International Journal of Networking and Computing Current issue

Preface: Special issue on the Twelfth International Symposium on Networking and Computing

The Twelfth International Symposium on Computing and Networking (CANDAR 2024) was held from November 26 to 29, 2024, in Naha, Okinawa, Japan. Following the symposium, authors of highly evaluated papers were invited to submit extended versions for consideration in this special issue. After a rigorous peer-review process, nine papers were accepted and are published here as extended versions. We would like to express our sincere gratitude to the anonymous reviewers who carefully evaluated the submissions and provided insightful comments and suggestions. Their dedicated efforts and constructive feedback were instrumental in enhancing the quality of the accepted papers and shaping the content of this issue. Finally, we extend our heartfelt thanks to all those who contributed to the success of this special issue--including the organizers, guest editors, and reviewers. Their collective contributions made it possible to present this collection of extended papers, which reflect recent advances in networking and computing. We hope this issue will serve as a valuable resource for researchers and practitioners and inspire further innovation in the field.

An eBPF-based packet capture system with embedded application metadata for network forensics

In network forensics, identifying applications involved in packet transmission and reception is crucial for reconstructing the chain of events in security incidents. However, since captured packets do not contain information about specific applications, investigators must rely on other information like log data for identification, which decreases the efficiency and accuracy of the forensic process. This paper proposes a new system that uses an extended Berkeley Packet Filter (eBPF) to embed application metadata directly into the packet capture files. To demonstrate the feasibility of this concept, we implemented a prototype of the proposed system. The system associates each packet with the corresponding application name, process ID, and user ID, storing this metadata alongside packet data in PCAPNG format, enabling analysis with existing tools such as Wireshark. An experimental evaluation comparing the system’s performance to a conventional packet capture tool revealed challenges, such as packet loss due to buffer overwriting and increased resource consumption. In particular, the initial Python-based implementation recorded a packet loss rate of 55.61%, which was improved to 7.60% with the enhanced Go-based implementation. However, the proposed system increases CPU utilization by up to 22 percentage points, thus it needs further effort for optimization. Despite remaining performance challenges, the proposed approach has the potential to reduce analysis time and improve accuracy in network forensics by eliminating reliance on log data.

Enhancing Robustness and Accuracy in Edge-Assisted Visual SLAM Implementation

With the increasing demand for spatial positioning on modern mobile devices, Simultaneous Localization and Mapping (SLAM), particularly camera-based Visual SLAM, has become essential for real-time perception and positioning by processing continuous image data. However, these algorithms often entail high memory and computational requirements, making it challenging to deploy them on mobile devices and run for extended periods. To address this issue, the edge-assisted SLAM architecture, which offloads computationally intensive tasks to edge servers, has been proposed. Despite its potential, existing solutions in this domain suffer from significant limitations in data synchronization and recovery capability, compromising both the robustness and accuracy of the system. In response to the identified limitations, we analyze the impact of the current data synchronization and relocalization recovery processes on system performance, and introduce a novel multithreaded tracking approach integrated with an efficient relocalization mechanism. We validated our approach in standard datasets, including the robustness of the system, tracking recovery capability, and localization accuracy. Experimental results demonstrate that our solution reduces tracking interruptions by up to 94.2%, significantly improves coverage, a vital robustness metric of the SLAM system, by up to 30.1%, and shortens relocalization recovery time by up to 35.2%. Furthermore, our approach improves the localization accuracy by 43.7% in translation scenarios and 36.8% in rotation scenarios.

Information Sharing Scheme Using AoI for DTN-based Evacuation System

In recent years, Japan has frequently experienced natural disasters such as earthquakes and typhoons, necessitating the rapid and accurate acquisition of evacuation support information. However, during such disasters, communication infrastructure may be damaged, making information sharing difficult. To address this issue, Delay/Disruption Tolerant Networking (DTN) technology has garnered attention. In this study, we propose a new information-sharing scheme for evacuation support systems using DTN. The proposed scheme leverages the Age of Information (AoI) to assess the freshness of information, discarding information that exceeds a certain AoI threshold. This ensures that evacuees can act based on the most recent and accurate information. Furthermore, by predicting the occupancy of evacuation centers in advance, the proposed scheme helps prevent situations where evacuation centers reach full capacity and can no longer accept evacuees, enabling a smoother evacuation process. Specifically, the scheme combines two prediction mechanisms: the first mechanism that estimates the number of evacuees based on the rate of increase information provided and transmitted by evacuation centers and the second mechanism that utilizes DTN to share estimated arrival times among evacuees to predict the number of evacuees in the destination evacuation center. This approach facilitates more appropriate selection of the destination evacuation center. We evaluate the effectiveness of the proposed scheme through simulation experiments using real geographical information. Additionally, we discuss the impact of the proposed scheme on evacuation time, the number of evacuees, and the average evacuation time. Consequently, it is confirmed that the proposed scheme could provide shorter evacuation time with evacuees.

Implementation and Evaluation of a System Call Moving Target Defense Applied Multiple Times at Runtime for Binary Injections

We propose and evaluate a system call-based Moving Target Defense (MTD) mechanism as a countermeasure against code injection attacks that exploit unknown vulnerabilities. Although integrating the proposed MTD mechanism into the OS kernel would be more ideal, we implemented it in userland for this study in order to demonstrate its feasibility and evaluate its effectiveness. The proposed system randomizes the mapping between system call numbers and their corresponding functions, thereby invalidating system calls issued by injected malicious code. Since system calls serve as the primary interface through which user applications access system resources, this randomization prevents attackers from achieving their objectives, even if they successfully inject code into a process. This approach, categorized as an MTD technique, is particularly promising against zero-day attacks, where vulnerabilities are exploited before they are patched. By dynamically altering the mapping at each system call invocation, the system increases its runtime diversity and unpredictability. While kernel-level implementation remains a future goal, our evaluation—conducted by remapping system call invocations through a userland wrapper—demonstrates that the proposed method can detect and mitigate code injection attacks in a wide range of existing compiled programs, without requiring specialized hardware support.

Enhancing Dimensionality Reduction in Driving Behavior Learning: Integrating SENet with VAE

This study addresses a common limitation of conventional Variational Autoencoder (VAE)-based methods in dimensionality reduction for state representation learning, especially in autonomous driving, by integrating Squeeze-and-Excitation Networks (SENet) into the VAE framework. While traditional VAE approaches effectively handle high-dimensional data with reduced computational costs, they often struggle to adequately capture complex features in certain tasks. To overcome this challenge, we propose the SENet-VAE model, which incorporates SENet into the VAE architecture, and evaluate its performance in driving behavior learning using deep reinforcement learning. Our experiments compare three setups: raw image data, conventional VAE, and SENet-VAE. Furthermore, we examine how the placement and number of SE-Blocks affect performance. The results demonstrate that SENet-VAE surpasses the limitations of conventional VAE and achieves superior accuracy in learning. This work highlights the potential of SENet-VAE as a robust dimensionality reduction solution for state representation learning.

Efficient Group Signatures with Designated Traceability over Openers’ Attributes from Lattices

The group signature with designated traceability (GSdT) is a kind of group signatures (GS) which aim to restrict the opening authority of the group manager; by setting an access structure over openers’ attributes at the signing, a signer is able to control openers who can open the signature. A generic construction of GSdT was given when the notion was introduced, then a pairing-based construction and a symmetric-key-based one were presented. Nonetheless, it remains open whether a post-quantum GSdT with full anonymity can be truly constructed. In this paper, we give a lattice-based GSdT scheme that has full anonymity for the first time. In our construction, the lattice-based ciphertext-policy attribute-based encryption (CPABE) by Tsabary and the lattice-based group signatures (GS) by Libert et al. are employed. The CP-ABE is based on the Regev public-key encryption, while the GS uses a non-interactive zero-knowledge proof to prove the correctness of the encryption in the signing process. Based on the compatibility, we combine and modify them to build up a GSdT scheme.

Extended VLIW Processor with Overlapping RISC-V Compressed and Privileged Instructions

RISC-V is an instruction set architecture that has attracted interest in both academic and industrial fields in recent years. RISC-V provides compressed instructions that reduce the size of each instruction. This feature contributes to the reduction of program size and is advantageous for embedded processors that have tight constraints on instruction and data memories. Therefore, implementation of compressed instructions is advantageous in terms of program size, but disadvantageous in terms of hardware for embedded processors with heavy area constraints. To solve the increase amount of hardware caused by supporting compressed instructions, we propose Converting All Integer-instructions to Compressed-instructions (CAIC) method. Additionally, we propose an extended VLIW processor called RVC-VOI (RISC-V Compressed - VLIW with Overlapping Instructions) that adapts the CAIC method. The processor implements privileged instructions which are not defined in compressed instructions, without increasing the issue slot executes privileged instructions or hardware to align instruction length, by overlapping instruction fields. This paper evaluates the code size reduction rate achieved by the CAIC method and the area of RVC-VOI. The CAIC method achieved a 7.2% reduction in the code size of QuickSort and a 25.9% reduction in the code size of Dhrystone, and RVC-VOI achieved significant reductions in energy consumption of up to 98.7% and circuit scale of up to 98.6% while maintaining execution time comparable to that of superscalar processors.

Asynchronous Separation of Unconscious Colored Robots

We consider the recently introduced model of autonomous computational mobile entities called unconscious colored robots. The entities are the traditional oblivious silent mobile robots operating in the Euclidean plane in Look-Compute-Move cycles. However, each robot has a permanent external mark (or color) from a finite set, visible by the other robots, but not by the robot itself. The basic problem for these robots is separation, requiring all the robots with the same color to separate from the other robots, each group forming a recognizable geometric shape (e.g., circle, point, line); this task must be performed in finite time, in spite of the robots being unconscious of their own color, unable to communicate, and oblivious. This problem has been studied and solved in the synchronous setting (SSS 2023). In this paper we show that the problem is solvable also under the more difficult asynchronous adversary, provided the robots agree on the orientation of one axis, and no robot is uniquely colored. The proof is constructive: we present a distributed algorithm that allows unconscious colored robots with one-axis agreement to separate into parallel lines under the asynchronous scheduler.

A Flow Distribution Algorithm with Segment Routing for Software-Defined Networking

Previously, routers have been responsible for both data forwarding and network management. Software-Defined Networking (SDN) separates these functions into a data plane and a control plane in order to simplify network operations and enable the construction of programmable networks. However, flow updates transmitted using the OpenFlow protocol introduce a communication overhead. Since Ternary Content Addressable Memory (TCAM) is used to quickly search flow entries, the associated costs rise significantly as the scale of the network increases. To address these problems, a method has been proposed that reduces flow entry update work and minimizes traffic overhead by aggregating some flows on a specific path in an SDN-managed network using SR (Segment Routing)-MPLS (Multi-Protocol Label Switching). However, while overall work is reduced, the load on the specific path used for the flow aggregation increases. This paper proposes a flow distribution algorithm with SR that efficiently utilizes network resources, while also addressing the two aforementioned limitations of Software-Defined Networking (SDN) to enable a more reliable SDN infrastructure. To evaluate the proposed algorithm, simulation experiments compared the proposed algorithm with the shortest-path algorithm on four network topologies with 13, 24, 48 or 58 nodes, and our results showed that the average standard deviation of the number of packets forwarded by each node under the proposed method was 861.04–1496.17 packets lower by comparison with the shortest-path method when the total number of transmitted packets was 50,000, and 1743.37–2950.34 packets lower when the total number of transmitted packets was 100,000. We also noted that the average path length for each packet under the proposed method was just 0.15–1.08 hops longer than that of the shortest-path method.