AN IMMUNITY-BASED SECURITY ARCHITECTURE FOR MOBILE AD HOC NETWORKS

This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents monitor the situation in the network. These agents can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating, decision and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. The proposed intrusion detection architecture is designed to be flexible, extendible, and adaptable that can perform real-time monitoring. This paper provides the conceptual view and a general framework of the proposed system. In the end, the architecture is illustrated by an example to show it can prevent the attack efficiently.     

MapReduce optimization algorithm based on machine learning in heterogeneous cloud environment

We present an approach to optimize the MapReduce architecture, which could make heterogeneous cloud environment more stable and efficient. Fundamentally different from previous methods, our approach introduces the machine learning technique into MapReduce framework, and dynamically improve MapReduce algorithm according to the statistics result of machine learning. There are three main aspects： learning machine performance, reduce task assignment algorithm based on learning result, and speculative execution optimization mechanism. Furthermore, there are two important features in our approach. First, the MapReduce framework can obtain nodes＇ performance values in the cluster through machine learning module. And machine learning module will daily calibrate nodes＇ performance values to make an accurate assessment of cluster performance. Second, with the optimization of tasks assignment algorithm, we can maximize the performance of heterogeneous clusters. According to our evaluation result, the cluster performance could have 19% improvement in current heterogeneous cloud environment, and the stability of cluster has greatly enhanced.     

Development of Trusted Network and Challenges It Faces

As the information network plays a more and more important role globally, the traditional network theories and technologies, especially those related to network security, can no longer meet the network development requirements. Offering the system with secure and trusted services has become a new focus in network research. This paper first discusses the meaning of and aspects involved in the trusted network. According to this paper, the trusted network should be a network where the network’s and users’ behaviors and their results are always predicted and manageable. The trustworthiness of a network mainly involves three aspects: service provider, information transmission and terminal user. This paper also analyzes the trusted network in terms of trusted model for network/user behaviors, architecture of trusted network, service survivability and network manageability, which is designed to give ideas on solving the problems that may be faced in developing the trusted network.     

A Unified Framework of the Cloud Computing Service Model

After a comprehensive literature review and analysis, a unified cloud computing framework is proposed, which comprises MapReduce, a vertual machine, Hadoop distributed file system (HDFS), Hbase, Hadoop, and virtualization. This study also compares Microsoft, Trend Micro, and the proposed unified cloud computing architecture to show that the proposed unified framework of the cloud computing service model is comprehensive and appropriate for the current complexities of businesses. The findings of this study can contribute to the knowledge for academics and practitioners to understand, assess, and analyze a cloud computing service application.     

基于代数签名且支持数据动态更新的云数据完整性验证方案(英文)

Cloud storage is one of the main application of the cloud computing. With the data services in the cloud, users is able to outsource their data to the cloud, access and share their outsourced data from the cloud server anywhere and anytime. However, this new paradigm of data outsourcing services also introduces new security challenges, among which is how to ensure the integrity of the outsourced data. Although the cloud storage providers commit a reliable and secure environment to users, the integrity of data can still be damaged owing to the carelessness of humans and failures of hardwares/softwares or the attacks from external adversaries. Therefore, it is of great importance for users to audit the integrity of their data outsourced to the cloud. In this paper, we first design an auditing framework for cloud storage and proposed an algebraic signature based remote data possession checking protocol, which allows a third-party to auditing the integrity of the outsourced data on behalf of the users and supports unlimited number of verifications. Then we extends our auditing protocol to support data dynamic operations, including data update, data insertion and data deletion. The analysis and experiment results demonstrate that our proposed schemes are secure and efficient.     

The Internet of Things and Ubiquitous Intelligence （2）

The traditional Internet is oriented towards person-to-person connection, whereas the Internet of Things (IoT) is oriented towards connections between inanimate objects. IoT covers a larger range of connections and involves more semantics. Traditional Internet and telecom networks focus on information transfer, but IoT focuses on information services. By combining sensor networks, Internet, telecom networks, and cloud computing platform, IoT can sense, recognize, affect, and control the physical world. The physical world can be unified with the virtual world and human perception. This lecture discusses IoT technology from three aspects: ubiquitous information sensing, ubiquitous network convergence, and intelligent information service. In this part, we discuss the architecture of sensor network and the status of the industry.     

Design of a Cloud Service for Learning Chinese Pronunciation

With the fast growing of cloud computing infrastructure, learning from cloud services has become more and more convenient for people worldwide. In order to integrate the cloud computing technology and different e-learning platforms including variant mobile apps, Windows and web-based applications, we develop our Chinese learning system "analytic Chinese helper" with a service-oriented architecture(SOA). Based on the new architecture we designed and developed a cloud service for the e-learning of Chinese language on the Internet as a convenient resource for foreign students, especially in the reading of Chinese texts. There are two Chinese phonetic systems: Pinyin and Zhuyin. Pinyin is the official Romanization of Chinese characters, and Zhuyin incorporates additional Bopomofo symbols which transcribe precise sounds of Chinese characters. The proposed analytic Chinese helper provides real-time annotations with Pinyin or Zhuyin symbols, and thereby the annotated articles can be used as e-learning objects in learning Chinese.     

An Effective QoS-Constrained Scheduling Scheme for Cloud Computing Services

Cloud computing is becoming a hot topic of the information industry in recent years. Many companies provide the cloud services, such as Google Apps and Apple multimedia services. In general, by applying the virtualization technologies, the data center is built for cloud computing to provide users with the computing and storage resources, as well as the software environment. Thus, the quality of service (QoS) must be considered to satisfy users’ requirements. This paper proposes a high efficiency scheduling scheme for supporting cloud computing. The virtual machine migration technique has been applied to the proposed scheduling scheme for improving the resources utilization and satisfying the QoS requirement of users. The experimental results show that in addition to satisfying the QoS requirement of users, the proposed scheme can improve the resources utilization effectively.     

A Framework of Information Service Platform in E-Government

For exchanging and sharing information and services in e-government, a framework of information service platform (ISP) is presented. The multi-layer architecture of the ISP is introduced. They are. user's requirement layer, business service layer, business process layer, business function layer and data layer. The lower layers are based on the architecture of web services and the upper layers are related to the institutional and organizational issues. In order to deal with the variation of user's requirements and changing environment, the matching and mapping processes with adaptive mechanism are illustrated.     

A Topology-Cognitive Algorithm Framework for Virtual Network Embedding Problem

The virtual network embedding/ mapping problem is an important issue in network virtualization in Software-Defined Networking （SDN）. It is mainly concerned with mapping virtual network requests, which could be a set of SDN flows, onto a shared substrate network automatically and efficiently. Previous researches mainly focus on developing heuristic algorithms for general topology virtual network. In practice however, the virtual network is usually generated with specific topology for specific purpose. Thus, it is a challenge to optimize the heuristic algorithms with these topology information. In order to deal with this problem, we propose a topology-cognitive algorithm framework, which is composed of a guiding principle for topology algorithm developing and a compound algorithm. The compound algorithm is composed of several sub- algorithms, which are optimized for specific topologies. We develop star, tree, and ring topology algorithms as examples, other sub- algorithms can be easily achieved following the same framework. The simulation results show that the topology-cognitive algorithm framework is effective in developing new topology algorithms, and the developed compound algorithm greatly enhances the performance of the Revenue/Cost （R/C） ratio and the Runtime than traditional heuristic algorithms for multi-topology virtual network embedding problem.     

Cross-domain data cloud storage auditing scheme based on certificateless cryptography

With the development of Internet of things (IoT), more and more intelligent terminal devices outsource data to cloud servers (CSs). However, the CS is not fully trusted, and the heterogeneity among different domains makes it difficult for third-party auditor (TPA) to conduct an efficient integrity auditing of outsourced data. Therefore, the cross-domain data cloud storage auditing scheme based on certificateless cryptography is proposed, which can effectively avoid the big burden of certificate management or key escrow problems in identity-based cryptography. At the same time, TPA can effectively audit the integrity of outsourced data in different domains. Formal security proof and analysis show that the cloud storage auditing scheme satisfies the security and privacy requirements. Performance analysis demonstrates that the efficiency is acceptable.     

Public Proof of Cloud Storage from Lattice Assumption

Cloud storage can provide flexible and scal- able data storage services to users. However, once data is uploaded to the cloud without a copy in local computers, the user loses control of the data physically. So, it is nec- essary to study a method to ensure users＇ data integrity. Avoiding retrieving enormous storage data or checking the data by users, a proof of storage protocol with public audit- ing was proposed based on the lattice cryptography. The user computed the signatures of the blocks, and outsourced them to cloud servers. Cloud service providers combined the blocks. Third party auditor verified all blocks＇ integrity only through the combined message and signature. Based on the Small integer solution assumption, the presented protocol is secure against the lost attack and tamper attack from cloud service providers. Based on the Learning with error assumption, the presented protocol is secure against the curiosity attack from third party auditor. The pro- tocol is quite eftlcient, requiring just a few matrix-vector multiplications and samplings from discrete Gaussians.     

A New Virtual Disk Mapping Method for the Cloud Desktop Storage Client

Integration of the cloud desktop and cloud storage platform is urgent for enterprises. However, current proposals for cloud disk are not satisfactory in terms of the decoupling of virtual computing and business data storage in the cloud desktop environment. In this paper, we present a new virtual disk mapping method for cloud desktop storage. In Windows, compared with virtual hard disk method of popular cloud disks, the proposed implementation of client based on the virtual disk driver and the file system filter driver is available for widespread desktop environments, especially for the cloud desktop with limited storage resources. Further more, our method supports customizable local cache storage, resulting in userfriendly experience for thinclients of the cloud desktop. The evaluation results show that our virtual disk mapping method performs well in the readwrite throughput of different scale files.     

The Internet of Things and Ubiquitous Intelligence （4）

The traditional Internet is oriented towards person-to-person connection,whereas the Internet of things(IoT)is oriented towards connections between inanimate objects.IoT covers a larger range of connections and involves more semantics than traditional Internet. Traditional Internet and telecom networks focus on information transfer,but IoT focuses on information services.By combining sensor networks,Internet,telecom networks,and cloud computing platform,IoT can sense,recognize,affect,and control the physical world.The physical world can be unified with the virtual world and human perception.In this part,we discuss cloud computing and the cyber-physical system(CPS).     

＂Smart Cafe＂： A Mobile Local Computing System Based On Indoor Virtual Cloud

With network developing and virtualization rising, more and more indoor environment （POIs） such as care, library, office, even bus and subway can provide plenty of bandwidth and computing resources. Meanwhile many people daily spending much time in them are still suffering from the mobile device with limited resources. This situation implies a novel local cloud computing paradigm in which mobile device can leverage nearby resources to facilitate task execution. In this paper, we implement a mobile local computing system based on indoor virtual cloud. This system mainly contains three key components： 1）As to application, we create a parser to generate the ＂method call and cost tree＂ and analyze it to identify resource- intensive methods. 2） As to mobile device, we design a self-learning execution controller to make offtoading decision at runtime. 3） As to cloud, we construct a social scheduling based application-isolation virtual cloud model. The evaluation results demonstrate that our system is effective and efficient by evaluating CPU- intensive calculation application, Memory- intensive image translation application and I/ O-intensive image downloading application.     

DCFl-Checker： Checking Kernel Dynamic Control Flow Integrity with Performance Monitoring Counter

It is a challenge to verify integrity of dynamic control flows due to their dynamic and volatile nature. To meet the challenge, existing solutions usually implant an ＂attachment＂ in each control transfer. However, the attachment introduces additional cost except performance penalty. For example, the attachment must be unique or restrictedly modified. In this paper, we propose a novel approach to detect integrity of dynamic control flows by counting executed branch instructions without involving any attachment. Our solution is based on the following observation. If a control flow is compromised, the number of executed branch instructions will be abnormally increased. The cause is that intruders usually hijack control flows for malicious execution which absolutely introduces additional branch instructions. Inspired by the above observation, in this paper, we devise a novel system named DCFI- Checker, which detect integrity corruption of dynamic control flows with the support of Performance Monitoring Counter （PMC）. We have developed a proof-of-concept prototype system of DCFI-Checker on Linux fedora 5. Our experiments with existing kemel rootkits and buffer overflow attack show that DCFI- Checker is effective to detect compromised dynamic control transfer, and performance evaluations indicate that performance penaltyinduced by DCFI-Checker is acceptable.     

A Mobility Management Solution Based on ID/Locator Separation

Current mobility management solutions based on ID/Locator separation are not easily deployed and cannot solve routing scalability and mobility problems. This paper proposes a novel network architecture based on ID/Locator separation and suggests a new mobility management solution. This solution solves the problem of scalability in the network and also provides better support for mobility. It can be easily deployed because no modification of the mobile host’s protocol stack is required. The identifier contains some routing information; so the solution provides intrinsic interworking with traditional mobile hosts. Because the mapping systems are distributed to the edge networks, robustness of the whole system is enhanced and handover delay is decreased.     

Virtual machine placement optimizing to improve network performance in cloud data centers

With the wide application of virtualization technology in cloud data centers, how to effectively place virtual machine （VM） is becoming a major issue for cloud providers. The existing virtual machine placement （VMP） solutions are mainly to optimize server resources. However, they pay little consideration on network resources optimization, and they do not concern the impact of the network topology and the current network traffic. A multi-resource constraints VMP scheme is proposed. Firstly, the authors attempt to reduce the total communication traffic in the data center network, which is abstracted as a quadratic assignment problem; and then aim at optimizing network maximum link utilization （MLU）. On the condition of slight variation of the total traffic, minimizing MLU can balance network traffic distribution and reduce network congestion hotspots, a classic combinatorial optimization problem as well as NP-hard problem. Ant colony optimization and 2-opt local search are combined to solve the problem. Simulation shows that MLU is decreased by 20%, and the number of hot links is decreased by 37%.     

A Broad Learning-Driven Network Traffic Analysis System Based on Fog Computing Paradigm

The development of communication technologies which support traffic-intensive applications presents new challenges in designing a real-time traffic analysis architecture and an accurate method that suitable for a wide variety of traffic types.Current traffic analysis methods are executed on the cloud,which needs to upload the traffic data.Fog computing is a more promising way to save bandwidth resources by offloading these tasks to the fog nodes.However,traffic analysis models based on traditional machine learning need to retrain all traffic data when updating the trained model,which are not suitable for fog computing due to the poor computing power.In this study,we design a novel fog computing based traffic analysis system using broad learning.For one thing,fog computing can provide a distributed architecture for saving the bandwidth resources.For another,we use the broad learning to incrementally train the traffic data,which is more suitable for fog computing because it can support incremental updates of models without retraining all data.We implement our system on the Raspberry Pi,and experimental results show that we have a 98%probability to accurately identify these traffic data.Moreover,our method has a faster training speed compared with Convolutional Neural Network(CNN).     

虚拟软件定义网络中采用优化备份拓扑的抗毁虚拟网络映射(英)

Software-Defined Network architecture offers network virtualization through a hypervisor plane to share the same physical substrate among multiple virtual networks.However,for this hypervisor plane,how to map a virtual network to the physical substrate while guaranteeing the survivability in the event of failures,is extremely important.In this paper,we present an efficient virtual network mapping approach using optimal backup topology to survive a single link failure with less resource consumption.Firstly,according to whether the path splitting is supported by virtual networks,we propose the OBT-Ⅰ and OBT-Ⅱ algorithms respectively to generate an optimal backup topology which minimizes the total amount of bandwidth constraints.Secondly,we propose a Virtual Network Mapping algorithm with coordinated Primary and Backup Topology(VNM-PBT)to make the best of the substrate network resource.The simulation experiments show that our proposed approach can reduce the average resource consumption and execution time cost,while improving the request acceptance ratio of VNs.