.1109/TNSM.2026.3713811 |
| Jing-Yang Voon, Yao Chiang, Hung-Yu Wei | Resource Allocation and Container Scaling for Microservices in Multi-Cluster Edge Computing System | 2026 | Early Access | Resource management Optimization Delays Containers Modeling Edge computing Algorithms Central Processing Unit Routing Internet of Things Edge Computing Microservice Computational Offloading Resource Allocation Container Scaling | With the advent of the 6G era and the evolution of distributed systems, edge computing has become a pivotal architecture for deploying latency-sensitive, resource-efficient applications. In particular, the microservice architecture, characterized by modular and loosely coupled components, has gained significant traction for building scalable and maintainable applications at the network edge. However, deploying microservice-based applications in heterogeneous and geographically distributed Multi-Cluster Edge Computing (MCEC) environments presents critical challenges, especially in achieving efficient and scalable resource management. Although existing research has explored resource allocation and container scaling for microservice-based systems, most prior works consider container efficiency in isolation or within single-cluster or cloud-centric environments, without jointly addressing container-level efficiency, inter-cluster task offloading, and resource allocation in MCEC scenarios. To address this gap, we propose RACCOON, a request-offloading cascaded resource allocation algorithm tailored for microservice-oriented deployments in MCEC settings. RACCOON aims to minimize user-perceived service latency while optimizing overall resource utilization. Complementing this, we introduce RAS-CAL, a reinforcement learning (RL)-based container scaling mechanism that dynamically adjusts resource provisioning at the container level to further enhance system performance. Experimental evaluation shows that our approach consistently outperforms methods that address only resource allocation, only task offloading, or only container scaling, by jointly optimizing these dimensions to reduce end-to-end user-perceived latency and computational overhead. | 10.1109/TNSM.2026.3713212 |
| Shuang Zheng, Xing Zhang, Michael Sheng, Haixu Wang, Wenbo Wang | Beam Hopping Low Earth Orbit Satellite Resource Allocation for Differentiated Services and Robustness Analysis under Model Attacks | 2026 | Early Access | Beams Satellites Resource management Modeling Optimization Schedules Scheduling Low earth orbit satellites Algorithms Bridges LEO satellite communications deep reinforcement learning digital twin resource allocation adversarial attack | Beam hopping (BH)-enabled Low Earth Orbit (LEO) satellites play a pivotal role in next-generation communication networks, providing global coverage, improving spectrum efficiency, and supporting flexible adaptation to heterogeneous service demands. To fully exploit these capabilities, artificial intelligence (AI) techniques are increasingly employed for dynamic resource allocation and power management. However, limited onboard resources and potential adversarial perturbations pose challenges to both efficiency and robustness. To address these issues, we leverage digital twin technology to accurately capture the spatio-temporal dynamics of user–satellite visibility, providing precise state information for decision-making. Building on this, we formulate a joint optimization framework for BH scheduling and power allocation as a Markov Decision Process and propose the BRIDGE—BH with Reinforcement learning incorporating Integrated Dirichlet and Gumbel-TopK Exploration—which integrates a quality of service (QoS)-driven subchannel scheduling mechanism to ensure efficient and differentiated resource allocation. The model’s robustness is systematically evaluated under three classical adversarial attacks. Simulation results demonstrate that our approach achieves superior energy efficiency, service throughput, and fairness, while the robustness analysis shows stable performance under the considered bounded adversarial perturbations. | 10.1109/TNSM.2026.3710750 |
| Huakun Huang, Longtao Guo, Lingjun Zhao, Qinglin Yang, Wensheng Zhang | Line-level Smart Contract Vulnerability Detection via Semantic-Syntactic Feature Extraction and Global-Local Attention Network | 2026 | Early Access | Signal detection Modeling Codes Smart contracts Syntactics Contracts Educational institutions Conferences Location awareness Training Blockchain Smart Contract Vulnerability Detection Vulnerability Localization Deep Learning | Smart contracts, a core component of Ethereum, automate the execution and management of transactions. However, potential vulnerabilities in smart contracts may trigger serious financial losses or even systemic risks. While existing vulnerability detection methods have achieved certain results, they are still deficient in the precision of line-level vulnerability localization and the breadth of supported vulnerability categories. Against this challenge, this paper proposes a line-level vulnerability detection method with semantic-syntactic feature extraction and global-local attention network. The method utilizes pre-trained model and abstract syntax tree to extract semantic-syntactic features of the code lines, and constructs multiple graph structures to realize the global feature representation of the contract. Based on that, the local network is responsible for extracting line-level features, the global network extracts structured global features, and the two are effectively fused through the attention mechanism. Experimental results show that the method achieves high accuracy and good generalization in the detection of multiple vulnerability categories, with an average F1-score of more than 98% for line-level detection and more than 96% for contract-level detection. This study improves the accuracy of line-level vulnerability detection and provides a valuable technical path for smart contract security research. | 10.1109/TNSM.2026.3714059 |
| Jing Zhang, Chao Luo, Rui Shao | MTG-GAN: A Masked Temporal Graph Generative Adversarial Network for Cross-Domain System Log Anomaly Detection | 2026 | Early Access | Anomaly detection Adaptation models Generative adversarial networks Feature extraction Data models Load modeling Accuracy Robustness Contrastive learning Chaos Log Anomaly Detection Generative Adversarial Networks (GANs) Temporal Data Analysis | Anomaly detection of system logs is crucial for the service management of large-scale information systems. Nowadays, log anomaly detection faces two main challenges: 1) capturing evolving temporal dependencies between log events to adaptively tackle with emerging anomaly patterns, 2) and maintaining high detection capabilities across varies data distributions. Existing methods rely heavily on domain-specific data features, making it challenging to handle the heterogeneity and temporal dynamics of log data. This limitation restricts the deployment of anomaly detection systems in practical environments. In this article, a novel framework, Masked Temporal Graph Generative Adversarial Network (MTG-GAN), is proposed for both conventional and cross-domain log anomaly detection. The model enhances the detection capability for emerging abnormal patterns in system log data by introducing an adaptive masking mechanism that combines generative adversarial networks with graph contrastive learning. Additionally, MTG-GAN reduces dependency on specific data distribution and improves model generalization by using diffused graph adjacency information deriving from temporal relevance of event sequence, which can be conducive to improve cross-domain detection performance. Experimental results demonstrate that MTG-GAN outperforms existing methods on multiple real-world datasets in both conventional and cross-domain log anomaly detection. | 10.1109/TNSM.2026.3654642 |
| Masoumeh Safkhani, Mohammad Reza Servati, Fatemeh Rezaei | HEIoT: A Novel Three-Factor Authentication Protocol for Enhanced Security in IoT and Next-Generation Networks | 2026 | Early Access | Authentication Internet of Things Protocols Security Smart devices Elliptic curve cryptography Modeling Error correction codes Biometrics Costing of Yuan et al.’s Protocol Authentication Multi-factor authentication Desynchronization attack Insider adversary Traceability attack User impersonation attack Elliptic Curve Cryptography (ECC) | The Internet has a significant impact on contemporary society, enabling a wide range of applications, including advanced cellular networks such as 4G, 5G, and 6G. Since these communications occur over shared or open channels, ensuring secure data exchange is of critical importance, as any weakness in the communication infrastructure may compromise system reliability. Device authentication in the Internet of Things (IoT) and user authentication in smart environments, such as smart homes, remain fundamental security challenges. As the first line of defense, authentication mechanisms must be robust, since vulnerabilities at this stage can expose the entire system to serious threats. To address these challenges, numerous authentication schemes based on cryptographic primitives, including Elliptic Curve Cryptography (ECC), have been proposed. In this paper, we present a comprehensive security analysis of an ECC-based three-factor authentication protocol proposed by Yuan et al. Our analysis shows that the protocol is vulnerable to desynchronization, user impersonation, traceability, and insider attacks, all of which succeed with probability 1 by exploiting at most two protocol phases. To mitigate these weaknesses, we propose an improved authentication scheme, called HEIoT. The proposed scheme is formally analyzed under the Real-or-Random (RoR) model to establish session-key security and is further verified using the Scyther tool. Moreover, a Python-based implementation is provided to demonstrate the practicality of the proposed protocol. Comparative results indicate that HEIoT achieves stronger security while maintaining acceptable communication, computational, and storage overhead. | 10.1109/TNSM.2026.3702041 |
| Yongqiang Dong, Jiangnan Sun, Jiawen Li, Yongbo Liu | Learning to Configure Like Engineers: Manual Guided Network Configuration Sketch Generation | 2026 | Early Access | Modeling Syntactics Large language models Manuals Retrieval augmented generation Optimization Generators Grounding Design methodology Joining processes Network Configuration Automation Intent-Based Networking Large Language Models Retrieval-Augmented Generation | Network configuration automation is a key component of intelligent network operations aiming to transform user intents into executable device configurations. Most existing approaches take a paradigm of parameter filling within predefined sketches, where the sketches have to be crafted manually by engineers and user intents are expressed in a specific format. Other studies follow a routine of synthesizing configurations directly from natural-language intents, taking advantage of large language models (LLMs) and retrieval augmented generation techniques. The results are yet far from satisfactory in practice due to the complexity of the network configuration requirements. A recently proposed example-driven configuration synthesis method (CEGS), attempts to learn from configuration examples provided by vendors. However, its effectiveness is bounded by example coverage, and the method struggles to generalize to new scenarios. To address this, we present LCLE, an end-to-end sketch generation framework that learns how to configure networks from device configuration guides and command references, much as human engineers do. Specifically, LCLE automatically generates configuration sketches from natural-language intents by LLMs with a structured device configuration model (DCM) extracted from vendor manuals. The DCM organizes configuration workflows, command syntax, and view hierarchies into a unified knowledge base that supports LCLE’s retrieval-augmented generation through a three-stage pipeline of intent parsing, sketch generation, and sketch optimization. Extensive experiments on Huawei and Cisco devices show that LCLE significantly improves the semantic completeness and syntactic correctness of the generated configuration sketches. In addition, the framework can be easily extended to new devices and protocols through DCM updates, promising a scalable solution for automated network configuration. | 10.1109/TNSM.2026.3710600 |
| David Kule Mukuhi, Leo Mendiboure, Rami Langar, Rodrigue Fargeon, Sylvain Cherrier, Marion Berbineau, Pierre-Yves Petton | Application-aware Slicing for FRMCS: A Deep Reinforcement Learning Approach | 2026 | Early Access | The Future Railway Mobile Communication System (FRMCS) will replace GSM-R to support safety-critical and high-throughput applications over a limited 5–10 MHz spectrum. Railway services range from ultra-reliable train control, such as European Train Control System and Automatic Train Operation, to bandwidth-intensive video surveillance and best-effort passenger Wi-Fi, each with distinct requirements. Existing network slicing solutions designed for public 5G networks focus on aggregate slice-level guarantees, neglecting heterogeneous application requirements and the strong channel fluctuations induced by high-speed train mobility. To overcome this limitation, we propose in this paper an Application-Driven Slice Scheduling (ADSS) approach tailored for railway communications. ADSS leverages Deep Reinforcement Learning combined with channel-aware resource allocation to dynamically assign Resource Blocks, ensuring application-level Service Level Agreement (SLA) fulfillment. Evaluations on real Signal-to-Noise Ratio traces from trains traveling at speeds up to 350 km/h, demonstrate that ADSS achieves superior application-level SLA satisfaction, reduces violation gaps, and improves spectral efficiency compared to heuristic and state-of-the-art schedulers. | 10.1109/TNSM.2026.3710830 | |
| Dev Gurung, Shiva Raj Pokhrel | LLM-QFL: Distilling Large Language Model for Quantum Federated Learning | 2026 | Early Access | Modeling Federated learning Large language models Training Tuning Optimization Convergence Servers LoRa Machine learning Quantum Federated Learning Distillation Large Language Models | As Quantum Federated Learning (QFL) scales toward distributed quantum networks, managing heterogeneous resources and communication bottlenecks becomes a critical challenge. This research proposes LLM-QFL, an adaptive network service management framework that leverages Large Language Models (LLMs) to optimize the operational efficiency of QFL systems. We introduce a federated distillation method in which locally fine-tuned LLMs serve as autonomous network agents. These agents adaptively manage service parameters by: i) dynamically adjusting local computation intensity (optimizer steps) based on loss gradients, ii) performing variance-aware client selection to minimize network-wide heterogeneity, and iii) implementing intelligent early stopping criteria to conserve bandwidth. By serving as an orchestration layer, LLM-QFL provides a synergy between LLMs and quantum networking. Our contributions include: i) Adaptive Performance and Efficiency: Reducing idle computation and significantly cutting communication overhead; ii) Theoretical Rigor: Convergence guarantees of O(1/T) for the adaptive management protocol; and iii) Scalable Deployment: Implementing PEFT (LoRA/QLoRA) for resource-constrained quantum service nodes. | 10.1109/TNSM.2026.3712394 |
| Lu Wei, Yong Yu, Jie Cui, Xianfeng Xie, Jing Zhang, Irina Bolodurina, Hong Zhong | Toward Stable and Low-Latency Task Offloading: A Multi-Agent Framework for Vehicular Edge Computing | 2026 | Early Access | Vehicles Delays Stability Optimization Modeling Resource management Clouds Edge computing Equations Timing vehicular edge computing deep reinforcement learning Lyapunov optimization task offloading | With the rapid growth of Vehicular Edge Computing (VEC) and Mobile Edge Computing, efficient task offloading is essential for enhancing the computing and communication capabilities in vehicular networks. However, many existing methods suffer from slow convergence, load imbalance, and instability in dynamic, latency-sensitive environments. To address these challenges, we propose MAPPO-Lyapunov (MAPPO-L), a multi-agent offloading framework that integrates Multi-Agent Proximal Policy Optimization (MAPPO) with Lyapunov optimization. MAPPO-L enables distributed coordination among vehicles, roadside units (RSUs), and cloud servers, minimizing delay, improving resource utilization, and ensuring long-term stability. Lyapunov theory transforms long-term stability into per-slot optimizations, while MAPPO ensures efficient policy learning. An adaptive exploration mechanism dynamically adjusts exploration rates based on network dynamics, accelerating convergence and stabilizing training. Extensive simulations with real-world data show that MAPPO-L maintains task completion rates above 80%, converges 25%–37.5% faster than baselines, and reduces training fluctuations to 2.3%. Ablation studies confirm the critical roles of location, channel, and queue information, validating the robustness of MAPPO-L in practical VEC environments. | 10.1109/TNSM.2026.3713305 |
| Yali Yuan, Qianqi Niu, Yachao Yuan | Early-MFC: Enhanced Flow Correlation Attacks on Tor via Multi-view Triplet Networks with Early Network Traffic | 2026 | Early Access | Flow correlation attacks are an efficient type of network attack, aiming to expose those who use anonymous network services, such as Tor. Conducting such attacks during the early stages of network communication is particularly critical for scenarios demanding rapid decision-making, such as cybercrime detection or financial fraud prevention. Although recent studies have made progress in flow correlation attacks techniques, research specifically addressing flow correlation with early network traffic flow remains limited. Moreover, due to factors such as model complexity, training costs, and real-time requirements, existing technologies cannot be directly applied to flow correlation with early network traffic flow. In this paper, we propose flow correlation attack with early network traffic, named Early-MFC, based on multi-view triplet networks. The proposed approach extracts multi-view traffic features from the payload at the transport layer and the Inter-Packet Delay. It then integrates multi-view flow information, converting the extracted features into shared embeddings. By leveraging techniques such as metric learning, the method optimizes the embeddings space by ensuring that similar flows are mapped closer together while dissimilar flows are positioned farther apart. Finally, Bayesian decision theory is applied to determine flow correlation, enabling high-accuracy flow correlation with early network traffic flow. Furthermore, we investigate flow correlation attacks under extra-early network traffic flow conditions. To address this challenge, we propose Early-MFC+, which utilizes payload data to construct embedded feature representations, ensuring robust performance even with minimal packet availability. Simulation results demonstrate that Early-MFC reduces packet requirements by 80% compared to the state-of-the-art DeepCoFFEA system, while Early-MFC+ maintains formidable attack efficacy even when constrained to only the first ten packets of each flow. | 10.1109/TNSM.2026.3714549 | |
| Rania Farjallah, Bassant Selim, Brigitte Jaumard, Samr Ali, Georges Kaddoum, Jean-Michel Sellier | Maximum Entropy-Based Traffic Generation | 2026 | Early Access | Modeling Optimization Entropy Urban areas Machine learning Training Limiting Generative adversarial networks Timing Tuning Time Series dataset Maximum entropy principle Traffic Modeling Synthetic Traffic Generation | The development of machine learning models and algorithms for many communication network optimization problems has generated a huge need for realistic traffic data generators, as real-world traffic datasets remain very few, especially compared to their size. We therefore propose a novel traffic generation framework based on the Maximum Entropy Principle (MEP). It explicitly incorporates empirical statistical constraints, ensuring generated traffic closely mirrors the complex patterns found in real-world data. Using vehicle traffic datasets of the City of Calgary, we explore multiple distributional assumptions, namely Gaussian, exponential, and mixture models. Our results demonstrate that the Gaussian and the Gaussian mixture models consistently achieve superior performance, capturing diverse temporal fluctuations and intricate statistical behaviors inherent in urban vehicle traffic. This study not only highlights the effectiveness and flexibility of MEP-based models but also establishes them as robust, interpretable, and data-efficient alternatives to existing generative methods in traffic synthesis. | 10.1109/TNSM.2026.3712637 |