Novel intelligent architecture and approximate solution for future networks

Private networks have become popular for secure data sharing and anonymous communication in many domains: enterprise environments, military, journalism, telecommunication, healthcare, to name a few. It has been used with or without internet connection. Its primary purpose is to provide confidentiality, bypass unlawful activities, and protect against common threats such as interception, modification, and censorship. In addition, several private network technologies exist to support secure communications. However, they mostly rely on encryption only. The transmitted data is classified into different confidentiality levels. This research presents a smart private network architecture scheme that transmits constraint-based classified packets. The main directive of this work is the proposed constraint. This constraint is meant to enforce that if two packets belong to the same confidentiality level, they can’t be transmitted through the two routers simultaneously. Therefore, the studied problem is an NP-hard problem. This paper presents the following contributions: (i) proposes a new architecture paradigm for outsourcing a constraint-based multi-classified data sharing securely and transmitted through two routers; (ii) introduces several algorithms to prove the feasibility for this NP-Hard problem; and (iii) implements the algorithms solutions using C++ and compares their performance. Different metrics are used to measure the performance of the proposed algorithms. Randomized Longest Transmission time first algorithm RLT¯ scored the best algorithm with a percentage of 73.5% and an average gap of 0.002 according to the experimental results. It is remarkable worthy to note that the execution time of all the algorithms is less than 0.001 s.


Introduction
The "communication gap" between the experts who are working on network development and those working on technology development for security purposes has led to a significant lack of both methodologies to manage the complexity of security needs and the flexibility of security methods deployment. Network security design relies on the Open System Interface (OSI) a1111111111 a1111111111 a1111111111 a1111111111 a1111111111 proposed to minimize packet routing timing and maximize the queue size [8]. The advancement in innovative communications technologies in various domains has presented a vast range of applications in several areas, such as environmental surveillance, biomedicine, and video security monitoring. Thus additional issues to the network routing problems like latency, energy consumption, and security have emerged. Several routing scheduling algorithms methods, policies, and heuristics have been proposed to deal with issues related to routing security and privacy, optimization, delay, energy consumption, recovery time, and overhead in many modern network technology such as WirelessHART Mesh Networks, Wireless Sensor Networks, Industrial Wireless Mesh Networks, and Wireless Body Sensor Networks [9].
Protecting networks depends on ensuring the following security requirements: confidentiality to protect data from unauthorized users, integrity to protect data from unauthorized modification, and availability to protect data from being damaged or lost. Furthermore, the damage of the communication infrastructures can cause data to be damaged during war or natural disasters such as earthquakes, tsunamis, and floods. Therefore, there is a need for data control solutions in such emergencies [10]. The ongoing evolution of artificial intelligence (AI) technologies makes it possible to create emergency data allocation algorithmic techniques that deal with such incidents as proposed in [11] using the scheduler and router-based window constraints. The window is used by an intelligencer via a scheduler to control the network and create a "static urgent window pass" to reserve a time slot or pause accessing the router when dealing with scheduling problems during data transmission of confidential and urgent data based on given constraints [10,12]. Failure to provide any security requirements leads the Networks architecture to be prone to numerous cybersecurity attacks such as eavesdropping, sybil, selective, smurf, sinkhole, masquerading, byzantine, location disclosure attacks, blackhole, wormhole, and man-in-the-middle [13].
Access control contributes to the security requirements of securing the network in terms of confidentiality, integrity, and availability (CIA). However, such security requirements pose some limitations in dynamic environments. Therefore, a new generation of access control mechanisms has been demeaned to cope with today's dynamic digital environments. The classification of information into top-secret, secret, confidential, and unclassified has existed for a long time. Several Multilevel security policy models and systems have been proposed. Several problems and concerns have been pointed out concerning the practicality of MLS. They are summarized as follows. (i) The cost and difficulty of building them; (ii) the need to rebuild several applications to cope with MLS; and (iii)the complexity of the classification of data. With the technological improvements, several variations of traditional and untraditional access control mechanisms have been proposed to safeguard against unauthorized access. These mechanisms are encrypted-based or encryption-independent. Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Context-Aware role-based Access Control (CAAC) are all access control techniques and frameworks [14].
The main motive of this research is to advance state-of-the-art research in computer networks by proposing a future network vision that can be highly secured. A major problem is stopping or minimizing data leakages for sensitive outsourced information, which has become a significant problem nowadays. It also proposes a model that is capable to protect data of individuals in particular fields, for instance, during critical coverages for individuals (e.g., Journalists, Media outlets). Furthermore, the model investigates nontraditional methods or techniques existed in state-of-the-art. For example, our method was a reduction of an NP-Hard problem that deals with two machines. This paper aims to propose an intelligent private network architecture that disseminates classified network packets based on the constraint.
It also proposes a robust network paradigm that relies on two routers to address critical data privacy issues in particular environments and circumstances. The proposed scheme outsources data securely and privately in a critical environment. The approach has the following advantages: (i) It introduces an idea or vision for a secure future network using intelligent algorithms; (ii) Supports individuals (e.g, Journalists, Media outlets) to securely and privately exchange sensitive information with their hosts; (iii) provides a unique two-router network architecture for transmitting network packets based on a constraint-based classification; (iv) Presents algorithms using known and unknown techniques such as dispatching rules, local insertion search, randomization method, and lifting procedure; (v) Introduces a group of heuristic algorithms that deal with an NP-hard problem and applies it in the computer network area; (vi) Solves the problem in an acceptable optimal time, as it is shown in the result section. The disadvantages of our approach are listed as follows: (i) The two-router problem in our scheme is a reduction of a known NP-hard problem. Thus, solving such a problem using multiple hops could be time-consuming and might require more effort and techniques to heuristically solve it using algorithms with O(n 3 ). (ii) The time complexity to solve the problem relying on multiple hops could be very complicated because using two routers in our scheme problem reduces a known NP-hard problem. (iii) The exact solution for the problem requires a lower bound to be used in a branch-and-bound algorithm in the future; thus, an optimal solution can be given for our problem using the developed algorithm in this paper. Overall, this paper aims to propose a smart private network architecture that disseminates classified network packets based on the constraint.
It includes eight sections presented as follows. First, we introduce the related work in section 2. Then, the studied problem is described in Section3. Third, we present the novel proposed architecture and the different components in Section 4. Next, a detailed description of a novel lifting procedure is presented in Section 5. Fifth, we present the proposed solution algorithms in Section 6. Furthermore, we show the experimental setup and performance comparison between the algorithms in Section 7. Finally, some concluding remarks with reference to the future work are included in Section 8.

Literature review
Literature has investigated threats for the transmitted data across all network layers in various distributed computing systems, applications, and technologies. The analysis of the threats showed attacks against one or more of the C.I.A. triad-confidentiality, integrity, availability, including authentications, non-repudiation, and in various emerging and intelligent communications and technologies domains. For example, attacks on wireless mobile ad hoc networks are investigated in [15], attacks on wireless sensor networks [16], and cloud computing environments are discussed in [17]. Furthermore, due to a lack of end-to-end novel security solutions, several attacks have been against evolving technologies, for instance, those depending on artificial intelligence (AI) [18], augmented reality (AR) [19], Software-Defined Networking (SDN) paradigm [20] and Blockchain addressed in [21]. Attacks against new business models and e-health applications presented in [22].
The internet protocols have been viewed as a set of layers or protocol stack described according to the open system's interconnections (OSI) into a seven-layered network [23]. Several protocols such as IPSec, SSL, and DNSSEC which have been proposed to provide end-toend security solutions. For example, since routing information is subject to being intercepted or modified when routed through unknown networks, IPSec protocol has been developed to ensure end-to-end encryption for the Internet protocol (IP) user data and traffic.
The geographical distribution of various enterprises, sites and offices worldwide has led to the need for point-to-point or site-to-site private networks and secure connections. Virtual private network (VPN) has become popular for creating a private network to share resources and disseminate data over insecure networks. The secure channels in the VPN use the IPSec protocol. Unlike VPN, Virtual Private LAN services (VPLS) have been designed to control new evolving patterns, such as NFV and SDN. It has been popular for providing multipointto-multipoint connectivity, including other features, such as robust security and low operational cost. Still security in VPLS is a big concern [24].
Mobile ad hoc network MANET has been adopted due to its numerous advantages. The routing functionality in MANET is integrated into its nodes. Both topology-based and position-based routing protocols have been adopted in MANET. However, due to its decentralized nature and lack of efficient algorithm, designing routing protocol in MANET has been considered a complex issue [25]. In [26], the authors extended the greedy perimeter stateless routing protocol (GPSR)to enhance the position-based routing protocols for MANET. In addition, they used fuzzy logic to adjust the lifetime of entries in the nod's neighborhood matrix (IFPE).
The invention of 5G mobile communications and the advancement in computer network architectures, including SDN, NFV, and smart communication wireless devices, has made traditional data management systems unable to handle massive data. Accordingly there is a need to process higher data rates, guarantee lower data latency, and manage big data. To these ends, newer network architecture design and better algorithms embedded with security and decision-making capabilities are required [27]. Furthermore, Network routing should deal with policy compliance and avoid the dependence on algorithmic optimization [3]. For example, they used a scheduler in their scheme [12] to prioritize highly confidential classified packets in circumstances where the guarantee of the transmission of such packets could be uncertain. Furthermore, the authors used a single router with a static window pass [10,12] to experiment with several proposed heuristics and thus prove the practicality of their work. In addition, in [28], the authors used the scheduler to solve the problem of identical routers into network.
Data are publicly classified into several classes: top-secret, secret, restricted, and public, and others use such other terms like regulatory, public, confidential (highly confidential), and internal. Data classification using security policies has been used in many domains military, business, and healthcare [29]. For instance, a secure data and identity multilevel security outsourcing scheme are proposed in [30].
Multilevel security (MLS) controls the disclosure of data in trusted and unsafe environments. Only authorized individuals can access, modify, or delete data. The current network behavior is static, which makes the network sluggish in unstable network environments (e.g., traffic patterns or topology changes, or link failures)-thus there is a need for a Multilevel security policy that can be adopted under any circumstances [31]. Ali et al. proposed a blockchainbased IoT network multilevel security architecture that provides multilevel protection of data. The scheme uses cipher ChaCha20 and cellular automata to gain more security and randomness. The same authors claimed that their scheme enhances security and protects against all kinds of attacks by providing multiple levels of encryption; however, their scheme is not flexible and cannot minimize the chances of leakages [32]. In [33], the authors proposed a scheme that transmitted the data securely between cloud service and Internet of vehicles (IoV) devices. Their scheme uses an M-tree-based elliptic curve and digital signature algorithm (ECDSA) to provide key management for multilevel security infrastructure. In [34], The authors proposed a MLS scheme that enforced the flow policy of information among the inter-node within the network to minimize chances for attacks. Their scheme enforces the MLS policy on the software-defined networks SDN switches by moving the job to the controller. Unlike the proposed MLS methods, our scheme MLS policy ensures the absence of transmitting an identical level of secure information simultaneously.
Several schemes used reputation systems mechanisms to ensure a trusted routing environment. In [35], the authors proposed a trusted-based routing protocol model that recommends the trusted routing node to improve security. In [36,37] authors embed a trust-based mechanism in the routing path for routing path scheduling. Other authors used Blockchain and trusted public key protocols [38] to create decentralized inter-domain trusted routing systems and use smart contracts [39] to follow a trusted route to the destination. Detection of malicious nodes using reinforcement learning by automatically discovering the packets number transmitted to node's neighbor nodes was studied in [40]. In [41], the authors proposed a scheme to ensure the privacy of the source location to maintain safety time. The scheme selects multiple phantom nodes based on a dynamic routing generation process, adds a randomly directed path, and transmits the packets through different phantom nodes to ensure security [42].
Even though, there is a strong need for a multilevel secure data dissemination solution in a military-based environment, not enough research and investment in this domain exist-despite the need to use such a solution in the current era where collaboration between businesses and governmental organizations becomes necessary. Furthermore, even though several access-control mechanisms have been deployed for secure data dissemination [30,[43][44][45], they are not fully practical in dealing with the multilevel protection of classified big data or data streams needed in a military-based environment. In fact, the current paper proposes a model that relies on two router-based architecture to schedule securely and then disseminate conflict-based multilevel packet security in a critical situation. In addition, other researches related to the representation of the network traffic are developed in [46,47].
The suggested techniques presented in this paper can be exploited and operated to be adopted to the problems developed in [48][49][50][51][52]. We believe that our approach is important since it provides optimal security due to its multilevel security that minimizes the level of leaked information in case of cybersecurity attacks compared to other approaches. For example, the highly secure dissemination of packets in our approach justifies our important architectural choice of two routers since two packets that belong to the same level of security are prohibited from being transmitted at the same time, and this only can be accomplished in the main time through more than one router. Thus, if an adversary could capture one highly secure packet at one point through one router, it would not be able to capture a second one simultaneously since our architecture promotes transmitting classified packets with multiple levels of security. Additionally, a review of the literature showed the lack of research on this NP-Hard problem, and we were the first to present it in [53]. Finally, we introduced several heuristics that can help reach metaheuristics or an exact solution for the problem in the future. The proposed algorithms in [54][55][56][57][58][59][60].
Unlike many researches that focused on solving the problem of exchanging or outsourcing data securely and privately at the application layer and try to solve it using known techniques or traditional methods to protect outsourced information, our innovative approach addresses the problem from a different point of view and study the problem at the network layer and propose heuristics solution reduced from known NP-Hard problem and apply in the network security field. Furthermore, the presented algorithms in [53] were based only on the dispatching rules; however, this paper uses several techniques for the problem, such as dispatching rules, the local insertion search, the randomization method, and the lifting procedure.

Problem description
The problem in focus is described as follows. In a private network wherein several files must be transmitted through two routers, it is assumed that each group of files is classified in a confidentiality level denoted by Cl i with i = {1, � � �, n Cl } where n Cl is the number of confidentiality level. These files will be divided into packets, and each packet related to each file will be classified into the corresponding Cl. The total packets are grouped in the set PT. Thus, we denote n pt for the number of packets.
The index of the packet is denoted by j and the packet is denoted by Pt j . The confidentiality level of the packet Pt j is denoted by Clp j . The packet Pt j has an estimated transmission time (Time of Packet Transmission) denoted by tp j . After scheduling the packet j, the cumulative transmission time on the first router Ro 1 is denoted by Tc 1 j , and on the second router Ro 2 is denoted by Tc 2 j . This cumulative transmission time represents the finishing transmission time of packet j.
PT1 refers to the set of packets transmitted through Ro 1 and PT2 to the set of packets transmitted through Ro 2 . Consequently, PT = PT1 S PT2 and n pt = |PT1| + |PT2|. Once all packets are transmitted, the calculation of the total transmission time on router Ro 1 is denoted by Tr 1 and on router Ro 2 is denoted by Tr 2 . Therefore, the maximum estimated transmission time for the two routers is given in Eq 1. ðTc 2 j Þ. One packet cannot be simultaneously transmitted through the two routers in a fixed time. The objective is to give an algorithm that can minimize the value Tr max respecting the proposed confidentiality constraint presented in this paper. This constraint is to enforce packets belonging to the same confidentiality level to be transmitted through routers simultaneously which means that, in a fixed time interval it is not possible to transmit packets that belongs to the same confidentiality level. Indeed, in the same time interval, the transmission of two packets belonging to the same confidentiality level is not allowed.
The problem of the minimization of the maximum estimated transmission time for the two routers under the confidentiality constraint is an NP-Hard problem as proved in [53].
Example 1 Suppose that a problem of transmission network with n pt = 15. The number of confidentiality level n Cl is equal to 3. The estimated transmission time tp j for each packet Pt j is illustrated in Table 1. The confidentiality levels for each packet are given in Table 2. It is noticeable that packets Pt 1 , Pt 9 , Pt 10 , and Pt 14 belong to the same confidentiality level Cl 1 , which means that these packets must not, in any case, be transmitted simultaneously at the same time on the two routers.
The schedule shown in Fig 1 illustrates

Proposed architecture and components
This section details a novel architecture of data transmission into the network. The important advantage of this architecture is adding the component called "scheduler" into the well-known architecture. In addition, a new constraint called "confidentiality constraint" is imposed for the transmission of packets. This constraint precises the confidentiality level required by the administrator or the intelligencer (i.e., an intelligencer is a person that has a very high priority to manage and control the network and each data transmitted through the network. In addition, the intelligencer is responsible for attributing the confidentiality level to each file. As a result, all packets constituting the file will have the same confidentiality level). We present the following example of the confidentiality levels to clarify the proposed idea.
• Cl 1 : Very restricted. This level can encompass all highly sensitive data (files) that can affect national or military security.
• Cl 2 : Restricted. This level can encompass all sensitive data (files).
• Cl 3 : Confidential. This level can encompass all delicate data (files).
• Cl 4 : Internal. This level can encompass all non-sensitive data (files) that can't be disclosed to the public. • Cl 5 : Public. This level can encompass all revealed data (files) that may be exposed to the public.
Each confidentiality level Cl i encompasses a fixed number of packets. This number is denoted by np i 8i 2 {1, � � �, n Cl }.
Proposition 2 The total number of packets is given in Eq 3.

Proof 2
The sum of all packets in each confidentiality level is the total packets n pt . Fig 3 shows the confidentiality level categorization. The confidentiality level Cl i has a set of packets fP 1 i ; � � � ; P n i i g 8 i 2 {1, � � �, n Cl }. The novel architecture with two routers that can show the addition of the new component "Scheduler" is illustrated in Fig 4. The proposed architecture is composed of five components. These components are described as follows.
• Data collection: This component is responsible for specifying the files to be sent. It is managed by the intelligencer of the network.
• File categorization: This component is responsible for specifying the confidentiality level. The intelligencer specifies the confidentiality level for each file.
• Scheduler: This component is responsible for solving a scheduling problem for the transmission of packets through the network. It is managed or represented by a scheduler, and the solution to the scheduling problem is selected after running several algorithms, and the best solution will be selected.
• Routers: Two routers are the entities of this component.

Lifting procedure (LP)
This section describes a new proposed lifting procedure that can be applied to any given algorithm for the studied problem. This application can enhance the algorithm and gives a better result. The idea of this lifting procedure is as follows. Given an algorithm A that solves approximately the studied problem-we denote by Ro ma the router that has the maximum Tr k with k = {1, 2}. We denote by Ro mi the router that has the minimum Tr k . The lifting procedure role is to search the first packet scheduled in Ro ma and remove it to Ro mi at the last position to be the last packet scheduled in Ro mi . This gives a new schedule for the studied problem. In fact, a new value of Tr max must be recalculated, and the best solution must be chosen.
Example 2 Assume that the number of packets n pt = 15 and the number of confidentiality levels n Cl=3 . Table 3 presents the distribution of tp j for each packet Pt j . This example shows the resulting schedule before and after applying the lifting procedure.   It is clear from Figs 5 and 6 that the lifting procedure gives a better remarkable result. Indeed, for the schedule before the using lifting procedure of this example, the total time is Tr max = 192 compared to the result after applying the lifting procedure, which is equal to Tr max = 175. So, the difference is 17 units.

Proposed algorithms
This section presents detailed instructions to show the functionality of twelve algorithms developed to solve the studied problem. The algorithms are based on the dispatching rules, the local insertion search, the randomization method, and the proposed lifting procedure. The first and second algorithms are based on the dispatching rules using the non-decreasing order and the non-increasing order algorithm. The third algorithm uses a local insertion search approach, and the fourth and the fifth algorithms use a randomization method. The sixth algorithm is based on the critical confidentiality level in which detailed information is presented  1  2  3  2  1  1  2  2  2  3  1  3  2  2  2   tp j  21  24  16  30  11  30  13  18  27  17  21  24  27  10  12 https://doi.org/10.1371/journal.pone.0278183.t003 about the critical confidentiality level. Finally, the six remaining algorithms are lifting of all six presented algorithms.

Longest transmission time first algorithm (LTF)
This algorithm is based on selecting the packet that has the longest estimated transmission time. The selected packet will be transmitted through the most available router. The transmission which is-based on the latter selection is continued until all packets are transmitted.

Proposition 3 The complexity of the LTF algorithm is O(nlogn). Proof 3 To sort packets, a Quicksort algorithm is applied. As known, Quicksort's time complexity is O(nlogn). After that, each packet is assigned to a selected router which takes O(n) operations for all packets. So, the LTF's time complexity is O(nlogn).
Example 3 describes the scheduling of the packets on the two routers following LTF algorithm.
Example 3 Assume that the number of packets is n pt = 8 and the number of confidentiality levels is n Cl = 3.

The smallest transmission time first algorithm (STF)
This algorithm is based on selecting the packet that has the Smallest estimated transmission time. The selected packet will be transmitted through the most available router. The transmission based on the latter selection is continued until all packets are transmitted.

Proposition 4 The complexity of the STF algorithm is O(nlogn). Proof 4 To sort packets, a Quicksort algorithm is applied. As known, Quicksort's time complexity is O(nlogn). After that, each packet is assigned to a selected router which takes O(n) operations for all packets. So, the STF's time complexity is O(nlogn).
Example 4 describes the scheduling of the packets on the two routers following STF algorithm. Example 4 For this example, we choose to apply the STF algorithm in the example detailed in Table 4. Fig 8 shows Table 4, the result obtained by STF is better than the one obtained by LTF. This remark is not general. This means that the result cannot be the same for all the instances.

Search, test, and insert algorithm (STI)
First, we have to introduce the definition of the idle-time in a schedule.

Definition 1 The idle-time is a slot time or interval time when there is no packet transmission.
Based on the definition-above, this time interval is not exploited and can give a bad result for the scheduling problem on routers. Therefore, in this subsection, the algorithm tends to avoid idle-time and minimize the number of idle-time in routers by inserting packets in these  time intervals. Hereinafter, the set of idle-time is denoted by IT 1 and IT 2 in the first router and the second one, respectively. ni 1 and ni 2 denote the number of the idle-time in Ro 1 and Ro 2 , respectively. Therefore, IT 1 ¼ fIT 1 1 ; � � � ; IT ni 1 1 g and IT 2 ¼ fIT 1 2 ; � � � ; IT ni 2 2 g. The SI algorithm's first step is to choose the type of sort order of the packets. There are two types of sort orders packets available to be applied. The first one is the non-decreasing order of the estimated transmission time of the packets, and the second is the non-increasing order of the estimated transmission time of the packets.
The first idle-time IT 1 2 or IT 1 1 is obtained after the start of scheduling the packet on the two routers. pt j must be tested to insert an unscheduled packet in the obtained idle-time. If there is no possibility to schedule any unscheduled packet, the packet pt j is scheduled, and an idle-time is provoked. Then, the same instructions are called until all packets are scheduled.
Hereinafter, the functions that sort the elements of a given list Li in the increasing order and decreasing order are denoted by InS() and DcS(), respectively.
In algorithm 1, we present an illustration of the search and the insertion packets in the idletimes when the InS is applied (SIPI procedure).
We denote SDI() for the function that searches and determines the idle-times when a packet pt j is selected to be assigned. This function updates the ni 2 and ni 1 values.
We denote ST() for the function that returns the starting time of the obtained idle-times for the scheduled packets.
We denote PIS(r) for the function that searches the possibility of scheduling the packet pt j on the router r. This function returns 1 if it is possible to schedule the packet pt j , otherwise it returns 0.
Algorithm 1 Procedure (SIPI) for (k = 1 to ni 1 ) do The SIPI procedure is functioning as follows. Firstly, we call the procedure InS() applied on all packets. The numbers of idle-times ni 1 and ni 2 are initialized to 0. A loop from 1 to the number of packets is applied to schedule packets in Ro 1 and Ro 2 . This loop is described from instruction 3 to 23. For each packet (for each value of j), we Call SDI() (Instruction 5) and we loop from 1 to the number of idle-times in Ro 1 trying to insert the packet j. If the insertion can be feasible, so we calculate TC 1 j , otherwise a test for the next idle-time will take place (Instructions [6][7][8][9][10][11][12]. After that, we loop from 1 to the number of idle-times in Ro 2 trying to insert the packet j. If the insertion can be feasible, so we calculate TC 2 j , otherwise a test for the next idletime will take place (Instructions [13][14][15][16][17][18][19]. Finally, the minimum cumulative time will be picked (Instructions 20-22).
The algorithm of the search and the insertion of the packets in the idle-times when the DcS is applied uses the same instructions in Algorithm 1, but it replaces

Randomized Longest Transmission time first algorithm (RLT)
Firstly, we sort all packets according to the decreasing order of their estimated transmission time. Now, we schedule the first-longest estimated transmission time with probability β and the second-longest estimated transmission time with probability 1 − β. In practice, the value of β is equal to 0.3.
We denote SWP() for the procedure that swaps two packets given as inputs.
The instructions described in Algorithm 3 show the functionality of RLT algorithm.

5:
if ( The randomized longest transmission time first algorithm (RLT) is functioning as follows. Firstly, we call DcS(PT) (Instruction 1) to sort all packets according to the decreasing order of their estimated transmission time. After that, an iterative loop is applied 500 times (Instruction 2) to randomly choose the packet that will be scheduled. Indeed, for each iteration, a loop of n pt − 1 will take place (Instruction 3) and for each packet, a random generation of a number between 1 and 100 will be applied (Instruction 4). If this number is less than 30 (Instruction 5) then we swap the packets j and j + 1 (Instruction 6). We schedule the selected packet on the most available router (Instructions 8-17). Next, the last remaining packet will be scheduled (Instructions [19][20][21]. After that, Tr it max is calculated (Instruction 23). After the termination of all iterations, the minimum value of Tr max is determined (Instruction 25).

Randomized smallest Transmission time first algorithm (RST)
This algorithm is like RLT but instead of DcS(PT) we use InS(PT). Then, the RST's complexity time is O(nlogn).

Critical confidentiality level algorithm (CCL)
Firstly, we define the critical confidentiality level. The packets having the same confidentiality level  Table 1. The critical confidentiality level algorithm (CCL) is functioning as follows. Firstly, we call DFP() and DcS (Instructions 1-2). After that, a loop from 1 to the number of confidentiality level will take place to determine Tc 1 FP k and Tc 2 FP k (Instructions 4-5). The minimum value will be stored in Tc FP k (Instruction 6). Finally, Tr max is calculated (Instruction 8).

Lifting algorithms
All algorithms proposed previously can be enhanced by applying the lifting procedure LP defined in Section 5. The lifting algorithm of LTF, STF, STI, RLT, RST, and CCL will be LTF,

Experimental results
The experimental results and the statistical analyses are detailed in this section. The proposed algorithms are coded in C++. The computer running all developed programs has the characteristics for the processor Intel(R) Core (TM) i5-1035G1CPU @1.00GHz and for the memory 8GB RAM.

Problem instances
To measure the performance of the proposed algorithms, it is mandatory to test them on several instances. The different classes of instances depend on how the generation of the estimated transmission time tp j will be. In this paper, we opted for the uniform distribution to generate all instances. This distribution is denoted by U[s, e], with s being the starting value of tp j , and e the ending value that can't be exceeded. Four different classes are developed as follows: • Class A: tp j in U [1,30].
The number of packets n pt is varying in {15, 25, 45, 65, 90, 110}. The number of confidentiality level n Cl is varying in {3, 5, 7, 9}. For each n pt value all n Cl values are tested. For each n pt , n Cl , and Class, 10 instances are given. In total (6 × 4 × 4 × 10) = 960 instances are generated and tested. It is worthy noting that the confidentiality level Clp j for a packet pt j is generated uniformly between [1, Clp j ].

Metrics
The experimental study will only be important after having measured the performance via measurement metrics in order to be able to interpret them afterward. The metrics used in this paper to measure the performance of the proposed algorithms are as follows: • A + : best returned value of the Tr max after the execution of all algorithms.
• A: returned value of Tr max by the studied algorithm.
• Pr: percentage of instances when A + = A.
• AvG: average of Gp for a group of instances.
• AT: average execution time in seconds. When this time is less than 0.001 s the symbol "-" is placed.

Discussions
In this subsection, a discussion of the experimental results is presented. Firstly, an overview of Pr, AvG, and AT for all proposed algorithms is described. Next, the impact of applying the lifting procedure is illustrated. A comparison of the average gap AvG for all algorithms according to the number of packets n pt , n Cl , and Class is discussed. Table 6 presents the overview of Pr, AvG, and AT for all proposed algorithms. It shows that the best algorithm that gives the highest percentage of 73.5% is RLT. The average obtained gap for this algorithm is 0.002. It is remarkable in this respect that all the running times for all algorithms are less than 0.001 s. This proves that the proposed algorithms give a result in a very impressive time. The second best algorithm is RLT with a percentage of 72.8% and an average gap of 0.003. Now, we compare the best algorithm given in literature which is MDETA as detailed in [53] with the best-proposed algorithm RLT. We denoted by MV the minimum obtained between RLT and MDETA after running all the 960 instances. The results show that RLT reaches MV value in 91% of instances, while MDETA reaches the MV value in only 41% of instances. This proves that the proposed algorithm RLT is the best algorithm compared with the results in the literature. Table 7 presents the impact of applying the lifting procedure. This table shows that the lifting procedure gives a better result for the algorithms RLT and CCL.
Each tuple (n pt ), n Cl , Class is denoted by the variable Tu. For the instances given in this experimental results, Tu = {1, � � �, 96}. The first value of Tu is 1 and is represented by the tuple (15, 3, 1). The last value of Tu is 96 and is represented by the tuple (100, 9,4).  Table 8 compares the average gap AvG for all algorithms according to the number of packets n pt . It shows that the minimum average gap AvG of 0.001 is reached for the algorithm RLT when n pt = 25. However, this minimum AvG value is reached for algorithm CCL three times when n pt = {65, 90, 110}. It is noted that, for all algorithms excluding RLT and RLT, the average gap AvG decreases when the number of packets n pt increases. The maximum average gap of 0.093 is obtained by algorithm STF when n pt = 15.  Table 9 on the other hand, compares the average gap AvG for all algorithms according to the number of confidentiality level n Cl . The minimum reached average gap AvG of less than 0.001 is recorded for algorithm RLT when n Cl = 9 and for algorithm RLT when n Cl = 9. In addition, the second best average gap AvG of 0.001 is reached for algorithm RLT when n Cl = {5, 7} and for the algorithm RLT when n Cl = {5, 7}. The maximum average gap of 0.063 is obtained by the algorithm STF when n Cl = 3. Table 10 presents the comparison of the average gap AvG for all algorithms according to the different classes Class. For the best algorithm, RLT the minimum average gap of 0.001 is obtained when Class = {1, 3}. However, for Class 2 the average gap is equal to 0.002, and for Class 4 the average gap is equal to 0.004. Finally, the maximum average gap of 0.056 is obtained for Class 3 by the algorithm STF.

Conclusion
This research studied the problem of scheduling multilevel classified network packets on two routers based on a constraint. We proposed an architectural paradigm that can be deployed  for a private network. The paradigm can be used for the secure dissemination of classified data in a military-based environment. This is a known NP-hard in the strongest sense. We proposed six heuristic algorithms and their enhancements versions using the lifting procedure. The proposed heuristics are LTF, STF, STI, RLT, RST, and CCL. So, in total, we proposed twelve algorithms. We compared the proposed algorithms' average gap based on the number of packets n pt , n Cl , and Class. Our observation based on the performed experimentation indicates that RLT algorithm performed the best, recording a percentage rate of 73.5%, and an average gap of 0.003. The second best algorithm in line is RLT. RLT percentage rate was 72.8%, and the average gap was 0.002. The lifting procedure gave the RLT and CCL algorithms a better result, and the average gap decreases for all algorithms, excluding RLT, and RLT, when the number of packets n pt increases. We also noticed that the minimum reaches average gap AvG of less than 0.001 according to the number of confidentiality level n Cl was for algorithm RLT when n Cl = 9.

Prospects
Future work will be based mainly on five directives. The first directive is meant to enhance the proposed algorithms using several meta-heuristics by calling the proposed algorithms the initial solution. The second directive is to develop a lower bound and an exact solution for the studied problem compared with the obtained results. The third directive is to elaborate an extension of the studied problem by considering the problem when the number of routers exceeds 2. The fourth directive is to employ supervised machine learning classification to intelligently label and then transmit the network packets through three or more routers. The last directive is the simulation of the proposed network and algorithms in a real-life scenario with demonstration and testing in real hardware and the investigation of multilevel data security using multi-agent systems.