ABSTRACT. Named Data Networking (NDN) is a promising technology for content centric networks, and it is suitable for vehicular networks since no IP architecture is required. Quite a number of solutions have been proposed for vehicular NDN (V-NDN), but high communication cost due to frequent topology changes caused by high mobility of vehicles is still a challenge to be addressed. In this paper, we study how to disseminate traffic information to vehicles via V-NDN. Different from existing works, we consider navigation route based data interests, i.e., a vehicle is concerned about the traffic information along road segments planned to take. According to such a data interest scenario, we propose a tree based data interest structure and associated maintenance operations to merge identical data interests due to overlapping navigation routes among different vehicles. With the tree based data interest management, the number of interest packets can be significantly reduced. Then, we propose trigger based mechanisms for data interest packet re-sending and forwarding, which can avoid unnecessary interest packet re-sending. With our design, traffic information can be disseminated to interested nodes with high success rate and low communication cost simultaneously. Simulations via SUMO and ndnSIM confirm such advantages of our work.

ABSTRACT. Wireless multicast has a great benefit for data transmission. Multicast rate adaptation in WLAN has become a hot topic from the research community. However, wirelss multicast lacks in feedback mechanism from the receiver and also no retransmission mechanism from loss or error. In oder to improve multicast reliability, multicast is always transmit data at the basic rate of 1 Mbps (e.g. 802.11b). This low rate may penalize other traffic and waste bandwidth capacity because of longer channel occupancy. Moreover, Wireless NDN multicast is essentially different from traditional wireless multicast. wireless NDN multicast group is based Pending Interest Table (PIT) state, which significantly increases multicast dynamic. In this paper, we propose a multicast rate adaptation scheme for selecting the best transmission rate for multicast communication. We use the PIT state and optimization algorithm to select the best transmission rate for every multicast group. In addition, we use the caching mechanism of NDN to improve the reliability when the multicast data losses or errors. Simulation results show that the proposed multicast rate adaptation scheme reduces transmission time of multicast receiver while achieving lower average delay and packet loss rate.

ABSTRACT. Recent studies show that real-time precise user localization enables to deliver accurate beamforming in MIMO systems without the need for channel estimation. This paper presents new solutions for accurate user localization in massive MIMO LTE systems. A key novelty of the developed schemes is the ability to locate users during LTE's random access channel synchronization procedure before they are connected to the network, by which the obtained location information can be immediately used to optimize the allocation of radio resource and perform accurate beamforming. To achieve this, the developed solutions leverage the advantages of spherical wave propagation since it allows simultaneously estimating the angle of arrival and the propagation distance from the user equipment to each antenna element. We design solutions for both single-path line-of-sight communication and multi-path propagation environments. The developed schemes were evaluated through both simulations and proof-of-concept experiments. Simulation results show that both algorithms can achieve decimeter-level localization accuracy using 64 and more antenna elements for the distances up to 300 meters. The proof-of-concept experiment justifies the feasibility of user localization based on the estimation of the shape of the incoming wavefront.

ABSTRACT. To support efficient spectrum sharing and related standardization efforts in unlicensed spectrum, it is important to develop analytical tools to accurately quantify coexistence performance between long-term evolution license assisted access (LTE-LAA) and legacy systems, such as wireless local area network (WLAN). Though joint throughput of spectrum sharing LTE-LAA and WLAN systems has been extensively studied, there lacks a systematic study on a high level metric – the probability of coexistence (PoC), which indicates whether the coexistence is regarded as successful (constructive coexistence) or not. Another problem in current coexistence research is that the transmission delay constraints have not been adequately analyzed. The majority of available results either ignored delay constraints, or studied only the mean (or variance) of delay, but have not considered the delay distribution and its impact on the throughput. To address these problems, in this paper, we define and analyze original PoC metrics between LTE-LAA and WLAN systems based on two practical delay constraints. The first PoC is based on the joint distribution probability of delays related with successful transmissions; and the second PoC is defined upon the joint probability of delay-constrained throughput (DCT) of LAA and WLAN systems. Though these two PoCs are novel and practical, evaluating them involves several technical difficulties. We design a novel analytical framework to explicitly model the transmission delay as function of system parameters, and analyze the moment generating function (MGF) and cumulative distribution function (CDF) of the delay. We also develop a new method to evaluate the DCT and its CDF. Consequently, the PoCs can be evaluated with low complexity. The analytical results are verified by our Monte carlo simulations. Numerical results demonstrate the impacts of delay and throughput requirement on the PoCs, and illustrate some design tradeoffs and insightful findings. These results provide theoretical and practical value for designing improved LTE-LAA and WLAN systems, and may be extended to other emerging spectrum sharing communication systems.

ABSTRACT. Existing works in data forwarding in delay tolerant networks often simplify the data transmission during a contact between two network nodes. One common assumption is that once transmitted, messages will always successfully arrive at the encounter node in its entirety regardless of the contact duration. The other common assumption is that messages are unfragmented, and are successfully transmitted only if the contact duration is long enough. If the contact duration is too short, the transmission will not complete, and the message needs to be re-transmitted in its entirety in the next contact. While the first assumption is unrealistic, the second assumption makes the routing strategy inefficient for large data items in network environments where most contact durations are short. In this work, we eliminate the assumption of unfragmented data, and propose a single-copy fragmented data routing strategy (FDR) that performs well with short contact durations. FDR considers the distribution of inter-contact time, contact duration time, and fragmented data sizes when making forwarding decisions. We show that under short contact durations and large message sizes, our scheme can achieve up to 46% higher delivery rate and 36% lower delay compared to other routing strategies.

ABSTRACT. While the Internet of Things (IoT) becomes increasingly popular and ubiquitous, IoT devices often remain unprotected and can be exploited to launch large-scale distributed denial-of-service (DDoS) attacks. One could attempt to employ traditional DDoS defense solutions, but these solutions are hardly suitable in IoT environments since they seldom consider the resource constraints of IoT devices. This paper presents FR-WARD, a system that defends against DDoS attacks launched from an IoT network. FR-WARD operates close to potential attack sources at the gateway of an IoT network and drops packets to throttle any DDoS traffic that attempts to leave the IoT network. However, in order to properly react to traffic too difficult to categorically label as good or bad, FR- WARD employs a novel response based on the fast retransmit and flow control mechanisms of the Transmission Control Protocol (TCP) which minimizes the battery consumption and network latency of benign IoT devices within the policed network. Based on our mathematical analysis, simulation, and experimental evaluation, FR-WARD not only effectively mitigates DDoS traffic, but also minimizes the number of retransmitted packets for benign IoT devices without increasing their connection durations. In fact, FR-WARD can successfully mitigate both naive flood attacks and smarter DDoS attacks that follow TCP congestion control but still reduce overhead caused by retransmitted packets for benign IoT devices by a up to a factor of 18.

ABSTRACT. One of the main concerns of smart cities is to improve public health which is mainly threatened by air pollution due to the massively increasing urbanization. The reduction of air pollution starts first with an efficient monitoring of air quality where the main aim is to generate accurate pollution maps in real time. Spatiotemporally fine-grained air pollution maps can be obtained using physical models which simulate the phenomenon of pollution dispersion. However, these simulations are less accurate than measurements that can be obtained using pollution sensors. Combining simulations and measurements, also known as data assimilation, provides better pollution estimations through the correction of the fine-grained simulations of physical models. The quality of data assimilation mainly depends on the number of measurements and their locations. A careful deployment of nodes is therefore necessary in order to get better pollution maps. In this paper, we tackle the deployment problem of pollution sensors and propose a new mixed integer programming model allowing to minimize the overall deployment cost of the network while achieving a required assimilation quality and ensuring the connectivity of the network. We then design a heuristic algorithm to solve efficiently the problem in polynomial time. We perform extensive simulations on a dataset of the Lyon city, France and show that our approach provides better air quality monitoring when compared to existing deployment methods that are designed without taking into account the outputs of physical models. We also show that in terms of connectivity, the communication range of sensor nodes might have a noteworthy impact on the quality of pollution estimation.

ABSTRACT. This paper presents FruitSense, a novel fruit ripeness sensing system that leverages wireless signals to enable non-destructive and low-cost detection of fruit ripeness. Such a system can reuse existing WiFi devices in homes without the need for additional sensors. It uses WiFi signals to sense the physiological changes associated with fruit ripening for detecting the ripeness of fruit. FruitSense leverages the larger bandwidth at 5GHz (i.e., over 600MHz) to extract the multipath-independent signal components to characterize the physiological compounds of the fruit. It then measures the similarity between the extracted features and the ones in ripeness profiles for identifying the ripeness level. We evaluate FruitSense in different multipath environments with two types of fruits (i.e, kiwi and avocado) under four levels of ripeness. Experimental results show that FruitSense can detect the ripeness levels of fruits with an accuracy over 90%.

ABSTRACT. Accurate human gesture recognition is becoming a cornerstone for myriad emerging applications in human-computer interaction. Existing gesture recognition systems either require dedicated extra infrastructure or user’s active cooperation. Although some WiFi-based gesture recognition systems have been proposed, they are venerable to environmental dynamics and rely on the tedious data re-labeling and expert knowledge each time being implemented in a new environment. In this paper, we propose a WiFi-based device-free adaptive gesture recognition scheme, WiADG, that is able to identify human gestures accurately and consistently under environmental dynamics via adversarial domain adaptation. Firstly, a novel OpenWrt-based IoT platform is developed, enabling the direct collection of Channel State Information (CSI) measurements from commercial IoT devices. After constructing an accurate source classifier with labeled source CSI data via the proposed convolutional neural network in the source domain (original environment), we design an unsupervised domain adaptation scheme to reduce the domain discrepancy between the source and the target domain (new environment) and thus improve the generalization performance of the source classifier. The domain-adversarial objective is to train a generator (target encoder) to map the unlabeled target data to a domain invariant latent feature space so that a domain discriminator cannot distinguish the domain labels of the data. In the phase of implementation, we utilize the trained target encoder to map the target CSI frame to the latent feature space and use the source classifier to identify various gestures performed by the user. We implement WiADG on commercial WiF routers and conduct experiments in multiple indoor environments. The results validate that WiADG achieves 98% gesture recognition accuracy in the original environment. Furthermore, the proposed unsupervised adversarial domain adaptation is able to enhance the recognition accuracy of WiADG by 49.7% without the needs of labeled data collection and new classifier generation when implements it in new environments.

ABSTRACT. Online bookstores are capable capturing reader preference by analyzing click logs and transaction records, while physical bookstores or libraries still lack effective methods to gather reader behavioral data. Fortunately, the widespread use of mobile wearable devices and RFID technology opens up new possibilities for uncovering readers’ in-store experience. In this paper, we propose Readertrack, which integrates smartwatch and RFID to excavate readers’ interactions with books. We first leverage inertial sensor data of smartwatches and backscatter signal of RFID tags to infer reader behaviors and book motions, respectively. Then we associate the readers with the corresponding books according to these inferred behaviors and motions. We implement Readertrack on COTS devices and test it extensively in our lab environment which mimics bookstores. Experimental results show the effectiveness and robustness of Readertrack in recognizing readers’ interactions with books.

ABSTRACT. With the widespread adoption of smart mobile devices, more and more users are storing their personal data in mobile device that using flash memory as storage medium. How to effectively prevent data from unauthorized access and privacy leakage after the expired, which brings a great challenge to the data secure deletion in flash memory. In order to address this problem, we propose a data secure deletion scheme for mobile device based on key derivation. In this scheme, we first construct a key derivation encryption algorithm, and build a node key tree based on the structure of the flash memory cell array. The node key is derived from the root node with a master key through the key tree. When the data is stored, the plaintext component is read and then the encryption key is generated by bitwise exclusive or on the node key with the plaintext component. Furthermore, a flexible selective block erasure and selective key deletion method is constructed to security delete the data after expired. Finally, the security analysis shows that the proposed scheme can securely protect the data within the life cycle and secure deletion after the expiration. Performance analysis and experimental results show that the proposed scheme is effective and efficient.

ABSTRACT. With the growing popularity of smartphones, security issues in Android has become the focus of attention. Among these, Activity hijacking attacks pose a threat to normal APPs and sensitive input data by exploiting flaws in Android UI management mechanism, with high elusiveness and widespread harm. Existing defenses either only work for Activity hijacking attacks in a particular scene, or product obvious false positives. To make up for this vacancy, we propose a preventive scheme named “ActivityShielder” for Android tasks, the management entities of UI, to detect and explicitly block multiple Activity hijacking attacks. Our evaluation results show that ActivityShielder can effectively resist activity hijacking attacks and avoid existing false positives in multi-version Android systems, with a minor performance impact (lower than 2%) to the system.

ABSTRACT. Zero-day vulnerabilities pose significant threats in computer and network security, and have attracted attentions in recent years not only to malicious attackers but government and law enforcement users who need to control (e.g., for forensics purpose) the computer systems which otherwise are unaccessible through traditional channels. Based on the observation that vulnerabilities are acquired and traded in a different way than commodities, we study and propose a vulnerability market model by taking into consideration cheating and uncertainty in the market. The paper illustrates the interactions between the vulnerability sellers and buyers in a game theoretic framework. By modeling the economic aspects of the vulnerability market with a focus on information asymmetry and distinctive incentives of malicious and defensive buyers, we propose active and strategic market participation by defenders to obtain vulnerability information from the marketplace in a cost-effective way. Rather than killing the market, defenders can take advantage of the incomplete information feature of the vulnerability market to improve cybersecurity. To further maximize the uncertainty, defenders may also play in the supply side of the vulnerability market to provide low or no value vulnerabilities to dilute the market.

ABSTRACT. With the popularity of VoIP systems, there has been an explosive growth in VoIP spam. In order to effectively prevent spam calls, various methods based on the analysis of call behavior features have been proposed. However, few of the existing methods consider that different features have different weights, resulting in a low detection precision of SPIT (Spam over Internet Telephony) users. Meanwhile, most methods are tested based on the experimental data generated by simulation, it is not sure whether these methods work well in the real world. In this paper, we propose a Weighted-Fuzzy-C-Means (W-FCM) algorithm, which can automatically adjust the weight of each call feature in the clustering process. Experiments based on the real world data show that our proposed algorithm could effectively improve the detection precision (about 6.7%) and recall (about 0.3%) of SPIT users. We also analyze the impact of different membership thresholds on the clustering results and propose a Threshold-W-FCM (TW-FCM) algorithm, through which we can select appropriate membership thresholds to alleviate the class-imbalance problem, and thereby improve the overall performance of SPIT detection compared with traditional FCM method.

ABSTRACT. The epidemic containment game is a formulation to describe voluntary vaccination behaviors before epidemic spreading [1]. This game relies on the characterization of the SIS model in terms of the spectral radius of the network. Existing researches showed that finding the worst Nash Equilibrium (NE) is NP-hard and used a heuristic algorithm called Low Degree (LDG) to estimate the maximum social cost under the worst NE (Max NE SC). We found the LDG algorithm cannot estimate Max NE SC well, thus, we proposed a new neighbor information based algorithm to estimate Max NE SC in this paper. Moreover, we discussed Stackelberg strategies in which some nodes are secured first to reduce Max NE SC. We found the target (TAR) strategy is effective to reduce Max NE SC in a BA network when T is large and useless when T is low (T$is the ratio of the recovery rate to the transmission rate in the SIS model). Moreover, we found that a lot of nodes with small degrees are secured under the TAR strategy when T is low, which leads to high Max NE SC. At last, we proposed a new Greedy algorithm to select nodes secured first, which can reduce Max NE SC when T is low.

ABSTRACT. Software-Defined Networking (SDN) is an emerging network architecture. SDN is currently attracting significant attention from both academia and industry. A large number of studies have been carried out in academic circles. However, how to build small scale experimental Software-Defined Networking is the basis of various researches. This paper builds a physical device called Xspider for really SDN experimental environment, which is based on NetFPGA with implement OpenFlow protocol support. Xspider has the characteristics of saving space, being easy to carry, and the ability to simulate multiple topologies. This kind of physical device can facilitate the application of SDN teaching and experiment, which is beneficial to promote the technological progress of SDN.

ABSTRACT. Edge computing reorganizes edge resources but is unstable and unreliable at present, thus, orchestration may occur occasionally. This paper provides an architecture named Boundless Resource Orchestrator (BRO) combing cloud computing and edge computing based on containers. The proposed architecture leverage container technology to accelerate and optimize the orchestration process. A master-slave paradigm is implemented in the architecture to provide region autonomy abilities rather than the centralized architecture. Considering the ever-changing circumstance of edge cloud, an orchestration strategy Best Performance at Least Cost (BPLC) is proposed attempting to maximize the performance of computing at minimum cost dynamically and automatically. Experiments are carried out on measuring couples of infrastructures and orchestration strategies that prove the BRO and BPLC as prior choices dealing with massive jobs in edge computing.

ABSTRACT. The SDN(Software Defined Network) network architecture decouples control plane and data forwarding plane of the network device. The forwarding mechanism based on the flow table provides programmability for SDN. However, with the increase of network services, the scale of the flow table in the OpenFlow switch tends to increase rapidly, which makes it difficult to store flow tables in the limited memory of the switch, thus becoming a bottleneck of the SDN development. In order to reduce the storage space of internal flow tables in the SDN switch, this paper proposes two novel designs of multiple flow table based on the specific values in the matching field and logical relationship between matching fields.

ABSTRACT. In blockchain-based systems, malicious behaviour can be detected using auditable information in transactions managed by distributed ledgers. Besides cryptocurrency, blockchain technology has recently been used for other applications, such as file storage. However, most of existing blockchain-based file storage systems can not revoke a user efficiently when multiple users have access to the same file that is encrypted. Actually, they need to update file encryption keys and distribute new keys to remaining users, which significantly increases computation and bandwidth overheads. In this work, we propose a blockchain and proxy re-encryption based design for encrypted file sharing that brings a distributed access control and data management. By combining blockchain with proxy re-encryption, our approach not only ensures confidentiality and integrity of files, but also provides a scalable key management mechanism for file sharing among multiple users. Moreover, by storing encrypted files and related keys in a distributed way, our method can resist collusion attacks between revoked users and distributed proxies.

ABSTRACT. The virtual network functions (VNF) enables to reduce reliance on expensive proprietary networking gear and increase network elasticity. In this paper, we propose an Elastic Virtual Networks (EVN) system to realize a complete virtual network layout, which supports resource customization, automated deployment, and flexible migration. Through the port and MAC address mapping, a new physical node can access the Virtual Networks (VNs), and the related VNFs are deployed through Docker. Moreover, we set up a white list function to reserve the capacity in the hosts that will be accessed in the future to facilitate a fast access. The experiment results verify that the VNF migration time in EVN by Docker improves three to four times compared with the traditional VM solution.

ABSTRACT. With the rapid increasing demands of applications on mobile devices, mobile cloud computing becomes more and more flex and complex. There are lots of reasons which might lead to the unavailable of the mobile cloud computing services, especially in complex network environments. To handle this issue of robustness, we propose a method which can transfer all services running on the present server to the next server whenever the computing services are inaccessible. The implements of this method are demonstrated and tested on the OpenStack platform. The results show that this method can improve the robustness of the mobile cloud computing services effectively.

ABSTRACT. The RDD cache is important way to improve the efficiency of application on Spark. There are some specific characteristics of iterative application. We design the classified and active caching strategy for iterative application. It can reduce the time delay of RDD creation of data set for iterative application and avoid creating or recomputing it again during the iterative application. At the same time, the RDD of parameter set should be renewed and cached after every iteration to reduce the time overhead of the subsequent iteration. The prototype is implemented based on Spark and one iterative application is used to test and compared with Spark. The results show that the classified and active caching strategy can reduce the 12%-45% time overhead of iterative application.

ABSTRACT. Software-defined networking (SDN) is one of the most promising topics of research today. In this paper, we study the performance of three SDN controllers — ONOS, OpenMUL and POX, that are implemented in three different programming languages, i.e., Java, C and Python, respectively, using Mininet and Wireshark packet analysis. We compare the performance of the controllers analyzed using Mininet-Wireshark packet analysis with that of the benchmarking tool Cbench (that uses fake control packets generated from switch instances) in terms of latency and throughput and show that the latter significantly under-estimates the performance evaluation. Additionally, we also study a new performance metric, topology discovery time, that none of the current benchmarking tools capture.

ABSTRACT. In SDN, to enable resilience each switch can be mapped multiple controllers (e.g., primary, secondary) and distribute the control traffic among them. The SDN controllers for each switch need to be chosen in a manner that does not compromise on network response time, while taking controller reliability into consideration. The objective of our work is to find an optimal switch-secondary controller mapping and control traffic distribution such that the reliability of mapped controllers is maximized. We mathematically model controller reliability, formulate and solve the optimization problem with the above objective. We implement a switch-controller mapping approach in SDN, wherein we map each switch to two active controllers and distribute the flow-setup requests (control traffic) between them. We implement our approach using Floodlight controllers and Mininet, and show that it improves reliability of mapping and achieves better recovery time upon controller failure by up to 27.3% as compared to the traditional master-slave setup.

ABSTRACT. In Information-Centric Networking (ICN), name-based addressing and in-network caching allow content to be efficiently distributed/accessed. These properties of ICN have been researched in the arena of wireless domain to implement light-weighted communication protocols. In this paper, specifically, we present an ICN-based content delivery scheme for Internet-of-Things (IoT), and show how the proposed scheme support seamless hand-off.

ABSTRACT. Software-defined networks (SDN) proposed a new conception of network architecture, which facilitates the innovation of network rapidly. The main components are OpenFlow-capable switches and controller, with those components, control plane is decoupled from data plane and network administrators have programmable central control of network traffic via a controller. Although this new concept of networks infrastructure leads to the progress in networking, it encounters security challenges existing in traditional network and it also introduces new security issues specific to SDN. This paper explores major possible security threats and attacks in SDN switch and proposes new approach to dynamically detect and monitor malicious behaviors on flow message passing and defend such attacks to militate the security threats to switch flow table the channel between switch and controller.

ABSTRACT. Due to the rapid development of mobile devices and location-based services, location-based social networks (LBSNs) have become very popular in our daily-life. Malicious account detection is very helpful for different kinds of practical applica- tions. In this paper, we explore the malicious account detection problem by introducing a deep learning-based framework. By using the long short-term memory (LSTM) neural network, we are able to build a classifier to achieve the binary classification. By using the real data collected from Momo, a widely used LBSN which has more than 180 million users around the world, we evaluate our framework and the result shows great promise for malicious account detection tasks.

ABSTRACT. Cyber-attacks become more and more complex, but the network situation assessment based on log analysis cannot meet the security requirements because of the low quality of logs and alerts. This paper addresses the lack of consideration of security attributes of hosts and attacks in network. What’s more, the most common attacks, identity and effectiveness of Distributed Denial of Service (DDoS) are hard to be proved in risk assessment based on alerts and flow matching. The multi-dimension threat situation assessment method based on network security attributes is proposed in this paper. Firstly, it gives an adaptive Common Vulnerability Scoring System (CVSS) calculation, which considers asset value as environment metric. Secondly, it collects deterioration rate of properties by sensors in hosts and network, that aims at assessing the time and level of DDoS attacks. Thirdly, to adopt distribution of asset value in security attributes considering the features of attacks and network, which aims at assessing and showing the whole situation. Experiments demonstrate that the approach reflects effectiveness and level of DDoS attacks, and the results show the primary threat and security requirement of network. By comparison and analytic study, the method reflects more in security requirement and security risk situation than traditional methods based on alert and flow analyzing.

ABSTRACT. A challenge in frequency hopping spread spectrum (FHSS) communication chirp interference mitigation is the requirement of a high sampling rate for wideband FHSS signal. We demonstrate that we could filter out the interference in the system after compressed sampling. Using different sparsity feature of the FHSS signal and the chirp interference, a chirp interference mitigation model is proposed in this paper, we achieve the interference mitigation by suppressing the interference components in the signal sparse coefficient vector which is estimated using the compressed data. The algorithm is designed using two stage compressive sampling matching pursuit (CoSaMP) algorithm. In contrast with traditional methods, the proposed method could suppress the chirp interference effectively with the prior information of the interference sparse degree. The simulation results show a reliable chirp interference mitigation performance even in low SNR and low sub-sampling rate, the interference mitigation performance is robust to the variations of the interference intensity and the interference cycle.

ABSTRACT. Wireless sensor network (WSN) consists of a large number of nodes. How to collect data efficiently in WSN has been widespread concerned. The proposal of compressive sensing technology provides a novel way for big data collection in WSN. Considered the wireless sensor network clustering structure, a new data collecting method based on sparse hybrid compressive sensing is proposed. The collection process is as follows: in the cluster, the sink node sets the corresponding seed vector based on the distribution of network, and then sends it to each cluster head. Cluster head can generate corresponding own random spacing sparse matrix based on its received seed vector, and collect data through compressive sensing technology; Among clusters, clusters forward measurement values to sink node along multi-hop routing tree which we built before. Performance analyzing and comparison of results show that this method is superior to other methods regardless of in a cluster or inter-cluster.

ABSTRACT. Configuring firewalls is no easy task because typically there are hundreds of thousands of filtering rules (i.e., rules in the Access Control List file; or ACL for short) which could be set up in firewalls, and these rules can affect mutually. Based on the success of our previous work on anomaly diagnosis in firewall rules, this paper describes our newly developed diagnosis mechanisms which can speedily discover anomalies of stateful rules within/among firewalls with an innovative data structure – Enhanced Adaptive Rule Anomaly Relationship (Enhanced –ARAR) tree. With the assistance of the data structure and associated algorithms, our developed system prototype shows its feasibility in anomaly diagnosis for stateful Internet firewalls.

ABSTRACT. The mobile wireless sensor networks have been used in many popular applications. However, the limited battery capacity of sensor nodes is still one of the key issues in wireless sensor networks (WSNs). The new and effective way is to use wireless energy transfer and rechargeable lithium batteries to solve this problem. To improve the charging energy effectiveness, we introduce a stop-wait scheme that allows the mobile charger (MC) to stop and wait to charge the coming mobile sensors. The lifetime of the WSNs is considered to assure that each sensor will not run out of energy. The simulation experiment shows that our algorithm improves the energy usage effectiveness.

ABSTRACT. This poster paper describes our trial of QoS control using packet classification based on the time sequence of the beginning of flows. In contrast to the classification of flows using the total sequence, utilization of only the first few packets for classification is difficult. We explore this approach with several different time windows both at the learning phase and at the identification phase.

ABSTRACT. In open network environments, since there is no centralized authority to monitor misbehaving entities, malicious entities can easily cause degradation of service quality. Trust has become an important factor to ensure network security, which can help entities to distinguish between good partners and bad ones. In this paper, trust in open network environment is regarded as a self-organizing system, using self-organization principle of human social trust propagation, a genetic trust evaluation method with self-optimization and family attributes is proposed. In this method, factors of trust evaluation include time, IP, behavior feedback and intuitive trust. Data structure of access record table and trust record table are designed to store the relationship between ancestor nodes and descendant nodes. Simulate biological evolution process, a genetic trust searching algorithm is designed. Based on trust information of the current node’s ancestors, heuristics generate randomly chromosome populations, whose structure includes time, IP address, behavior feedback and intuitive trust. Then crossover and mutation strategy is used to make the population evolutionary searching. According to the genetic searching termination condition, the optimal trust chromosome in the population is selected, and trust value of the chromosome is computed, which is the node’s genetic trust evaluation result. The simulation result shows that the genetic trust evaluation method is effective, and trust evaluation process of the current node can be regarded as the process of searching for optimal trust results from the ancestor nodes’ information. With increasing of ancestor nodes’ genetic trust information, the trust evaluation result from genetic algorithm searching is more accurate, which can effectively solve the joint fraud problem.

ABSTRACT. The signal quality of Wi-Fi networks tends to decrease in settings with high client density, bad Access Point (AP) coverage, or radio interferences from the presence of rogue APs (RAPs). This work proposes a novel solution for monitoring of the Wi-Fi network through a crowdsensing approach, combining data collected from user devices and fixed monitoring nodes. The developed system assesses Wi-Fi signal quality, detects and assails rogue APs, assesses the number of clients per area and the RAPs impact on the signal surrounding them. The system, tested on a large faculty building with over 1,000 Wi-Fi users, proved to be efficient, simple to use and adaptable, being easily deployed in any large and multi-floored building and network.

ABSTRACT. Traditional group multicast routing is well known for its difficulty. The technology of network coding bring a new light to this problem. This paper addresses the network coded group multicast routing problem. We propose a hierarchical decomposition model for the optimal problem by using dual decomposition twice and implement the model in a distributed manner. Finally, we prove that our algorithm is feasible and evaluate its convergence performance by a numerical example.