Visible to the public Biblio

Filters: Keyword is Dynamic scheduling  [Clear All Filters]
Mengli, Zhou, Fucai, Chen, Wenyan, Liu, Hao, Liang.  2020.  Negative Feedback Dynamic Scheduling Algorithm based on Mimic Defense in Cloud Environment. 2020 IEEE 6th International Conference on Computer and Communications (ICCC). :2265–2270.
The virtualization technology in cloud environment brings some data and privacy security issues to users. Aiming at the problems of virtual machines singleness, homogeneity and static state in cloud environment, a negative feedback dynamic scheduling algorithm is proposed. This algorithm is based on mimic defense and creates multiple virtual machines to complete user request services together through negative feedback control mechanism which can achieve real-time monitor of the running state of virtual machines. When virtual machines state is found to be inconsistent, this algorithm will dynamically change its execution environment, resulting in the attacker's information collection and vulnerability exploitation process being disrupting. Experiments show that the algorithm can better solve security threats caused by the singleness, homogeneity and static state of virtual machines in the cloud, and improve security and reliability of cloud users.
Mukwevho, Ndivho, Chibaya, Colin.  2020.  Dynamic vs Static Encryption Tables in DES Key Schedules. 2020 2nd International Multidisciplinary Information Technology and Engineering Conference (IMITEC). :1—5.
The DES is a symmetric cryptosystem which encrypts data in blocks of 64 bits using 48 bit keys in 16 rounds. It comprises a key schedule, encryption and decryption components. The key schedule, in particular, uses three static component units, the PC-1, PC-2 and rotation tables. However, can these three static components of the key schedule be altered? The DES development team never explained most of these component units. Understanding the DES key schedule is, thus, hard. In addition, reproducing the DES model with unknown component units is challenging, making it hard to adapt and bring implementation of the DES model closer to novice developers' context. We propose an alternative approach for re-implementing the DES key schedule using, rather, dynamic instead of static tables. We investigate the design features of the DES key schedule and implement the same. We then propose a re-engineering view towards a more white-box design. Precisely, generation of the PC-1, rotation and PC-2 tables is revisited to random dynamic tables created at run time. In our views, randomly generated component units eliminate the feared concerns regarding perpetrators' possible knowledge of the internal structures of the static component units. Comparison of the performances of the hybrid DES key schedule to that of the original DES key schedule shows closely related outcomes, connoting the hybrid version as a good alternative to the original model. Memory usage and CPU time were measured. The hybrid insignificantly out-performs the original DES key schedule. This outcome may inspire further researches on possible alterations to other DES component units as well, bringing about completely white-box designs to the DES model.
Shi, Y., Sagduyu, Y. E., Erpek, T..  2020.  Reinforcement Learning for Dynamic Resource Optimization in 5G Radio Access Network Slicing. 2020 IEEE 25th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD). :1—6.
The paper presents a reinforcement learning solution to dynamic resource allocation for 5G radio access network slicing. Available communication resources (frequency-time blocks and transmit powers) and computational resources (processor usage) are allocated to stochastic arrivals of network slice requests. Each request arrives with priority (weight), throughput, computational resource, and latency (deadline) requirements, and if feasible, it is served with available communication and computational resources allocated over its requested duration. As each decision of resource allocation makes some of the resources temporarily unavailable for future, the myopic solution that can optimize only the current resource allocation becomes ineffective for network slicing. Therefore, a Q-learning solution is presented to maximize the network utility in terms of the total weight of granted network slicing requests over a time horizon subject to communication and computational constraints. Results show that reinforcement learning provides major improvements in the 5G network utility relative to myopic, random, and first come first served solutions. While reinforcement learning sustains scalable performance as the number of served users increases, it can also be effectively used to assign resources to network slices when 5G needs to share the spectrum with incumbent users that may dynamically occupy some of the frequency-time blocks.
Gwak, B., Cho, J., Lee, D., Son, H..  2018.  TARAS: Trust-Aware Role-Based Access Control System in Public Internet-of-Things. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :74–85.
Due to the proliferation of Internet-of-Things (IoT) environments, humans working with heterogeneous, smart objects in public IoT environments become more popular than ever before. This situation often requires to establish trust relationships between a user and a smart object for their secure interactions, but without the presence of prior interactions. In this work, we are interested in how a smart object can grant an access right to a human user in the absence of any prior knowledge in which some users may be malicious aiming to breach security goals of the IoT system. To solve this problem, we propose a trust-aware, role-based access control system, namely TARAS, which provides adaptive authorization to users based on dynamic trust estimation. In TARAS, for the initial trust establishment, we take a multidisciplinary approach by adopting the concept of I-sharing from psychology. The I-sharing follows the rationale that people with similar roles and traits are more likely to respond in a similar way. This theory provides a powerful tool to quickly establish trust between a smart object and a new user with no prior interactions. In addition, TARAS can adaptively filter malicious users out by revoking their access rights based on adaptive, dynamic trust estimation. Our experimental results show that the proposed TARAS mechanism can maximize system integrity in terms of correctly detecting malicious or benign users while maximizing service availability to users particularly when the system is fine-tuned based on the identified optimal setting in terms of an optimal trust threshold.
Chen, Jen-Jee, Tsai, Meng-Hsun, Zhao, Liqiang, Chang, Wei-Chiao, Lin, Yu-Hsiang, Zhou, Qianwen, Lu, Yu-Zhang, Tsai, Jia-Ling, Cai, Yun-Zhan.  2019.  Realizing Dynamic Network Slice Resource Management based on SDN networks. 2019 International Conference on Intelligent Computing and its Emerging Applications (ICEA). :120–125.
It is expected that the concept of Internet of everything will be realized in 2020 because of the coming of the 5G wireless communication technology. Internet of Things (IoT) services in various fields require different types of network service features, such as mobility, security, bandwidth, latency, reliability and control strategies. In order to solve the complex requirements and provide customized services, a new network architecture is needed. To change the traditional control mode used in the traditional network architecture, the Software Defined Network (SDN) is proposed. First, SDN divides the network into the Control Plane and Data Plane and then delegates the network management authority to the controller of the control layer. This allows centralized control of connections of a large number of devices. Second, SDN can help realizing the network slicing in the aspect of network layer. With the network slicing technology proposed by 5G, it can cut the 5G network out of multiple virtual networks and each virtual network is to support the needs of diverse users. In this work, we design and develop a network slicing framework. The contributions of this article are two folds. First, through SDN technology, we develop to provide the corresponding end-to-end (E2E) network slicing for IoT applications with different requirements. Second, we develop a dynamic network slice resource scheduling and management method based on SDN to meet the services' requirements with time-varying characteristics. This is usually observed in streaming and services with bursty traffic. A prototyping system is completed. The effectiveness of the system is demonstrated by using an electronic fence application as a use case.
Xue, Baoze, Shen, Pubing, Wu, Bo, Wang, Xiaoting, Chen, Shuwen.  2019.  Research on Security Protection of Network Based on Address Layout Randomization from the Perspective of Attackers. 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). :1475–1478.
At present, the network architecture is based on the TCP/IP protocol and node communications are achieved by the IP address and identifier of the node. The IP address in the network remains basically unchanged, so it is more likely to be attacked by network intruder. To this end, it is important to make periodic dynamic hopping in a specific address space possible, so that an intruder fails to obtain the internal network address and grid topological structure in real time and to continue to perform infiltration by the building of a new address space layout randomization system on the basis of SDN from the perspective of an attacker.
Noor, Joseph, Ali-Eldin, Ahmed, Garcia, Luis, Rao, Chirag, Dasari, Venkat R., Ganesan, Deepak, Jalaian, Brian, Shenoy, Prashant, Srivastava, Mani.  2019.  The Case for Robust Adaptation: Autonomic Resource Management is a Vulnerability. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :821–826.
Autonomic resource management for distributed edge computing systems provides an effective means of enabling dynamic placement and adaptation in the face of network changes, load dynamics, and failures. However, adaptation in-and-of-itself offers a side channel by which malicious entities can extract valuable information. An attacker can take advantage of autonomic resource management techniques to fool a system into misallocating resources and crippling applications. Using a few scenarios, we outline how attacks can be launched using partial knowledge of the resource management substrate - with as little as a single compromised node. We argue that any system that provides adaptation must consider resource management as an attack surface. As such, we propose ADAPT2, a framework that incorporates concepts taken from Moving-Target Defense and state estimation techniques to ensure correctness and obfuscate resource management, thereby protecting valuable system and application information from leaking.
Liu, Xiaohu, Li, Laiqiang, Ma, Zhuang, Lin, Xin, Cao, Junyang.  2019.  Design of APT Attack Defense System Based on Dynamic Deception. 2019 IEEE 5th International Conference on Computer and Communications (ICCC). :1655—1659.
Advanced Persistent Threat (APT) attack has the characteristics of complex attack means, long duration and great harmfulness. Based on the idea of dynamic deception, the paper proposed an APT defense system framework, and analyzed the deception defense process. The paper proposed a hybrid encryption communication mechanism based on socket, a dynamic IP address generation method based on SM4, a dynamic timing selection method based on Viterbi algorithm and a dynamic policy allocation mechanism based on DHCPv6. Tests show that the defense system can dynamically change and effectively defense APT attacks.
Wang, Manxi, Liu, Bingjie, Xu, Haitao.  2019.  Resource Allocation for Threat Defense in Cyber-security IoT system. 2019 28th Wireless and Optical Communications Conference (WOCC). :1—3.
In this paper, we design a model for resource allocation in IoT system considering the cyber security, to achieve optimal resource allocation when defend the attack and threat. The resource allocation problem is constructed as a dynamic game, where the threat level is the state and the defend cost is the objective function. Open loop solution and feedback solutions are both given to the defender as the optimal control variables under different solutions situations. The optimal allocated resource and the optimal threat level for the defender is simulated through the numerical simulations.
Zhi-wen, Wang, Yang, Cheng.  2018.  Bandwidth Allocation Strategy of Networked Control System under Denial-of-Service Attack. 2018 4th Annual International Conference on Network and Information Systems for Computers (ICNISC). :49—55.

In this paper, security of networked control system (NCS) under denial of service (DoS) attack is considered. Different from the existing literatures from the perspective of control systems, this paper considers a novel method of dynamic allocation of network bandwidth for NCS under DoS attack. Firstly, time-constrained DoS attack and its impact on the communication channel of NCS are introduced. Secondly, details for the proposed dynamic bandwidth allocation structure are presented along with an implementation, which is a bandwidth allocation strategy based on error between current state and equilibrium state and available bandwidth. Finally, a numerical example is given to demonstrate the effectiveness of the proposed bandwidth allocation approach.

Perveen, Abida, Patwary, Mohammad, Aneiba, Adel.  2019.  Dynamically Reconfigurable Slice Allocation and Admission Control within 5G Wireless Networks. 2019 IEEE 89th Vehicular Technology Conference (VTC2019-Spring). :1—7.
Serving heterogeneous traffic demand requires efficient resource utilization to deliver the promises of 5G wireless network towards enhanced mobile broadband, massive machine type communication and ultra-reliable low-latency communication. In this paper, an integrated user application-specific demand characteristics as well as network characteristics evaluation based online slice allocation model for 5G wireless network is proposed. Such characteristics include, available bandwidth, power, quality of service demand, service priority, security sensitivity, network load, predictive load etc. A degree of intra-slice resource sharing elasticity has been considered based on their availability. The availability has been assessed based on the current availability as well as forecasted availability. On the basis of application characteristics, an admission control strategy has been proposed. An interactive AMF (Access and Mobility Function)- RAN (Radio Access Network) information exchange has been assumed. A cost function has been derived to quantify resource allocation decision metric that is valid for both static and dynamic nature of user and network characteristics. A dynamic intra-slice decision boundary estimation model has been proposed. A set of analytical comparative results have been attained in comparison to the results available in the literature. The results suggest the proposed resource allocation framework performance is superior to the existing results in the context of network utility, mean delay and network grade of service, while providing similar throughput. The superiority reported is due to soft nature of the decision metric while reconfiguring slice resource block-size and boundaries.
Yoshikawa, Takashi, Date, Susumu, Watashiba, Yasuhiro, Matsui, Yuki, Nozaki, Kazunori, Murakami, Shinya, Lee, Chonho, Hida, Masami, Shimojo, Shinji.  2019.  Secure Staging System for Highly Confidential Data Built on Reconfigurable Computing Platform. 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). :308–313.
Cloud use for High Performance Computing (HPC) and High Performance Data Analytics (HPDA) is increasing. The data are transferred to the cloud and usually left there even after the data being processed. There is security concern for such data being left online. We propose secure staging system to prepare not only data but also computing platform for processing the data dynamically just while the data is processed. The data plane of the secure staging system has dynamic reconfigurability with several lower-than-IP-layer partitioning mechanisms. The control plane consists of a scheduler and a resource provisioner working together to reconfigure the partitioning in the data plane dynamically. A field trial system is deployed for treating secure data in dental school to be processed in the computer center with the location distance of 1km. The system shows high score in the Common Vulnerability Scoring System (CVSS) evaluation.
Lu, Y., Chen, G., Luo, L., Tan, K., Xiong, Y., Wang, X., Chen, E..  2017.  One more queue is enough: Minimizing flow completion time with explicit priority notification. IEEE INFOCOM 2017 - IEEE Conference on Computer Communications. :1–9.

Ideally, minimizing the flow completion time (FCT) requires millions of priorities supported by the underlying network so that each flow has its unique priority. However, in production datacenters, the available switch priority queues for flow scheduling are very limited (merely 2 or 3). This practical constraint seriously degrades the performance of previous approaches. In this paper, we introduce Explicit Priority Notification (EPN), a novel scheduling mechanism which emulates fine-grained priorities (i.e., desired priorities or DP) using only two switch priority queues. EPN can support various flow scheduling disciplines with or without flow size information. We have implemented EPN on commodity switches and evaluated its performance with both testbed experiments and extensive simulations. Our results show that, with flow size information, EPN achieves comparable FCT as pFabric that requires clean-slate switch hardware. And EPN also outperforms TCP by up to 60.5% if it bins the traffic into two priority queues according to flow size. In information-agnostic setting, EPN outperforms PIAS with two priority queues by up to 37.7%. To the best of our knowledge, EPN is the first system that provides millions of priorities for flow scheduling with commodity switches.

Qi, C., Wu, J., Chen, H., Yu, H., Hu, H., Cheng, G..  2017.  Game-Theoretic Analysis for Security of Various Software-Defined Networking (SDN) Architectures. 2017 IEEE 85th Vehicular Technology Conference (VTC Spring). :1–5.

Security evaluation of diverse SDN frameworks is of significant importance to design resilient systems and deal with attacks. Focused on SDN scenarios, a game-theoretic model is proposed to analyze their security performance in existing SDN architectures. The model can describe specific traits in different structures, represent several types of information of players (attacker and defender) and quantitatively calculate systems' reliability. Simulation results illustrate dynamic SDN structures have distinct security improvement over static ones. Besides, effective dynamic scheduling mechanisms adopted in dynamic systems can enhance their security further.