A kind of packet labeling algorithm for autonomous system is introduced. The fairness of the algorithm for each traffic stream in the integratedservices is analyzed. It is shown that the rate of each stream in the int...A kind of packet labeling algorithm for autonomous system is introduced. The fairness of the algorithm for each traffic stream in the integratedservices is analyzed. It is shown that the rate of each stream in the integratedservices would converge to a stable value if the transmitting or forwarding rates converge to that of the receiving exponentially.展开更多
The existing physical layer security algorithm, which is based on artificial noise, could affect legitimate receivers negatively when the number of users is no less than sending antennas in multi-user MIMO system. In ...The existing physical layer security algorithm, which is based on artificial noise, could affect legitimate receivers negatively when the number of users is no less than sending antennas in multi-user MIMO system. In order to improve security of multi-user MIMO system under this scenario, we propose a new multi-user MIMO system physical layer security algorithm based on joint channel state matrix. Firstly, multiple users are processed together, thus a multi-user joint channel state matrix is established. After achieving Singular Value Decomposition (SVD) of the joint channel state matrix, the minimum singular value is obtained, which can be utilized for precoding to eliminate the interference of artificial noise to legitimate receivers. Further, we also present an approach to optimize the power allocation. Simulation results show that the proposed algorithm can increase secrecy capacity by 0.1 bit/s/HZ averagely.展开更多
In this paper, a resource allocation scheme based on physical layer security under non-ideal condition for OFDMA system is introduced. Firstly, the program uses the information security constructing an OFDMA system Wi...In this paper, a resource allocation scheme based on physical layer security under non-ideal condition for OFDMA system is introduced. Firstly, the program uses the information security constructing an OFDMA system Wiretap Channel Model under non-ideal condition. Based on this model, arti?cial noise is generated for secure communications combatting passive multiple eavesdroppers. In order to maximize the average secrecy outage capacity without channel state information of eavesdroppers, we use dual decomposition method to implement subcarriers and power allocation in joint optimization. Simulation results show that the average secrecy outage capacity can achieve 7.81 bit/s/Hz while secrecy outage probability is 0.05 with 50 dB mtransmitpower and 64 sub-carrier for 8 authorized users.展开更多
Software-Defined Network architecture offers network virtualization through a hypervisor plane to share the same physical substrate among multiple virtual networks.However,for this hypervisor plane,how to map a virtua...Software-Defined Network architecture offers network virtualization through a hypervisor plane to share the same physical substrate among multiple virtual networks.However,for this hypervisor plane,how to map a virtual network to the physical substrate while guaranteeing the survivability in the event of failures,is extremely important.In this paper,we present an efficient virtual network mapping approach using optimal backup topology to survive a single link failure with less resource consumption.Firstly,according to whether the path splitting is supported by virtual networks,we propose the OBT-Ⅰ and OBT-Ⅱ algorithms respectively to generate an optimal backup topology which minimizes the total amount of bandwidth constraints.Secondly,we propose a Virtual Network Mapping algorithm with coordinated Primary and Backup Topology(VNM-PBT)to make the best of the substrate network resource.The simulation experiments show that our proposed approach can reduce the average resource consumption and execution time cost,while improving the request acceptance ratio of VNs.展开更多
This study proposes a tractable approach to analyze the physical-layer security in the downlink of a multi-tier heterogeneous cellular network. This method is based on stochastic geometry, has low computational comple...This study proposes a tractable approach to analyze the physical-layer security in the downlink of a multi-tier heterogeneous cellular network. This method is based on stochastic geometry, has low computational complexity, and uses the two-dimensional Poisson point process to model the locations of K-tier base stations and receivers, including those of legitimate users and eavesdroppers. Then, the achievable secrecy rates for an arbitrary user are determined and the upper and lower bounds of secrecy coverage probability derived on the condition that cross-tier interference is the main contributor to aggregate interference. Finally, our analysis results reveal the innate connections between information-theoretic security and the spatial densities of legitimate and malicious nodes.展开更多
In this paper, we propose a dual-threshold based secure On-Off transmission scheme, where signals are transmitted only if the channel condition can guarantee secure and reliable communication. First, we present a dyna...In this paper, we propose a dual-threshold based secure On-Off transmission scheme, where signals are transmitted only if the channel condition can guarantee secure and reliable communication. First, we present a dynamic access strategy to increase access efficiency, which provides an access region for the intended user. Then, we propose an emission control policy to transmit signals according to the current channel condition, which declines the influence of channel estimation errors and guarantees qualities of communication links. Furthermore, we give a comprehensive performance analysis for the proposed scheme in terms of connection outage probability(COP) and secrecy outage probability(SOP), and present a dual-threshold optimization model to further support the performance. Numerical results verify that the secure On-Off transmission scheme can increase the system secure energy efficiency and guarantee reliable and secure communication.展开更多
Recently, integrating Softwaredefined networking(SDN) and network functions virtualization(NFV) are proposed to address the issue that difficulty and cost of hardwarebased and proprietary middleboxes management. Howev...Recently, integrating Softwaredefined networking(SDN) and network functions virtualization(NFV) are proposed to address the issue that difficulty and cost of hardwarebased and proprietary middleboxes management. However, it lacks of a framework that orchestrates network functions to service chain in the network cooperatively. In this paper, we propose a function combination framework that can dynamically adapt the network based on the integration NFV and SDN. There are two main contributions in this paper. First, the function combination framework based on the integration of SDN and NFV is proposed to address the function combination issue, including the architecture of Service Deliver Network, the port types representing traffic directions and the explanation of terms. Second, we formulate the issue of load balance of function combination as the model minimizing the standard deviations of all servers' loads and satisfying the demand of performance and limit of resource. The least busy placement algorithm is introduced to approach optimal solution of the problem. Finally, experimental results demonstrate that the proposed method can combine functions in an efficient and scalable way and ensure the load balance of the network.展开更多
Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immedi...Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.展开更多
This study investigates physical layer security in downlink multipleinput multiple-output(MIMO) multi-hop heterogeneous cellular networks(MHCNs),in which communication between mobile users and base stations(BSs) is es...This study investigates physical layer security in downlink multipleinput multiple-output(MIMO) multi-hop heterogeneous cellular networks(MHCNs),in which communication between mobile users and base stations(BSs) is established by a single or multiple hops,to address the problem of insufficient security performance of MIMO heterogeneous cellular networks.First,two-dimensional homogeneous Poisson point processes(HPPPs) are utilized to model the locations of K-tier BSs in MIMO MHCNs and receivers,including those of legitimate users and eavesdroppers.Second,based on the channel gain distribution and the statistics property of HPPP,the achievable ergodic rates of the main and eavesdropper channels in direct and ad hoc links are derived,respectively.Third,the secrecy coverage probability and the achievable ergodic secrecy throughput of downlink MIMO MHCNs are explored,and their expressions are derived.Lastly,the correctness of the theoretical derivation is verified through Monte Carlo simulations.展开更多
A dynamic protocol stack(DPS) for ad hoc networks, together with a protocol stack construction scheme that is modeled as a multiconstrained knapsack problem is proposed. Compared to the traditional static protocol sta...A dynamic protocol stack(DPS) for ad hoc networks, together with a protocol stack construction scheme that is modeled as a multiconstrained knapsack problem is proposed. Compared to the traditional static protocol stack, DPS operates in a dynamic and adaptive manner and is scalable to network condition changes. In addition, a protocol construction algorithm is proposed to dynamically construct of the protocol stack each network node. Simulation results show that, the processing and forwarding performance of our scheme is close to 1 Gb/s, and the performance of our algorithm is close to that of the classical algorithms with much lower complexity.展开更多
Real-time multimedia sharing in Consumer-centric Multimedia Network(CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMN...Real-time multimedia sharing in Consumer-centric Multimedia Network(CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMNs subjected to their fixed substrate security framework. A fundamental diversifying attribute for the customized security experiences of CMNs is pressing. This paper proposes a programmable network structure which is named Service Processing Chain(SPC) based on network function combination. The SPC is established by the ordinal combination of network functions in substrate switches dynamically, and therefore constructs a special channel for each CMN with required security. The construction and reconfiguration algorithms of SPC are also discussed in this paper. Evaluations and implementation show that above approaches are effective in providing multilevel security with flexibility and expansibility. It is believed that the SPC could provide customized security service and drive participative real-time multimedia sharing for CMNs.展开更多
Network functions virtualization(NFV) increases network flexibility and scalability by virtualizing network functions running on the general servers and opens the network innovations by outsourcing VNF instances in 5G...Network functions virtualization(NFV) increases network flexibility and scalability by virtualizing network functions running on the general servers and opens the network innovations by outsourcing VNF instances in 5G networks.However,it leads to the incompatibility issue among different VNF instances,which makes operators difficult to determine which VNF instances to select for Service Function Chains(SFCs).In this paper,we divide VNF instances with high compatibility into clusters used for combining VNF instances in 5G networks.Firstly,we define compatibility among different VNF instances.Secondly,aiming to maximize compatibility of each cluster,we propose a novel hypergraph clustering model that divides the VNF instances into multiple clusters.Then,the hypergraph clustering model is transformed to an evolutionary game.Thus,the cluster establishing is transformed to the game equilibrium searching.Furthermore,we propose a discrete time high order replicator dynamic algorithm to find the game equilibrium.Finally,the simulation results show that the proposed approach can improve the quality of SFCs.展开更多
This paper studies a simultaneous wireless information and power transfer system with multiple external eavesdroppers and internal curious users.We model the random network by Poisson cluster process in consideration ...This paper studies a simultaneous wireless information and power transfer system with multiple external eavesdroppers and internal curious users.We model the random network by Poisson cluster process in consideration of the case where eavesdroppers hide around certain targets.Focusing on the users that work in harvesting-transmitting mode with time switching receivers,we establish communication model via time division multiple access.On this basis,we propose a lightweight secure transmission scheme based on dual-thresholds for physical-layer security enhancement,which consists of two protocols applied to the downlink(DL) and uplink(UL) transmission respectively.In the DL,we design a dynamic information-power switching transmission protocol based on signal-to-noise ratio threshold,which provides an opportunistic approach to reform the fixed period allocation of information and power transfer;in the UL,an energy threshold is proposed for users to control the transmission,which is called a user-led on-off transmission protocol.Furthermore,we give a comprehensive performance analysis for the proposed scheme in terms of delay,reliability,security and secrecy throughput.Based on the analysis results,we optimize the two thresholds and the DL-UL allocationcoefficient to maximize the secrecy throughput.Simulation results show the proposed scheme can bring about a substantial secrecy gain.展开更多
The interior tomography is commonly met in practice, whereas the self-calibration method for geometric parameters remains far from explored. To determine the geometry of interior tomography, a modified interval subdiv...The interior tomography is commonly met in practice, whereas the self-calibration method for geometric parameters remains far from explored. To determine the geometry of interior tomography, a modified interval subdividing based method, which was originally developed by Tan et al.,[11]was presented in this paper. For the self-calibration method, it is necessary to obtain the reconstructed image with only geometric artifacts. Therefore, truncation artifacts reduction is a key problem for the self-calibration method of an interior tomography. In the method, an interior reconstruction algorithm instead of the Feldkamp–Davis–Kress(FDK) algorithm was employed for truncation artifact reduction. Moreover, the concept of a minimum interval was defined as the stop criterion of subdividing to ensure the geometric parameters are determined nicely. The results of numerical simulation demonstrated that our method could provide a solution to the selfcalibration for interior tomography while the original interval subdividing based method could not. Furthermore, real data experiment results showed that our method could significantly suppress geometric artifacts and obtain high quality images for interior tomography with less imaging cost and faster speed compared with the traditional geometric calibration method with a dedicated calibration phantom.展开更多
In helical cone-beam computed tomography(CT), Feldkamp-Davis-Kress(FDK) based image reconstruction algorithms are by far the most popular. However, artifacts are commonly met in the presence of lateral projection trun...In helical cone-beam computed tomography(CT), Feldkamp-Davis-Kress(FDK) based image reconstruction algorithms are by far the most popular. However, artifacts are commonly met in the presence of lateral projection truncation. The reason is that the ramp filter is global. To restrain the truncation artifacts, an approximate reconstruction formula is proposed based on the Derivative-Hilbert-Backprojection(DHB) framework. In the method, the first order derivative filter is followed by the Hilbert transform. Since the filtered projection values are almost zero by the first order derivative filter, the following Hilbert transform has little influence on the projection values, even though the projections are laterally truncated. The proposed method has two main advantages. First, it has comparable computational efficiency and image quality as well as the conventional helical FDK algorithm for non-truncated projections. The second advantage is that images can be reconstructed with acceptable quality and much lower computational cost in comparison to the Laplace operator based algorithm in cases with truncated projections. To point out the advantages of our method, simulations on the computer and real data experiments on our laboratory industrial cone-beam CT are conducted. The simulated and experimental results demonstrate that the method is feasible for image reconstruction in the case of projection truncation.展开更多
In this paper, we present a self-adaptive programming mechanism(SAP) that targets programming hardware devices of reconfigurable parsing and processing. The SAP programming system locates in software of network data p...In this paper, we present a self-adaptive programming mechanism(SAP) that targets programming hardware devices of reconfigurable parsing and processing. The SAP programming system locates in software of network data plane and has three features:(1) programmable packet parsing: the packet header format can be customized and new header type can be added;(2) reconfigurable packet processing: the match fields to be handled in each match table can be specified;(3) function-adaptive control: any function control systems can determine the packet processing flow independently without the need of knowing the specifics of the underlying hardware. Finally, we implement a prototype on NetF PGA-10 G together with two representative function control systems(router and Open Flow switch) to demonstrate how SAP works. We believe the data plane of reconfigurable parsing and processing will lead to future switches that provide greater flexibility, and unlock the potential of network function innovation.展开更多
Under the requirement of everything over IP, network service shows the following characteristics:(1) network service increases its richness;(2) broadband streaming media becomes the mainstream. To achieve unified mult...Under the requirement of everything over IP, network service shows the following characteristics:(1) network service increases its richness;(2) broadband streaming media becomes the mainstream. To achieve unified multi-service bearing in the IP network, the largescale access convergence network architecture is proposed. This flat access convergence structure with ultra-small hops, which shortens the service transmission path, reduces the complexity of the edge of the network, and achieves IP strong waist model with the integration of computation, storage and transmission. The key technologies are also introduced in this paper, including endto-end performance guarantee for real time interactive services, fog storing mechanism, and built-in safety transmission with integration of aggregation and control.展开更多
Co-residency of different tenants’ virtual machines(VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or...Co-residency of different tenants’ virtual machines(VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or compatibility problem, thus failing in immediate real-world deployment. VM migration, an inherit mechanism of cloud systems, envisions a promising countermeasure, which limits co-residency by moving VMs between servers. Therefore, we first set up a unified practical adversary model, where the attacker focuses on effective side channels. Then we propose Driftor, a new cloud system that contains VMs of a multi-executor structure where only one executor is active to provide service through a proxy, thus reducing possible information leakage. Active state is periodically switched between executors to simulate defensive effect of VM migration. To enhance the defense, real VM migration is enabled at the same time. Instead of solving the migration satisfiability problem with intractable CIRCUIT-SAT, a greedy-like heuristic algorithm is proposed to search for a viable solution by gradually expanding an initial has-to-migrate set of VMs. Experimental results show that Driftor can not only defend against practical fast side-channel attack, but also bring about reasonable impacts on real-world cloud applications.展开更多
Well-controlled resource allocation is crucial for promoting the performance of multiple input multiple output orthogonal frequency division multiplexing(MIMO-OFDM) systems. Recent studies have focused primarily on tr...Well-controlled resource allocation is crucial for promoting the performance of multiple input multiple output orthogonal frequency division multiplexing(MIMO-OFDM) systems. Recent studies have focused primarily on traditional centralized systems or distributed antenna systems(DASs), and usually assumed that one sub-carrier or sub-channel is exclusively occupied by one user. To promote system performance, we propose a sub-channel shared resource allocation algorithm for multiuser distributed MIMO-OFDM systems. Each sub-channel can be shared by multiple users in the algorithm, which is different from previous algorithms. The algorithm assumes that each user communicates with only two best ports in the system. On each sub-carrier, it allocates a sub-channel in descending order, which means one sub-channel that can minimize signal to leakage plus noise ratio(SLNR) loss is deleted until the number of remaining sub-channels is equal to that of receiving antennas. If there are still sub-channels after all users are processed, these sub-channels will be allocated to users who can maximize the SLNR gain. Simulations show that compared to other algorithms, our proposed algorithm has better capacity performance and enables the system to provide service to more users under the same capacity constraints.展开更多
文摘A kind of packet labeling algorithm for autonomous system is introduced. The fairness of the algorithm for each traffic stream in the integratedservices is analyzed. It is shown that the rate of each stream in the integratedservices would converge to a stable value if the transmitting or forwarding rates converge to that of the receiving exponentially.
文摘The existing physical layer security algorithm, which is based on artificial noise, could affect legitimate receivers negatively when the number of users is no less than sending antennas in multi-user MIMO system. In order to improve security of multi-user MIMO system under this scenario, we propose a new multi-user MIMO system physical layer security algorithm based on joint channel state matrix. Firstly, multiple users are processed together, thus a multi-user joint channel state matrix is established. After achieving Singular Value Decomposition (SVD) of the joint channel state matrix, the minimum singular value is obtained, which can be utilized for precoding to eliminate the interference of artificial noise to legitimate receivers. Further, we also present an approach to optimize the power allocation. Simulation results show that the proposed algorithm can increase secrecy capacity by 0.1 bit/s/HZ averagely.
文摘In this paper, a resource allocation scheme based on physical layer security under non-ideal condition for OFDMA system is introduced. Firstly, the program uses the information security constructing an OFDMA system Wiretap Channel Model under non-ideal condition. Based on this model, arti?cial noise is generated for secure communications combatting passive multiple eavesdroppers. In order to maximize the average secrecy outage capacity without channel state information of eavesdroppers, we use dual decomposition method to implement subcarriers and power allocation in joint optimization. Simulation results show that the average secrecy outage capacity can achieve 7.81 bit/s/Hz while secrecy outage probability is 0.05 with 50 dB mtransmitpower and 64 sub-carrier for 8 authorized users.
基金This research was sponsored by the National Basic Research Program (973 program) of China (2012CB315901, 2013C8329104), the National Natural Science Foundation of China (61372121, 61309020), and the National High-Tech Research and Development Program (863 Program) of Chi- na (2011AA01A103, 201 1AA01A101, 2013AA013505).
文摘Software-Defined Network architecture offers network virtualization through a hypervisor plane to share the same physical substrate among multiple virtual networks.However,for this hypervisor plane,how to map a virtual network to the physical substrate while guaranteeing the survivability in the event of failures,is extremely important.In this paper,we present an efficient virtual network mapping approach using optimal backup topology to survive a single link failure with less resource consumption.Firstly,according to whether the path splitting is supported by virtual networks,we propose the OBT-Ⅰ and OBT-Ⅱ algorithms respectively to generate an optimal backup topology which minimizes the total amount of bandwidth constraints.Secondly,we propose a Virtual Network Mapping algorithm with coordinated Primary and Backup Topology(VNM-PBT)to make the best of the substrate network resource.The simulation experiments show that our proposed approach can reduce the average resource consumption and execution time cost,while improving the request acceptance ratio of VNs.
基金supported in part by National Natural Science Foundation of China under Grant No.61401510,61521003National High-tech R&D Program(863 Program)under Grant No.2015AA01A708
文摘This study proposes a tractable approach to analyze the physical-layer security in the downlink of a multi-tier heterogeneous cellular network. This method is based on stochastic geometry, has low computational complexity, and uses the two-dimensional Poisson point process to model the locations of K-tier base stations and receivers, including those of legitimate users and eavesdroppers. Then, the achievable secrecy rates for an arbitrary user are determined and the upper and lower bounds of secrecy coverage probability derived on the condition that cross-tier interference is the main contributor to aggregate interference. Finally, our analysis results reveal the innate connections between information-theoretic security and the spatial densities of legitimate and malicious nodes.
基金supported in part by National Natural Science Foundation of China under Grants No. 61871404, 61401510, 61521003, 61501516
文摘In this paper, we propose a dual-threshold based secure On-Off transmission scheme, where signals are transmitted only if the channel condition can guarantee secure and reliable communication. First, we present a dynamic access strategy to increase access efficiency, which provides an access region for the intended user. Then, we propose an emission control policy to transmit signals according to the current channel condition, which declines the influence of channel estimation errors and guarantees qualities of communication links. Furthermore, we give a comprehensive performance analysis for the proposed scheme in terms of connection outage probability(COP) and secrecy outage probability(SOP), and present a dual-threshold optimization model to further support the performance. Numerical results verify that the secure On-Off transmission scheme can increase the system secure energy efficiency and guarantee reliable and secure communication.
基金supported by the Foundation for Innovative Research Groups of the National Science Foundation of China (Grant No.61521003)The National Basic Research Program of China(973)(Grant No.2012CB315901,2013CB329104)+1 种基金The National Natural Science Foundation of China(Grant No.61372121,61309019,61309020)The National High Technology Research and Development Program of China(863)(Grant No.2015AA016102,2013AA013505)
文摘Recently, integrating Softwaredefined networking(SDN) and network functions virtualization(NFV) are proposed to address the issue that difficulty and cost of hardwarebased and proprietary middleboxes management. However, it lacks of a framework that orchestrates network functions to service chain in the network cooperatively. In this paper, we propose a function combination framework that can dynamically adapt the network based on the integration NFV and SDN. There are two main contributions in this paper. First, the function combination framework based on the integration of SDN and NFV is proposed to address the function combination issue, including the architecture of Service Deliver Network, the port types representing traffic directions and the explanation of terms. Second, we formulate the issue of load balance of function combination as the model minimizing the standard deviations of all servers' loads and satisfying the demand of performance and limit of resource. The least busy placement algorithm is introduced to approach optimal solution of the problem. Finally, experimental results demonstrate that the proposed method can combine functions in an efficient and scalable way and ensure the load balance of the network.
基金supported by the National Key Research and Development Program of China (2018YFB0804004)the Foundation of the National Natural Science Foundation of China (61602509)+1 种基金the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (61521003)the Key Technologies Research and Development Program of Henan Province of China (172102210615)
文摘Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.
基金supported in part by National High-tech R&D Program(863 Program) under Grant No.2014AA01A701National Natural Science Foundation of China under Grant No.61379006,61401510,61521003Project funded by China Postdoctoral Science Foundation under Grant No.2016M592990
文摘This study investigates physical layer security in downlink multipleinput multiple-output(MIMO) multi-hop heterogeneous cellular networks(MHCNs),in which communication between mobile users and base stations(BSs) is established by a single or multiple hops,to address the problem of insufficient security performance of MIMO heterogeneous cellular networks.First,two-dimensional homogeneous Poisson point processes(HPPPs) are utilized to model the locations of K-tier BSs in MIMO MHCNs and receivers,including those of legitimate users and eavesdroppers.Second,based on the channel gain distribution and the statistics property of HPPP,the achievable ergodic rates of the main and eavesdropper channels in direct and ad hoc links are derived,respectively.Third,the secrecy coverage probability and the achievable ergodic secrecy throughput of downlink MIMO MHCNs are explored,and their expressions are derived.Lastly,the correctness of the theoretical derivation is verified through Monte Carlo simulations.
基金supported by the National Science and Technology Major Project of the Ministry of Science and Technology of China (Grant No. 2014ZX03006003)the ZTE Research and Development Fund
文摘A dynamic protocol stack(DPS) for ad hoc networks, together with a protocol stack construction scheme that is modeled as a multiconstrained knapsack problem is proposed. Compared to the traditional static protocol stack, DPS operates in a dynamic and adaptive manner and is scalable to network condition changes. In addition, a protocol construction algorithm is proposed to dynamically construct of the protocol stack each network node. Simulation results show that, the processing and forwarding performance of our scheme is close to 1 Gb/s, and the performance of our algorithm is close to that of the classical algorithms with much lower complexity.
基金supported by The National Basic Research Program of China (973) (Grant No. 2012CB315901, 2013CB329104)The National Natural Science Foundation of China (Grant No. 61521003, 61372121, 61309019, 61572519, 61502530)The National High Technology Research and Development Program of China (863) (Grant No. 2015AA016102)
文摘Real-time multimedia sharing in Consumer-centric Multimedia Network(CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMNs subjected to their fixed substrate security framework. A fundamental diversifying attribute for the customized security experiences of CMNs is pressing. This paper proposes a programmable network structure which is named Service Processing Chain(SPC) based on network function combination. The SPC is established by the ordinal combination of network functions in substrate switches dynamically, and therefore constructs a special channel for each CMN with required security. The construction and reconfiguration algorithms of SPC are also discussed in this paper. Evaluations and implementation show that above approaches are effective in providing multilevel security with flexibility and expansibility. It is believed that the SPC could provide customized security service and drive participative real-time multimedia sharing for CMNs.
基金supported by The National High Technology Research and Development Program of China(863)(Grant No.2014AA01A701,2015AA01A706)
文摘Network functions virtualization(NFV) increases network flexibility and scalability by virtualizing network functions running on the general servers and opens the network innovations by outsourcing VNF instances in 5G networks.However,it leads to the incompatibility issue among different VNF instances,which makes operators difficult to determine which VNF instances to select for Service Function Chains(SFCs).In this paper,we divide VNF instances with high compatibility into clusters used for combining VNF instances in 5G networks.Firstly,we define compatibility among different VNF instances.Secondly,aiming to maximize compatibility of each cluster,we propose a novel hypergraph clustering model that divides the VNF instances into multiple clusters.Then,the hypergraph clustering model is transformed to an evolutionary game.Thus,the cluster establishing is transformed to the game equilibrium searching.Furthermore,we propose a discrete time high order replicator dynamic algorithm to find the game equilibrium.Finally,the simulation results show that the proposed approach can improve the quality of SFCs.
基金supported in part by China High-Tech RD Program(863 Program) SS2015AA011306National Natural Science Foundation of China under Grants No.61379006,61401510,61501516,61521003
文摘This paper studies a simultaneous wireless information and power transfer system with multiple external eavesdroppers and internal curious users.We model the random network by Poisson cluster process in consideration of the case where eavesdroppers hide around certain targets.Focusing on the users that work in harvesting-transmitting mode with time switching receivers,we establish communication model via time division multiple access.On this basis,we propose a lightweight secure transmission scheme based on dual-thresholds for physical-layer security enhancement,which consists of two protocols applied to the downlink(DL) and uplink(UL) transmission respectively.In the DL,we design a dynamic information-power switching transmission protocol based on signal-to-noise ratio threshold,which provides an opportunistic approach to reform the fixed period allocation of information and power transfer;in the UL,an energy threshold is proposed for users to control the transmission,which is called a user-led on-off transmission protocol.Furthermore,we give a comprehensive performance analysis for the proposed scheme in terms of delay,reliability,security and secrecy throughput.Based on the analysis results,we optimize the two thresholds and the DL-UL allocationcoefficient to maximize the secrecy throughput.Simulation results show the proposed scheme can bring about a substantial secrecy gain.
基金supported by the National Basic Research Program of China(Grant No.2011CB707701)the National High Technology Research and Development Program of China(Grant No.2012AA011603)the National Natural Science Foundation of China(Grant Nos.30970772 and 61372172)
文摘The interior tomography is commonly met in practice, whereas the self-calibration method for geometric parameters remains far from explored. To determine the geometry of interior tomography, a modified interval subdividing based method, which was originally developed by Tan et al.,[11]was presented in this paper. For the self-calibration method, it is necessary to obtain the reconstructed image with only geometric artifacts. Therefore, truncation artifacts reduction is a key problem for the self-calibration method of an interior tomography. In the method, an interior reconstruction algorithm instead of the Feldkamp–Davis–Kress(FDK) algorithm was employed for truncation artifact reduction. Moreover, the concept of a minimum interval was defined as the stop criterion of subdividing to ensure the geometric parameters are determined nicely. The results of numerical simulation demonstrated that our method could provide a solution to the selfcalibration for interior tomography while the original interval subdividing based method could not. Furthermore, real data experiment results showed that our method could significantly suppress geometric artifacts and obtain high quality images for interior tomography with less imaging cost and faster speed compared with the traditional geometric calibration method with a dedicated calibration phantom.
基金Supported by the National High Technology Research and Development Program of China(No.2012AA011603)National Nature Science Foundation of China(No.61372172)
文摘In helical cone-beam computed tomography(CT), Feldkamp-Davis-Kress(FDK) based image reconstruction algorithms are by far the most popular. However, artifacts are commonly met in the presence of lateral projection truncation. The reason is that the ramp filter is global. To restrain the truncation artifacts, an approximate reconstruction formula is proposed based on the Derivative-Hilbert-Backprojection(DHB) framework. In the method, the first order derivative filter is followed by the Hilbert transform. Since the filtered projection values are almost zero by the first order derivative filter, the following Hilbert transform has little influence on the projection values, even though the projections are laterally truncated. The proposed method has two main advantages. First, it has comparable computational efficiency and image quality as well as the conventional helical FDK algorithm for non-truncated projections. The second advantage is that images can be reconstructed with acceptable quality and much lower computational cost in comparison to the Laplace operator based algorithm in cases with truncated projections. To point out the advantages of our method, simulations on the computer and real data experiments on our laboratory industrial cone-beam CT are conducted. The simulated and experimental results demonstrate that the method is feasible for image reconstruction in the case of projection truncation.
基金supported by The National Basic Research Program of China (973) (Grant No. 2012CB315901, 2013CB329104)The National Natural Science Foundation of China (Grant No. 61521003, 61372121, 61309019, 61572519, 61502530)The National High Technology Research and Development Program of China (863) (Grant No. 2015AA016102, 2013AA013505)
文摘In this paper, we present a self-adaptive programming mechanism(SAP) that targets programming hardware devices of reconfigurable parsing and processing. The SAP programming system locates in software of network data plane and has three features:(1) programmable packet parsing: the packet header format can be customized and new header type can be added;(2) reconfigurable packet processing: the match fields to be handled in each match table can be specified;(3) function-adaptive control: any function control systems can determine the packet processing flow independently without the need of knowing the specifics of the underlying hardware. Finally, we implement a prototype on NetF PGA-10 G together with two representative function control systems(router and Open Flow switch) to demonstrate how SAP works. We believe the data plane of reconfigurable parsing and processing will lead to future switches that provide greater flexibility, and unlock the potential of network function innovation.
基金supported by The National Key Technology R&D Program (Grant No. 2011BAH19B00)The National Basic Research Program of China (973) (Grant No. 2012CB315900)The National High Technology Research and Development Program of China (863) (Grant No. 2015AA016102)
文摘Under the requirement of everything over IP, network service shows the following characteristics:(1) network service increases its richness;(2) broadband streaming media becomes the mainstream. To achieve unified multi-service bearing in the IP network, the largescale access convergence network architecture is proposed. This flat access convergence structure with ultra-small hops, which shortens the service transmission path, reduces the complexity of the edge of the network, and achieves IP strong waist model with the integration of computation, storage and transmission. The key technologies are also introduced in this paper, including endto-end performance guarantee for real time interactive services, fog storing mechanism, and built-in safety transmission with integration of aggregation and control.
基金the National Natural Science Foundation of China (Nos. 61521003 and 61602509)the National Key Research and Development Program of China (Nos. 2016YFB0800100 and 2016YFB0800101)the Key Technologies Research and Development Program of Henan Province of China (No. 172102210615).
文摘Co-residency of different tenants’ virtual machines(VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or compatibility problem, thus failing in immediate real-world deployment. VM migration, an inherit mechanism of cloud systems, envisions a promising countermeasure, which limits co-residency by moving VMs between servers. Therefore, we first set up a unified practical adversary model, where the attacker focuses on effective side channels. Then we propose Driftor, a new cloud system that contains VMs of a multi-executor structure where only one executor is active to provide service through a proxy, thus reducing possible information leakage. Active state is periodically switched between executors to simulate defensive effect of VM migration. To enhance the defense, real VM migration is enabled at the same time. Instead of solving the migration satisfiability problem with intractable CIRCUIT-SAT, a greedy-like heuristic algorithm is proposed to search for a viable solution by gradually expanding an initial has-to-migrate set of VMs. Experimental results show that Driftor can not only defend against practical fast side-channel attack, but also bring about reasonable impacts on real-world cloud applications.
基金Project supported by the National High-Tech R&D Program(863) of China(Nos.2012AA01A502 and 2012AA01A505)
文摘Well-controlled resource allocation is crucial for promoting the performance of multiple input multiple output orthogonal frequency division multiplexing(MIMO-OFDM) systems. Recent studies have focused primarily on traditional centralized systems or distributed antenna systems(DASs), and usually assumed that one sub-carrier or sub-channel is exclusively occupied by one user. To promote system performance, we propose a sub-channel shared resource allocation algorithm for multiuser distributed MIMO-OFDM systems. Each sub-channel can be shared by multiple users in the algorithm, which is different from previous algorithms. The algorithm assumes that each user communicates with only two best ports in the system. On each sub-carrier, it allocates a sub-channel in descending order, which means one sub-channel that can minimize signal to leakage plus noise ratio(SLNR) loss is deleted until the number of remaining sub-channels is equal to that of receiving antennas. If there are still sub-channels after all users are processed, these sub-channels will be allocated to users who can maximize the SLNR gain. Simulations show that compared to other algorithms, our proposed algorithm has better capacity performance and enables the system to provide service to more users under the same capacity constraints.
基金Project supported by the National Natural Science Foundation of China (No. 61201381), the Future Development Foundation of Zhengzhou Information Science and Technology Institute (No. YPI2JJ202057), China Postdoctoral Science Foundation (No. 2016M592989), and the Outstanding Youth Foundation of Information Engineering University (No. 2016603201)