Search Results (1,221)

Spectrum Sensing (SS) is expected to play a crucial role in forthcoming 6G Cognitive Radio Networks (CRNs), where unlicensed users will be able to dynamically access the spectrum and perform opportunistic transmissions without generating interference for licensed users. In this work, we investigate multiple-antenna SS techniques by analyzing the performance of several widely used detection schemes—namely, Roy’s Largest Root Test (RLRT), the Generalized Likelihood Ratio Test (GLRT), the Eigenvalue Ratio Detector (ERD), and the Energy Detector (ED)—under varying false-alarm probabilities and signal-to-noise ratios (SNRs). We assume there are a fixed number of sensors at the secondary-user receiver, namely, four. To evaluate the behavior of these detectors in realistic conditions, we developed a software-defined radio (SDR) testbed using Universal Software Radio Peripherals (USRPs), enabling both primary-user signal transmission and secondary-user data acquisition. The experimental results, illustrated through Receiver Operating Characteristic (ROC) and performance curves, are compared with simulation outcomes. The analysis is complemented by a detailed state-of-the-art listing of the available analytical characterizations of the false-alarm probabilities for the considered SS schemes. In particular, the GLRT false-alarm probability, previously unavailable in explicit form for a four-antenna equipped receiver, is computed as well. These results validate the superior detection capability of RLRT over the other schemes tested, confirming its effectiveness not only in theoretical analysis but also in practical SDR-based implementations. Full article

Optical networks constitute the backbone of contemporary communication infrastructures, supporting massive bandwidth, low-latency services, and high levels of scalability across core, metro, and access domains. As these systems evolve toward elastic, software-defined, and multi-domain architectures, their exposure to sophisticated security threats increases significantly. This paper provides a comprehensive survey of vulnerabilities and countermeasures in modern optical networks, spanning the physical, control, and cross-layer dimensions. We analyze major architectures—including WDM, TDM, PON, EON, and IP-over-WDM—and examine how their structural properties shape their security posture. A threat taxonomy is presented covering physical-layer attacks such as fiber tapping, optical jamming, crosstalk exploitation, and signal injection; control-plane risks including spoofing, malicious signaling, and SDN manipulation; and broader cross-layer attack vectors. We review state-of-the-art defense mechanisms, including physical-layer security (PLS), spectrum randomization, chaotic optical coding, device-level authentication, survivability techniques, intelligent monitoring, and quantum-secure solutions such as QKD. By integrating insights from recent experimental and operational studies, the survey highlights emerging challenges and identifies open problems related to secure orchestration, multi-tenant environments, and quantum-era resilience. The objective is to guide researchers, engineers, and network operators toward robust and future-proof security strategies for next-generation optical infrastructures. Full article

Software-Defined Networking (SDN) has emerged as a fundamental architecture for future Internet systems by enabling centralized control, programmability, and fine-grained traffic management. However, the logical centralization of the SDN control plane also introduces critical vulnerabilities, particularly to Distributed Denial-of-Service (DDoS) attacks that can severely disrupt network availability and performance. To address these challenges, machine-learning (ML) techniques have been increasingly adopted to enable intelligent, adaptive, and data-driven DDoS detection mechanisms within SDN environments. This study presents a PRISMA-guided systematic literature review of recent ML-based approaches for DDoS detection in SDN-based networks. A comprehensive search of IEEE Xplore, ACM Digital Library, ScienceDirect, and Google Scholar identified 38 primary studies published between 2021 and 2025. The selected studies were systematically analyzed to examine learning paradigms, experimental environments, evaluation metrics, datasets, and emerging architectural trends. The synthesis reveals that while single machine-learning classifiers remain dominant in the literature, hybrid and ensemble-based approaches are increasingly adopted to improve detection robustness under dynamic and high-volume traffic conditions. Experimental evaluations are predominantly conducted using SDN emulation platforms such as Mininet integrated with controllers, including Ryu and OpenDaylight, with performance commonly measured using accuracy, precision, recall, and F1 score, alongside emerging system-level metrics such as detection latency and controller resource utilization. Public datasets, including CICIDS2017, CICDDoS2019, and InSDN, are widely used, although a significant portion of studies rely on custom SDN-generated datasets to capture control-plane-specific behaviors. Despite notable advances in detection accuracy, several challenges persist, including limited generalization to low-rate and unknown attacks, dependency on synthetic traffic, and insufficient validation under real-time operational conditions. Based on the synthesized findings, this review highlights key research directions toward intelligent, scalable, and resilient DDoS defense mechanisms for future Internet architectures, emphasizing adaptive learning, lightweight deployment, and integration with programmable networking infrastructures. Full article

Advancements in the Connected and Autonomous Vehicles (CAVs) industry are revolutionizing modern transportation through advanced automation levels and connectivity capabilities. While autonomous vehicles can operate using onboard sensors alone, the integration of Vehicle-to-Everything (V2X) communication is vital for enabling seamless connectivity and cooperative decision-making. However, the increasing exchange of traffic and sensor data introduces critical privacy challenges, necessitating robust and scalable privacy-preserving mechanisms to ensure user trust and compliance with data protection regulations. The inherently dynamic nature of CAV environments, characterized by high mobility, short-duration connections, and frequent handovers, further complicates the design of effective privacy models. In this context, this paper investigates the evolving data privacy risks associated with CAV systems. It critically reviews existing privacy-preserving approaches and identifies their limitations in dynamic vehicular contexts. In particular, the paper explores the role of Federated Learning, permissioned blockchain and Software-Defined Networking (SDN) as enabling technologies for privacy preservation in CAVs. The analysis concludes with targeted recommendations for optimizing these frameworks to enhance privacy resilience in next-generation intelligent transportation systems. Full article

A monitor and control framework for quantum-key-distribution (QKD) networks equipped with switching capabilities was developed. On the one hand, this framework provides real-time visibility into operational metrics. Specifically, it extracts essential data, such as the switching capabilities of QKD modules, the number of keys stored in buffer queues of the QKD links, and the respective key generation and consumption rates along these links. On the other hand, this framework allows software-defined networking (SDN) applications to operate on the collected information and address the cryptographic needs of the network. The SDN applications dynamically adapt the configuration of the switched network to align with its changing demands, e.g., prioritizing key availability on critical paths, responding to link failures, or reallocating generation capacity to prevent bottlenecks. This contribution demonstrates that the combination of switched QKD, centralized control, and global optimization strategies enables efficient, policy-driven operation of QKD networks. The cryptographic resources are allocated to maximize performance and resilience while remaining aligned with the specific policies set by network administrators. Full article

In recent years, the surge in network traffic has led to a substantial increase in energy consumption, making the construction of green and energy-efficient networks a critical challenge in the field of communications. Software-Defined Networking (SDN), with its centralized control characteristic, provides a new paradigm for the collaborative scheduling of actuators. However, traditional distributed network architectures lack global regulation capabilities, resulting in low resource utilization. Moreover, existing SDN traffic management methods mostly adopt fixed-weight reward functions, which are difficult to adapt to the dynamic fluctuation of network traffic and device heterogeneity, failing to meet the real-time and stability requirements of actuators in control scenarios. To address these issues, this study proposes a Dynamic Weight Generation Deep Q-Network (DWG-DQN) framework. By integrating a Long Short-Term Memory (LSTM) network with the SDN actuator scheduling mechanism, the system dynamically generates adaptive weight vectors, enabling real-time collaborative optimization of energy consumption, load balancing, and bandwidth utilization. Experimental results demonstrate that in fat-tree topology experiments, the proposed method achieves a 12.23% increase in average reward, a 33.93% reduction in energy consumption, a 31.12% improvement in load balancing, and a 24.03% enhancement in bandwidth utilization. Compared with fixed-weight method, it consistently outperforms in key performance indicators. The dynamic weight generation mechanism effectively solves the multi-objective optimization problem of actuators in dynamic network environments, offering a viable solution for the intelligent scheduling of actuators in SDN-based green traffic management. Full article

Integrating Geostationary (GEO), Medium Earth Orbit (MEO), and Low Earth Orbit (LEO) satellite systems offers a promising solution for enhancing communication resilience in disaster-prone island regions. However, effective integration via Software-Defined Wide Area Networks (SD-WANs) faces challenges due to the heterogeneous stochastic characteristics of these links. This study presents a comprehensive performance benchmark of GEO, MEO, and LEO satellite links based on long-duration empirical campaigns conducted in Taiwan. Our findings quantify critical integration hurdles, specifically the “long-tail” latency distribution in LEO links induced by frequent handovers and significant TCP throughput degradation modeled by the Mathis equation. Furthermore, empirical tests demonstrate that simplistic link aggregation across these heterogeneous orbits results in severe packet reordering and goodput collapse. Based on these results, we propose a conceptual resilience-oriented SD-WAN architecture incorporating intelligent failover thresholds and application-aware routing policies. This work provides foundational data and a design framework to guide the future development of robust multi-layered satellite communication systems for disaster management. Full article

The growing complexity of corporate, cloud, and industrial environments has increased the difficulty of acquiring digital evidence, particularly volatile data such as memory and transient network artifacts. Manual forensic procedures and agent-based solutions often introduce operational risks, scalability constraints, and legal challenges in critical infrastructures. This paper proposes an agentless and automated framework for the remote acquisition of digital evidence in heterogeneous networks. The solution is defined as code and orchestrated using Ansible, enabling reproducible, traceable, and minimally intrusive acquisition without requiring permanent software installation on target systems. It supports the collection of volatile memory, system artifacts, and network evidence across on-premise, cloud (AWS), and industrial control system (ICS) environments. The framework is validated through experimental evaluation and a comparative analysis with an agent-based forensic platform (Velociraptor), focusing on scalability, acquisition time, integrity, and operational impact. Compliance with international forensic standards and recent European regulations is also discussed. The results indicate that agentless automation is a viable and flexible approach for digital forensic acquisition in modern hybrid environments. Full article

Integrating Software-Defined Networking (SDN) to enhance mobility management in Vehicular Ad Hoc Networks (VANETs) comes with an additional critical risk. Because centralized controllers are single points of failure, they create the risk that the network will be subject to denial-of-service (DoS) attacks during handovers. Most Intrusion Detection and Prevention systems (IDPSs) do not adequately address these risks because they are topology-blind and have excessive processing layers. This article presents a novel Location-Aware SDN-IDPS Framework that employs a hierarchical defense approach to protect vehicular networks against volumetric attacks. This two-plane system operates with the first tier, which uses dynamic host-location mappings to drop spoofed traffic at the switch level (data plane). In contrast, the second tier analyzes confirmed traffic through a Suricata-based engine to identify and respond to complex flood attack patterns. The experimental results from the Mininet-WiFi testbed show that the system provides a significant improvement over the unprotected state, with controller CPU utilization reduced by up to 18 times (from 9.0% to below 0.5%). In addition, the system provides a 2.3 s guaranteed recovery time, service continuity, successful microsecond-level mitigation time, and a packet delivery ratio (PDR) of 99.73% for legitimate safety messages. In control-plane stress testing, the proposed location-aware logic improved throughput stability by approximately 76.26% compared to the baseline. These findings confirm that offloading anti-spoofing logic to the network edge significantly enhances resilience without compromising performance in safety-critical vehicular environments. Full article

We developed an AI-assisted zero-trust control system at low capital expenditure to retrofit brownfield Ethernet environments without disruptive hardware upgrades or costly software-defined networking migration. Legacy network infrastructures in small and medium-sized enterprises (SMEs) lack the flexibility and programmability required by modern zero-trust architectures, creating a persistent security gap between static Layer-1 deployments and dynamic cyber threats. The developed system addresses this gap through a modular architecture that integrates genetic-algorithm-based virtual local area network (VLAN) optimization, large language model-guided firewall rule synthesis, threat-intelligence-driven policy automation, and telemetry-triggered adaptive isolation. Network assets are enumerated and evaluated through a risk-aware clustering model to enable micro-segmentation that aligns with the principle of least privilege. Optimized segmentation outputs are translated into pfSense firewall policies through structured prompt engineering and dual-stage validation, ensuring syntactic correctness and semantic consistency. A retrieval-augmented generation pipeline connects live telemetry with historical vulnerability intelligence, enabling rapid policy adjustments and automated containment responses. The system operates as an overlay on existing managed switches, orchestrating configuration changes through standards-compliant interfaces such as simple network management protocol and network configuration protocol. Experimental evaluation in a representative SME testbed demonstrates substantial improvements in segmentation granularity, refining seven flat subnets into thirty-four purpose-specific VLANs. Compliance scores improved significantly, with the International Organization for Standardization/International Electrotechnical Commission 27001 rising from 62.3 to 94.7% and the National Institute of Standards and Technology Cybersecurity Framework alignment increasing from 58.9 to 91.2%. All 851 automatically generated firewall rules passed dual-agent validation, ensuring reliable enforcement and enhanced auditability. The results indicate that the system developed provides an operationally feasible pathway for legacy networks to achieve zero-trust segmentation with minimal cost and disruption. Future extensions will explore adaptive learning mechanisms and hybrid cloud support to further enhance scalability and contextual responsiveness. Full article

This paper explores the feasibility of using acoustic wave propagation, particularly in the ultrasonic range, as a solution for data transmission in environments where traditional radio frequency (RF) communication is ineffective due to signal attenuation—such as in liquids or dense media like metal or stone. Leveraging GNU Radio and commercially available audio hardware, a low-cost, SDR (Software Defined Radio) system was developed to transmit data blocks (e.g., images, text, and audio) through various substances. The system employs BFSK (Binary Frequency Shift Keying) and BPSK (Binary Phase Shift Keying), operates at ultrasonic frequencies (typically 40 kHz), and has performance validated under real-world conditions, including water, viscous substances, and flammable liquids such as hydrocarbon fuels. Experimental results demonstrate reliable, continuous communication at Nyquist–Shannon sampling rates, with effective demodulation and file reconstruction. The methodology builds on concepts originally developed for Ad Hoc Sensor Networks in shipping containers, extending their applicability to submerged and RF-hostile environments. The modularity and flexibility of the GNU Radio platform allow for rapid adaptation across different media and deployment contexts. This work provides a reproducible and scalable communication solution for scenarios where RF transmission is impractical, offering potential applications in underwater sensing, industrial monitoring, railways, and enclosed infrastructure diagnostics. Across controlled laboratory experiments, the system achieved 100% successful reconstruction of transmitted image files up to 100 kB and sustained packet delivery success exceeding 98% under stable coupling conditions. Full article

The joint optimization of computing resources and network routing constitutes a central challenge in Computing First Networks (CFNs). However, existing research has predominantly focused on computation offloading decisions, whereas the cooperative optimization of computing power and network routing remains underexplored. Therefore, this study investigates the joint routing optimization problem within the CFN framework. We first propose a computing resource scheduling architecture for CFN, termed SICRSA, which integrates Software-Defined Networking (SDN) and Information-Centric Networking (ICN). Building upon this architecture, we further introduce an ICN-based hierarchical naming scheme for computing services, design a computing service request packet format that extends the IP header, and detail the corresponding service request identification process and workflow. Furthermore, we propose Computing-Aware Routing via Graph and Long-term Dependency Learning (CRGLD), a Graph Neural Network (GNN), and Long Short-Term Memory (LSTM)-based routing optimization algorithm, within the SICRSA framework to address the computing-aware routing (CAR) problem. The algorithm incorporates a decision-making framework grounded in spatiotemporal feature learning, thereby enabling the joint and coordinated selection of computing nodes and transmission paths. Simulation experiments conducted on real-world network topologies demonstrate that CRGLD enhances both the quality of service and the intelligence of routing decisions in dynamic network environments. Moreover, CRGLD exhibits strong generalization capability when confronted with unfamiliar topologies and topological changes, effectively mitigating the poor generalization performance typical of traditional Deep Reinforcement Learning (DRL)-based routing models in dynamic settings. Full article

Smart Network Interface Cards (SmartNICs) represent a paradigm shift in system architecture by offloading packet processing and selected application logic from the host CPU to the network interface itself. This architectural evolution reduces end-to-end latency toward the physical limits of Ethernet while simultaneously decreasing CPU and memory bandwidth utilization. The current ecosystem comprises three principal categories of devices: (i) conventional fixed-function NICs augmented with limited offload capabilities; (ii) ASIC-based Data Processing Units (DPUs) that integrate multi-core processors and dedicated protocol accelerators; and (iii) FPGA-based SmartNIC shells—reconfigurable hardware frameworks that provide PCIe connectivity, DMA engines, Ethernet MAC interfaces, and control firmware, while exposing programmable logic regions for user-defined accelerators. This article provides a comparative survey of representative platforms from each category, with particular emphasis on open-source FPGA shells. It examines their architectural capabilities, programmability models, reconfiguration mechanisms, and support for GPU-centric peer-to-peer datapaths. Furthermore, it investigates the associated software stack, encompassing kernel drivers, user-space libraries, and control APIs. This study concludes by outlining open research challenges and future directions in RDMA-oriented data preprocessing and heterogeneous SmartNIC acceleration. Full article

With the rapid evolution of wireless networks, the need to explore novel technologies to meet the demands of future systems, particularly 6G, has become a significant challenge. One promising solution is integrating radio frequency (RF) and optical wireless communication (OWC) technologies to leverage their unique strengths. This paper introduces a novel model for integrating RF and OWC technologies within the framework of emerging 6G. The main objective of this approach is the dynamic technology selection (TS) and modulation scheme selection (MSS), which play a pivotal role in optimizing network efficiency and adapting to diverse 6G requirements. The proposed cross-layer architecture integrates the application layer, network layer based on a software-defined network (SDN), and physical layer consisting of a hybrid cell and software-defined radio with optical functionality (SDR-O). This approach facilitates real-time decision-making based on environmental factors and application requirements. Full article

The deployment of 5G (Fifth-Generation) networks in industrial Internet of Things (IoT), intelligent transportation, and emergency communications introduces heterogeneous and dynamic network states, leading to frequent and diverse faults. Traditional fault detection methods typically emphasize either local temporal anomalies or global distributional characteristics, but rarely achieve an effective balance between the two. In this paper, we propose a parallel multi-branch convolutional neural network (CNN)–Transformer framework (MBCT) to improve fault diagnosis accuracy in 5G networks. Specifically, MBCT takes time-series network key performance indicator (KPI) data as input for training and performs feature extraction through three parallel branches: a CNN branch for local patterns and short-term fluctuations, a Transformer encoder branch for cross-layer and long-term dependencies, and a statistical branch for global features describing quality-of-experience (QoE) metrics. A gating mechanism and feature-weighted fusion are applied outside the branches to adjust inter-branch weights and intra-branch feature sensitivity. The fused representation is then nonlinearly mapped and fed into a classifier to generate the fault category. This paper evaluates the performance of the proposed model on both the publicly available TelecomTS multi-modal 5G network observability dataset and a self-collected SDR5GFD dataset based on software-defined radio (SDR). Experimental results demonstrate that the proposed model achieves superior performance in fault classification, achieving 87.7% accuracy on the TelecomTS dataset and 86.3% on the SDR5GFD dataset, outperforming the baseline models CNN, Transformer, and Random Forest. Moreover, the model contains approximately 0.57M parameters and requires about 0.3 MFLOPs per sample for inference, making it suitable for large-scale online fault diagnosis. Full article