TNSM Searchable Index

Author(s)	Title	Year	Publication	Keywords
Cheng Ren, Jinsong Gao, Yu Wang, Yaxin Li, Hongwei Li	GCN-Transformer Assisted Live SFC Migration with Hierarchical Reinforcement Learning in Mobile Edge Computing	2026	Early Access	Feeds Antennas Filtering theory	Empowered by network function virtualization (NFV), mobile edge computing aims to provide low latency and ultra reliable network services to mobile end users, achieved as a service function chain (SFC) consisting of a series of ordered virtual network functions (VNFs). Due to user mobility, live SFC migration is imperative to avoid Quality of Service (QoS) degradation. Recent advances mainly make separate decisions on VNF node remapping and migration path routing in a heuristic manner, or implement both through reinforcement learning within a single agent of ill-defined policy and action space. In this paper, given next access node, we first formulate the live SFC migration problem as an integer linear programming (ILP) model to achieve optimal solutions. Then, we present HRL-QC, a hierarchical reinforcement learning framework that jointly optimizes VNF destination node remapping, migration path and post-migration service path selections for QoS-aware and cost-efficient live SFC migration. A GCN-Transformer block is introduced to capture long-range VNF-to-physical node dependencies, while a two-level actor-critic design couples the decision-makings through inter-level reward passing. Extensive evaluations show that HRL-QC outperforms the state-of-the-art in energy consumption, migration time, end-to-end service delay, and migration success rate, while remaining within a small margin of the optimal ILP solution.	10.1109/TNSM.2026.3681690
Deemah H. Tashman, Soumaya Cherkaoui	Trustworthy AI-Driven Dynamic Hybrid RIS: Joint Optimization and Reward Poisoning-Resilient Control in Cognitive MISO Networks	2026	Early Access	Reconfigurable intelligent surfaces Reliability Optimization	Cognitive radio networks (CRNs) are a key mechanism for alleviating spectrum scarcity by enabling secondary users (SUs) to opportunistically access licensed frequency bands without harmful interference to primary users (PUs). To address unreliable direct SU links and energy constraints common in next-generation wireless networks, this work introduces an adaptive, energy-aware hybrid reconfigurable intelligent surface (RIS) for underlay multiple-input single-output (MISO) CRNs. Distinct from prior approaches relying on static RIS architectures, our proposed RIS dynamically alternates between passive and active operation modes in real time according to harvested energy availability. We also model our scenario under practical hardware impairments and cascaded fading channels. We formulate and solve a joint transmit beamforming and RIS phase optimization problem via the soft actor-critic (SAC) deep reinforcement learning (DRL) method, leveraging its robustness in continuous and highly dynamic environments. Notably, we conduct the first systematic study of reward poisoning attacks on DRL agents in RIS-enhanced CRNs, and propose a lightweight, real-time defense based on reward clipping and statistical anomaly filtering. Numerical results demonstrate that the SAC-based approach consistently outperforms established DRL base-lines, and that the dynamic hybrid RIS strikes a superior trade-off between throughput and energy consumption compared to fully passive and fully active alternatives. We further show the effectiveness of our defense in maintaining SU performance even under adversarial conditions. Our results advance the practical and secure deployment of RIS-assisted CRNs, and highlight crucial design insights for energy-constrained wireless systems.	10.1109/TNSM.2026.3660728
Raffaele Carillo, Francesco Cerasuolo, Giampaolo Bovenzi, Domenico Ciuonzo, Antonio Pescapé	A Federated and Incremental Network Intrusion Detection System for IoT Emerging Threats	2026	Early Access	Training Incremental learning Adaptation models	Ensuring network security is increasingly challenging, especially in the Internet of Things (IoT) domain, where threats are diverse, rapidly evolving, and often device-specific. Hence, Network Intrusion Detection Systems (NIDSs) require (i) being trained on network traffic gathered in different collection points to cover the attack traffic heterogeneity, (ii) continuously learning emerging threats (viz., 0-day attacks), and (iii) be able to take attack countermeasures as soon as possible. In this work, we aim to improve Artificial Intelligence (AI)-based NIDS design & maintenance by integrating Federated Learning (FL) and Class Incremental Learning (CIL). Specifically, we devise a Federated Class Incremental Learning (FCIL) framework–suited for early-detection settings—that supports decentralized and continual model updates, investigating the non-trivial intersection of FL algorithms with state-of-the-art CIL techniques to enable scalable, privacy-preserving training in highly non-IID environments. We evaluate FCIL on three IoT datasets across different client scenarios to assess its ability to learn new threats and retain prior knowledge. The experiments assess potential key challenges in generalization and few-sample training, and compare NIDS performance to monolithic and centralized baselines.	10.1109/TNSM.2026.3675031
Jing Zhang, Chao Luo, Rui Shao	MTG-GAN: A Masked Temporal Graph Generative Adversarial Network for Cross-Domain System Log Anomaly Detection	2026	Early Access	Anomaly detection Adaptation models Generative adversarial networks	Anomaly detection of system logs is crucial for the service management of large-scale information systems. Nowadays, log anomaly detection faces two main challenges: 1) capturing evolving temporal dependencies between log events to adaptively tackle with emerging anomaly patterns, 2) and maintaining high detection capabilities across varies data distributions. Existing methods rely heavily on domain-specific data features, making it challenging to handle the heterogeneity and temporal dynamics of log data. This limitation restricts the deployment of anomaly detection systems in practical environments. In this article, a novel framework, Masked Temporal Graph Generative Adversarial Network (MTG-GAN), is proposed for both conventional and cross-domain log anomaly detection. The model enhances the detection capability for emerging abnormal patterns in system log data by introducing an adaptive masking mechanism that combines generative adversarial networks with graph contrastive learning. Additionally, MTG-GAN reduces dependency on specific data distribution and improves model generalization by using diffused graph adjacency information deriving from temporal relevance of event sequence, which can be conducive to improve cross-domain detection performance. Experimental results demonstrate that MTG-GAN outperforms existing methods on multiple real-world datasets in both conventional and cross-domain log anomaly detection.	10.1109/TNSM.2026.3654642
Wangqing Luo, Jinbin Hu, Hua Sun, Pradip Kumar Sharma, Jin Wang	SALB: Security-Aware Load Balancing for Large Language Model Training in Datacenter Networks	2026	Early Access	Training Load management Packet loss	To meet the massive compute and high-speed communication demands of Large Language Model (LLM) training, modern datacenters typically adopt multipath topologies such as Fat-Tree and Clos to host parallel jobs across hundreds to thousands of GPUs. However, LLM training exhibits periodic, high-bandwidth communication patterns. Existing load-balancing schemes become misaligned under dynamic congestion and anomalous surges: they struggle to promptly mitigate iteration-peak congestion and lack effective isolation of anomalous traffic. To address this, we propose Security-Aware Load Balancing (SALB) for LLM training. SALB leverages a Deep Reinforcement Learning (DRL) controller with queue and delay signals for packet-level multipath load balancing and employs path binding to confine suspicious flows. By integrating data security into load balancing, SALB simultaneously achieves high throughput and robust traffic isolation. NS-3 simulation results show that, compared with CONGA, Hermes, and ConWeave, SALB reduces the 99th-percentile flow completion time (FCT) of short flows by an average of 65% and increases the throughput of long flows by an average of 54%. It further outperforms the baselines in aggregate throughput, path utilization, and packet loss rate, thereby significantly enhancing system stability, robustness, and data security.	10.1109/TNSM.2026.3678979
Kang Liu, Jianchen Hu, Donglai Ma, Xiaoyu Cao, Yuzhou Zhou, Lei Zhu, Li Su, Wenli Zhou, Xueqi Wu, Feng Gao	Topology-Aware Virtual Machine Placement through the Buffer Migration Mechanism	2026	Early Access	Central Processing Unit Filtering Filters	The virtual machine (VM) placement considering the topology constraints is difficult because the unpredictable topological VMs raise additional structural requirements (including the affinity, anti-affinity and fault-domain) on the resource pool. Thus, the service level agreement (SLA) can be violated even when the occupancy of the resource pool is quite modest. In order to solve this problem, we propose an efficient buffer-migration-based heuristic online algorithm. First, we build an integer programming model for the topology-aware VM placement problem. Second, we propose a hierarchical resource-preserving online approach, where the Rack and physical machine (PM) nodes are selected in the upper and lower layers respectively. Finally, we utilize the buffer to place and migrate the unfitted VMs to enhance the capacity of the resource pool. The proposed approach is tested with high proportional topological VM requests (nearly 60%) in the resource pool with the scale of 500, 1000 and 1500 PMs. The results show that our online approach (with unknown upcoming VM information) can achieve more than 85% of the performance for the offline approach (with complete upcoming VM information). The latency is lower than 5ms per VM.	10.1109/TNSM.2026.3678976
Kexian Liu, Jianfeng Guan, Su Yao, Ilsun You, Hongke Zhang	OMEGA: A Comprehensive Cloud-Edge-Device Authentication and Key Agreement Scheme for Collaborative Multi-Factory Manufacturing in IIoT	2026	Early Access		Cloud Manufacturing (CMfg) has revolutionized traditional manufacturing by enabling resource sharing across factory boundaries. As industry increasingly adopts cloud-edge-device collaborative ecosystems, effective authentication and key agreement (AKA) mechanisms play a critical role in safeguarding security across these complex multi-factory environments. Existing schemes, however, focus primarily on isolated binary security relationships (e.g., device-edge, device-cloud, or edge-cloud pairs individually), neglecting the integrated cloud-edge-device collaborative security demands inherent in multi-factory environments, while often relying on trusted authorities and high-overhead cryptographic mechanisms. This leads to redundant authentication processes, increased latency, and security vulnerabilities as devices must separately establish connections with each entity. To bridge these gaps, this paper introduces OMEGA: a comprehensive Cloud-Edge-Device Authentication and Key Agreement scheme for collaborative multi-factory manufacturing that pioneers an integrated security architecture. OMEGA’s distinctive advantage lies in its ability to establish all necessary secure connections (device-edge, device-cloud, and edge-cloud) through a single authentication request from the smart manufacturing device (SMD), significantly reducing authentication overhead. By leveraging lightweight hash operation, OMEGA creates a cohesive security fabric that enables SMDs to concurrently access specialized capabilities from multiple clouds while leveraging edge computing for time-sensitive operations. Security analysis using both Real-Or-Random (ROR) model and ProVerif formal verification tool demonstrates OMEGA achieves robust security while performance evaluation confirms its superior efficiency in industrial environments.	10.1109/TNSM.2026.3683347
Xiaolong Wang, Haipeng Yao, Lin Zhu, Wenji He, Wei Zhang, Mohsen Guizani	Joint Optimization of Routing and Scheduling in Cross-Domain Deterministic Networks	2026	Early Access	Space exploration Filtering Filters	Industrial Internet applications require networks to guarantee deterministic end-to-end latency and zero packet loss at both the data link and network layers. Traditional best-effort communication models in consumer networks are insufficient to meet these stringent demands. To meet these stringent demands, the IEEE 802.1 standards introduce Time-Sensitive Networking (TSN) at the data link layer, while the IETF proposes Deterministic Networking (DetNet) for the network layer. However, enabling seamless cross-domain communication between TSN and DetNet remains a significant challenge. This paper proposes a unified cross-domain network architecture and a time-slot alignment strategy that compensates for synchronization errors between the TSN and DetNet layers. We further develop a Joint Routing and Scheduling algorithm for Deterministic Cross-Domain Transmission (JRS-DCT), which simultaneously addresses routing and scheduling under cross-domain constraints. The algorithm leverages Cycle-Specified Queuing and Forwarding (CSQF) in DetNet and Cycle Queuing and Forwarding (CQF) in TSN to ensure bounded latency and deterministic transmission. Extensive simulations demonstrate that the proposed JRS-DCT algorithm significantly improves the scheduling success rate and effectively reduces network resource utilization compared to two baseline algorithms. These results validate the effectiveness and robustness of the proposed framework in supporting time-sensitive communication across heterogeneous network environments.	10.1109/TNSM.2026.3679810
Xinyue Zhang, Xuan Zhou, Jie Ma, Zeqi Li, Feng He	Interference-Aware Multi-Metric Delay Evaluation and Optimization for Switched Networks	2026	Early Access	Aerospace electronics Aerospace engineering Radio broadcasting	Switched networks are essential to modern real-time systems, where packet delays must be tightly bounded with minimal variation. Traditional delay analysis often focuses on worst-case bounds, but may overlook delay jitter induced by fine-grained inter-flow interference, which can degrade real-time performance and stability. Existing routing schemes typically rely on proxy indicators such as link load or path length, offering limited explicit control over delay and jitter behavior. To address these limitations, we propose an interference-aware delay evaluation and optimization framework that models the encounter interval and magnitude of flow interference at the packet level. From this, we derive worst-case delay, average delay, and delay jitter, and integrate these metrics into a unified, tunable optimization objective. We design a K-shortest-path genetic algorithm to jointly reduce them. Experimental results over multiple traffic loads demonstrate consistent improvements in delay and jitter performance, indicating that the proposed approach is scalable and practical for delay-sensitive and stability-critical switched networks.	10.1109/TNSM.2026.3680250
Hasanin Harkous, Ahan Kak, Alistair Urie, Heiko Straulino, Huanzhuo Wu, Huu-Trung Thieu, Nakjung Choi	Flat UP: A Converged RAN-Core Architecture for the 6G User Plane	2026	Early Access	Broadcasting Broadcast technology Central Processing Unit	The ongoing industry shift toward Radio Access Network (RAN) disaggregation, virtualization, and cloudification has disrupted the conventional hierarchical design of cellular networks and opened the door to greater convergence between the RAN and core domains. Despite this progress, implementing such converged architectures in practice presents numerous challenges, including those related to protocol and architectural design, quality-of-service (QoS) assurance, control plane configuration, and support for emerging 6G-specific use cases. To address these challenges, this article presents the flat User Plane (UP) architecture, a novel framework for RAN-core convergence centered around a new 6G-native component: the Access User Plane Function (AUPF). The article outlines the key innovations in the newly proposed flat user plane architecture, including protocol- and feature-level design evolutions as well as enhancements to QoS provisioning. It then explores various counterpart Control Plane (CP) architectures, analyzing the impact of the new design on different 3GPP CP procedures. A concrete, system-level prototype implementation of the AUPF is developed, accompanied by a comprehensive over-the-air evaluation to assess both fundamental network performance metrics and user plane Quality of Experience (QoE). Additionally, multiple deployment models are examined to quantify the CP signaling overhead associated with different architectural options. The results demonstrate that the proposed flat UP architecture not only improves throughput, latency performance and QoE but also reduces overall compute resource utilization when compared to the conventional hierarchical 5G user plane. The CP evaluation further provides practical insights and guidelines for real-world deployment scenarios.	10.1109/TNSM.2026.3680720
Kai-Chi Chen, Shan-Hsiang Shen	Named Image-Layer Networks for Containers	2026	Early Access	Radio broadcasting Frequency modulation Central Processing Unit	In recent years, continuous integration and continuous deployment (CICD) [1][2][3] have become industry standards in software development, aiming for automatic and efficient build and deployment processes. Nonetheless, integrating core frameworks and similar packages in each build often leads to redundancy, time wastage, and overall efficiency reduction. This study focuses on optimizing the CICD process, particularly in package management and data storage efficiency. It utilizes Network File System (NFS), which employs a robust caching mechanism, to store and deliver the necessary packages and resources. This approach significantly reduces redundant downloads and storage, enhancing efficiency. In addition, we identify challenges in package transmission and storage under the existing network architecture. To overcome these challenges, we propose the Named Image Layer Networking (NIN) technology to optimize package management and retrieval. The integration of NIN allows for a more effective selection of optimal caching nodes, thereby further improving the efficiency of the CICD process.	10.1109/TNSM.2026.3681754
Zhenzhen Yan, Lizhi Peng, Peiqiang Liu, Yingshuo Bao, Bo Yang	NT-Transformer: A Non-Pretrained Encrypted Network Traffic Classification Model	2026	Early Access	Payloads Military aircraft Space technology	Network traffic classification plays an indispensable role in network management, Quality of Service (QoS), and cybersecurity. With the widespread encryption techniques applied to network traffic, it has become increasingly challenging to classify network traffic into different management groups accurately. In recent years, pre-training Transformer-based models have been successfully applied to Natural Language Processing (NLP), and researchers have also introduced such models into encrypted network traffic analysis. However, besides the similarities of words in NLP and byte codes in network traffic, there exist essential differences between them, which may cause inefficacy of the pretrained model when being applied to new traffic data. In this paper, we propose a non-pretrained encrypted network traffic classification model based on Transformer called NT-Transformer, which can directly learn labeled network traffic features at two levels of granularity, namely, byte level (uni-gram or bi-gram) and flow level (packet size and packet inter-arrival time), without the relatively expensive pre-training procedure of unlabeled data. This method is validated on three public datasets and three sets of recently collected network traffic data. Experimental results indicate that in some scenarios, pretrained models offer limited performance gains when applied to new encrypted network traffic data not encountered during pretraining, and NT-Transformer with uni-gram byte representation outperforms the state-of-the-art models in terms of pushing the F1 score up by 0.25% - 2.24%.	10.1109/TNSM.2026.3683410
Jun Xu, Dejun Yang, Abdulelah Talea	Communication-Efficient Client Selection for Federated Learning with Unknown Channel State	2026	Early Access	Broadcasting Broadcast technology Feedback	Federated learning (FL) utilizes distributed edge devices for training based on local datasets which preserves data privacy at the cost of frequent communications of model parameters. The channel state between clients and the aggregator affects the successful delivery of model parameters. A client under poor channel state may fail to deliver its local model parameters and thus results in energy waste. Besides, obtaining the channel state takes extra overhead, which may degrade communication efficiency. It motivates us to investigate the client selection problem for FL with unknown channel state. We first derive an upper bound of the convergence for FL, which reflects the effects of the channel state and client selection decisions. We then formulate a client selection problem considering both the convergence and energy consumption. To solve this problem, we further transform it into a restless multi-armed bandit (RMAB) problem. We prove its indexability and propose an index-based client selection algorithm, termed IDXSel, which has low time complexity, is easy to implement, and is proved to be asymptotically optimal. We compare our IDXSel algorithm with the FedAvg, TransP, IS, FedNorm, UCB-based, and ϵ-greedy-based algorithms on the MNIST and CIFAR-10 datasets. Results show that our algorithm achieves comparable or higher accuracy than the baselines, but wastes more than 5× less energy than the worst of the baselines among all the evaluated scenarios.	10.1109/TNSM.2026.3682080
Vibha Jain, Prabal Verma, Mohit Kumar, Aryan Kaushik	Blockchain-enabled Incentive Mechanism for Federated Learning: A Multi-Agent Deep Deterministic Policy Gradient Approach	2026	Early Access	Broadcasting Broadcast technology Central Processing Unit	The expeditious growth of the Internet of Things (IoT) generates massive data, which allows advanced machine learning. However, the traditional approach of centralized model training raises the issue of high bandwidth consumption and privacy. Federated learning (FL) mitigates this by enabling local training on raw data with centralized aggregation to generate the global model. The effectiveness of FL depends upon the active participation of resource-constrained local devices. This article presents a blockchain-enabled incentive mechanism for FL leveraging the Multi-Agent Deep Deterministic Policy Gradient (MA-DDPG) algorithm. Specifically, an incentive scheme is formulated with the MEC (Mobile Edge Computing) server as the leader agent and local devices as learning agents in a cooperative environment. We formalize a two-stage Stackelberg game to establish a Nash equilibrium, which ensures fair and utility-optimized reward distribution for MEC and devices. A Markov Decision Process (MDP) is utilized to solve the equilibrium with incomplete knowledge, and utilities are optimized using the MA-DDPG algorithm. The proposed model considers data quality and device contribution to obtain optimal reward distribution and participation strategies dynamically. The experimental results show an approximate 38% improvement in MEC utility and approx 17% in device utility, with rapid convergence (approximately 300-500 episodes) at a learning rate of 0.0001.	10.1109/TNSM.2026.3682129
Arad Kotzer, Tom Azoulay, Yoad Abels, Aviv Yaish, Ori Rottenstreich	SoK: DeFi Lending and Yield Aggregation Protocol Taxonomy, Empirical Measurements, and Security Challenges	2026	Early Access	Filtering Application specific integrated circuits Filters	Decentralized Finance (DeFi) lending protocols implement programmable credit markets without intermediaries. This paper systematizes the DeFi lending ecosystem, spanning collateralized lending (including over- and under- collateralized designs, and zero-liquidation loans), uncollateralized primitives (e.g., flashloans), and yield aggregation protocols which allocate capital across underlying lending platforms. Beyond a taxonomy of mechanisms and comparing protocols, we provide empirical on-chain measurements of lending activity and user behavior, using Compound V2 and AAVE V2 as case studies, and connect empirical observations to protocol design choices (e.g., interestrate models and liquidation incentives). We then characterize vulnerabilities that arise due to notable designs, focusing on interestrate setting mechanisms and time-measurement approaches. Finally, we outline open questions at the intersection of mechanism design, empirical measurement and security for future research.	10.1109/TNSM.2026.3682174
Zuodong Wu, Dawei Zhang, Mianxiong Dong, Kaoru Ota	PDRAA: An Efficient Privacy Data Retrieval Protocol with Anonymous Authorization Based on Verifiable Credential	2026	Early Access	Payloads Broadcasting Broadcast technology	In the data-driven era, the unchecked collection and processing of personal data has given rise to serious privacy concerns. In response, the General Data Protection Regulation (GDPR) was introduced to grant individuals stronger control over the use of their data. Privacy data retrieval methods show considerable promise in this context, but further improvements are required to balance the principles of lawfulness and data minimization. To address this problem, we propose PDRAA, an efficient privacy data retrieval protocol with anonymous authorization based on the verifiable credential (VC). Specifically, our designed VC achieves anonymous identification of data subjects and facilitates fine-grained access control by supporting selective disclosure of attributes. By combining VC with non-interactive zero-knowledge (NIZK) proofs, PDRAA enables data subjects to anonymously authenticate via VC presentation. This allows the data controller to verify the legitimacy of retrieval requests while ensuring compliance with the principle of data minimization. Besides, PDRAA introduces a re-randomization mechanism to prevent linkability attacks during the authorization process and provides lightweight, flexible authorization revocation. Moreover, we utilize Labeled Private Set Intersection (Labeled PSI) technology to meet the privacy requirements of participants and support batch retrieval. Our protocol takes a comprehensive security analysis within the Universal Composability framework. Experimental results demonstrate that PDRAA outperforms existing methods in terms of performance, which is significant for promoting compliance with GDPR.	10.1109/TNSM.2026.3681957
Maria K. S. Barbosa, Mateus Machado, Kelvin L. Dias, Hansenclever Bassani, Adiel T. De Almeida Filho	Segment Routing Path Optimization for URLLC in NextG Mobile Transport Network via Multi-Armed Bandits	2026	Early Access	Payloads Aircraft navigation Urban air mobility	In the Sixth Generation (6G)/Next Generation (NextG) of Mobile Networks, enhanced Fifth Generation (5G) ultra reliable and low-latency communications (URLLC) service category will play a pivotal role for innovative services. Existing solutions to embrace URLLC leverage on radio link optimizations and Multi-access Edge Computing (MEC) deployment. In addition to URLLC requirements, the applications not yet effective materialized in 5G such as remote surgery, Industrial IoT, cloud gaming, self-driving cars, and the new ones (e.g., holographic communication), will require even more data transfer. Thus, an end-to-end (E2E) solution is required since this 6G traffic surge may cross multiple routers in a transport network between the User Equipment (UE) and the application servers, even in MEC deployment scenarios. Such traffic flooding can lead to packet losses and increased latencies in the packet forwarding process. Recently, Segment Routing (SR) has emerged as an enabler for traffic engineering/ path selection for transport networks. This proposal presents a solution based on SR, which defines the paths from the MEC application to the UE. To select the optimal path that minimizes packet loss and latency, we employ a Multi-Armed Bandit model to determine the best SR path (SRP). We categorized the problem as multi-objective and applied different exploration strategies, such as Epsilon Greedy (EG), Thompson Sampling (TS), Contextual Multi-Armed Bandit (CMAB), and n-step bootstrapping, to identify the best fit for the problem. We evaluated the proposal using two different network topologies, one balanced and one unbalanced. The results demonstrate that the CMAB reduced latency in 27% and 25% compared with the EG, for balanced and unbalanced topology, respectively.	10.1109/TNSM.2026.3682208
Jiajia Du, Songtao Liu, Cheng Zhi, Junfan Zhao, Hua Wu, Guang Cheng	TunnelEye: An Explainable Framework for Real-Time Detection of Malicious DoH Traffic in High-Speed Backbone Networks	2026	Early Access	Payloads Military aircraft Space technology	Since plaintext DNS queries are vulnerable to eavesdropping and tampering, encrypted DNS protocols such as DoH (DNS over HTTPS) have been widely adopted. However, attackers can exploit DoH by hiding malicious DNS requests and responses in HTTPS traffic, enabling covert communication and evading detection. Existing methods rely on generic bidirectional traffic statistics that lack interpretability, are costly to compute, and may become unavailable or unstable in backbone monitoring nodes with massive unidirectional and sampled traffic. To address these issues, we propose TunnelEye, an explainable real-time framework for malicious DoH detection. It uses protocol-level behavioral analysis to capture DoH features that remain stable across traffic directions and sampling rates, and introduces an efficient data structure, DoH-Sketch, to ensure real-time performance. Experiments on public and self-collected datasets show that TunnelEye enables second-level detection with high accuracy. On public datasets, it achieves 99.88% accuracy. In backbone networks with sampled traffic, TunnelEye outperforms existing methods, improving accuracy by 14.5% at a 1/128 sampling rate and reducing the false positive rate by 31% under interference from background traffic.	10.1109/TNSM.2026.3682686
Dena Markudova, Michela Meo	Advancing Congestion Control for Real-Time Communications with Reinforcement Learning: the ReCoCo framework	2026	Early Access	Feeds Broadcasting Circuits	Real-Time Communication (RTC) applications such as video conferencing and cloud gaming are used daily for both work and leisure. With the ever-growing need of better quality video and audio, comes the necessity for novel Congestion control algorithms that optimize the channel bandwidth usage and improve the Quality of Experience (QoE) of users. Since RTC typically operates over UDP, congestion control is implemented at the application layer, enabling the deployment of advanced adaptive algorithms. In this paper, we propose ReCoCo, a fully Reinforcement Learning (RL)-based congestion control solution for RTC. ReCoCo leverages receiver-side network statistics to predict short-term bandwidth dynamics and adapt the sender's rate accordingly. We train the model using 162 heterogeneous bandwidth traces and evaluate it on more than 3000 additional unseen traces to assess generalization. We benchmark ReCoCo against four state-of-the-art RTC congestion control algorithms and find that it outperforms them in QoE by 14% - 34% on the training data and 3% - 20% on the test data. The gains stem primarily from improved bandwidth utilization, while maintaining competitive delay variation and negligible packet loss. Beyond aggregate performance, we analyze robustness across diverse bandwidth regimes to ensure stable behaviour. These results demonstrate that large-scale trace-driven RL training can produce congestion control policies that generalize effectively across heterogeneous network conditions, offering a practical and deployable alternative to heuristic-based approaches.	10.1109/TNSM.2026.3683265
Venkatesan C, Jeevanantham S, Rebekka B	Credibility-Aware Hierarchical Blockchain Consensus Protocol for Bandwidth-Limited IoT Edge Networks	2026	Early Access	Payloads Military aircraft Space technology	The Internet of Things (IoT) edge networks are widely accompanied by blockchain for the associated benefits namely, transparency, reliability and security. Especially, the consensus mechanism is the integral part of the blockchain to attain the common agreement among the nodes. The practical impediments associated with this synergy are scalability, network overhead, fault tolerance, and computational resource constraints. Thus, to surmount these issues, we propose a novel Heirarchical Proof of Credibility (HPoC) consensus protocol incorporating the randomization of miner through Physical Layer Key (PLK). Unlike existing works, the orchestration of node responsibilities in hierarchy is dynamic based on the node’s malicious behavior during mining process. Further, the Shulze beatpath method-based penalization of the byzantine voting behavior is introduced. The proposed HPoC is evaluated on the Long Range (LoRa) Wide Area Network (WAN) for validating its performance in the presence of resource constraints. The HPoC shortens the consensus latency by 76.4%, 42.5%, 30.5%, 30.98%, 35.84% and 3.7% with respect to Proof of Work (PoW), Practical Byzantine Fault Tolerance (PBFT), RAFT, Reputation Awareness Randomization Consensus (RARC), Reputation-based Secure HotStuff (RSHS), and Proof-of-Physical-Layer-Authentication (PoPLA) respectively. The HPoC surpasses existing schemes by reducing the communication cost significantly while tolerating half of the nodes being byzantine nodes.	10.1109/TNSM.2026.3683555