An enhanced multilevel secure data dissemination approximate solution for future networks

Mohammad Mahmood Otoom; Mahdi Jemmali; Akram Y. Sarhan; Imen Achour; Ibrahim Alsaduni; Mohamed Nazih Omri

doi:10.1371/journal.pone.0296433

Abstract

Sensitive data, such as financial, personal, or classified governmental information, must be protected throughout its cycle. This paper studies the problem of safeguarding transmitted data based on data categorization techniques. This research aims to use a novel routine as a new meta-heuristic to enhance a novel data categorization based-traffic classification technique where private data is classified into multiple confidential levels. As a result, two packets belonging to the same confidentiality level cannot be transmitted through two routers simultaneously, ensuring a high data protection level. Such a problem is determined by a non-deterministic polynomial-time hardness (NP-hard) problem; therefore, a scheduling algorithm is applied to minimize the total transmission time over the two considered routers. To measure the proposed scheme’s performance, two types of distribution, uniform and binomial distributions used to generate packets transmission time datasets. The experimental result shows that the most efficient algorithm is the Best-Random Algorithm (), recording 0.028 s with an average gap of less than 0.001 in 95.1% of cases compared to all proposed algorithms. In addition, is compared to the best-proposed algorithm in the literature which is the Modified decreasing Estimated-Transmission Time algorithm (MDETA). The results show that is the best one in 100% of cases where MDETA reaches the best results in only 48%.

Citation: Otoom MM, Jemmali M, Sarhan AY, Achour I, Alsaduni I, Omri MN (2024) An enhanced multilevel secure data dissemination approximate solution for future networks. PLoS ONE 19(2): e0296433. https://doi.org/10.1371/journal.pone.0296433

Editor: Olugbemiga Solomon POPOỌLA, University of Medical Sciences, Ondo City, NIGERIA

Received: April 7, 2023; Accepted: December 12, 2023; Published: February 8, 2024

Copyright: © 2024 Otoom et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Data Availability: All relevant data are within the paper.

Funding: The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript. The authors extend their appreciation to the deputyship for Research & Innovation, Ministry of Education in Saudi Arabia for funding this research work through the project number (IFP-2022-33).

Competing interests: NO authors have competing interests.

Introduction

The technological advancement in this era has made collaboration among different governmental and none governmental organizations to be a necessity. Such collaboration requires secure and private data dissemination infrastructure. Multilevel Data security has been proposed to increase data security and control the disclosing of data in a particular environment. However, there are not enough efforts in secure data classification research. On the one hand, most existing solutions that rely on traditional security mechanisms are less effective since common security weaknesses are inherited from the previous Open System Interface (OSI) model. On the other hand, there is a need for secure-by-design efforts to eliminate the gap between previous weaknesses and current advancements to enable secure future networks. Hence, this research effort improves the previous research that relies on a novel secure-by-design network model that uses two routers for secure classified data dissemination. The improvement focused on minimizing the total transmission time over the two considered routers.

Emerging technology has led to the Fifth Industrial Revolution. It is evolving rapidly due to numerous advancements in many fields, such as system intelligence, machine learning, IoT, robotics, blockchain, and so forth. Furthermore, these advancements cause the world to become more interconnected by integrating various new networking technologies, including smart devices with the Internet. In addition, the outbreak of an incident like COVID-19 has accelerated the efforts in technology research and development.

The number of devices connected to the Internet has been increasing. For instance, more than ten billion devices are connected today [1, 2]. The design of interconnected networks relies on the Open Systems Interface (OSI) model. Although many advantages are incurred from the OSI model, such as protocol integration, standardization, flexibility, and modularity, the complexity of security requirements makes the OSI model’s current design less effective in dealing with numerous attacks. For example, active, passive, and advanced network attacks usually degrade the network performance causing the packet traffic to be uncontrolled. Such common attacks may include spoofing, denial of service (DoS), sinkholes, Sybil, traffic analysis, eavesdropping, byzantine, black hole, and location disclosure attacks [3]. These attacks could cause severe threats to safeguarding sensitive transmitted data.

The number of security incidents, vulnerabilities, cybersecurity threats, and challenges has increased with the introduction of Industry 5.0. In particular, IoT, digitalization, big data, and artificial intelligence are considered the primary causes of cybersecurity issues since they have notably increased internet connection use. As a result, attacks have rapidly expanded to target significant businesses and industries, including health organizations, to disrupt infrastructure and steal sensitive data [4]. These attacks may include email fraud and spam, network anomalies, malicious URLs, impersonation, and malware attacks [5, 6].

Some network attacks, like Sybil attacks and Eclipse attacks, target the security of routers by damaging their functionality. Some of these widespread attacks are as follows: Routing Table Poisoning attacks (RTP), Packet Mistreating Attacks (PMA), Hit and Run attacks (HAR), Advanced Persistent Threats (APT) (PA), and Denial of Service attacks (DoS) also fall under widespread attacks. For example, the Border Gateway Protocol (BGP) has a critical routing target on the Internet. It manages the routing of packets throughout the Internet via exchanging information among edge routing. However, it does not maintain security and is vulnerable to attacks [7, 8].

This paper proposes an intelligent private network solution that uses a security policy to provide a multilevel data dissemination control based on security category constraints. While on the one hand, the elaboration of the proposed solution relies on the scheduling algorithms presented in [9–11], which are planned later to be utilized and adapted to the studied problem. On the other hand, applying the security category constraints idea in this paper is considered an NP-hard problem, which means that no algorithm will always efficiently produce the exact correct answer on all inputs. Therefore, the scheduling algorithm is the best choice to get the best solution in the current work. The packets will be scheduled to be waiting in a queue or need to be transmitted. This paper aims to introduce a future secure computer network paradigm. The model includes a packet dissemination security policy to minimize or prevent data breaches. Several real-life scenarios, case studies, and applications can benefit from the model, including the media industry, military organizations, and journalism. The proposed two-router network is an NP-hard problem [12] that uses a security policy for multilevel data security transmission. However, it has many benefits: (i) introduces a security-by-design future network idea that relies on a dissemination-based packet classification; (ii) applies various algorithmic techniques such as dispatching rules, local insertion search, randomization method, and lifting procedure to enhance the security and performance of the transmitted packets in the computer network area; (iii) presents an idea that can be implemented as a private network application to assist individual privacy protection in critical environments and circumstances.

The novelty of this research is its security by design paradigm that initially relies on two routers for future network security. For example, the solution supports journalists for multilevel secure and successful transmission of their data in the form of network packets. Furthermore, the proposed work introduces several algorithmic solutions to deal with an NP-Hard problem in acceptable efficient time and use it in the network security field. Furthermore, compared with previous works. The proposed approach continues to enhance the results compared with previous developed algorithms in [12–14] results as it being detailed in the result and discussion section. It uses new algorithmic techniques and procedures. On the other hand, the disadvantages of the proposed method are as follows: (i) the time complexity for such an NP-hard two-machine problem demands using more techniques to solve the problem using algorithms with O(n³) heuristically. (ii) Developing an exact solution requires using a lower bound in a branch-and-bound algorithm.

This paper is structured as follows. First, section two presents the related works. Next, section three presents the description of the studied problem. Then, section four describes the solution novel architecture through an illustrative diagram. Section five details the enhancement randomization routine, and section six describes the proposed algorithms and their different instructions. Section seven provides the experimental results and discusses the solution performance evaluation. Finally, section eight concludes the remarks and future works.

Related works

Secure and private data outsourcing or exchanging have primarily been studied in the literature at the application layer. Several known techniques or traditional methods have been applied to protect such data. However, the innovation of the proposed approach in this paper is that it addresses the problem from a different point of view by providing a solution that can be applied at the network layer and introducing heuristic solutions reduced from a known NP-Hard problem to address issues in the field of network security.

The studied problem was addressed for the first time in [12], in which only dispatching rules techniques were used to construct algorithmic solutions. However, this paper uses several sophisticated algorithms for the problem. In addition, authors in [13] proposed several algorithms based on critical-level security and randomization to deal with the studied problem. In the same context, the authors in [14, 15] proposed novel heuristics to solve the studied problem approximately. The author in last work used several recognized and unknown algorithmic methods like iterative, randomization, and probabilistic methods. The achieved results that both proposed algorithms called RGS₁ and RGS₂ were better compared with previous proposed algorithms that deal with same studied problem.

The literature has investigated several threats to data transmission across all network layers in various distributed computing systems, applications, and technologies. The analysis of such threats has shown attacks in various emerging and intelligent communications and technologies domains. For example, in [16], wireless mobile ad hoc network attacks are investigated. In [17], wireless sensor network attacks are discussed. Finally, the authors in [18] addressed attacks affecting SDN and cloud computing environments.

Several works related to the representation of network traffic have been developed [19, 20]. For example, the constraint of the window pass is proposed for the first time in [22] to prioritize highly confidential packets. In addition, the one router problem is studied under fixed time-slot interval in [21, 22] to experiment with different developed algorithms and thus prove the efficiency of the presented work. Finally, in [23], the authors introduced a scheduler component to solve the problem of parallel routers in the network.

Multilevel data security (MLDS) [24] has become an essential tool since the new emerging technology caused organizations to collaborate to securely share algorithms and data or jointly process the data to extract valuable knowledge. In MLDS, data is labeled and accessed according to their critical level. Hence, there is a need for a multilevel secure dissemination solution in the multi-domain environment [25]. Furthermore, such a solution is needed in a military-based climate since no sufficient research exists in this domain. There is no practicality in the current deployed access-control methods for implementing secure data dissemination for data streams [26, 27].

The algorithms developed in [28] can be extended and applied to the presented problem. The algorithms of the parallel machine problem [29–32] can be extended and reformulated to use the related algorithms for the studied problem. Moreover, the algorithms developed in this paper can be extended for the subject considered in [33, 34]

The issues of packet scheduling, timing, and routing have been well-studied by many. For example, several routing scheduling protocols have been proposed to deal with packet timing minimization and queuing issues since additional issues have added to the network routing problems due to innovative advancements in communications technologies. The common packet routing issues are energy consumption, optimization, latency, overhead, routing security, and privacy. Thus, many studies proposed to deal with issues presented in modern network technology [35–38]. The literature presented several algorithms regarding the scheduling problem in networks.

Several algorithms have been proposed to deal with network scheduling problems. However, algorithms presented in [12–15] dealt with the issue presented in this paper which is transmitting multiple levels of data based on a constraint. Such a problem is an NP-hard [12] because the minimization of total time for transmitting data through two routers in this paper is reduced from two parallel machines NP-Hard problem.

Problem description

The description of the proposed problem is as follows. A set of files in a special network that each has different security characteristics must be transmitted through two routers. Suppose each set of files is classified according to a security level denoted by Sl_i with i = {1, …, n_Sl} where n_Sl means the number of security levels. The files are then split into different packets categorized according to their corresponding Sl_i. Let Pcs be the set of all packets, and n_pcs is the total packet number. Pk_j denotes the packet with index j. The security level of the packet Pk_j denotes by Dlp_j. Each packet Pk_j has its own transmission time denoted as Pt_j. Based on packet Pk_j, the cumulative transmission time on the first router R₁ and the second router R₂ are denoted by and , respectively. The set of packets transmitted through R₁ and R₂ are denoted by Pcs₁ and Pcs₂, respectively. Therefore, Pcs = Pcs₁∪Pcs₂ and n_pcs = |Pcs₁|∪|Pcs₂|. After the transmission of packets, the total transmission time on router R₁ is denoted by Tt₁, and the one on R₂ is denoted by Tt₂. Thus, the maximum transmission time for the two routers denotes by Tt_max and given by Tt_max = max(Tt₁, Tt₂). The objective is to minimize Tt_max. Packets holding the same security levels cannot be transmitted simultaneously through the two routers. Therefore, a security constraint is being used to prevent the transmission of two packets belonging to the same security level simultaneously through two different routers. Such a problem has been proven to be NP-hard [14].

Architecture

This section defines a novel architecture based on the proposed constraint of security levels. This architecture comprises six components, as Fig 1 explains. The “Data security level” and the “Scheduler” are the two main components. The administrator imposes and links each file to their security level. The decomposition of each file into packets will automatically give the authorization of the component “Data security level” to add the same security level of the same file for all packets belonging to this file.

Download:

Fig 1.

https://doi.org/10.1371/journal.pone.0296433.g001

Enhancement randomization routine (ER2)

The section presents a randomization-routine enhancement called to improve the solution of the developed algorithm within a deployed scheduler. The routine relies on a probability method. The corresponding sequence for any schedule obtained by any heuristic h() is determined. The sequence is stored in a list with two selection choices that select either the first or the second packet. This choice is based on the probability β. Indeed, to choose the first packet, the probability β and the probability 1 − β is applied for the second packet. Hereafter, is denoted by the heuristic value obtained after calling the enhancement randomization routine ER2(.) by inputting the sequence obtained by the heuristic h. Thus, . For each algorithm, the call of ER2(.) will be executed 500 times, and the best solution will be picked.

Example 1. Suppose that the number of packets is 13. Then, the sequence obtained after utilizing the decreasing time algorithm is presented in Table 1.

Download:

Table 1. Decreasing time algorithm sequence.

https://doi.org/10.1371/journal.pone.0296433.t001

After calling ER2(.) described above, an obtained sequence is presented in Table 2. In this latter table, r is a number in [1, 100]. When this number exceeds 30, the first packet is chosen; otherwise, the second one will be chosen. In addition, j′ is the packet index in the new sequence after enhancement.

Download:

Table 2. The sequence after applying ER2(.).

https://doi.org/10.1371/journal.pone.0296433.t002

Based on Table 2, the schedule of the proposed problem is presented in Fig 2. The latter figure shows that on the first router, the packets {4, 5, 12, 6} are scheduled, however on router 2 packet 7 is scheduled respecting the constraint of the data security level.

Download:

Fig 2.

https://doi.org/10.1371/journal.pone.0296433.g002

The proposed algorithms

The section presents seven proposed algorithms and their details. The enhancement of the algorithms relies on the above novel routine (ER2). The seven enhanced algorithms are called the random-decreasing time algorithm, the random-modified decreasing time algorithm, the random-search and insertion time algorithm, the random-critical security level algorithm, the random packet-classification first variant algorithm, the random packet-classification second variant algorithm, and the best-random algorithm.

Random-decreasing time algorithm ()

In this algorithm, packets are sorted based on their transmission time-decreasing order. Then, packets are scheduled one by one. Thus, the first packet is selected and scheduled on the router with the minimum values among and then the second packet is scheduled the same way, and the same applies to the remaining packets until all are scheduled. Finally, after the accomplishment of the scheduling, this algorithm denotes DT. The sequence obtained by DT will be used as the initial solution for applying ER2. This algorithm denotes .

Random-modified decreasing time algorithm ()

The packets are sorted for this algorithm, as detailed in the previous subsection. When a packet Pk_j is selected, each interval time for all routers where there is no packet in transmission will be called “Idle Interval” and will be detected by this algorithm. The “Idle Interval” is denoted by Ii. A test of the load is applied by calculating and . If , then the selected router will be the one that has the shortest idle interval. The algorithm that returned the sequence of MD is detailed in Algorithm 1. After finishing the scheduling, the obtained sequence will be used as the initial solution for applying (ER2). This algorithm denotes by . Hereafter, DCR(L) denotes the procedure that sorts a list L given as input according to their transmission time-decreasing order.

Algorithm 1 Modified Decreasing Time Algorithm (MD)

1: Call DCR(Pk)

2: for (j = 1 to n_pcs) do

3: Calculate

4: Calculate

5: if () then

6: R₁ is selected

7: else

8: if ( then

9: R₂ is selected

10: else

11: if () then

12: Calculate Ii1

13: Calculate Ii2

14: if (Ii1 ≤ Ii2) then

15: R₁ is selected

16: else

17: R₂ is selected

18: end if

19: end if

20: end if

21: end if

22: end for

23: Calculate Tt_max

24: Return Tt_max

Random-search and insertion time algorithm ()

The idle interval is better to be avoided because these intervals can give a bad result. Thus, in this algorithm, some packets are inserted in these idle intervals when the constraints allow the scheduling. Firstly, the schedule of (DT) is given. The sets of idle intervals are denoted as I1 and I2 on the first and second router, respectively. The idle intervals in the first and second routers are n₁ and n₂. The non-scheduled packet is inserted in the idle time I1 by looping until n₁. If there is no possibility of scheduling this packet, the non-scheduled packet is inserted in the second router in the idle time I2 by looping until n₂. After obtaining the final schedule, the received sequence will be used as the initial solution for applying (ER2). This algorithm denotes . Hereafter, the procedure that sorts a list L given as input relies on the transmission time-decreasing order denoted as ICR(L). The procedure that searches and fixes the idle intervals denotes SF(). The starting time of the idle interval is determined by the procedure SIT(). Feas(R) symbolizes the function that can detect the feasibility of scheduling the selected packet on the router R. This function returns “True” if the schedule is feasible and “False” otherwise.

Algorithm 2 Search and Insertion Time Algorithm (SI)

1: Call ICR(PK)

2: Set n₁ = 0 and n₂ = 0

3: for (j = 1 to n_pcs) do

4: Set check1 = 0 and check2 = 0

5: Call SF()

6: for (k = 1 to n₁) do

7: Call SIT()

8: if (Feas(1) = True then

9: Set check1 + +

10: Calculate

11: end if

12: end for

13: for (k = 1 to n₂) do

14: Call SIT()

15: if (Feas(2) = True then

16: Set check2 + +

17: Calculate

18: end if

19: end for

20: if (check1 ≠ 0 OR check2 ≠ 0) then

21: Calculate

22: end if

23: end for

24: Calculate Tt_max

25: Return Tt_max

Random-critical security level algorithm ()

All packets with the same security level are grouped in the set PsL_i with i = {1, …, n_Sl}. The sum of all Pt_j, ∀Pt_j ∈ PsL_i is denoted by SSL_i. The critical security level denoted by CL is the security level with the maximum value of SSL_i, ∀i = {1, …, n_Sl}. The fictive packet denoted by PF_i, i = {1, …, n_Sl}, is a new packet with a transmission time SSL_i. The fictive packets are sorted based on their SSL_i− decreasing order, ∀i = {1, …, n_Sl}. In each PsL_i, the packets are sorted according to DT. Next, the total time T is calculated as . This researched problem lower bound can be taken as and denoted by LB. Next, the sequence of packets PsL_i will be used to schedule packets on the first router until reaching LB.. After that, the leftover packets will be scheduled on the second router. The acquired schedule will construct a new sequence that will be utilized to apply the (ER2). Example illustrates the obtaining of the CS sequence.

Example 2 The same instance detailed in Table 1 is considered. Firstly, the packets are sorted in each set PsL_i with i = {1, …, n_Sl} according to their transmission time- order. Table 3 shows the generation of the four fictive packets.

Download:

Table 3. Generation of the fictive packets.

https://doi.org/10.1371/journal.pone.0296433.t003

The next step in applying the algorithm is sorting the fictive packets, as described above. Indeed, the sequence to be scheduled on the two routers is listed as follows {PsL₄, PsL₃, PsL₁, PsL₂}. This means that the sequence is {{7,4,5,12,6},{3,8},{1,13},{11,9,2,10}}. After that, the packets are scheduled in the last sequence until reaching LB on the first router. For this stage, the scheduled packets on R₁ are {7,4,5,12,6,8,2} and {3,1,13,11,9,10} on R₂. This schedule gives the valuesTt₁ = 69 and Tt₂ = 72 with a total transmission time of Tt_max = 72. The CS sequence is {7,4,5,12,6,8,2,3,1,13,11,9,10}. This sequence is the initial solution for (ER2).

Random packet-classification first variant algorithm ()

The first step is to divide the packets into three groups G₁,G₂, and G₃. The first packets will be assigned to G₁. At the same time, the second packets will be assigned to G₂. The remaining packets will be assigned to G₃. The second step is sorting packets, in each group, according to their transmission time-increasing order. Finally, the sequence for scheduling packets is G₂, G₁, and G₃. After obtaining the final schedule, the obtained sequence is the initial solution for applying (ER2). This algorithm denotes .

Random packet-classification second variant algorithm ()

The first step is to divide the packets into three groups G₁,G₂, and G₃. The first packets will be assigned to group G₁. At the same time, the second packets will be assigned to group G₂. The remaining packets will be assigned to G₃. The second step is sorting the packets in each group following their transmission time-increasing order. Finally, the sequence to schedule packets is G₁, G₃, and G₂. After obtaining the final schedule, the obtained sequence is the initial solution for applying (ER2). This algorithm denotes by .

Best-random algorithm ()

Firstly, the algorithms and are called. The solutions returned by and denote T_CS and T_SI, respectively. The value returned by is T_BR = min(T_CS, T_SI). The algorithm and are designed in the functions denoted by PrCSt() and PrSIt(), respectively. This algorithm of is described below. The random-critical security level algorithm ameliorates the scheduling based on the use of the critical security level. The random search and insertion time algorithm contribute to ameliorating the results by using the insertion method that reaches a better result. The is constructed by the maximum of these latter algorithms. The choice is based on the non-dominance of the proposed algorithms. In fact, and are non-dominants.

Results and discussion

The section presents the setup, experimentation, and results concerning the proposed algorithms. C++ is used to implement the proposed algorithms. Five classes are coded and presented to show the algorithms’ performance. The experimental results were obtained using: (i) a personal computer with a microprocessor i5, (ii) 8 GB of RAM, and (iii) Windows 10 as an operating system. This paper uses two types of distribution uniform and binomial distributions. The distribution is used to generate the values of the transmission time of a packet. UD[b, f] denotes uniform distribution and BD[b, f] for the binomial distribution with b as the minimum value for Pt_j and f as the maximum value for Pt_j. The five classes that generate the different values of the Pt_j are detailed as follows:

Class 1: C1: UD[2, 10];
Class 2: C2: UD[6, 15];
Class 3: C3: UD[5, 25];
Class 4: C4: BD[1, 20];
Class 5: C5: BD[1, 30].

The number of packets is defined as {5, 12, 15, 20, 25, 40, 60, 120}. The security level numbers are defined in {2, 3, 4, 5, 6}. Hence, in total, we have 1 × 2 × 5 × 10 + 7 × 5 × 5 × 10 = 1850 instances. The metrics used to perform the proposed algorithms are:

is the minimum value of Tt_max for all algorithms;
T is the Tt_max which is the developed algorithms returned value;
Pc is the instances percentage when ;
represents the gap between the developed algorithm and the best-obtained value;
AgP is the average of Gp over a group of instances;
Time represents in seconds the average execution time. The symbol “–” marks when the execution time is less than 0.001 s.

This section compares the proposed algorithms using the metrics detailed above and the generated class of instances. First, a compression of the proposed algorithms is presented. Next, the results of the developed algorithms are discussed in comparison with the results of the algorithms developed in the literature [12–14]. An overview of the results for all proposed algorithms is shown in Table 4. The result reveals that is the best with a 95.1% percentage, 0.001 as a gap, and 0.028 s as an average time. The second-best one is , with a percentage of 89.9%.

Download:

Table 4. Overview results of all proposed algorithms.

https://doi.org/10.1371/journal.pone.0296433.t004

The best algorithm proposed in the literature [12] is the Modified Decreasing Estimated-Transmission Time Algorithm (MDETA). While the best algorithm in [13] is the Randomized Longest Transmission time first algorithm (). On the other hand, the best algorithm proposed in [14] is the first variants of the Random-Grouped Classification with Shortest Scheduling Algorithms (RGS₁). Table 5 shows an overview of the performance results for the developed algorithms in the literature. A comparison was accomplished on each value of the three best-proposed algorithms in the literature namely MDETA, , and RGS₁. Results presented in Table 5 point out that the best algorithm in literature is MDETA, with a percentage of 82%, compared to , with a percentage of 48%, and RGS₁ with a percentage of 28%. In Table 5, the Dv is calculated based on the best value of only the results of MDETA, , and RGS₁.

Download:

Table 5. An overview of the result from the literature on the developed algorithms.

https://doi.org/10.1371/journal.pone.0296433.t005

Based on the literature, the best algorithm is MDETA which will be compared to the best-proposed algorithm . The best-returned value after running MDETA and is recorded in Table 6 and compared to each value. This latter table shows that is the best in 100% of cases. This latter table shows that the average gap of less than 0.001 is reached . In Table 6, the Dv is calculated based on the best value of only the results of MDET and .

Download:

Table 6. An overview of the result of the best-proposed algorithm and the best from the literature.

https://doi.org/10.1371/journal.pone.0296433.t006

Table 7 displays the AgP rates in all proposed algorithms during the changes of the n_pcs. It highlights that is the best one while reaching an average gap of less than 0.001 at four times as follows: n_pcs = {5, 40, 60, 120}. While , , , and reach an average gap of less than 0.001 at only one time where n_pcs = 5. and reach an average gap of less than 0.001 when n_pcs = {5, 120}. The maximum AgP value of 0.016 is reached for the algorithm when n_pcs = 12.

Download:

Table 7. The AgP values where n_pcs change for all algorithms.

https://doi.org/10.1371/journal.pone.0296433.t007

The variation of the average running time according to the number of packets for is illustrated in Fig 3 demonstrates the increases in time whenever there is an increase in the number of packets. In addition, the maximum time value is 0.066 s reached when n_pcs = 120.

Download:

Fig 3.

https://doi.org/10.1371/journal.pone.0296433.g003

Table 8 presents the AgP values where n_Sl changes for all algorithms. This table shows that the minimum average gap of less than 0.001 is reached by when n_Sl = 2, for and when n_Sl = 6. The maximum average gap of 0.014 is reached by when n_Sl = 2.

Download:

Table 8. The AgP values where n_Sl changes for all algorithms.

https://doi.org/10.1371/journal.pone.0296433.t008

The variation of the average running time according to the number of security levels for is illustrated in Fig 4 demonstrates the increases in time whenever there is an increase in the number of security levels. In addition, the maximum time value is 0.033 s reached when n_Sl = 6.

Download:

Fig 4.

https://doi.org/10.1371/journal.pone.0296433.g004

Conclusion

This research investigates the problem of transmitting multilevel secure data based on a security constraint through routers such that packets belonging to the same security levels cannot, in any case, be transmitted through the two routers simultaneously. This problem is an NP-hard problem. Seven algorithms are proposed to resolve the presented problem. The performance measurements of the proposed algorithms show that the Best-Random Algorithm () is the most efficient. Furthermore, comparing with the previous best result presented by MDETA shows that is the best, with 0.028 s and an average gap of less than 0.001. The future directions of this research go in three ways. The first one is utilizing the proposed routine on other NP-hard problems. The second way is the development of a lower bound of the proposed problem that can give a better result for the proposed algorithms—finally, comparing the results obtained by the proposed routine with the one obtained by applying different metaheuristics like genetic algorithm and particle swarm optimization.

References

1. Rose K, Eldridge S, Chapin L. The internet of things: An overview. The internet society (ISOC). 2015;80:1–50.
- View Article
- Google Scholar
2. Sembroiz D, Ricciardi S, Careglio D. A novel cloud-based IoT architecture for smart building automation. In: Security and resilience in intelligent data-centric systems and communication networks. Elsevier; 2018. p. 215–233.
3. Pawar MV, Anuradha J. Network security and types of attacks in network. Procedia Computer Science. 2015;48:503–506.
- View Article
- Google Scholar
4. Jagatheesaperumal SK, Rahouti M, Ahmad K, Al-Fuqaha A, Guizani M. The duo of artificial intelligence and big data for industry 4.0: Applications, techniques, challenges, and future research directions. IEEE Internet of Things Journal. 2021;9(15):12861–12885.
- View Article
- Google Scholar
5. Ghelani D. Cyber security, cyber threats, implications and future perspectives: A Review. Authorea Preprints. 2022;.
6. Bahassi H, Edddermoug N, Mansour A, Mohamed A. Toward an exhaustive review on Machine Learning for Cybersecurity. Procedia Computer Science. 2022;203:583–587.
- View Article
- Google Scholar
7. Wang F, Xuan C, et al. A High-Feasibility Secure Routing against Malicious Peer in Structured P2P. Mathematical Problems in Engineering. 2022;2022.
- View Article
- Google Scholar
8. AbdAllah EG, Hassanein HS, Zulkernine M. A survey of security attacks in information-centric networking. IEEE Communications Surveys & Tutorials. 2015;17(3):1441–1454.
- View Article
- Google Scholar
9. Jemmali M, Denden M, Boulila W, Srivastava G, Jhaveri RH, Gadekallu TR. A Novel Model Based on Window-Pass Preferences for Data Emergency Aware Scheduling in Computer Networks. IEEE Transactions on Industrial Informatics. 2022;18(11):7880–7888.
- View Article
- Google Scholar
10. Melhim LKB, Jemmali M, Alharbi M. Intelligent real-time intervention system applied in smart city. In: 2018 21st Saudi Computer Society National Computer Conference (NCC). IEEE; 2018. p. 1–5.
11. Jemmali M, Ben Hmida A. Quick dispatching-rules-based solution for the two parallel machines problem under mold constraints. Flexible Services and Manufacturing Journal. 2023; p. 1–26.
- View Article
- Google Scholar
12. Sarhan A, Jemmali M, Ben Hmida A. Two routers network architecture and scheduling algorithms under packet category classification constraint. In: The 5th International Conference on Future Networks & Distributed Systems; 2021. p. 119–127.
13. Sarhan A, Jemmali M. Novel intelligent architecture and approximate solution for future networks. Plos one. 2023;18(3):e0278183. pmid:36857320
- View Article
- PubMed/NCBI
- Google Scholar
14. Sarhan AY. A novel smart multilevel security approach for secure data outsourcing in crisis. PeerJ Computer Science. 2023;9:e1367. pmid:37346672
- View Article
- PubMed/NCBI
- Google Scholar
15. Jemmali M, Ben Hmida A, Sarhan AY. A Novel Two-Routers Model Based on Category Constraints Secure Data-Dissemination-Aware Scheduling in Next-Generation Communication Networks. Journal of Network and Systems Management. 2023;31(3):59.
- View Article
- Google Scholar
16. Tseng FH, Chou LD, Chao HC. A survey of black hole attacks in wireless mobile ad hoc networks. Human-centric Computing and Information Sciences. 2011;1(1):1–16.
- View Article
- Google Scholar
17. Bhushan B, Sahoo G. Recent advances in attacks, technical challenges, vulnerabilities and their countermeasures in wireless sensor networks. Wireless Personal Communications. 2018;98:2037–2077.
- View Article
- Google Scholar
18. Dong S, Abbas K, Jain R. A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments. IEEE Access. 2019;7:80813–80828.
- View Article
- Google Scholar
19. Melhim LKB, Jemmali M, Alharbi M. Network monitoring enhancement based on mathematical modeling. In: 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS). IEEE; 2019. p. 1–4.
20. Melhim LKB, Jemmali M, AsSadhan B, Alquhayz H. Network traffic reduction and representation. International Journal of Sensor Networks. 2020;33(4):239–249.
- View Article
- Google Scholar
21. Alquhayz H, Jemmali M. Fixed urgent window pass for a wireless network with user preferences. Wireless Personal Communications. 2021;120(2):1565–1591.
- View Article
- Google Scholar
22. Jemmali M, Alquhayz H. Time-slots transmission data algorithms into network. In: 2020 International Conference on Computing and Information Technology (ICCIT-1441). IEEE; 2020. p. 1–4.
23. Jemmali M, Alquhayz H. Equity data distribution algorithms on identical routers. In: International Conference on Innovative Computing and Communications: Proceedings of ICICC 2019, Volume 2. Springer; 2020. p. 297–305.
24. Harn L, Lin HY. A cryptographic key generation scheme for multilevel data security. Computers & Security. 1990;9(6):539–546.
- View Article
- Google Scholar
25. Sarhan AY, Carr S. A highly-secure self-protection data scheme in clouds using active data bundles and agent-based secure multi-party computation. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). IEEE; 2017. p. 228–236.
26. Ferraiolo DF, Kuhn DR, Chandramouli R. Role-Based Access Control. Artech House. Inc, Norwood, MA, USA. 2003;.
27. Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security; 2006. p. 89–98.
28. Ajagbe SA, Florez H, Awotunde JB. AESRSA: A New Cryptography Key for Electronic Health Record Security. In: Applied Informatics: 5th International Conference, ICAI 2022, Arequipa, Peru, October 27–29, 2022, Proceedings. Springer; 2022. p. 237–251.
29. Hidri L, Jemmali M. Near-optimal solutions and tight lower bounds for the parallel machines scheduling problem with learning effect. RAIRO-Operations Research. 2020;54(2):507–527.
- View Article
- Google Scholar
30. Haouari M, Gharbi A, Jemmali M. Bounding Strategies for Scheduling on Identical Parallel Machines. In: 2006 International Conference on Service Systems and Service Management. vol. 2. IEEE; 2006. p. 1162–1166.
31. Hmida AB, Jemmali M. Near-optimal solutions for mold constraints on two parallel machines. Studies in Informatics and Control. 2022;31(1):71–78.
- View Article
- Google Scholar
32. Jemmali M, Hidri L. Hybrid Flow Shop with Setup Times Scheduling Problem. COMPUTER SYSTEMS SCIENCE AND ENGINEERING. 2023;44(1):563–577.
- View Article
- Google Scholar
33. Jemmali M, Bashir AK, Boulila W, Melhim LKB, Jhaveri RH, Ahmad J. An Efficient Optimization of Battery-Drone-Based Transportation Systems for Monitoring Solar Power Plant. IEEE Transactions on Intelligent Transportation Systems. 2022;.
- View Article
- Google Scholar
34. Boulila W, Farah IR, Ettabaa KS, Solaiman B, Ghézala HB. Spatio-Temporal Modeling for Knowledge Discovery in Satellite Image Databases. In: CORIA; 2010. p. 35–49.
35. Dang K, Shen JZ, Dong LD, Xia YX. A graph route-based superframe scheduling scheme in WirelessHART mesh networks for high robustness. Wireless personal communications. 2013;71:2431–2444.
- View Article
- Google Scholar
36. Han S, Zhu X, Mok AK, Chen D, Nixon M. Reliable and real-time communication in industrial wireless mesh networks. In: 2011 17th IEEE Real-Time and Embedded Technology and Applications Symposium. IEEE; 2011. p. 3–12.
37. Åkerberg J, Gidlund M, Lennvall T, Neander J, Björkman M. Efficient integration of secure and safety critical industrial wireless sensor networks. EURASIP Journal on Wireless Communications and Networking. 2011;2011(1):1–13.
- View Article
- Google Scholar
38. Yan M, Lam KY, Han S, Chan E, Chen Q, Fan P, et al. Hypergraph-based data link layer scheduling for reliable packet delivery in wireless sensing and control networks with end-to-end delay constraints. Information Sciences. 2014;278:34–55.
- View Article
- Google Scholar

[ref1] 1. Rose K, Eldridge S, Chapin L. The internet of things: An overview. The internet society (ISOC). 2015;80:1–50.
View Article
Google Scholar

[2] View Article

[3] Google Scholar

[ref2] 2. Sembroiz D, Ricciardi S, Careglio D. A novel cloud-based IoT architecture for smart building automation. In: Security and resilience in intelligent data-centric systems and communication networks. Elsevier; 2018. p. 215–233.

[ref3] 3. Pawar MV, Anuradha J. Network security and types of attacks in network. Procedia Computer Science. 2015;48:503–506.
View Article
Google Scholar

[6] View Article

[7] Google Scholar

[ref4] 4. Jagatheesaperumal SK, Rahouti M, Ahmad K, Al-Fuqaha A, Guizani M. The duo of artificial intelligence and big data for industry 4.0: Applications, techniques, challenges, and future research directions. IEEE Internet of Things Journal. 2021;9(15):12861–12885.
View Article
Google Scholar

[9] View Article

[10] Google Scholar

[ref5] 5. Ghelani D. Cyber security, cyber threats, implications and future perspectives: A Review. Authorea Preprints. 2022;.

[ref6] 6. Bahassi H, Edddermoug N, Mansour A, Mohamed A. Toward an exhaustive review on Machine Learning for Cybersecurity. Procedia Computer Science. 2022;203:583–587.
View Article
Google Scholar

[13] View Article

[14] Google Scholar

[ref7] 7. Wang F, Xuan C, et al. A High-Feasibility Secure Routing against Malicious Peer in Structured P2P. Mathematical Problems in Engineering. 2022;2022.
View Article
Google Scholar

[16] View Article

[17] Google Scholar

[ref8] 8. AbdAllah EG, Hassanein HS, Zulkernine M. A survey of security attacks in information-centric networking. IEEE Communications Surveys & Tutorials. 2015;17(3):1441–1454.
View Article
Google Scholar

[19] View Article

[20] Google Scholar

[ref9] 9. Jemmali M, Denden M, Boulila W, Srivastava G, Jhaveri RH, Gadekallu TR. A Novel Model Based on Window-Pass Preferences for Data Emergency Aware Scheduling in Computer Networks. IEEE Transactions on Industrial Informatics. 2022;18(11):7880–7888.
View Article
Google Scholar

[22] View Article

[23] Google Scholar

[ref10] 10. Melhim LKB, Jemmali M, Alharbi M. Intelligent real-time intervention system applied in smart city. In: 2018 21st Saudi Computer Society National Computer Conference (NCC). IEEE; 2018. p. 1–5.

[ref11] 11. Jemmali M, Ben Hmida A. Quick dispatching-rules-based solution for the two parallel machines problem under mold constraints. Flexible Services and Manufacturing Journal. 2023; p. 1–26.
View Article
Google Scholar

[26] View Article

[27] Google Scholar

[ref12] 12. Sarhan A, Jemmali M, Ben Hmida A. Two routers network architecture and scheduling algorithms under packet category classification constraint. In: The 5th International Conference on Future Networks & Distributed Systems; 2021. p. 119–127.

[ref13] 13. Sarhan A, Jemmali M. Novel intelligent architecture and approximate solution for future networks. Plos one. 2023;18(3):e0278183. pmid:36857320
View Article
PubMed/NCBI
Google Scholar

[30] View Article

[31] PubMed/NCBI

[32] Google Scholar

[ref14] 14. Sarhan AY. A novel smart multilevel security approach for secure data outsourcing in crisis. PeerJ Computer Science. 2023;9:e1367. pmid:37346672
View Article
PubMed/NCBI
Google Scholar

[34] View Article

[35] PubMed/NCBI

[36] Google Scholar

[ref15] 15. Jemmali M, Ben Hmida A, Sarhan AY. A Novel Two-Routers Model Based on Category Constraints Secure Data-Dissemination-Aware Scheduling in Next-Generation Communication Networks. Journal of Network and Systems Management. 2023;31(3):59.
View Article
Google Scholar

[38] View Article

[39] Google Scholar

[ref16] 16. Tseng FH, Chou LD, Chao HC. A survey of black hole attacks in wireless mobile ad hoc networks. Human-centric Computing and Information Sciences. 2011;1(1):1–16.
View Article
Google Scholar

[41] View Article

[42] Google Scholar

[ref17] 17. Bhushan B, Sahoo G. Recent advances in attacks, technical challenges, vulnerabilities and their countermeasures in wireless sensor networks. Wireless Personal Communications. 2018;98:2037–2077.
View Article
Google Scholar

[44] View Article

[45] Google Scholar

[ref18] 18. Dong S, Abbas K, Jain R. A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments. IEEE Access. 2019;7:80813–80828.
View Article
Google Scholar

[47] View Article

[48] Google Scholar

[ref19] 19. Melhim LKB, Jemmali M, Alharbi M. Network monitoring enhancement based on mathematical modeling. In: 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS). IEEE; 2019. p. 1–4.

[ref20] 20. Melhim LKB, Jemmali M, AsSadhan B, Alquhayz H. Network traffic reduction and representation. International Journal of Sensor Networks. 2020;33(4):239–249.
View Article
Google Scholar

[51] View Article

[52] Google Scholar

[ref21] 21. Alquhayz H, Jemmali M. Fixed urgent window pass for a wireless network with user preferences. Wireless Personal Communications. 2021;120(2):1565–1591.
View Article
Google Scholar

[54] View Article

[55] Google Scholar

[ref22] 22. Jemmali M, Alquhayz H. Time-slots transmission data algorithms into network. In: 2020 International Conference on Computing and Information Technology (ICCIT-1441). IEEE; 2020. p. 1–4.

[ref23] 23. Jemmali M, Alquhayz H. Equity data distribution algorithms on identical routers. In: International Conference on Innovative Computing and Communications: Proceedings of ICICC 2019, Volume 2. Springer; 2020. p. 297–305.

[ref24] 24. Harn L, Lin HY. A cryptographic key generation scheme for multilevel data security. Computers & Security. 1990;9(6):539–546.
View Article
Google Scholar

[59] View Article

[60] Google Scholar

[ref25] 25. Sarhan AY, Carr S. A highly-secure self-protection data scheme in clouds using active data bundles and agent-based secure multi-party computation. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). IEEE; 2017. p. 228–236.

[ref26] 26. Ferraiolo DF, Kuhn DR, Chandramouli R. Role-Based Access Control. Artech House. Inc, Norwood, MA, USA. 2003;.

[ref27] 27. Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security; 2006. p. 89–98.

[ref28] 28. Ajagbe SA, Florez H, Awotunde JB. AESRSA: A New Cryptography Key for Electronic Health Record Security. In: Applied Informatics: 5th International Conference, ICAI 2022, Arequipa, Peru, October 27–29, 2022, Proceedings. Springer; 2022. p. 237–251.

[ref29] 29. Hidri L, Jemmali M. Near-optimal solutions and tight lower bounds for the parallel machines scheduling problem with learning effect. RAIRO-Operations Research. 2020;54(2):507–527.
View Article
Google Scholar

[66] View Article

[67] Google Scholar

[ref30] 30. Haouari M, Gharbi A, Jemmali M. Bounding Strategies for Scheduling on Identical Parallel Machines. In: 2006 International Conference on Service Systems and Service Management. vol. 2. IEEE; 2006. p. 1162–1166.

[ref31] 31. Hmida AB, Jemmali M. Near-optimal solutions for mold constraints on two parallel machines. Studies in Informatics and Control. 2022;31(1):71–78.
View Article
Google Scholar

[70] View Article

[71] Google Scholar

[ref32] 32. Jemmali M, Hidri L. Hybrid Flow Shop with Setup Times Scheduling Problem. COMPUTER SYSTEMS SCIENCE AND ENGINEERING. 2023;44(1):563–577.
View Article
Google Scholar

[73] View Article

[74] Google Scholar

[ref33] 33. Jemmali M, Bashir AK, Boulila W, Melhim LKB, Jhaveri RH, Ahmad J. An Efficient Optimization of Battery-Drone-Based Transportation Systems for Monitoring Solar Power Plant. IEEE Transactions on Intelligent Transportation Systems. 2022;.
View Article
Google Scholar

[76] View Article

[77] Google Scholar

[ref34] 34. Boulila W, Farah IR, Ettabaa KS, Solaiman B, Ghézala HB. Spatio-Temporal Modeling for Knowledge Discovery in Satellite Image Databases. In: CORIA; 2010. p. 35–49.

[ref35] 35. Dang K, Shen JZ, Dong LD, Xia YX. A graph route-based superframe scheduling scheme in WirelessHART mesh networks for high robustness. Wireless personal communications. 2013;71:2431–2444.
View Article
Google Scholar

[80] View Article

[81] Google Scholar

[ref36] 36. Han S, Zhu X, Mok AK, Chen D, Nixon M. Reliable and real-time communication in industrial wireless mesh networks. In: 2011 17th IEEE Real-Time and Embedded Technology and Applications Symposium. IEEE; 2011. p. 3–12.

[ref37] 37. Åkerberg J, Gidlund M, Lennvall T, Neander J, Björkman M. Efficient integration of secure and safety critical industrial wireless sensor networks. EURASIP Journal on Wireless Communications and Networking. 2011;2011(1):1–13.
View Article
Google Scholar

[84] View Article

[85] Google Scholar

[ref38] 38. Yan M, Lam KY, Han S, Chan E, Chen Q, Fan P, et al. Hypergraph-based data link layer scheduling for reliable packet delivery in wireless sensing and control networks with end-to-end delay constraints. Information Sciences. 2014;278:34–55.
View Article
Google Scholar

[87] View Article

[88] Google Scholar

Figures

Abstract

Introduction

Related works

Problem description

Architecture

Enhancement randomization routine (ER2)

The proposed algorithms

Random-decreasing time algorithm ()

Random-modified decreasing time algorithm ()

Random-search and insertion time algorithm ()

Random-critical security level algorithm ()

Random packet-classification first variant algorithm ()

Random packet-classification second variant algorithm ()

Best-random algorithm ()

Results and discussion

Conclusion

References