Abstract:In a network virtualization environment, multi-domain virtual network embedding (MVNE) deals with properly partitioning a virtual network (VN) request into sub-VN requests across multiple domains for embedding with the aim of minimizing the embedding cost. Resource matching and VN partitioning are two key phases in MVNE. However, a resource matching algorithm capable of providing accurate numerical attribute matching and VN users' diversified mapping constraints specification has not been explicitly studied by the existing research. Moreover, an efficient solution is needed for MVNE which is NP-hard. This paper provides an OWL and SWRL based resource matching algorithm and a genetic algorithm based VN partitioning algorithm to tackle the problems mentioned above. The correctness of the presented method is proved by theoretical analysis, and the validity of the method is assessed by simulation experiments in terms of efficiency, performance, and stability.

Abstract:Virtualization technology intends to deliver flexibility, consolidation, and high resource utilization to data centers. High resource utilization as well as high performance promised by virtualization largely depends on effective and efficient physical memory resource management scheme where memory allocation can adjust to dynamic memory demands of applications. This paper presents a predictive memory resource management scheme that combines memory resource monitoring and balancing to improve the resource utilization of a virtualized data center. A design is provided for a new low-overhead working set size tracing mechanism without loss of prediction accuracy. With accurate prediction, the presented scheme further resorts to either local or global memory balancing when the predicted trend of memory demand of a virtual machine exceeds its current allocation. Multiple mechanisms are employed: Ballooning can dynamically adjust memory allocation within a single host, remote cache enables a host to take the idle memory of another host as its network cache, and virtual machine migration moves virtual machines across multiple physical servers. The strength and weakness of each mechanism and design selection policy for memory balancing according to memory pressure are also discussed. Experimental results show that the global memory balancing achieves a significant center-wide speedup and energy conservation.

Abstract:Software defined network (SDN), which introduces centralized controllers to drastically increase network programmability, has been a hot topic in the network domain. Software defined network separates control plane from data plane of network equipment, establishing a good platform for network virtualization. As the network scales up, the performance of SDN virtualization framework becomes a key bottleneck. Still, current SDN virtualization frameworks lack support for fine-grained parallelism, making them challenging for developers to fully exploit many cores to virtualize large networks. This paper presents a novel API and runtime for fine-grained parallel programming in SDN virtualization framework. By abstracting flows and network resources, the framework programming model enables developers to easily write programs to directly define various virtual networks and parallelly operate the network resource or flow objects by a lock-free manner. Experimental results show that the presented framework has a better logical control performance, allowing one to implement rich functional virtual networks.

Abstract:Using virtualization technology to integrate resources has become an important mean to improve the resource utilization of current high-performance servers. Thus the reliability of virtualization technology is very crucial to the service quality of high- performance server. However, the driver fault greatly impacts not only the reliability of operating system inside the virtual machine but also the reliability of the servers. In light of issue, this paper presents a driver isolation architecture inside the virtual machine to improve its reliability. It establishes the authorization table by monitoring the memory information which are used by the driver, captures the driver's write operations by setting the write protection of the shadow page table corresponding to the kernel space of the virtual machine, and judges the correctness of write operations of the isolated driver with the authorization table. Currently, the architecture can isolate drivers inside the virtual machine without modifying them. Experimental results show that the architecture can isolate 84.63% injection faults which cause system crashes with the performance loss less than 20%, and therefore effectively improves the reliability of the virtualization environment.

Abstract:Cloud computing is gaining momentum against traditional method in providing users various services with greater flexibility and scalability. Before switching to cloud computing, users must take into account the security of cloud as an extremely important factor. That is because in the cloud environment, attackers can initiate efficient attacks to cloud users through the shared cloud resources such as virtual machines. Since virtual machines (VM) are basic resources of cloud service, by compromising or renting several virtual machines, attackers may deploy malicious software into those machines and launch a wider range of attacks to other virtual machines such as distributed denial of service (DDoS). To tackle this issue, this paper proposes a defense in depth system based on software defined networking to be able to detect suspicious virtual machines and monitor the flow they issued in time, and inhibit the aggressive behavior from the suspected virtual machines to mitigate the attack consequences. The system detects the virtual machines' running state in a completely non-intrusive and agent-free way, and monitors network traffic between virtual machines on the same host or between cloud hosts at process level based on software defined networking. Experimental results demonstrate the effectiveness of the system.

Abstract:Recognizing characters from the complex image plays an important role in content-based image retrieval and has been well studied in past decades. The methods for normal characters recognition, however, become inapplicable when characters suffer from skew, uneven illumination, noise and anti-aliasing. A new method, named SC-HOG, is proposed in this paper for recognizing abnormal Chinese characters. Firstly, sparse coding is applied on abnormal character image to smooth noises and reduce anti-aliasing. Secondly, HOG features that help reducing the influence of skew and uneven illumination are extracted. Finally, these features are fed into a well-trained classifier to recognize the character of the given image. Experiments on both synthetic and real data sets show that the proposed method, SC-HOG, achieves high accuracy on abnormal Chinese characters recognition.

Abstract:AUC is widely used as a measure for the imbalanced classification problems. The AUC loss problem is a pairwise function between two instances from different classes, which is obviously different from that in standard binary classifications. How to improve its real convergence speed is an interesting problem. Recent study shows that the online method (OAM) using the reservoir sampling technique has better performance. However, there exist some shortcomings such as slow convergence rate and difficult parameter selection. This paper conducts a systematic investigation for solving AUC optimization problem by using the dual coordinate descent methods (AUC-DCD). It presents three kinds of algorithms: AUC-SDCD, AUC-SDCDperm and AUC-MSGD, where the first two algorithms depend on the size of training set while the last does not. Theoretical analysis shows that OAM is a special case of the AUC-DCD. Experimental results show that AUC-DCD is better than OAM on the AUC performance as well as the convergence rate. Therefore AUC-DCD is among the first optimization schemes suggested for efficiently solving AUC problems.

Abstract:There are two weaknesses of current multi-view clustering technologies based on collaborative learning. Firstly, the approximation-criteria of collaborative learning between each view is not clear for its physical meaning and is too simple to control the approximation-performance. Secondly, the existing algorithms assume that the significance of each view is equal, which is obviously inappropriate from the viewpoint of adaptively adjusting the importance of each view. In order to overcome the above shortcomings, a novel approximation-criteria of cluster partition based on the Havrda-Charvat entropy is proposed to control the similarity of cluster partition between each view. Then, an adaptive weighting strategy for each view based on the theory of Shannon entropy is presented to control the significance of each view and enhance the performance of the clustering algorithm. Finally, the collaborative partition multi-view fuzzy clustering algorithm using entropy weighting (EW-CoP-MVFCM) is provided. As demonstrated by extensive experiments in simulation data and UCI benchmark dataset, the proposed new algorithm shows the better adaptability than the classical algorithms on the multi-view clustering problems.

Abstract:Temporal span is an important and special temporal primitive in the temporal applications. On the one hand, the semantic of temporal span is often uncertain in different temporal context. On the other hand, the flexible representation of temporal span is tend to be non-normative, which results in the difficulty to handle the order relationship of temporal spans and affects the accuracy of the temporal calculation in the temporal applications. The binding conception is introduced to address these inherent issues of temporal spans. Firstly, the order relationship of temporal spans is discussed. The reasons why the uncertain relationship exists between two non-canonical temporal spans are analyzed, revealing the necessity of temporal span binding. Secondly, the affine space is explored for mapping temporal spans into the affine space. The temporal binding is constructed by the affine transformations. Therefore, the binding of temporal span with temporal point, continuous temporal interval and discontinuous temporal interval is elaborated respectively, and the operations of the temporal primitives are implemented.

Abstract:With continuous development of Internet of Things (IOT), sensor network has been widely applied and become the vital infrastructure of information technology. Specially, the dynamic sensing information provided by the sensor network plays a key role for various intelligent applications in support of information retrieval as well as decision-making. However, since the real-time information requirements are less likely to be transformed into simple sensing queries well matching the low-level sensor query interface, it is hard for those intelligent applications to accurately obtain decision related information online from the sensors. To address this challenge, this paper presents a semantic overlay model with semantic resource description, reasoning and applications for IOT. In addition, an application for the decision making of multi-agent system is deployed to manifest how IOT information techniques can improve agents' decisions. The key of this approach is the team-oriented plan for agents' task decompositions. By decomposing the complex task into simple subtasks, their information requirements can be mapped into accurate and sufficient sensor queries with ontological reasoning. Therefore, a real-time decision support system can be established so that task related quires can be accurately allocated to the sensors with best corresponding sensed information for accomplishing agents' task.

Abstract:Round-Trip time (RTT) is an important metric for network measurement and an essential indicator for network performance monitoring. Traditional packet trace based RTT estimation usually depends on particular active or passive measurement platforms. This paper proposes a new RTT estimation method, which merely takes flow data from existed routers and hardly needs extra network measurement facility. Based on the analysis of transmission features of TCP bulk flow, RTT estimation models are established corresponding to the conditions where socket buffer size and bandwidth delay product (BDP) are relatively small, large and approximate. Experiments show RTT estimation can be well accomplished through those models. Moreover, considering only duration and total packet number of a TCP bulk flow are involved in estimation, this method is also adoptable to situation with sampling flow data as input, and thus is effective in monitoring and managing the large-scale backbone network performance.

Abstract:Vehicular content downloading via open WiFi access points (APs) can be challenging due to sparse AP deployment with bounded communication range and the rapid movement of traveling vehicles. For drive-thru networks, resource allocation and scheduling closely interrelate to and interact with each other, collectively affecting the performance of content downloading. However, none of the previous work has tackled this problem as a whole. This paper discusses joint resource allocation and scheduling problem for efficiently content downloading considering channel contention and scarce AP resource utilized effectively. It formalizes optimization selection problem of node set to maximize the total quantity of data downloaded, and proves that it is NP-hard. Further, it presents a solution with a joint resource allocation and scheduling approximate algorithm (JAS). Theoretical analysis and simulation results both verify that the presented implementation achieves higher throughput and delivery ratio than the existing algorithms.

Abstract:College of Computer Science and Technology, Harbin Engineer University, Harbin 150001, ChinaAbstract: According to randomness of service failure for high dynamicity of cognitive networks, a service migration method is proposed to ensure QoS of cognitive networks. Firstly, with the principle of optimization-after-migration, the directed acyclic graph (DAG) of correlated service is regenerated according to the proposed DAG dynamic reconstruction algorithm to transform the correlated service to layered DAG service. Secondly, the critical service migration route is computed and the analysis of migration service deadlock avoidance is provided. By migrating critical service to current idle resources, service execution time can be reduced markedly. Finally, simulation experiments are conducted to test the service speedup performance of both service migration method and waiting-recovery method with three kinds of faults injected. The experiment results show that service migration method can achieve better QoS assurance quality under the flexible network load and unknown fault injection.

Abstract:Existing filtering schemes in wireless sensor networks can only filter out false reports but not the replayed reports during forwarding. Furthermore, they can not resist cooperative attacks. In this article, a one-way hash chain based filtering scheme (HFS) is presented. In HFS, each node distributes its key and initial hash value to some other nodes after deployment. When a report is generated for an observed event, it carries the MACs and fresh hash values from t detecting nodes. Each forwarding node validates the legitimacy of the relative position of the detecting nodes carried in the report, the correctness of the MACs and hash values, and the freshness of these hash values. Analysis and simulation results show that HFS can not only filter out false reports and replayed reports simultaneously, but also resist collaborative attacks efficiently.

Abstract:Based on Waters' attribute based encryption scheme, this paper proposes a two-party attribute based authenticated key exchange protocol with provable security in the standard model. The detailed proof of the security is presented in the modified BJM model under the decisional bilinear Diffie-Hellman assumption. In addition, to satisfy the requirement that the session key should not be escrowed by the trusted third party, a new protocol, which can cancel the escrow of the session key, is constructed from the basic protocol. The computation efficiency of the proposed protocols is nearly equivalent to the computation efficiency of the available ABAKE protocols with provable secure attribute in the random oracle model.

Abstract:Existing ID-based multi-receiver signcryption schemes presents some security problems. For example, the identities of receivers can be revealed and the receivers do not have fairness in decryption. In order to avoid those problems, this paper proposes a fair ID-based multi-receiver anonymous signcryption scheme. The new scheme can not only solve the problem that the existing schemes can not protect the privacy of receivers, but also meet the fairness of decryption to effectively prevent possible cheating behavior of the sender. It then proves the confidentiality and unforgeability under of the scheme the bilinear Diffie-Hellman assumption and the computational Diffie-Hellman assumption. Simultaneity, the correctness and the performance of this scheme are analyzed. It concludes that this scheme is a secure and effective public-key signcryption scheme and can solve the problems of the receivers' identity exposure and unfairness decryption. Therefore, the new scheme has very important applications, especially it can be used to broadcast sensitive information in unsafe and open network environment.

Abstract:As one of the most fundamental properties of wireless networks, latency is important to the information dissemination, routing protocol design and node deployment. Different from the traditional wireless network, the spectrum resource in cognitive radio networks is dynamic which affects the network latency drastically. Thus, how to analyze the latency of large-scale cognitive radio networks under the dynamic spectrum environments is a challenging problem. To address this problem, this paper first constructs a dynamic spectrum environment model in which the process of the licensed spectrum access is defined as a continuous-time Markov chain, and a survival function of secondary users is created to quantify the impact of the number of channels and the activities of primary users. Next, this paper combines the proposed model with the first passage percolation theory to investigate scaling laws of latency in large scale cognitive radio networks. It also derives a tighter upper bound of the ratio of latency to distance. Theoretical analysis and simulation results show that the dynamic spectrum environments have a great impact on the latency of large-scale cognitive radio networks as well as the density. The results provide important guidelines for the design of cognitive radio networks.