Last updated: 2026-07-02 05:01 UTC
All documents
Number of pages: 167
| Author(s) | Title | Year | Publication | Keywords | ||
|---|---|---|---|---|---|---|
| Yiyang Li, Wei Wang, Yibo Wang, Qiaojun Hu, Weiliang Zhang, Yongli Zhao, Xiaoyu Wang, Jie Zhang | Computing-State Driven Proactive Congestion Control for AI Cluster Interconnect Networks | 2026 | Early Access | Timing Modeling Fluid flow Information rates Throughput Switches Training Data centers Conferences Joining processes large language model remote direct memory access congestion control algorithms distributed training | The rapid upgrade of computing power and the prosperity of large language model (LLM) in data center networks (DCNs) lead to a rigorous demand for ultra-low latency and high throughput. To mitigate the overhead of collective communication during distributed training (DT), Remote Direct Memory Access (RDMA) has been widely adopted in DCNs. Particularly, congestion control algorithms (CCAs) designed for RDMA have attracted much attention to mitigate performance deterioration under network congestion. However, through comprehensive analysis, we investigate that, due to sluggish end-to-end reaction and slow rate convergence, existing widely used reactive CCAs have several limitations in handling bursty traffic (e.g., AllReduce). Specifically, excessive packets are transmitted before senders activate the reaction and converge to the fair rate, which builds up a deep queue and may incur subsequent significant throughput loss. In this paper, we propose a computing-state driven proactive congestion control (CSPCC) with easy deployability. CSPCC consists of the congestion prediction module and the active congestion response module. It leverages current computing state to predict network congestion time and inform corresponding sources in advance. We provide a detailed introduction to the implementation of CSPCC. Then, we conducted small-scale hardware tests and large-scale simulations to evaluate the performance of CSPCC. On our testbed, under NCCL-TESTs, CSPCC improves throughput by 1.67%–13.35% and decreases switch queue occupancy by 28.33%–58.33% compared to DCQCN. Furthermore, under concurrent multi-job LLaMA training, it reduces end-to-end job completion time (JCT) by 5.3%–9.0%. | 10.1109/TNSM.2026.3705429 |
| Guangxia Xu, Zhuo Ye, Lu Wang, Xing Huang, Lei Liu, Shahid Mumtaz, Mohsen Guizani | GNN-OSS: A Capacity-Feasible Graph Learning Framework for Secure Blockchain Sharding in IIoT | 2026 | Early Access | Effective scaling of blockchain-enabled Industrial Internet of Things (IIoT) requires sharding that simultaneously ensures transaction locality, strict committee-size feasibility, and robustness against malicious node concentration. Existing methods often fail to balance this trilemma, risking either infeasible deployments or increased shard-takeover vulnerabilities. To address this, we propose GNN-OSS, a deployable sharding framework that decouples topology-aware preference learning from hard constraint enforcement. It first employs a trust-repulsion graph neural network to learn locality-aware preferences while discouraging low-trust nodes from collapsing into the same representation region. A Post-Hoc Capacity-Constrained Projection (PH-CCP) then maps these soft preferences into strictly feasible shard assignments. Finally, an entropy-driven Over-lapping Sparse Scheme (OSS) selectively replicates boundary nodes to reduce residual cross-shard overhead without altering primary consensus membership. Evaluations demonstrate that, under the evaluated settings, GNN-OSS achieves a favorable performance–security trade-off. Against 20% malicious nodes, it substantially mitigates shard-takeover risks. Furthermore, it improves throughput by up to 33% over strictly feasible baselines and lowers the cross-shard ratio from 6.4% to 4.4% with minimal per-epoch overhead. Overall, GNN-OSS provides a practical sharding framework for open or hybrid blockchain-enabled IIoT environments. | 10.1109/TNSM.2026.3709024 | |
| Liang Chen, Xiaoding Wang, Limei Lin, Yanze Huang, Siwei Zheng | Defense in Depth: Architectural Homology for Adversarially Robust Semantic Communication | 2026 | Early Access | Semantic communication framework based on deep encoder–decoder architectures are increasingly vulnerable to adversarial attacks, wherein imperceptible input perturbations can induce significant misclassifications, posing critical risks to next-generation communication networks. To address this challenge, we introduce TopAliSC-KG, a holistic robust learning framework designed to fortify semantic communication against adversarial threats through a multi-layered defense strategy. Our approach integrates two complementary mechanisms: a homology graph-aligned adversarial training module that embeds topological constraints into the model optimization process to promote structural invariance, and a knowledge-guided semantic consistency module that utilizes auxiliary models to inject stable, high-level semantic information into the training loop. Together, these components establish a defense-in-depth architecture that enhances resilience across data, feature, and model levels. Extensive evaluations across diverse channel conditions, signal-to-noise ratios, and adversarial attack scenarios show that TopAliSC-KG consistently improves adversarial accuracy by 0.32%–3.39%, with the knowledge guidance mechanism contributing a further 0.11%–0.21% gain. This work provides a validated, multi-framework defense strategy suitable for securing semantic communication in mission-critical applications, advancing both the security and reliability of intelligent communication systems. | 10.1109/TNSM.2026.3705940 | |
| Mohamed Seliem, Utz Roedig, Cormac Sreenan, Dirk Pesch | M-FRER: A Multi-Connectivity Framework for Reliable and Deterministic 5G–TSN Integration | 2026 | Early Access | Achieving ultra-reliable communication under strict end-to-end latency constraints in integrated 5G–TSN systems requires fault-tolerant mechanisms that extend beyond single-leg wireless transmission. Existing approaches that extend IEEE 802.1CB Frame Replication and Elimination for Reliability (FRER) to 5G through redundant PDU sessions or dual connectivity remain restricted to two-leg redundancy, lack correlation awareness, and operate under static replication policies. This paper proposes M-FRER, a multi-connectivity extension of FRER that enables replication and elimination across M heterogeneous connectivity legs, including multi-RAT, multi-PDU session, and non-3GPP access. M-FRER introduces (i) a correlation-aware reliability model that captures shared-risk dependencies between legs, and (ii) an adaptive replication controller that selects the active replication set while minimizing bandwidth, energy, and control overhead. Evaluations combining trace-based latency modeling with analytical reliability bounds under correlation show that M-FRER achieves five-nines on-time reliability (≥99.999%) with only a modest bandwidth increase relative to dual-connectivity replication, while maintaining bounded jitter through controlled elimination windows. These results indicate that deadline-compliant communication over stochastic wireless media is achievable when redundancy and control are jointly optimized, positioning M-FRER as a scalable foundation for TSN-integrated industrial 5G deployments. | 10.1109/TNSM.2026.3705859 | |
| Jiayi Liu, Jinshuo Wang, Yizhi Huang, Chen Wang | LLM Deployment Strategies on Mobile Edge Servers for Dynamic Uncertain User Requests | 2026 | Early Access | Leveraging on the task planning and solving capability of pretrained Large Language Models (LLMs), deploying LLM agents on Mobile Edge Computing (MEC) edge servers brings significant benefits for an Internet of Things (IoT) network for providing enhanced AI intelligence with acceptable delay. In this work, we consider the edge LLMs deployment strategy in an end-edge-cloud LLM agents system for the IoT services, which jointly determines the locations and number of LLM initializations and user requests offloading strategy in a dynamic network environment with stochastic user requests. We formulate this joint LLM Deployment and inference Tasks Offloading (LLMDTO) problem. Typically, we design an LLM service performance evaluation mechanism by measuring its processing delay with stochastic user requests arrivals by Stochastic Network Calculus (SNC). Due to the complexity of the LLMDTO problem, we decompose this joint optimization problem into two subproblems and propose an algorithm based on Multi Agent Deep Reinforcement Learning (MADRL) scheme. To accelerate the training process of the DRL, a reward model is designed by applying the Kolmogorov Arnold Networks (KAN) to return a fast reward estimation. Finally, we validate the proposed algorithm through extensive simulations and results show the effectiveness of the proposition on lower deployment cost and delay in a dynamic network environment. | 10.1109/TNSM.2026.3708677 | |
| Juan Zhang, Yangjun Ma, Xunzheng Zhang, Zhao Huang, Qiuji Yi, Nauman Aslam | Multi-objective SFC Placement with Future Demand Awareness in Dynamic Cross-Domain Networks | 2026 | Early Access | Efficient service function chain (SFC) placement is critical for optimizing network service delivery in dynamic cross-domain networks (CDNs), especially under resource-constrained and heterogeneous environments. However, existing approaches face fundamental limitations in achieving effective multi-objective optimization, particularly in balancing latency minimization with efficient resource utilization. These challenges are further compounded by the inability to capture future resource dynamics and limited visibility across multiple domains. To address these challenges, we propose a novel multi-objective framework for SFC placement that jointly considers latency and resource utilization. The framework integrates Transformer-based prediction with linear programming (LP) to explicitly model future deployability, enabling proactive and globally informed placement decisions. In addition, a dynamic modeling mechanism is developed using domain-aware detection and graph autoencoders (GAEs) to capture evolving network topologies and cross-domain structural dependencies. A Pareto-based optimization strategy is further employed to systematically balance latency and resource efficiency across heterogeneous domains and varying workload conditions. Extensive experiments across multiple network scales and diverse SFC configurations demonstrate that the proposed framework achieves a superior trade-off between latency and deployment capability, while improving scalability, robustness, and long-term resource efficiency in dynamic and large-scale CDN environments. | 10.1109/TNSM.2026.3708714 | |
| Heewon Kim, Hochan Lee, Chanbin Bae, Haneul Ko, Sangheon Pack | Traffic- and Multi-Tenancy-Aware In-Network Aggregation Placement for Distributed Machine Learning | 2026 | Early Access | Distributed machine learning is an effective method to alleviate the intensive computation costs of training; however, it suffers from network bottlenecks while collecting local results. The recent advent of programmable data planes has opened a new avenue, in-network aggregation, which executes gradient aggregations in the middle of the network, resolving network bottlenecks, and further accelerates distributed machine learning. However, due to resource-constrained features of current programmable data planes, deploying in-network aggregation functionalities throughout the network would impose an unacceptable burden, posing a need for sophisticated deployment. In this paper, a problem of deploying in-network aggregation functionalities is studied to minimize the total network traffic in multi-tenant distributed machine learning. We formulate the problem as an integer linear programming (ILP) problem and prove its NP-hardness. Since finding the optimal solution using the brute-force method is extremely complicated, we propose a traffic-aware in-network aggregation placement algorithm based on a two-stage many-to-one matching game (denoted TAPINA-MG). The simulation results demonstrate that TAPINA-MG shows nearoptimal performance with low complexity, achieving up to 22.5%, 38.9%, and 96.0% reduction for network traffic, maximum link utilization, and communication time, respectively, compared to state of the art, and effectively handles dynamic situations with minimal migration delay and comparable traffic performance. | 10.1109/TNSM.2026.3709103 | |
| Lion Steger, Liming Kuang, Johannes Zirngibl, Georg Carle, Oliver Gasser | Still on Target? An Evaluation of IPv6 Target Generation Algorithms | 2026 | Early Access | Internet measurements are a crucial foundation of IPv6-related research. Due to the infeasibility of full address space scans for IPv6 however, those measurements rely on collections of reliably responsive, unbiased addresses, as provided e.g., by the IPv6 Hitlist service. Although used for various use cases, the hitlist provides an unfiltered list of responsive addresses, the hosts behind which can come from a range of different networks and devices, such as web servers, customer-premises equipment (CPE) devices, and Internet infrastructure. In this paper, we demonstrate the importance of tailoring hitlists in accordance with the research goal in question. By using PeeringDB we classify hitlist addresses into six different network categories, uncovering that 42% of hitlist addresses are in ISP networks. Moreover, we show the different behavior of those addresses depending on their respective category, e.g., ISP addresses exhibiting a relatively low lifetime. Furthermore, we analyze different Target Generation Algorithms (TGAs), which are used to increase the coverage of IPv6 measurements by generating new responsive targets for scans. We use seed sets, e.g., based on the categorized Hitlist. We evaluate the performance of TGAs under various conditions and find generated addresses to show vastly differing responsiveness levels for different TGAs. Furthermore, we evaluate of algorithm run times and differences between multiple TGA runs. | 10.1109/TNSM.2026.3705935 | |
| Jing Zhang, Chao Luo, Rui Shao | MTG-GAN: A Masked Temporal Graph Generative Adversarial Network for Cross-Domain System Log Anomaly Detection | 2026 | Early Access | Anomaly detection Adaptation models Generative adversarial networks Feature extraction Data models Load modeling Accuracy Robustness Contrastive learning Chaos Log Anomaly Detection Generative Adversarial Networks (GANs) Temporal Data Analysis | Anomaly detection of system logs is crucial for the service management of large-scale information systems. Nowadays, log anomaly detection faces two main challenges: 1) capturing evolving temporal dependencies between log events to adaptively tackle with emerging anomaly patterns, 2) and maintaining high detection capabilities across varies data distributions. Existing methods rely heavily on domain-specific data features, making it challenging to handle the heterogeneity and temporal dynamics of log data. This limitation restricts the deployment of anomaly detection systems in practical environments. In this article, a novel framework, Masked Temporal Graph Generative Adversarial Network (MTG-GAN), is proposed for both conventional and cross-domain log anomaly detection. The model enhances the detection capability for emerging abnormal patterns in system log data by introducing an adaptive masking mechanism that combines generative adversarial networks with graph contrastive learning. Additionally, MTG-GAN reduces dependency on specific data distribution and improves model generalization by using diffused graph adjacency information deriving from temporal relevance of event sequence, which can be conducive to improve cross-domain detection performance. Experimental results demonstrate that MTG-GAN outperforms existing methods on multiple real-world datasets in both conventional and cross-domain log anomaly detection. | 10.1109/TNSM.2026.3654642 |
| Deemah H. Tashman, Soumaya Cherkaoui | Trustworthy AI-Driven Dynamic Hybrid RIS: Joint Optimization and Reward Poisoning-Resilient Control in Cognitive MISO Networks | 2026 | Early Access | Reconfigurable intelligent surfaces Reliability Optimization Security MISO Array signal processing Vectors Satellites Reflection Interference Beamforming cascaded channels cognitive radio networks deep reinforcement learning dynamic hybrid reconfigurable intelligent surfaces energy harvesting poisoning attacks | Cognitive radio networks (CRNs) are a key mechanism for alleviating spectrum scarcity by enabling secondary users (SUs) to opportunistically access licensed frequency bands without harmful interference to primary users (PUs). To address unreliable direct SU links and energy constraints common in next-generation wireless networks, this work introduces an adaptive, energy-aware hybrid reconfigurable intelligent surface (RIS) for underlay multiple-input single-output (MISO) CRNs. Distinct from prior approaches relying on static RIS architectures, our proposed RIS dynamically alternates between passive and active operation modes in real time according to harvested energy availability. We also model our scenario under practical hardware impairments and cascaded fading channels. We formulate and solve a joint transmit beamforming and RIS phase optimization problem via the soft actor-critic (SAC) deep reinforcement learning (DRL) method, leveraging its robustness in continuous and highly dynamic environments. Notably, we conduct the first systematic study of reward poisoning attacks on DRL agents in RIS-enhanced CRNs, and propose a lightweight, real-time defense based on reward clipping and statistical anomaly filtering. Numerical results demonstrate that the SAC-based approach consistently outperforms established DRL base-lines, and that the dynamic hybrid RIS strikes a superior trade-off between throughput and energy consumption compared to fully passive and fully active alternatives. We further show the effectiveness of our defense in maintaining SU performance even under adversarial conditions. Our results advance the practical and secure deployment of RIS-assisted CRNs, and highlight crucial design insights for energy-constrained wireless systems. | 10.1109/TNSM.2026.3660728 |
| You-Chiun Wang, Meng-Yu Chou | Cooperative Route Management for Profit-Oriented Flows in Multi-Domain SDN Networks | 2026 | Early Access | Fluid flow Bandwidth Joining processes Software defined networking Management Routing Timing Measurement units Switches Modules (abstract algebra) multi-domain network Nash bargaining profit route management software-defined networking (SDN) | This paper investigates SDN for route management in multi-domain networks, where each domain is independently controlled and inter-domain cooperation is required for cross-domain routing. To capture traffic heterogeneity, each flow is associated with a profit.We propose CRM-PF (Cooperative Route Management for Profit-oriented Flows), a framework that jointly maximizes overall achieved profit (OAP) and minimizes packet loss rate (PLR). In CRM-PF, controllers perform intra-domain routing, coordinate cross-domain paths, and reroute flows under congestion. Link bandwidth is allocated based on flow category, unit profit, and demand, with a Nash bargaining game to resolve bandwidth contention on borrowed links. Simulation results show that CRM-PF improves throughput, reduces PLR, and increases OAP over existing methods, demonstrating its effectiveness for profit-oriented routing in multi-domain SDN networks. | 10.1109/TNSM.2026.3706677 |
| Gergely Dobreff, Nóra Szlovencsák, Alija Pašić | A Framework for Disaster-Tolerant Slice Placement in Future Networks | 2026 | Early Access | Costing Costs Codes Routing Modeling Joining processes Bandwidth Encoding Network slicing Delays network slicing resiliency placement resource allocation service function chaining (SFC) ILP heuristic | Autonomous vehicles and telesurgery are placing increasing pressure on network operators to ensure that 5G and beyond networks can support a wide range of services with diverse and stringent requirements. Technologies such as Software-Defined Networking (SDN), Network Function Virtualization (NFV), and network slicing are key enablers for building an ecosystem capable of meeting these demanding conditions. Ensuring not only classical Quality of Service (QoS) metrics but also network resiliency is crucial, as failures in shared infrastructures can severely impact critical services. This paper addresses the problem of resilient network slice placement under arbitrary disasters or attacks, modeled as Shared Risk Link Group (SRLG) failure patterns. We propose an approach that guarantees strict end-to-end delay, bandwidth, and computing requirements while minimizing overall resource usage by accounting for potential failure scenarios. To this end, we introduce a Disaster-Tolerant Slice Placement Framework that enables network operators to define their own resilience scenarios and optimize the network accordingly. Several - routing and network coding–based - strategies are proposed and analyzed. We formulate the problem as an Integer Linear Program (ILP), analyze its computational complexity, and develop efficient heuristic algorithms to obtain near-optimal solutions. Extensive simulations demonstrate the effectiveness of the proposed methods in achieving resource-efficient and resilient network slice placement. The results show that high levels of resiliency can be achieved without excessive over-provisioning, positioning the proposed framework as an effective offline planning and benchmarking tool for 5G and beyond network design. | 10.1109/TNSM.2026.3706661 |
| Daishi Kondo, Yuya Shibuya, Rie S. Yamaguchi, Tomohiro Ishihara, Yuji Sekiya, Toshiyuki Nakata, Tohru Asami | Assessing the Adoption of Email Security Measures After Google’s New Sender Guidelines | 2026 | Early Access | Electronic mail Security Modeling Internet Search engines Companies Guidelines Recording Educational institutions Business DKIM DMARC Email authentication Internet measurements Security protocol adoption SPF | The email sender guidelines introduced by Google on October 3, 2023, mandate authentication protocols like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to enhance email security. However, how such platform-driven policies can effectively promote the adoption of security measures across the global email ecosystem remains unclear. In this measurement study, we analyze the impact of these guidelines by examining the adoption of email security measures across globally popular domains and country-specific subsets. Our results show that the adoption of SPF, DKIM, and DMARC has not yet achieved widespread uptake and exhibits significant regional disparities. In particular, domains associated with China, South Korea, and Japan exhibit consistently low adoption rates. While low adoption in China and South Korea can be partially explained by Gmail’s limited influence in these countries, Japan presents a striking contradiction, with low adoption persisting despite Google’s dominance. Focusing on Japanese-stock market-listed companies, we observe a significant increase in DMARC adoption following the introduction of the guidelines; however, a substantial proportion of entities remain non-compliant. These findings suggest that platform-driven policies alone are insufficient to achieve widespread security adoption and highlight the need for broader, ecosystem-level, multi-stakeholder initiatives. | 10.1109/TNSM.2026.3707567 |
| Heng Xu, Chengze Du, Zhiwei Yu, Letian Li, Ying Zhou, Bo Liu, Jialong Li | Distributed Flow Control for Efficient DNN Training Scheduling | 2026 | Early Access | Schedules Scheduling Training Timing Fluid flow Modeling Delays Joining processes Titanium Conferences Distributed DNN training priority queue flow scheduling | Distributed Deep Neural Network (DNN) training generates periodic, long-lived, and interdependent flows that contrast sharply with the short, bursty, and independent flows typical of traditional cloud services. Existing flow scheduling methods, optimized for cloud traffic, struggle to handle the structured communication of DNN workloads, while static schedulers remain brittle under the computation jitter and stochasticity inherent in multi-tenant AI clusters. We propose a distributed traffic control and scheduling framework called PQ, which shifts from fragile global synchronization to a token-based queuing concept. PQ utilizes standard priority queues in commercial switches as elastic buffers, dynamically mapping task urgency to traffic priorities based on specific scheduling policies, such as minimizing waiting time, thereby accelerating efficiency. Results show that PQ achieves stable communication interleaving 3.6× to 8.8× faster than reactive baselines like MLTCP and FQ. Furthermore, it significantly optimizes performance by reducing average iteration time by up to 29.2% while maintaining higher link utilization. | 10.1109/TNSM.2026.3704403 |
| Emilio Paolini, Andrea Pinto, Luca Valcarenghi, Flavio Esposito | Programmable In-Network Aggregation for Communication-Aware Federated Learning in 5G RANs | 2026 | Early Access | Modeling Timing Training Federated learning Accuracy 5G mobile communication Convergence Aggregates Labeling Point cloud compression Federated Learning Mobile Networks Wireless In-Network Aggregation Grouping | Federated Learning (FL) enables collaborative model training without sharing raw data, making it attractive for privacy-preserving applications at the wireless edge. However, when executed over real 5G networks, FL performance degrades due to uplink congestion, heterogeneous client capabilities, and intermittent connectivity. Most existing approaches attempt to mitigate these issues indirectly by optimizing clients (through adaptive participation, local training, or selection strategies) or by optimizing models (via pruning, quantization, or compression), but they ignore potential network bottlenecks. This paper introduces FLAG, an FL architecture that embeds innetwork aggregation directly into 5G gNodeBs, transforming the network into an active participant in the learning process. In particular, FLAG performs parameter aggregation at line rate within the 5G Service Data Adaptation Protocol layer and incorporates three mechanisms: Partial-Contribution Correction for loss-tolerant averaging, a timer-driven pipeline for real-time scheduling, and a deadline-based grouping strategy to mitigate stragglers. Experiments with realistic wireless emulation show that FLAG achieves up to 5.1× faster time-to-accuracy and maintains accuracy within 0.8% of a loss-free baseline, while reducing gNB-to-server bandwidth by aggregating pergNB rather than per-client. FLAG requires no modifications to clients or the parameter server, demonstrating how 5G-aware system design can make federated learning scalable, efficient, and resilient under real-world wireless conditions. | 10.1109/TNSM.2026.3697723 |
| Arash Heidari, Jamal N. Al-Karaki | NOVA: A Self-Supervised Graph Framework for Real-Time Anomaly Detection in Internet of Vehicles | 2026 | Early Access | Context Internet of Vehicles Modeling Timing Vehicles Labeling Anomaly detection Matrices Vectors Joining processes Internet of Vehicles V2X Security Anomaly Detection Self-Supervised Learning Graph Neural Networks | The Internet of Vehicles (IoV) enables cooperative driving and real-time Vehicle-to-Everything (V2X) communication but remains vulnerable to behavioral and structural anomalies due to its dynamic, decentralized nature. Existing deep learning methods either overlook topological inconsistencies or ignore communication feature fidelity, while random-walk sampling introduces contextual noise. In this paper, we propose Network Observation for Vehicular Anomalies (NOVA), a self-supervised graph-based framework that detects both behavioral and structural anomalies in IoV networks without labeled data. NOVA models vehicular communications as attributed graphs and employs intimacy-guided subgraph sampling to extract meaningful neighborhoods. A Graph Convolutional Network (GCN)–based generative module reconstructs node attributes to reveal behavioral deviations, while a contrastive module validates structural coherence through embedding comparisons of real and perturbed contexts. Their hybrid anomaly score enables accurate, scalable, and real-time detection of compromised nodes. Performance results show that NOVA achieves state-of-the-art performance (98.7% accuracy, 98.1% F1), real-time throughput (~4.7k events/s at 5k msg/s), and strong robustness (AUROC 0.99, AUPRC 0.98, FAR 0.05) with near-linear scalability (≤40 ms latency for 50k vehicles). By integrating generative and contrastive self-supervised learning with context-aware sampling, NOVA significantly enhances IoV security, reliability, and adaptability. | 10.1109/TNSM.2026.3696324 |
| Yahuza Bello, Ahmed Refaey, Ping Yang | Secure Multi-Timescale Orchestration for Zero-Trust Cross-Datacenter Networks | 2026 | Early Access | Authentication Optimization Resource management Modeling Costing Costs Timing Data centers Learning (artificial intelligence) Security Zero trust architecture hierarchical deep reinforcement learning cross-datacenter networks multi-timescale optimization resource management | The widespread deployment of geographically distributed Data Centers (DCs) has intensified the need for scalable and secure access control mechanisms across Cross-Datacenter Networks (CDNs). Zero Trust Architecture (ZTA) addresses this need by enforcing continuous authentication and authorization through Policy Decision Points (PDPs); however, determining where to deploy PDPs and how to dynamically assign authentication requests in the CDNs remains a challenging and NP-hard problem. This challenge arises from the tight coupling between long-term placement decisions and short-term, stochastic authentication workloads. In this paper, we formulate a joint PDP placement and authentication assignment problem for zero-trust-enabled CDNs that minimizes deployment cost, authentication assignment cost, bandwidth consumption, and the number of active PDP instances under resource constraints. To efficiently solve the problem, we propose a Hybrid Hierarchical Deep Reinforcement Learning (HHDRL) framework that decomposes decision-making across multiple time scales. A high-level Double Deep Q-Network (DDQN) agent learns long-term PDP placement policies, while multiple low-level Asynchronous Advantage Actor–Critic (A3C) agents perform real-time authentication assignment within each DC. Extensive simulations demonstrate that the proposed DDQN–A3C framework converges reliably and consistently outperforms benchmark schemes, including DDQN–A2C, a single-agent DDQN approach, and a greedy baseline, achieving lower overall system cost and improved scalability with modest computational overhead. | 10.1109/TNSM.2026.3707392 |
| Hwejae Lee, Seonghoon Jeong, Huy Kang Kim | J1939DB-IDS: SAE J1939 Dual-Branch Intrusion Detection System against Novel Attacks | 2026 | Early Access | Modeling Controller area networks Transformers Timing Windows Signal detection Vehicles Convolutional neural networks Sequential analysis Training Autoencoder In-vehicle networks SAE J1939 Two-stream architecture Unsupervised representation learning Few-shot threshold calibration | The Society of Automotive Engineers J1939 (SAE J1939) protocol is widely adopted in commercial vehicles, extending the controller area network (CAN) with specialized message types and transport mechanisms. Despite its prevalence, security research for SAE J1939 remains insufficient compared to CAN. We address this gap by building three datasets that contain 11 realistic protocol-specific attack scenarios. We propose an unsupervised representation-learning-based intrusion detection system (IDS) utilizing a dual-branch autoencoder with few-shot threshold calibration. The model compresses categorical features through a 1D-convolutional neural network and continuous features through a Transformer encoder, reconstructing fused representations to detect anomalies through reconstruction loss. By leveraging SAE J1939-specific fields such as parameter group numbers (PGN) and source addresses, the system captures complex inter-signal relationships. On three datasets, our model achieves an average F1-score of 0.9871, consistently outperforming state-of-the-art methods. Benchmarks on an NVIDIA Jetson AGX Xavier confirm real-time feasibility. These results validate our protocol-aware feature strategy, offering a scalable and deployable IDS for commercial vehicle networks. | 10.1109/TNSM.2026.3706666 |
| Ashiqur Rahaman Ridoy, Arnab Kumar Biswas | Adaptive Intrusion Detection Systems: Leveraging Meta-Learning for Improved Cybersecurity | 2026 | Early Access | Modeling Fluid flow Labeling Accuracy Metalearning Learning (artificial intelligence) Training Timing Machine learning Optimization Intrusion Detection Systems Low-Shot Learning Anomaly Detection Network Security Metric-Based Adaptation | In the evolving landscape of cybersecurity, the integration of machine learning (ML) into Intrusion Detection Systems (IDS) has become critical for detecting both known and unknown attacks. This paper proposes a novel multi-stage hybrid IDS framework combining unsupervised anomaly detection, supervised classification, and low-shot adaptation for enhanced resilience to concept drift. The architecture comprises three interconnected stages: Stage 1 (unsupervised anomaly gating) and Stage 2 (supervised taxonomy learning) operate in parallel on a shared harmonized feature space; Stage 3 (Hybrid Low-Shot Adapter (H-LSA)) performs low-shot adaptation when the Stage 1 trigger fires, using transferred Stage 2 weights and a prototype-based cosine-kNN jury. Within the meta-learning family, we instantiate a metric-based low-shot adaptation approach eschewing second-order Model-Agnostic Meta-Learning (MAML) in favor of a partial-freeze, first-order protocol with a prototype-based cosine-kNN jury to enable rapid, low-resource adaptation. Extensive experiments were conducted on the CICIDS2017 (Source), CSECIC-IDS2018 (Target), and the modern BCCC-cPacket-Cloud-DDoS-2024 (Target) datasets (hereafter referred to as BCCC-2024). The results demonstrate that while static Stage 2 models suffer catastrophic failure under concept drift (dropping to 45.36% and 38.32% accuracy on CICIDS2018 and harmonized BCCC-2024, respectively), the proposed framework successfully adapts to new environments, achieving 90.64% accuracy on CICIDS2018 (Macro-F1: 0.8981) and 89.70% on BCCC-2024 (Macro-F1: 0.8801) with a low-resource support set of only 500 labeled samples per class. Furthermore, the system exhibits high computational efficiency, achieving a Stage 3 adapted inference latency between 0.0786 ms and 0.1667 ms per flow across diverse traffic profiles, proving its suitability for real-time, scalable deployment in modern cloud and edge network infrastructures. | 10.1109/TNSM.2026.3706597 |
| Jeffrey Redondo, Nauman Aslam, Juan Zhang, Zhenhui Yuan | Optimising QoS in HD Map Updates: Cross-Layer Multi-Agent with Multi-task and Mixed-Dependence (MTMD) | 2026 | Early Access | Optimization Timing High definition video Quality of service Media Access Control Information rates Throughput Vehicles Modeling Videos Edge computing HD map hierarchical learning latency multi-agent offloading reinforcement learning | High-definition (HD) maps generated from autonomous vehicle (AV) sensor data are essential for enabling high levels of driving automation. However, offloading large volumes of raw sensory data to edge servers in dense vehicular ad hoc networks (VANETs) introduces significant latency due to network congestion and packet collisions. Existing solutions primarily focus on dynamically adjusting the minimum contention window (CWmin), while additional MAC-layer parameters — including the maximum contention window (CWmax) and interframe space number (IFSn) — remain largely underexplored. To address this, we propose a cross-layer multi-agent reinforcement learning (MARL) framework that jointly optimises CWmin–CWmax, IFSn, and transmission waiting time within IEEE 802.11p-compliant bounds. The proposed multi-task mixed-dependence (MTMD) framework decomposes the optimisation problem into specialised subtasks handled by selectively coupled agents, balancing coordination and scalability while avoiding the overhead of fully symmetric MARL or centralised hierarchical controllers. A lightweight orchestration layer coordinates agent interaction with the simulation environment via secure message exchange. Evaluated against standard EDCA and representative RL baselines, MTMD achieves latency reductions of 31%, 49%, 87.3%, and 64% for Voice, Video, HD Map, and Best-Effort traffic, respectively, confirming the effectiveness of structured multi-parameter optimisation for latency-critical vehicular applications. | 10.1109/TNSM.2026.3705270 |