TY - JOUR
AU - Omri, Mohamed Nazih
AB - Introduction The technological advancement in this era has made collaboration among different governmental and none governmental organizations to be a necessity. Such collaboration requires secure and private data dissemination infrastructure. Multilevel Data security has been proposed to increase data security and control the disclosing of data in a particular environment. However, there are not enough efforts in secure data classification research. On the one hand, most existing solutions that rely on traditional security mechanisms are less effective since common security weaknesses are inherited from the previous Open System Interface (OSI) model. On the other hand, there is a need for secure-by-design efforts to eliminate the gap between previous weaknesses and current advancements to enable secure future networks. Hence, this research effort improves the previous research that relies on a novel secure-by-design network model that uses two routers for secure classified data dissemination. The improvement focused on minimizing the total transmission time over the two considered routers. Emerging technology has led to the Fifth Industrial Revolution. It is evolving rapidly due to numerous advancements in many fields, such as system intelligence, machine learning, IoT, robotics, blockchain, and so forth. Furthermore, these advancements cause the world to become more interconnected by integrating various new networking technologies, including smart devices with the Internet. In addition, the outbreak of an incident like COVID-19 has accelerated the efforts in technology research and development. The number of devices connected to the Internet has been increasing. For instance, more than ten billion devices are connected today [1, 2]. The design of interconnected networks relies on the Open Systems Interface (OSI) model. Although many advantages are incurred from the OSI model, such as protocol integration, standardization, flexibility, and modularity, the complexity of security requirements makes the OSI model’s current design less effective in dealing with numerous attacks. For example, active, passive, and advanced network attacks usually degrade the network performance causing the packet traffic to be uncontrolled. Such common attacks may include spoofing, denial of service (DoS), sinkholes, Sybil, traffic analysis, eavesdropping, byzantine, black hole, and location disclosure attacks [3]. These attacks could cause severe threats to safeguarding sensitive transmitted data. The number of security incidents, vulnerabilities, cybersecurity threats, and challenges has increased with the introduction of Industry 5.0. In particular, IoT, digitalization, big data, and artificial intelligence are considered the primary causes of cybersecurity issues since they have notably increased internet connection use. As a result, attacks have rapidly expanded to target significant businesses and industries, including health organizations, to disrupt infrastructure and steal sensitive data [4]. These attacks may include email fraud and spam, network anomalies, malicious URLs, impersonation, and malware attacks [5, 6]. Some network attacks, like Sybil attacks and Eclipse attacks, target the security of routers by damaging their functionality. Some of these widespread attacks are as follows: Routing Table Poisoning attacks (RTP), Packet Mistreating Attacks (PMA), Hit and Run attacks (HAR), Advanced Persistent Threats (APT) (PA), and Denial of Service attacks (DoS) also fall under widespread attacks. For example, the Border Gateway Protocol (BGP) has a critical routing target on the Internet. It manages the routing of packets throughout the Internet via exchanging information among edge routing. However, it does not maintain security and is vulnerable to attacks [7, 8]. This paper proposes an intelligent private network solution that uses a security policy to provide a multilevel data dissemination control based on security category constraints. While on the one hand, the elaboration of the proposed solution relies on the scheduling algorithms presented in [9–11], which are planned later to be utilized and adapted to the studied problem. On the other hand, applying the security category constraints idea in this paper is considered an NP-hard problem, which means that no algorithm will always efficiently produce the exact correct answer on all inputs. Therefore, the scheduling algorithm is the best choice to get the best solution in the current work. The packets will be scheduled to be waiting in a queue or need to be transmitted. This paper aims to introduce a future secure computer network paradigm. The model includes a packet dissemination security policy to minimize or prevent data breaches. Several real-life scenarios, case studies, and applications can benefit from the model, including the media industry, military organizations, and journalism. The proposed two-router network is an NP-hard problem [12] that uses a security policy for multilevel data security transmission. However, it has many benefits: (i) introduces a security-by-design future network idea that relies on a dissemination-based packet classification; (ii) applies various algorithmic techniques such as dispatching rules, local insertion search, randomization method, and lifting procedure to enhance the security and performance of the transmitted packets in the computer network area; (iii) presents an idea that can be implemented as a private network application to assist individual privacy protection in critical environments and circumstances. The novelty of this research is its security by design paradigm that initially relies on two routers for future network security. For example, the solution supports journalists for multilevel secure and successful transmission of their data in the form of network packets. Furthermore, the proposed work introduces several algorithmic solutions to deal with an NP-Hard problem in acceptable efficient time and use it in the network security field. Furthermore, compared with previous works. The proposed approach continues to enhance the results compared with previous developed algorithms in [12–14] results as it being detailed in the result and discussion section. It uses new algorithmic techniques and procedures. On the other hand, the disadvantages of the proposed method are as follows: (i) the time complexity for such an NP-hard two-machine problem demands using more techniques to solve the problem using algorithms with O(n3) heuristically. (ii) Developing an exact solution requires using a lower bound in a branch-and-bound algorithm. This paper is structured as follows. First, section two presents the related works. Next, section three presents the description of the studied problem. Then, section four describes the solution novel architecture through an illustrative diagram. Section five details the enhancement randomization routine, and section six describes the proposed algorithms and their different instructions. Section seven provides the experimental results and discusses the solution performance evaluation. Finally, section eight concludes the remarks and future works. Related works Secure and private data outsourcing or exchanging have primarily been studied in the literature at the application layer. Several known techniques or traditional methods have been applied to protect such data. However, the innovation of the proposed approach in this paper is that it addresses the problem from a different point of view by providing a solution that can be applied at the network layer and introducing heuristic solutions reduced from a known NP-Hard problem to address issues in the field of network security. The studied problem was addressed for the first time in [12], in which only dispatching rules techniques were used to construct algorithmic solutions. However, this paper uses several sophisticated algorithms for the problem. In addition, authors in [13] proposed several algorithms based on critical-level security and randomization to deal with the studied problem. In the same context, the authors in [14, 15] proposed novel heuristics to solve the studied problem approximately. The author in last work used several recognized and unknown algorithmic methods like iterative, randomization, and probabilistic methods. The achieved results that both proposed algorithms called RGS1 and RGS2 were better compared with previous proposed algorithms that deal with same studied problem. The literature has investigated several threats to data transmission across all network layers in various distributed computing systems, applications, and technologies. The analysis of such threats has shown attacks in various emerging and intelligent communications and technologies domains. For example, in [16], wireless mobile ad hoc network attacks are investigated. In [17], wireless sensor network attacks are discussed. Finally, the authors in [18] addressed attacks affecting SDN and cloud computing environments. Several works related to the representation of network traffic have been developed [19, 20]. For example, the constraint of the window pass is proposed for the first time in [22] to prioritize highly confidential packets. In addition, the one router problem is studied under fixed time-slot interval in [21, 22] to experiment with different developed algorithms and thus prove the efficiency of the presented work. Finally, in [23], the authors introduced a scheduler component to solve the problem of parallel routers in the network. Multilevel data security (MLDS) [24] has become an essential tool since the new emerging technology caused organizations to collaborate to securely share algorithms and data or jointly process the data to extract valuable knowledge. In MLDS, data is labeled and accessed according to their critical level. Hence, there is a need for a multilevel secure dissemination solution in the multi-domain environment [25]. Furthermore, such a solution is needed in a military-based climate since no sufficient research exists in this domain. There is no practicality in the current deployed access-control methods for implementing secure data dissemination for data streams [26, 27]. The algorithms developed in [28] can be extended and applied to the presented problem. The algorithms of the parallel machine problem [29–32] can be extended and reformulated to use the related algorithms for the studied problem. Moreover, the algorithms developed in this paper can be extended for the subject considered in [33, 34] The issues of packet scheduling, timing, and routing have been well-studied by many. For example, several routing scheduling protocols have been proposed to deal with packet timing minimization and queuing issues since additional issues have added to the network routing problems due to innovative advancements in communications technologies. The common packet routing issues are energy consumption, optimization, latency, overhead, routing security, and privacy. Thus, many studies proposed to deal with issues presented in modern network technology [35–38]. The literature presented several algorithms regarding the scheduling problem in networks. Several algorithms have been proposed to deal with network scheduling problems. However, algorithms presented in [12–15] dealt with the issue presented in this paper which is transmitting multiple levels of data based on a constraint. Such a problem is an NP-hard [12] because the minimization of total time for transmitting data through two routers in this paper is reduced from two parallel machines NP-Hard problem. Problem description The description of the proposed problem is as follows. A set of files in a special network that each has different security characteristics must be transmitted through two routers. Suppose each set of files is classified according to a security level denoted by Sli with i = {1, …, nSl} where nSl means the number of security levels. The files are then split into different packets categorized according to their corresponding Sli. Let Pcs be the set of all packets, and npcs is the total packet number. Pkj denotes the packet with index j. The security level of the packet Pkj denotes by Dlpj. Each packet Pkj has its own transmission time denoted as Ptj. Based on packet Pkj, the cumulative transmission time on the first router R1 and the second router R2 are denoted by and , respectively. The set of packets transmitted through R1 and R2 are denoted by Pcs1 and Pcs2, respectively. Therefore, Pcs = Pcs1∪Pcs2 and npcs = |Pcs1|∪|Pcs2|. After the transmission of packets, the total transmission time on router R1 is denoted by Tt1, and the one on R2 is denoted by Tt2. Thus, the maximum transmission time for the two routers denotes by Ttmax and given by Ttmax = max(Tt1, Tt2). The objective is to minimize Ttmax. Packets holding the same security levels cannot be transmitted simultaneously through the two routers. Therefore, a security constraint is being used to prevent the transmission of two packets belonging to the same security level simultaneously through two different routers. Such a problem has been proven to be NP-hard [14]. Architecture This section defines a novel architecture based on the proposed constraint of security levels. This architecture comprises six components, as Fig 1 explains. The “Data security level” and the “Scheduler” are the two main components. The administrator imposes and links each file to their security level. The decomposition of each file into packets will automatically give the authorization of the component “Data security level” to add the same security level of the same file for all packets belonging to this file. Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 1. https://doi.org/10.1371/journal.pone.0296433.g001 Enhancement randomization routine (ER2) The section presents a randomization-routine enhancement called to improve the solution of the developed algorithm within a deployed scheduler. The routine relies on a probability method. The corresponding sequence for any schedule obtained by any heuristic h() is determined. The sequence is stored in a list with two selection choices that select either the first or the second packet. This choice is based on the probability β. Indeed, to choose the first packet, the probability β and the probability 1 − β is applied for the second packet. Hereafter, is denoted by the heuristic value obtained after calling the enhancement randomization routine ER2(.) by inputting the sequence obtained by the heuristic h. Thus, . For each algorithm, the call of ER2(.) will be executed 500 times, and the best solution will be picked. Example 1. Suppose that the number of packets is 13. Then, the sequence obtained after utilizing the decreasing time algorithm is presented in Table 1. Download: PPT PowerPoint slide PNG larger image TIFF original image Table 1. Decreasing time algorithm sequence. https://doi.org/10.1371/journal.pone.0296433.t001 After calling ER2(.) described above, an obtained sequence is presented in Table 2. In this latter table, r is a number in [1, 100]. When this number exceeds 30, the first packet is chosen; otherwise, the second one will be chosen. In addition, j′ is the packet index in the new sequence after enhancement. Download: PPT PowerPoint slide PNG larger image TIFF original image Table 2. The sequence after applying ER2(.). https://doi.org/10.1371/journal.pone.0296433.t002 Based on Table 2, the schedule of the proposed problem is presented in Fig 2. The latter figure shows that on the first router, the packets {4, 5, 12, 6} are scheduled, however on router 2 packet 7 is scheduled respecting the constraint of the data security level. Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 2. https://doi.org/10.1371/journal.pone.0296433.g002 The proposed algorithms The section presents seven proposed algorithms and their details. The enhancement of the algorithms relies on the above novel routine (ER2). The seven enhanced algorithms are called the random-decreasing time algorithm, the random-modified decreasing time algorithm, the random-search and insertion time algorithm, the random-critical security level algorithm, the random packet-classification first variant algorithm, the random packet-classification second variant algorithm, and the best-random algorithm. Random-decreasing time algorithm () In this algorithm, packets are sorted based on their transmission time-decreasing order. Then, packets are scheduled one by one. Thus, the first packet is selected and scheduled on the router with the minimum values among and then the second packet is scheduled the same way, and the same applies to the remaining packets until all are scheduled. Finally, after the accomplishment of the scheduling, this algorithm denotes DT. The sequence obtained by DT will be used as the initial solution for applying ER2. This algorithm denotes . Random-modified decreasing time algorithm () The packets are sorted for this algorithm, as detailed in the previous subsection. When a packet Pkj is selected, each interval time for all routers where there is no packet in transmission will be called “Idle Interval” and will be detected by this algorithm. The “Idle Interval” is denoted by Ii. A test of the load is applied by calculating and . If , then the selected router will be the one that has the shortest idle interval. The algorithm that returned the sequence of MD is detailed in Algorithm 1. After finishing the scheduling, the obtained sequence will be used as the initial solution for applying (ER2). This algorithm denotes by . Hereafter, DCR(L) denotes the procedure that sorts a list L given as input according to their transmission time-decreasing order. Algorithm 1 Modified Decreasing Time Algorithm (MD) 1: Call DCR(Pk) 2: for (j = 1 to npcs) do 3:  Calculate 4:  Calculate 5:  if () then 6:   R1 is selected 7:  else 8:   if ( then 9:    R2 is selected 10:  else 11:    if () then 12:     Calculate Ii1 13:     Calculate Ii2 14:     if (Ii1 ≤ Ii2) then 15:      R1 is selected 16:     else 17:      R2 is selected 18:     end if 19:    end if 20:   end if 21:  end if 22: end for 23: Calculate Ttmax 24: Return Ttmax Random-search and insertion time algorithm () The idle interval is better to be avoided because these intervals can give a bad result. Thus, in this algorithm, some packets are inserted in these idle intervals when the constraints allow the scheduling. Firstly, the schedule of (DT) is given. The sets of idle intervals are denoted as I1 and I2 on the first and second router, respectively. The idle intervals in the first and second routers are n1 and n2. The non-scheduled packet is inserted in the idle time I1 by looping until n1. If there is no possibility of scheduling this packet, the non-scheduled packet is inserted in the second router in the idle time I2 by looping until n2. After obtaining the final schedule, the received sequence will be used as the initial solution for applying (ER2). This algorithm denotes . Hereafter, the procedure that sorts a list L given as input relies on the transmission time-decreasing order denoted as ICR(L). The procedure that searches and fixes the idle intervals denotes SF(). The starting time of the idle interval is determined by the procedure SIT(). Feas(R) symbolizes the function that can detect the feasibility of scheduling the selected packet on the router R. This function returns “True” if the schedule is feasible and “False” otherwise. Algorithm 2 Search and Insertion Time Algorithm (SI) 1: Call ICR(PK) 2: Set n1 = 0 and n2 = 0 3: for (j = 1 to npcs) do 4:  Set check1 = 0 and check2 = 0 5:  Call SF() 6:  for (k = 1 to n1) do 7:   Call SIT() 8:   if (Feas(1) = True then 9:    Set check1 + + 10:    Calculate 11:   end if 12:  end for 13:  for (k = 1 to n2) do 14:   Call SIT() 15:   if (Feas(2) = True then 16:    Set check2 + + 17:    Calculate 18:   end if 19:  end for 20:  if (check1 ≠ 0 OR check2 ≠ 0) then 21:   Calculate 22:  end if 23: end for 24: Calculate Ttmax 25: Return Ttmax Random-critical security level algorithm () All packets with the same security level are grouped in the set PsLi with i = {1, …, nSl}. The sum of all Ptj, ∀Ptj ∈ PsLi is denoted by SSLi. The critical security level denoted by CL is the security level with the maximum value of SSLi, ∀i = {1, …, nSl}. The fictive packet denoted by PFi, i = {1, …, nSl}, is a new packet with a transmission time SSLi. The fictive packets are sorted based on their SSLi− decreasing order, ∀i = {1, …, nSl}. In each PsLi, the packets are sorted according to DT. Next, the total time T is calculated as . This researched problem lower bound can be taken as and denoted by LB. Next, the sequence of packets PsLi will be used to schedule packets on the first router until reaching LB.. After that, the leftover packets will be scheduled on the second router. The acquired schedule will construct a new sequence that will be utilized to apply the (ER2). Example illustrates the obtaining of the CS sequence. Example 2 The same instance detailed in Table 1 is considered. Firstly, the packets are sorted in each set PsLi with i = {1, …, nSl} according to their transmission time- order. Table 3 shows the generation of the four fictive packets. Download: PPT PowerPoint slide PNG larger image TIFF original image Table 3. Generation of the fictive packets. https://doi.org/10.1371/journal.pone.0296433.t003 The next step in applying the algorithm is sorting the fictive packets, as described above. Indeed, the sequence to be scheduled on the two routers is listed as follows {PsL4, PsL3, PsL1, PsL2}. This means that the sequence is {{7,4,5,12,6},{3,8},{1,13},{11,9,2,10}}. After that, the packets are scheduled in the last sequence until reaching LB on the first router. For this stage, the scheduled packets on R1 are {7,4,5,12,6,8,2} and {3,1,13,11,9,10} on R2. This schedule gives the valuesTt1 = 69 and Tt2 = 72 with a total transmission time of Ttmax = 72. The CS sequence is {7,4,5,12,6,8,2,3,1,13,11,9,10}. This sequence is the initial solution for (ER2). Random packet-classification first variant algorithm () The first step is to divide the packets into three groups G1,G2, and G3. The first packets will be assigned to G1. At the same time, the second packets will be assigned to G2. The remaining packets will be assigned to G3. The second step is sorting packets, in each group, according to their transmission time-increasing order. Finally, the sequence for scheduling packets is G2, G1, and G3. After obtaining the final schedule, the obtained sequence is the initial solution for applying (ER2). This algorithm denotes . Random packet-classification second variant algorithm () The first step is to divide the packets into three groups G1,G2, and G3. The first packets will be assigned to group G1. At the same time, the second packets will be assigned to group G2. The remaining packets will be assigned to G3. The second step is sorting the packets in each group following their transmission time-increasing order. Finally, the sequence to schedule packets is G1, G3, and G2. After obtaining the final schedule, the obtained sequence is the initial solution for applying (ER2). This algorithm denotes by . Best-random algorithm () Firstly, the algorithms and are called. The solutions returned by and denote TCS and TSI, respectively. The value returned by is TBR = min(TCS, TSI). The algorithm and are designed in the functions denoted by PrCSt() and PrSIt(), respectively. This algorithm of is described below. The random-critical security level algorithm ameliorates the scheduling based on the use of the critical security level. The random search and insertion time algorithm contribute to ameliorating the results by using the insertion method that reaches a better result. The is constructed by the maximum of these latter algorithms. The choice is based on the non-dominance of the proposed algorithms. In fact, and are non-dominants. Random-decreasing time algorithm () In this algorithm, packets are sorted based on their transmission time-decreasing order. Then, packets are scheduled one by one. Thus, the first packet is selected and scheduled on the router with the minimum values among and then the second packet is scheduled the same way, and the same applies to the remaining packets until all are scheduled. Finally, after the accomplishment of the scheduling, this algorithm denotes DT. The sequence obtained by DT will be used as the initial solution for applying ER2. This algorithm denotes . Random-modified decreasing time algorithm () The packets are sorted for this algorithm, as detailed in the previous subsection. When a packet Pkj is selected, each interval time for all routers where there is no packet in transmission will be called “Idle Interval” and will be detected by this algorithm. The “Idle Interval” is denoted by Ii. A test of the load is applied by calculating and . If , then the selected router will be the one that has the shortest idle interval. The algorithm that returned the sequence of MD is detailed in Algorithm 1. After finishing the scheduling, the obtained sequence will be used as the initial solution for applying (ER2). This algorithm denotes by . Hereafter, DCR(L) denotes the procedure that sorts a list L given as input according to their transmission time-decreasing order. Algorithm 1 Modified Decreasing Time Algorithm (MD) 1: Call DCR(Pk) 2: for (j = 1 to npcs) do 3:  Calculate 4:  Calculate 5:  if () then 6:   R1 is selected 7:  else 8:   if ( then 9:    R2 is selected 10:  else 11:    if () then 12:     Calculate Ii1 13:     Calculate Ii2 14:     if (Ii1 ≤ Ii2) then 15:      R1 is selected 16:     else 17:      R2 is selected 18:     end if 19:    end if 20:   end if 21:  end if 22: end for 23: Calculate Ttmax 24: Return Ttmax Random-search and insertion time algorithm () The idle interval is better to be avoided because these intervals can give a bad result. Thus, in this algorithm, some packets are inserted in these idle intervals when the constraints allow the scheduling. Firstly, the schedule of (DT) is given. The sets of idle intervals are denoted as I1 and I2 on the first and second router, respectively. The idle intervals in the first and second routers are n1 and n2. The non-scheduled packet is inserted in the idle time I1 by looping until n1. If there is no possibility of scheduling this packet, the non-scheduled packet is inserted in the second router in the idle time I2 by looping until n2. After obtaining the final schedule, the received sequence will be used as the initial solution for applying (ER2). This algorithm denotes . Hereafter, the procedure that sorts a list L given as input relies on the transmission time-decreasing order denoted as ICR(L). The procedure that searches and fixes the idle intervals denotes SF(). The starting time of the idle interval is determined by the procedure SIT(). Feas(R) symbolizes the function that can detect the feasibility of scheduling the selected packet on the router R. This function returns “True” if the schedule is feasible and “False” otherwise. Algorithm 2 Search and Insertion Time Algorithm (SI) 1: Call ICR(PK) 2: Set n1 = 0 and n2 = 0 3: for (j = 1 to npcs) do 4:  Set check1 = 0 and check2 = 0 5:  Call SF() 6:  for (k = 1 to n1) do 7:   Call SIT() 8:   if (Feas(1) = True then 9:    Set check1 + + 10:    Calculate 11:   end if 12:  end for 13:  for (k = 1 to n2) do 14:   Call SIT() 15:   if (Feas(2) = True then 16:    Set check2 + + 17:    Calculate 18:   end if 19:  end for 20:  if (check1 ≠ 0 OR check2 ≠ 0) then 21:   Calculate 22:  end if 23: end for 24: Calculate Ttmax 25: Return Ttmax Random-critical security level algorithm () All packets with the same security level are grouped in the set PsLi with i = {1, …, nSl}. The sum of all Ptj, ∀Ptj ∈ PsLi is denoted by SSLi. The critical security level denoted by CL is the security level with the maximum value of SSLi, ∀i = {1, …, nSl}. The fictive packet denoted by PFi, i = {1, …, nSl}, is a new packet with a transmission time SSLi. The fictive packets are sorted based on their SSLi− decreasing order, ∀i = {1, …, nSl}. In each PsLi, the packets are sorted according to DT. Next, the total time T is calculated as . This researched problem lower bound can be taken as and denoted by LB. Next, the sequence of packets PsLi will be used to schedule packets on the first router until reaching LB.. After that, the leftover packets will be scheduled on the second router. The acquired schedule will construct a new sequence that will be utilized to apply the (ER2). Example illustrates the obtaining of the CS sequence. Example 2 The same instance detailed in Table 1 is considered. Firstly, the packets are sorted in each set PsLi with i = {1, …, nSl} according to their transmission time- order. Table 3 shows the generation of the four fictive packets. Download: PPT PowerPoint slide PNG larger image TIFF original image Table 3. Generation of the fictive packets. https://doi.org/10.1371/journal.pone.0296433.t003 The next step in applying the algorithm is sorting the fictive packets, as described above. Indeed, the sequence to be scheduled on the two routers is listed as follows {PsL4, PsL3, PsL1, PsL2}. This means that the sequence is {{7,4,5,12,6},{3,8},{1,13},{11,9,2,10}}. After that, the packets are scheduled in the last sequence until reaching LB on the first router. For this stage, the scheduled packets on R1 are {7,4,5,12,6,8,2} and {3,1,13,11,9,10} on R2. This schedule gives the valuesTt1 = 69 and Tt2 = 72 with a total transmission time of Ttmax = 72. The CS sequence is {7,4,5,12,6,8,2,3,1,13,11,9,10}. This sequence is the initial solution for (ER2). Random packet-classification first variant algorithm () The first step is to divide the packets into three groups G1,G2, and G3. The first packets will be assigned to G1. At the same time, the second packets will be assigned to G2. The remaining packets will be assigned to G3. The second step is sorting packets, in each group, according to their transmission time-increasing order. Finally, the sequence for scheduling packets is G2, G1, and G3. After obtaining the final schedule, the obtained sequence is the initial solution for applying (ER2). This algorithm denotes . Random packet-classification second variant algorithm () The first step is to divide the packets into three groups G1,G2, and G3. The first packets will be assigned to group G1. At the same time, the second packets will be assigned to group G2. The remaining packets will be assigned to G3. The second step is sorting the packets in each group following their transmission time-increasing order. Finally, the sequence to schedule packets is G1, G3, and G2. After obtaining the final schedule, the obtained sequence is the initial solution for applying (ER2). This algorithm denotes by . Best-random algorithm () Firstly, the algorithms and are called. The solutions returned by and denote TCS and TSI, respectively. The value returned by is TBR = min(TCS, TSI). The algorithm and are designed in the functions denoted by PrCSt() and PrSIt(), respectively. This algorithm of is described below. The random-critical security level algorithm ameliorates the scheduling based on the use of the critical security level. The random search and insertion time algorithm contribute to ameliorating the results by using the insertion method that reaches a better result. The is constructed by the maximum of these latter algorithms. The choice is based on the non-dominance of the proposed algorithms. In fact, and are non-dominants. Results and discussion The section presents the setup, experimentation, and results concerning the proposed algorithms. C++ is used to implement the proposed algorithms. Five classes are coded and presented to show the algorithms’ performance. The experimental results were obtained using: (i) a personal computer with a microprocessor i5, (ii) 8 GB of RAM, and (iii) Windows 10 as an operating system. This paper uses two types of distribution uniform and binomial distributions. The distribution is used to generate the values of the transmission time of a packet. UD[b, f] denotes uniform distribution and BD[b, f] for the binomial distribution with b as the minimum value for Ptj and f as the maximum value for Ptj. The five classes that generate the different values of the Ptj are detailed as follows: Class 1: C1: UD[2, 10]; Class 2: C2: UD[6, 15]; Class 3: C3: UD[5, 25]; Class 4: C4: BD[1, 20]; Class 5: C5: BD[1, 30]. The number of packets is defined as {5, 12, 15, 20, 25, 40, 60, 120}. The security level numbers are defined in {2, 3, 4, 5, 6}. Hence, in total, we have 1 × 2 × 5 × 10 + 7 × 5 × 5 × 10 = 1850 instances. The metrics used to perform the proposed algorithms are: is the minimum value of Ttmax for all algorithms; T is the Ttmax which is the developed algorithms returned value; Pc is the instances percentage when ; represents the gap between the developed algorithm and the best-obtained value; AgP is the average of Gp over a group of instances; Time represents in seconds the average execution time. The symbol “–” marks when the execution time is less than 0.001 s. This section compares the proposed algorithms using the metrics detailed above and the generated class of instances. First, a compression of the proposed algorithms is presented. Next, the results of the developed algorithms are discussed in comparison with the results of the algorithms developed in the literature [12–14]. An overview of the results for all proposed algorithms is shown in Table 4. The result reveals that is the best with a 95.1% percentage, 0.001 as a gap, and 0.028 s as an average time. The second-best one is , with a percentage of 89.9%. Download: PPT PowerPoint slide PNG larger image TIFF original image Table 4. Overview results of all proposed algorithms. https://doi.org/10.1371/journal.pone.0296433.t004 The best algorithm proposed in the literature [12] is the Modified Decreasing Estimated-Transmission Time Algorithm (MDETA). While the best algorithm in [13] is the Randomized Longest Transmission time first algorithm (). On the other hand, the best algorithm proposed in [14] is the first variants of the Random-Grouped Classification with Shortest Scheduling Algorithms (RGS1). Table 5 shows an overview of the performance results for the developed algorithms in the literature. A comparison was accomplished on each value of the three best-proposed algorithms in the literature namely MDETA, , and RGS1. Results presented in Table 5 point out that the best algorithm in literature is MDETA, with a percentage of 82%, compared to , with a percentage of 48%, and RGS1 with a percentage of 28%. In Table 5, the Dv is calculated based on the best value of only the results of MDETA, , and RGS1. Download: PPT PowerPoint slide PNG larger image TIFF original image Table 5. An overview of the result from the literature on the developed algorithms. https://doi.org/10.1371/journal.pone.0296433.t005 Based on the literature, the best algorithm is MDETA which will be compared to the best-proposed algorithm . The best-returned value after running MDETA and is recorded in Table 6 and compared to each value. This latter table shows that is the best in 100% of cases. This latter table shows that the average gap of less than 0.001 is reached . In Table 6, the Dv is calculated based on the best value of only the results of MDET and . Download: PPT PowerPoint slide PNG larger image TIFF original image Table 6. An overview of the result of the best-proposed algorithm and the best from the literature. https://doi.org/10.1371/journal.pone.0296433.t006 Table 7 displays the AgP rates in all proposed algorithms during the changes of the npcs. It highlights that is the best one while reaching an average gap of less than 0.001 at four times as follows: npcs = {5, 40, 60, 120}. While , , , and reach an average gap of less than 0.001 at only one time where npcs = 5. and reach an average gap of less than 0.001 when npcs = {5, 120}. The maximum AgP value of 0.016 is reached for the algorithm when npcs = 12. Download: PPT PowerPoint slide PNG larger image TIFF original image Table 7. The AgP values where npcs change for all algorithms. https://doi.org/10.1371/journal.pone.0296433.t007 The variation of the average running time according to the number of packets for is illustrated in Fig 3 demonstrates the increases in time whenever there is an increase in the number of packets. In addition, the maximum time value is 0.066 s reached when npcs = 120. Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 3. https://doi.org/10.1371/journal.pone.0296433.g003 Table 8 presents the AgP values where nSl changes for all algorithms. This table shows that the minimum average gap of less than 0.001 is reached by when nSl = 2, for and when nSl = 6. The maximum average gap of 0.014 is reached by when nSl = 2. Download: PPT PowerPoint slide PNG larger image TIFF original image Table 8. The AgP values where nSl changes for all algorithms. https://doi.org/10.1371/journal.pone.0296433.t008 The variation of the average running time according to the number of security levels for is illustrated in Fig 4 demonstrates the increases in time whenever there is an increase in the number of security levels. In addition, the maximum time value is 0.033 s reached when nSl = 6. Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 4. https://doi.org/10.1371/journal.pone.0296433.g004 Conclusion This research investigates the problem of transmitting multilevel secure data based on a security constraint through routers such that packets belonging to the same security levels cannot, in any case, be transmitted through the two routers simultaneously. This problem is an NP-hard problem. Seven algorithms are proposed to resolve the presented problem. The performance measurements of the proposed algorithms show that the Best-Random Algorithm () is the most efficient. Furthermore, comparing with the previous best result presented by MDETA shows that is the best, with 0.028 s and an average gap of less than 0.001. The future directions of this research go in three ways. The first one is utilizing the proposed routine on other NP-hard problems. The second way is the development of a lower bound of the proposed problem that can give a better result for the proposed algorithms—finally, comparing the results obtained by the proposed routine with the one obtained by applying different metaheuristics like genetic algorithm and particle swarm optimization.
TI - An enhanced multilevel secure data dissemination approximate solution for future networks
JF - PLoS ONE
DO - 10.1371/journal.pone.0296433
DA - 2024-02-08
UR - https://www.deepdyve.com/lp/public-library-of-science-plos-journal/an-enhanced-multilevel-secure-data-dissemination-approximate-solution-bf0DkkV4MD
SP - e0296433
VL - 19
IS - 2
DP - DeepDyve
ER -