Biblio

Fog computing is a new computing paradigm that utilizes numerous mutually cooperating terminal devices or network edge devices to provide computing, storage, and communication services. Fog computing extends cloud computing services to the edge of the network, making up for the deficiencies of cloud computing in terms of location awareness, mobility support and latency. However, fog nodes are not active enough to perform tasks, and fog nodes recruited by cloud service providers cannot provide stable and continuous resources, which limits the development of fog computing. In the process of cloud service providers using the resources in the fog nodes to provide services to users, the cloud service providers and fog nodes are selfish and committed to maximizing their own payoffs. This situation makes it easy for the fog node to work negatively during the execution of the task. Limited by the low quality of resource provided by fog nodes, the payoff of cloud service providers has been severely affected. In response to this problem, an appropriate incentive mechanism needs to be established in the fog computing environment to solve the core problems faced by both cloud service providers and fog nodes in maximizing their respective utility, in order to achieve the incentive effect. Therefore, this paper proposes an incentive model based on repeated game, and designs a trigger strategy with credible threats, and obtains the conditions for incentive consistency. Under this condition, the fog node will be forced by the deterrence of the trigger strategy to voluntarily choose the strategy of actively executing the task, so as to avoid the loss of subsequent rewards when it is found to perform the task passively. Then, using evolutionary game theory to analyze the stability of the trigger strategy, it proves the dynamic validity of the incentive consistency condition.

With the rapid development of internet technology, informatization and digitalization have penetrated into every link of human social life. A large amount of sensitive data has been accumulated and is still being generated within the enterprise. These sensitive data runs through the daily operation of enterprises and is widely used in business analysis, development and testing, and even some outsourcing business scenarios, which are increasing the possibility of sensitive data leakage and tampering. In fact, due to the improper use of data and the lack of protective measures and other reasons, data leakage events have happened again and again. Therefore, by introducing the concept of fuzzy set and using the membership function method, this paper proposes a desensitization technology framework for industrial data and a data desensitization algorithm based on fuzzy set, and verifies the desensitization effect and protective action on sensitive data of this algorithm through the test data desensitization experiment.

We propose a reinforcement learning based online multi-tenant secret-key assignment algorithm for quantum key distribution networks, capable of reducing tenant-request blocking probability more than half compared to the benchmark heuristics.

As a decentralized ledger technology, blockchain is considered to be a potential solution for applications with highly concentrated management mechanism. However, most of the existing blockchain networks are employed with the hash-puzzle-solving consensus protocol, known as proof-of-work. The competition of solving the puzzle introduces high latency, which directly leads to a long transaction-processing time. One solution of this dilemma is to establish a blockchain network with shards. In this paper, we focus on the blockchain network with shards and adopt the security-deposit based consensus protocol, studying the problem of how to balance the security incentive and the economic incentive. Also, the inherent features of the blockchain, i.e., anonymity and decentralization, introduce the information asymmetric issue between the beacon chain and the participants. The contract theory is utilized to formulate the problem between them. As such, the optimal rewards related to the different types of validators can be obtained, as well as the reasonable deposits accordingly. Compared with the fixed deposits, the flexible deposits can provide enough economic incentive for the participants without losing the security incentives. Besides, the simulation results demonstrate that the contract theory approach is capable of maximizing the beacon chain's utility and satisfying the incentive compatibility and individual rationality of the participants.

Dozens of signature and anomaly based solutions have been proposed to detect malicious activities in computer networks. However, the number of successful attacks are increasing every day. In this paper, we developed a novel entropy based technique, called Edmund, to detect and mitigate Network attacks. While analyzing full payload network traffic was not recommended due to users' privacy, Edmund used netflow data to detect abnormal behavior. The experimental results showed that Edmund was able to highly accurate detect (around 95%) different application, transport, and network layers attacks. It could identify more than 100K malicious flows raised by 1168 different attackers in our campus. Identifying the attackers, is a great feature, which enables the network administrators to mitigate DDoS effects during the attack time.

With the rapid development of the Internet, flow-based approach has attracted more and more attention. To this end, this paper presents a new and efficient architecture to balance accountability and privacy based on network flows. A self-certifying identifier is proposed to efficiently identify a flow. In addition, a delegate-registry cooperation scheme and a multi-delegate mechanism are developed to ensure users' privacy. The effectiveness and overhead of the proposed architecture are evaluated by virtue of the real trace collected from an Internet service provider. The experimental results show that our architecture can achieve a better network performance in terms of lower resource consumption, lower response time, and higher stability.

Network security testing devices play important roles in Cyber security. Most of the current network security testing devices are based on proprietary hardware, however, the virtual network security tester needs high network I/O throughput performance. Therefore, the solution of the problem, which provides high-performance network I/O in the virtual scene will be explained in this paper. The method we proposed for virtualized network I/O performance optimization on a general hardware platform is able to achieve the I/O throughput performance of the proprietary hardware. The Single Root I/O Virtualization (SRIOV) of the physical network card is divided into a plurality of virtual network function of VF, furthermore, it can be added to different VF and VM. Extensive experiment illustrated that the virtualization and the physical network card sharing based on hardware are realized, and they can be used by Data Plane Development Kit (DPDK) and SRIOV technology. Consequently, the test instrument applications in virtual machines achieves the rate of 10Gps and meet the I/O requirement.

In this paper, we focus on fraud detection on a signed graph with only a small set of labeled training data. We propose a novel framework that combines deep neural networks and spectral graph analysis. In particular, we use the node projection (called as spectral coordinate) in the low dimensional spectral space of the graph's adjacency matrix as the input of deep neural networks. Spectral coordinates in the spectral space capture the most useful topology information of the network. Due to the small dimension of spectral coordinates (compared with the dimension of the adjacency matrix derived from a graph), training deep neural networks becomes feasible. We develop and evaluate two neural networks, deep autoencoder and convolutional neural network, in our fraud detection framework. Experimental results on a real signed graph show that our spectrum based deep neural networks are effective in fraud detection.

While the Internet of Things (IoT) becomes increasingly popular and pervasive in everyday objects, IoT devices often remain unprotected and can be exploited to launch large-scale distributed denial-of-service (DDoS) attacks. One could attempt to employ traditional DDoS defense solutions, but these solutions are hardly suitable in IoT environments since they seldom consider the resource constraints of IoT devices. This paper presents FR-WARD which defends against DDoS attacks launched from an IoT network. FR-WARD is an adaptation of the classic DDoS defense system D-WARD. While both solutions are situated near the attack sources and drop packets to throttle DDoS traffic, FR-WARD utilizes the fast retransmit mechanism in TCP congestion control to minimize resource penalties on benign IoT devices. Based on our analysis and simulation results, FR-WARD not only effectively throttles DDoS traffic but also minimizes retransmission overhead for benign IoT devices.

In this paper, we propose ParaRegex, a novel approach for fast parallel regular expression matching. ParaRegex is a framework that implements data-parallel regular expression matching for deterministic finite automaton based methods. Experimental evaluation shows that ParaRegex produces a fast matching engine with speeds of up to 6 times compared to sequential implementations on a commodity 8-thread workstation.