ABSTRACT. The breakthrough of wireless power transfer technology provides an effective solution to the problem of energy depletion in Wireless Rechargeable Sensor Networks (WRSNs). Most existing work focuses on charging between a mobile charger and a requested sensor, such as NJNP and SAMER, under the assumption that sensors have the same battery capacity and energy consumption rate. In reality, it is more general that a WRSN consists of different types of sensors where they have different battery capacity and energy consumption rate, which is referred as Heterogeneous Wireless Rechargeable Sensor Network (HWRSN). We propose a novel online charging algorithm called VTMT to solve the charging problem in HWRSN. First, we propose the concept of Virtual Time, which is positively correlated with the waiting time of the requested sensor. Then selects the next charging sensor primarily based on the Virtual Time (VT) of the sensor and the Moving Time (MT) of the mobile charger to the node. Simulation results show that VTMT outperforms other charging schemes, which effectively reduce the failure rate of nodes and ensure the scheduling fairness.

ABSTRACT. The Internet of Things (IoT) is based on data collection for future processing and decision making. In multihop Low-Power and Lossy Network (LLN) scenarios, efficient data forwarding in terms of generated traffic and energy consumption is fundamental. This paper revisits the concept of mobile agents to collect data along the agents's itinerary. The idea is to avoid sending requests to the network when non-expired contents that were opportunistically collected are available in the cache of a central element. In the proposed mechanism, the itinerary is composed of devices of interest and intermediate devices in a closed loop at the origin. Knapsack optimization is used to add unsolicited data opportunistically. The reward is calculated according to the popularity of the data. Simulations show that it is possible to reduce network traffic and the energy consumed by devices when compared to the traditional mobile agent data gathering model.

ABSTRACT. With the growth of the Internet of Things (IoT) appliances in industrial environments, known as Industry 4.0, more and more wireless multi-hop network solutions are employed. The IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is the de facto Low-power and Lossy Network (LLN) protocol specially designed for industrial use-cases. However, the default operation of RPL does not have enough features to ensure a high level of network reliability and minimum latency-jitter performance. The use of IEEE Std 802.15.4-2015 Time Slot Channel Hopping (TSCH) at the Medium Access Control (MAC) layer can mitigate the effects of external interference by re-transmitting over different radio frequency. Still, this standard does not support possible link failures or nodes over-the-air programming. In this paper, we propose the use of multiple disjoint paths to ensure reliable and available networking when RPL and TSCH standards are employed. Indeed, we present two disjoint approaches: i) packet replication at the source node, and ii) packet replication at the source node and scattering at the merging point node. We implemented these two algorithms over Contiki OS and evaluated their trade-offs over the simulated network environment provided by COOJA. Finally, we compared these solutions against the state-of-the-art Packet Automatic Repeat reQuest (ARQ), Replication and Elimination (RE), and Overhearing (PAREO) technique that proposes a braided multi-path pattern.

ABSTRACT. The Battery Management System (BMS) of an Electric Vehicle (EV) is a system designed to ensure safe operation of the battery pack, and reporting its state to other systems. It is a complex and distributed system. In today's BMS implementations, the communication is performed through wire buses. In this paper, we study the opportunity to use standardized Internet of Things (IoT) protocols for these communications and in such an environment, and IEEE Std 802.15.4-2015 Time Slotted Channel Hopping (TSCH) in particular. We first describe the real-world experiments we did to measure the link quality at Medium Access Control (MAC) layer for wireless nodes placed inside an EV battery pack. Then, we propose a topology management and TSCH scheduling strategy using Linear Programming, based on the results obtained in the experiments.

ABSTRACT. IEEE Std 802.15.4-2015 Time Slotted Channel Hopping (TSCH) is the de facto Medium Access Control (MAC) mechanism for the industrial applications. It renders communications more resilient to interference by spreading them over time (time slotted) and frequency (channel hopping) domains. The 6TiSCH architecture bases itself on this new MAC layer to enable high reliability communication in Wireless Sensor Network (WSN). In particular, it manages the construction of a distributed communication schedule that continuously adapts to changes in the network. In this paper, we first provide a thorough description of the 6TiSCH architecture, the 6TiSCH Operation Sublayer (6top), and the Minimal Scheduling Function (MSF). We then study its behavior and reactivity from low to high traffic rates by employing the python-based 6TiSCH simulator. Our performance evaluation results demonstrate that the convergence pattern of MSF is at the origin of the majority of packet losses observed in the network. We also show that MSF is subject to over-provisioning of the network resources, especially in the case of varying traffic load.

ABSTRACT. Network monitoring has always being a challenge for network administrators. Their tasks are to keep track of every node in a network and ensure that they behave correctly. The Simple Network Management Protocol (SNMP) was designed to aid network administrators in their everyday tasks. A new wave of devices has been coming in the last years where small embedded devices are also being connected to the network. These new devices are part of the Internet of Things (IoT). IoT devices differ in many aspects from traditional networks. However, the main challenges with IoT devices is their hardware constraints (very limited memory and processing resources) and their limited energy budget. Indeed, they are usually powered by batteries and can be deployed in harsh environments. The current monitoring protocols were designed without taking the constraints of IoT devices into account. In an IoT context, there are very limited resources available for monitor constrained devices. While the current protocols do work with these devices they have an unnecessary overhead resulting in a waste of resources that could otherwise be used for some other task, or to save energy. This work proposes a new protocol designed for embedded devices and evaluates it against the state of the art.

ABSTRACT. The Internet of Things (IoT) enables software to orchestrate physical spaces. This results in high security requirements for IoT communication in factories, households, or critical infrastructures. Besides point-to-point communication, group communication is frequently used in the IoT. It has to be secured, which typically requires the exchange of cryptographic keys. Several protocols have been proposed for Group Key Management (GKM). They vary in their targeted settings, in their Key Distribution Model, Architecture Model, Reliability Properties, and Protocol Overhead. This paper surveys existing GKM mechanisms, analyzes their suitability for constraint IoT settings, and identifies open issues that require further research.

ABSTRACT. Abstract—Recent research shows the increasing threat to website fingerprints (WF) of privacy-sensitive web users especially with machine learning technique such as deep learning or machine learning(DL/ML) decreased efficiency of previous countermeasures. It caused by the range of features of previous countermeasures manually extract cannot cover the features automatically extracted by DL/ML based attacks. In this paper, we propose a black-box countermeasure to website fingerprint attack based on decision-boundary confusion. It discards the manual selection of features, but uses the classification results of classifiers to determine the decision boundary of classifiers, so as to automatically find the adversarial traffic that can confuse the classifier. At the same time, in order to fix the retrain problem caused by adversarial traffic, we add a method bases on Monte Carlo estimation to confuse decision boundary. Therefore, it is difficult for classifiers to form stable and effective decision boundary after retraining the adversarial traffic. Results shows that our method gets a defense success rate of 72.4% when facing the baseline WF Attacks, outperforming existing SOTA method Walkie-Talkie’s 63.6% defense success rate. At the same time, our method improves the ability of the adversarial traffic to resist retrain, increased the retrain defense success rate from 6.4% to 72.4% under 31% overhead.

ABSTRACT. The domain name system (DNS) is the infrastructure of many services and applications, thus the availability and consistency of the domain name resolution process are crucial but have long troubled DNS. The availability problem is caused by a denial-of-service (DoS) attack or a single point of failure (SPOF). The consistency problem originates from the lack of a forced data synchronization mechanism between authoritative server replicas or between parent/child authoritative servers. We proposed a novel blockchain-based domain name resolution and management architecture named FI-DNS to solve the above problems fundamentally. FI-DNS solves availability and consistency problems in the name resolution process from the mechanism level and guarantees the authenticity and integrity of name resolution results by using public-key cryptography. FI-DNS also supports root zone collaborative management based on smart contracts, which is compatible with the current governance model led by Internet Corporation for Assigned Names and Numbers (ICANN). We implemented the prototype system to prove the feasibility and effectiveness of the FI-DNS architecture. We built an experimental environment with real domain name data, evaluated the name resolution performance and stability of the FI-DNS prototype system, and compared the prototype system with DNS.

ABSTRACT. The SM4 algorithm is the first commercial cryptographic algorithm officially announced in China for wireless local area network products. It is suitable for scenarios that require high real-time performance, such as wireless communication and IoT sensor nodes. It can be seen that the security research of the SM4 algorithm is of great significance to wireless devices in the IoT. Like other symmetric encryption algorithms, the SM4 algorithm faces some security threats, such as side-channel attacks. Among them, cache timing attacks and power/electromagnetic analysis attacks are becoming more and more threatening due to their low execution difficulty and powerful attack capabilities. Most implementations of anti-side channel attacks against the SM4 algorithm can only resist one of above two attacks. However, side-channel leakages associated with above attacks often coexist.

Therefore in this paper, we present a hardware/software collaborative SM4 implementation on ARM-FPGA embedded SoC which can resist above two types of attacks simultaneously. It randomly divides the 32 rounds of SM4 encryption into three stages: the beginning software stage, the middle hardware stage, and the final software stage. Besides, we shuffle the order of some independent operations in each round of the software stages and add dummy rounds to the hardware stage. Finally, we conduct above two types of attacks on unprotected software/hardware SM4, shuffled software SM4 and our scheme, then evaluate their performance respectively. The data throughput of our scheme is 0.86 times that of the original software SM4, while the FPGA resource requirements of our scheme are 0.87 times that of the unprotected hardware implementation.

ABSTRACT. Aiming at the problem of trace anonymization performance of backbone networks, we propose a real-time anonymization method for the IP address of backbone network packets based on flow tables (named AFT-Anon). This method can dynamically build an anonymous flow table based on the captured data packets. The first data packet of a network flow is encrypted according to a specific encryption algorithm, and the encrypted fields are stored in the flow record. Subsequent data packets can obtain the encrypted fields by searching flow records and replace the corresponding fields of the original data packets to achieve anonymization of data packets. Based on the proposed method, a high-speed network anonymization system is developed and deployed on the backbone link of an Internet service provider network. Experimental results show that the proposed method can improve the anonymization performance by more than 20 times, compared with the existing methods such as Crypto-Pan, and it can meet the requirements for online anonymization of 10G link.

ABSTRACT. The IEEE 802.15.4-2015 standard includes the SUN (Smart Utility Networks) modulations, i.e., SUN-FSK, SUN-OQPSK and SUN-OFDM, which provide long range communications and allow to trade data rate, occupied bandwidth and reliability. However, given the constraints of low-power devices and the challenges of the wireless channel, communication reliability cannot still meet the PDR (Packet Delivery Ratio) requirements of industrial applications, i.e., PDR>99%. Hence, in this paper we evaluate the benefits of improving communication reliability by combining packet transmissions with modulation diversity using multiple IEEE 802.15.4g SUN modulations. The results derived from a real-world deployment show that going from 1 to 3 packet transmissions with the same SUN modulation can increase PDR from 85.0/84.6/71.3% to 94.2/94.1/86.0% using SUN-FSK, SUN-OQPSK and SUN-OFDM, respectively. Combining the same number of packet transmissions with modulation diversity allows to further increase the average PDR to 97.1%, indicating its potential as a tool to help meeting the reliability requirements of industrial applications.

ABSTRACT. We propose an optimization model for single-cell LoRaWAN planning which computes the limit range of each spreading factor (SF) in order to maximize the minimum packet delivery ratio (PDR) of every node in the network. It allows to balance the opposite effects of attenuation and collision of the transmissions and guarantee fairness among the nodes. We show that our optimization framework improves the worst PDR of the nodes by more than 13 percentage points compared to usual SF boundaries based on SNR threshold. A study of the tradeoff between precision and resolution time of the model shows its effectiveness even with a small number of possible distance limits, and its scalability when the node density increases.

ABSTRACT. Long Range Wide Area Network (LoRaWAN) enables flexible long-range communication with low power consumption and low-cost design perspectives. However, the adoption of this technology brings new challenges due to the densification of IoT devices in the network, which causes signal interference and affects the QoS directly. On the other hand, the flexibility in the LoRaWAN transmission configurations allows higher management in the use of end-device parameters, which allows better resource utilization and improves network scalability. This paper proposes an adaptive solution to handle the define best LoRaWAN parameter settings to reduce the channel utilization and, consequently, maximize the number of packets delivered. Additionally, to validate our method, we formulated mixed-Integer linear programming and results compared to those given by the heuristics. Results provided by the heuristic are close to those provided by the MILP.

ABSTRACT. This paper explores the possibility of having confirmed traffic in LoRaWAN networks under channel-oblivious jamming. Our results show that a LoRaWAN cell can handle up to 500 end-devices with a relatively good message success probability 0.8 if the network is strongly jammed 60 % of the time by using a maximum of 16 re-transmissions.

We have also proved that using a channel for downlink transmissions operating in the lowest SF is a major weakness in the LoRaWAN specification. Indeed, our results suggest that for a LoRaWAN cell with 600 end-devices the network goodput can be decreased by 53.06 % when ACK transmissions on the second receive window are allowed. This was done by using an open-source network simulator that allows evaluating many scenarios that can help LoRaWAN operators to better scale their networks in order to be more resilient against jamming attacks before actual deployments.

ABSTRACT. Recently, NB-IoT, LTE Cat-M1, Sigfox, and LoRa have been proposed as promising Low-Power Wide Area Networks (LPWANs) technologies for Internet-of-Things (IoT) applications. These technologies are aimed for IoT applications such as smart meters that can tolerate long transmission delays and only need a narrow band to periodically transmit a small amount of data. Although the performances of these technologies have been studied or compared in the literature, most comparisons were conducted in non-mobile conditions. In this work, we used drones flying at 70 km/hr along a 10 km motorway to do the performance measurements. In this paper, we report and compare the performances of these technologies in such high-speed mobile conditions in the air.

ABSTRACT. LoRaWAN is a popular low power wide area network technology widely deployed used in many scenarios, such as environmental monitoring and smart cities. Different applications demand various quality of service (QoS), and their service within a single network requires special solutions for QoS provision. We consider the problem of QoS provision in heterogeneous LoRaWAN networks that consist of several groups of devices that require different packet loss rate (PLR). To solve this problem, we develop a mathematical model that can find the PLR distribution in a LoRaWAN network. With the model, we show that the PLR can vary significantly, and it is wrong to consider only the average PLR for the QoS provision. Finally, we develop an algorithm for assigning modulation and coding schemes to end-devices that provides PLRs below the required thresholds.

ABSTRACT. Spatial modulation (SM) is a promising scheme to avoid inter channel interference involved in classical MIMO systems as a result of its elegant design that activates only one transmit antenna at each signaling period. In addition, the demand to provide data services for vehicular communication applications is ever increasing. Therefore, in this paper, we investigate the average bit error probability (ABEP) performance of a vehicular SM communication system operating over Rayleigh fading channel that is varying from one signaling period to another within the same transmitted data block. Further, to simplify the decoding complexity at the receiver, the channel is assumed to be estimated at the first location of each data block and then used to detect the received symbols at the remaining locations of the block. For such a system, and unlike other literature works, we derive novel, exact and closed-form simplified enough expressions for the average pairwise error probabilities (average-PEPs), which are then used to compute the system’s overall per-block ABEP efficiently. The derived expressions are generic and valid for vehicular and non-vehicular fading environments. Numerical and simulation results of various examples are provided to validate the theoretical analyses and also to get some insights into the effect of the different vehicular system parameters (such as the speed of the mobile, the carrier frequency, and the block size of the channel variations) on the overall SM error performance.

ABSTRACT. To increase traffic safety and transportation efficiency, adopting intelligent transportation systems (ITS) has become a trend. As an important component of ITS, one essential task of autonomous vehicles is to detect pedestrians accurately, which is of great significance for improving traffic safety and building a smart city. In this paper, we propose an anchor-free pedestrian detection model named Bi-Center Network (BCNet) by fusing the full body center and visible part center for each pedestrian. Experimental results show that the performance of pedestrian detection can be improved with a strengthened heatmap, which combines the full body with the visible part semantic. We compare our BCNet with state-of-the-art models on the CityPersons dataset and the ETH dataset, which shows that our approach is effective and achieves a promising performance.

ABSTRACT. In Connected Autonomous Vehicles scenarios or CAV, ubiquitous connectivity will play a significant role in the safety of the vehicles and passengers. The extensive amount of sensors in each car will generate vast amounts of data that cannot be processed promptly by onboard units. Edge and fog computing are emerging solutions for remote data processing for autonomous vehicles, offering higher computing power, as well as the low latency required by autonomous driving. However, due to the highly distributed nature of fog and edge computing servers, CAV mobility may pose a challenge to keep services close to end-users and maintaining QoS. In this paper, we propose MOSAIC, service migration, and resource management algorithm for intra-tier and inter-tier communication in edge and fog computing. The proposed solution performs proactive migration of services based on mobility information, server resources, QoS, and network conditions. Simulation results show the efficiency of the proposed algorithm in terms of latency, migration failures, and network throughput.

ABSTRACT. Vehicular Ad Hoc networks (VANETs) is a new emerging technology that aims at connecting vehicles using wireless communication technologies. With the emergence of VANETs, new advanced applications have emerged away which aim at enhancing driving safety and traffic management. These applications exploit the huge amount of data, shared between vehicles and infrastructure, through advanced data analysis. Due to resources limitation of vehicles, this increasing volume of data is stored on powerful edge computing servers spread over the VANETs infrastructure. However, these edge servers are not fully trusted, which rise new serious security and privacy challenges regarding the shared data between vehicles. In this work, we propose a new data-sharing scheme that protects the privacy of vehicles and drivers. We base our construction on consortium blockchain, smart contracts and Zero-Knowledge Proofs (ZKP) to propose a decentralized and anonymous data-sharing scheme. In addition, we propose a fine-grained data storage scheme on the top of blockchain, based on publish-subscribe model to enhance the data management. We confirm the efficiency of our scheme through extensive simulations and experiments. The numerical results showed that our protocol achieves a reasonable efficiency while guaranteeing a high level of security.

ABSTRACT. The fifth generation (5G) cellular networks tend to be ultra dense networks (UDN). Among the 5G UDN challenges, it is the creation and the management of virtual cells centered on the user. By the literature was not found any work that has directly associated a vehicle-centric probabilistic approach to virtual cell management in ultra dense 5G networks as proposed in this paper as contribution for the technological development on 5G networks use, what indicates its originality. Considering scenarios involving high mobility, such as Internet of Vehicles (IoV) or Vehicle-to-Network (V2N) communications, this challenge becomes even greater. For this purpose, this article presents a virtual cells selection probabilistic approach focused on the V2N communications. All the processing based on speed criteria and complex network metrics is performed inside a controller that is required to manage the virtual cells. The motivation to use different metrics of radio masts is that one has physical applications as algebras operator in purely mathematical contexts, while other finds wide application in network theory. Simulations were performed through the Network Simulator ns-3. The results show that the proposed approach allows more assertive virtual cells selection, improving the services offered by IoV through the 5G networks.

ABSTRACT. In this paper, we propose a GPU-based QC-LDPC decoder for 5G New Radio(NR). Different from exist LDPC decoders based on GPUs, our decoder achieves high throughput when decoding LDPC codes with high code rates. Moreover, we implement the shortening and puncturing techniques which are exploited by 5G NR. The decoding algorithm MSA is optimized to implement efficient parallel decoding on the GPU. In order to save the on-chip and the off-chip bandwidth, we propose the two-level quantization scheme and implement data packing on the GPU. We also analyse the optimum thread assignment for different code rates based on our implementation. By using the optimum settings on the GPU, the decoding throughput achieves 1.38 Gbps in the case of (2080, 1760), r=5/6 on Nvidia RTX 2080Ti.

ABSTRACT. Network Slicing aims for creating isolated virtual networks called \emph{slices} on the same physical infrastructure. The network resources are allocated to the slices according to their specific service requirements. This paper proposes Dynamic User Count Aware (DUCA) method for allocating radio access network resources to slices. Different than previous work DUCA accounts for the slice user count for deciding the amount of slice resources. To this end, DUCA increases the number of granted users in the network, increases the fairness of resource allocation towards slices with large number of users and small user bandwidth demands. The slices with small number of users and large bandwidth demands have better fitting resource allocation to their requests increasing the efficiency. We evaluate DUCA using simulation and compare its performance two to relevant previous resource allocation frameworks. We observe that DUCA achieves the above benefits with comparatively better results.

ABSTRACT. Adaptive streaming is a technique used in multimedia over computer networks where the source content is encoded to decide about which bit rate segments to download, through algorithms. The contribution of this work is the investigation about which and why an adaptation algorithm can be included running as service, aiming to relax network congestion while improving the user experience at onboard entertainment services. The goal of this present paper was to analyze the multimedia service delivery, to evaluate vehicular Internet-based video services traffic in urban scenarios with different vehicle densities, and to perform vehicle communication simulations in 5G network to estimate the metrics about the selected algorithm in this study that are: amount of playback interruptions, video quality, quality of transitions, average buffer level, average bit rate and bit rate switching frequency, throughput, unfairness, instability, and inefficiency. The results have shown PANDA as the best adaptive streaming algorithms to perform videos in vehicular communications in urban scenarios.

ABSTRACT. Many use cases are meant to be supported by the fifth generation (5G) wireless technology. The one which is occupying the research area for its challenging requirements is the Ultra Reliable Low Latency Communications (URLLC). Hybrid Automatic Repeat reQuest (HARQ) protocol is used to ensure reliability but it induces delay. Furthermore, the transmission in the Radio Access Network (RAN) should be taken into account in the delay budget. In this paper, we jointly analyze the reliability and the delay with two RAN architectures : the legacy one where only one radio unit receives the packet from a terminal and a Centralized-RAN (C-RAN) architecture where several radio units can decode a packet. We propose to combine these approaches in a flexible architecture. The observed enhancement is a division by 850 of the packet erasure rate compared to the legacy architecture with a latency of 3 milliseconds.

ABSTRACT. The principal tenet of C-RAN is the softwarization of the base-band signal processing, which enables the sharing of computing resources among multiple radio heads. When the aggregate demand exceeds the processing capacity, a fraction of the radio packets is lost at PHY layer. Traditional computing resource allocation policies aim to minimize the packet loss rate. Dropping a PHY packet triggers a retransmission, unless the lost packet corresponds to the last available HARQ round, in which case the entirety of the radio resources spent on the multiple transmissions go to waste. This suggests that allocating computing resource accounting also for the HARQ transmission history may make a more efficient use of the bandwidth. We consider a simplified LTE uplink setting, and we measure the performance at the lower MAC layer (accuracy, goodput and average delay). We first compare the PHY-layer loss rate minimization and the cross-layer approaches using an ILP formulation. The cross-layer approach brings a tangible improvement, especially in accuracy. This suggests, for future work, that joint radio and computing resource allocation may further enhance spectral efficiency. We finally propose a probabilistic algorithm amenable to real-time operation which allows to mix strategies via parameter tuning, and we use it to explore the region of achievable goodput/accuracy trade-offs.

ABSTRACT. The emergence of programmable switches has boosted lots of research around many network aspects: measurements, security, quality of services. To explore the advantages of programmable data planes while preserving the legacy networking systems, deploying programmable switches incrementally may be a more practical solution. In this paper, we deal with the programmable switch deploy problem for sketch-based network measurement, which has been overlooked before. We first analyze the desired properties of a good deployment for sketch-based network measurement with some examples. Based on summarized lessons, we then develop two Integer Linear Programming (ILP) models, namely TraceILP and TopoILP, to solve the deployment problem. If historical traffic traces are provided, TraceILP generates better deployment with historical information. Even if no traces are provided, TopoILP can still make a reasonable strategy according to the network topology. Evaluations on real ISP and datacenter topologies show that proposed models grantee a promising measurement performance with only about 40% devices upgraded to programmable ones.

ABSTRACT. Synchronizing clocks is crucial for distributed safety-critical in-vehicle applications. Since Controller Area Network (CAN) is the predominant in-vehicle communication bus, it is highly relevant to realize clock synchronization (CS) on CAN. This paper proposes a new software-based CS (SW-CS) algorithm based on the periodic transmission of reference messages (RMs) by a Master node and discrete-time feedback control. Different from existing algorithms, that only update clocks after receiving a RM, our algorithm corrects the clock drift between RMs. Measurements on a hardware setup show a decrease of the clock differences by more than one order of magnitude.

ABSTRACT. The traffic generated by video streaming applications constitutes a large portion of the Internet traffic carried over today's networks. Video streaming demands low latency and high bandwidth. In particular, the transmission of high-quality (high-resolution) streaming video may put the network under pressure. Therefore, high-quality video traffic requires network managers to implement smart and fast routing decisions. Software Defined Networking (SDN) provides a global view and centralized control for the whole network which gives opportunities to dynamically manage networks. In this paper, we use an OpenFlow-based SDN environment and propose a dynamic routing scheme with online traffic estimation to increase the quality of high-quality video streaming and the throughput of the network. The traffic is clustered using an unsupervised machine learning algorithm, high-quality video flows are identified and routed over less congested paths. The whole design is tested in the Mininet simulator. Simulation results show that the proposed scheme improves the link utilization and reduces the amount of dropped frames as a result of excessive delay.

ABSTRACT. A crucial requirement for the network service provider is to satisfy the Service Level Agreements (SLA) that it has made with its customers. Coexisting network tenants may have agreed different SLAs, and thus, the service provider must be able to provide QoS differentiation in order to meet his contractual commitments. Current one-size-fits-all routing models are not appropriate for all network tenants if their individual SLA requirements are to be efficiently met. We propose a SDN-based multi-cost routing approach which allocates network resources based on a portfolio of tenant SLA, which achieves the goal of accommodating multiple tenants, given their SLAs. This routing approach allocates routes based on both the hop count and the probability of link failure. Experimental evaluation demonstrates that the assignment of network paths to tenants is prioritised according to the SLA class of the tenant. Differentiation between tenants who have different SLAs is achieved. Finally, we demonstrate how the routing model operates and how it impacts upon the provision of different levels of service.

ABSTRACT. With more and more Internet services have migrated to data centers, traffic in data center networks has grown up rapidly in recent years. Previous studies have shown that elephant flows usually carry large amount of data and are critical to the performance of data centers. To avoid network congestion and balance load, many flow scheduling approaches leverage SDN technology to schedule elephant flows dynamically. However, in most existing approaches, the controller queries switches periodically with the static polling period, which cannot adapt to traffic dynamics. More importantly, the overhead of the controller caused by querying switches and handling flows can be further reduced. In this paper, we present EAshman, a low-cost elephant flow scheduling framework to reduce the overhead of the controller and improve network throughput. In EAshman, an adaptive polling period adjustment algorithm is proposed to dynamically adjust the polling period based on the real-time traffic, aiming to reduce the message overhead of the controller. To improve network throughput, we propose a Probability-based path selection algorithm, which considers the problem of bandwidth fragmentation and uses the transmission rate of elephant flows as the evaluation parameter when searching the new path for elephant flows. Simulation results show that EAshman can significantly save the overhead of the controller and achieve a higher throughput compared to Ashman

ABSTRACT. DGA-based botnet, which uses Domain Generation Algorithms (DGAs) to evade supervision, has become a part of the most destructive threats to network security. Over the past decades, a wealth of defense mechanisms focusing on domain features have emerged to address the problem. Nonetheless, DGA detection remains a daunting and challenging task due to the big data nature of Internet traffic and the potential fact that the linguistic features extracted only from the domain names are insufficient and the enemies could easily forge them to disturb detection. In this paper, we propose a novel DGA detection system which employs an incremental word-embeddings method to capture the interactions between end hosts and domains, characterize time-series patterns of DNS queries for each IP address and therefore explore temporal similarities between domains. We carefully modify the Word2Vec algorithm and leverage it to automatically learn dynamic and discriminative feature representations for over 1.9 million domains, and develop an simple classifier for distinguishing malicious domains from the benign. Given the ability to identify temporal patterns of domains and update models incrementally, the proposed scheme makes the progress towards adapting to the changing and evolving strategies of DGA domains. Our system is evaluated and compared with the state-of-art system FANCI and two deep-learning methods CNN and LSTM, with data from a large university's network named TUNET. The results suggest that our system outperforms the strong competitors by a large margin on multiple metrics and meanwhile achieves a remarkable speed-up on model updating.

ABSTRACT. In multiple real life situations involving several agents, cooperation can be beneficial for all. For example, some telecommunication or electricity providers may cooperate in order to address occasional resources needs by giving to coopetitors some quantities of their own surplus while expecting in return a similar service. However, since agents are a priori egoist, the risk of being exploited is high. In this work, we propose to model this kind of situations as a social dilemma (a situation where Nash Equilibrium is non optimal) in which each agent knows only its own state. We design an algorithm modelling the agents whose goal is to make transactions in order to augment their own utility. The algorithm needs to be robust to defection and encourage cooperation. Our framework modelling each agent consists in iterations divided in four major steps: the communication of demands/needs, the detection of opponent cooperation, the cooperation response policy and finally the allocation of resources. In this paper, we focus on the cooperation response policy. We propose a new version of tit-for-tat and we evaluate it with metrics such as safety and incentive-compatibility. Several experiments are performed and confirm the relevance of our improvement.

ABSTRACT. The network calculus (NC) analysis takes a simple model consisting of a network of schedulers and data flows crossing them. A number of analysis "building blocks" can then be applied to capture the model without imposing pessimistic assumptions like self-contention on tandems of servers. Yet, adding pessimism cannot always be avoided. To compute the best bound on a single flow's end-to-end delay thus boils down to finding the least pessimistic contention models for all tandems of schedulers in the network - and an exhaustive search can easily become a very resource intensive task. The literature proposes a promising solution to this dilemma: a heuristic making use of machine learning (ML) predictions inside the NC analysis.

While results of this work are promising in terms of delay bound quality and computational effort, there is little to no insight on when a prediction is made or if the trained machine can achieve similarly striking results in networks vastly differing from its training data. In this paper we address these pending questions. We evaluate the influence of the training data and its features on accuracy, impact and scalability. Additionally, we contribute an extension of the method by predicting the best n contention model alternatives in order to achieve increased robustness for its application outside the training data. Our numerical evaluation shows that good accuracy can still be achieved on large networks although we restrict the training to networks that are two orders of magnitude smaller.

ABSTRACT. With the increasing highlighted security concerns in Intelligent Transportation System (ITS), Vehicle Make and Model Recognition (VMMR) has attracted a lot of attention in recent years. The VMMR method can be widely used in suspicious vehicle recognition, urban traffic monitoring, and the automated driving system. With the development of the Vehicle-to-Everything (V2X) technology, the vehicle information recognized by the AI-based VMMR method can be shared among vehicles and other participants within the transportation system, which helps the police fast locate the suspicious vehicle. VMMR is complicated due to the subtle visual differences among vehicle models. In this paper, we propose a novel Recurrent Attention Unit (RAU) to expand the standard Convolutional Neural Network (CNN) architecture for VMMR. The proposed RAU learns to recognize the discriminative part of a vehicle from multiple scales and builds up a connection with the prominent information in a recurrent way. RAU is a modular unit. It can be easily applied to different layers of the vanilla CNN architectures to boost their performance on VMMR. The efficiency of our models is tested on three challenging VMMR benchmark datasets, i.e., Stanford Cars, CompCars, and CompCars Surveillance. The proposed ResNet101-RAU achieves the best performance 93.81% on the Stanford Cars dataset and 97.84% on the CompCars dataset.

ABSTRACT. In the field of remote surveillance, acquiring the high-quality voice of target has always been an exciting goal. In this paper, we propose a convolutional neural network based method to extract the target’s speech signals remotely. The method consists of two parts: the optical setup enables us to obtain speckle images conveniently and covertly, and the convolutional neural model is used to recovers speech signals from continuous speckle images. Correlation coefficient and root mean square error metrics show the effectiveness of our method for high-quality speech extraction. Compare to the traditional spatial image correlation, our convolutional neural model is more accurate and more efficient in speckle image processing. The model gets an average accuracy of 94% on real data and 98% on simulated data, which is far better than the spatial image correlation. Besides, by using GPU hardware, the model can process speckle images up to 237 frames per second, far more than 10 frames per second of the spatial image correlation. Experimental results show that the method is simple, efficient and accurate, which proves our significant progress in the field of remote sound extraction.

ABSTRACT. Vulnerability reports play an important role in cybersecurity. Mitigation of software vulnerabilities that can be exploited by attackers depends on the disclosure of vulnerabilities. Information regarding the vulnerability type or identifiers facilitates the automation of vulnerability management, statistical analysis of vulnerability trends, and secure software development. Labeling reports with vulnerability identifiers has been manually conducted and thus, has suffered from human errors and scalability issues owing to the shortage of security experts. In this paper, we proposed a scheme that automatically classifies each vulnerability description by type using machine learning. Through experiments, we demonstrated the performance of the proposed scheme in comparison with other algorithms, analyzed cases of misclassification, and showed the potential for numerous human errors. Furthermore, we tried to correct these errors.

ABSTRACT. Knowing the geolocation of cloud data becomes an urgent problem, which relates to cloud user equity (e.g., service compliance), service performance (e.g., disaster tolerance) and government regulations (e.g., GDPR). Unfortunately, data owners lose physical control after outsourcing data to the cloud service providers, while cloud service providers have the motivation (reducing economic costs and maximizing profits) and ability to move the data to other data centers in different geolocations. As a consequence, verifying whether the cloud data are in a specific geolocation is worthy of concern.

In this paper, we propose a novel cloud data public verification scheme, DPVGeo, which allows any entity to verify the actual geolocation of cloud data remotely. In DPVGeo, we first design an atomic proof method, which divides the proof into several minimum computation units (i.e., atomic proof), and subtly only considers the normal operations (i.e., addition and multiplication), ignoring the time-consuming exponentiation operations, to obtain accurate response delay. Second, we utilize a threshold-based closest-shortest approach to verify the geolocation of cloud data based on the response delay with high accuracy. Besides, we select both blocks and sectors randomly during each challenge to defend against the potential attacks (e.g., outsourcing attack, generation attack and replay attack). Finally, we perform a series of prototype implementations in real network environment to validate the performance of our design. The experimental results and security analysis show that our scheme is efficient and secure against semi-honest cloud service providers.

ABSTRACT. Cloud data center workloads have time-dependencies and hence they are non-i.i.d (independent and identically distributed). In this paper, we propose a new model-based method for creating synthetic workload traces for cloud data enters that have similar time characteristics and cumulative distributions to those of the actual traces. We evaluate our method using the actual resource request traces of Azure collected in 2019 and the well-known Google cloud trace. Our method enables generating synthetic traces that can be used for a more realistic evaluation of cloud data centers.

ABSTRACT. With the rapid growth of multimedia content in the social content-centric network (SocialCCN), in-network caching and caching strategy are becoming more and more important for efficient content delivery, but it also brings huge challenges to the cache space and computing capabilities in the network. In order to increase cache space and improve the computing capability in SocialCCN, in this paper, we integrate Mobile edge computing with SocialCCN (MeSoCCN) and design a novel caching strategy in MeSoCCN. Firstly, we proposed MeSoCCN, a novel architecture that integrates Mobile Edge Computing (MEC) in SocialCCN. Then, in MeSoCCN, a caching strategy based on popularity prediction is designed, which can increase the cache hit rate and reduce hop redundancy. We predict content popularity in the future and make cache placement and replacement decisions based on the prediction results. Finally, we conducted experiments and verified the effectiveness of the proposed caching strategy in MeSoCCN.

ABSTRACT. Mobile Edge Computing (MEC) is a network architecture that takes advantage of resources available at the edge of the network to enhance the mobile user experience by decreasing the service latency. MEC solutions need to dynamically allocate the requests as close as possible to their users to avoid high latency. However, the request allocation does not depend only on the geographical location of the servers, but also on their requirements. The task of choosing and allocating appropriate servers in a MEC environment is challenging because it involves many parameters. This paper proposes a Stochastic Petri Net (SPN) model to represent a MEC scenario and analyze its performance. The model focuses on parameters that can directly impact the service Mean Response Time (MRT) and resource utilization level. We propose case studies with numerical analyzes using real-world values to validate the proposed model. The main objective is to provide a practical guide to assist infrastructure administrators to adapt their architectures, finding a trade-off between MRT and resource utilization level.

ABSTRACT. Colocation data centers (colocations, for short) are developing rapidly in recent years, resulting in a heavy burden on the power grid and the environment. Due to the special management mode of colocations, even the colocation operators wish to reduce their power demand, they have no authority to control the servers because the servers belong to and are operated by the tenants themselves. To solve the ``uncoordinated relationship" issue between operators and tenants, a truthful and feasible incentive mechanism MesPP is proposed in this paper.Different from existing works, MesPP aims at maximizing the energy reduction of colocations with a limited cost budget and can be applied even there is no demand response (DR) program. Meanwhile, power prediction is integrated into MesPP to further improve the energy efficiency of colocations and fairness of the mechanism.To solve the optimization problem, we develop a (1-ε)-approximation algorithm.Simulations are performed and show that MesPP can achieve 12.23\% more energy saving compared with existing incentive mechanisms.

ABSTRACT. Middleboxes are typically hardware-accelerated appliances such as firewalls, Proxies, WAN optimizers, and NATs that play an important role in service provisioning over today's Data Centers. We focus on the placement of virtualised security services in multi-tenant Data Centers. Customised security services are provided to tenants as software VNF modules collocated with switches in the network. Our placement formulation satisfies the allocation constraints while maintaining efficient management of the infrastructure resources. We propose a Constraint Programming (CP) formulation and a CPLEX implementation. We also formulate a heuristic-based algorithm to solve larger instances of the placement problem. Extensive evaluation of the algorithms has been conducted, demonstrating that the VNF approach provides more than 50% reduction in resource consumption compared to other heuristic algorithms.

ABSTRACT. Beamforming is one of the most important transmission technologies to improve the quality of communication in cellular network systems. However, in massive multiple-input-multiple-output (MIMO) systems, conventional optimization-based iterative beamforming algorithms often suffer from high computational complexity and thus are not suitable for practical applications. This paper focuses on low complexity beamforming technique for multi-user massive MIMO systems. Specifically, a block-diagonal zero-forcing (BD-ZF) beamforming algorithm is proposed for achieving weighted sum-rate maximization. We show that the BD-ZF beamforming problems can be globally solved using water-filling algorithms. Extensive simulations demonstrate that the proposed BD-ZF beamforming method can offer better performance than the state-of-art low complexity beamforming technique ZF (even could sometimes coincide with the performance of the popular WMMSE algorithm) but with only an extra little bit computational overhead.

ABSTRACT. A Wireless Sensor Network (WSN) is a collection of sensors connected through a wireless infrastructure and is primarily used to collect data in a given environment. In their early phase of existence, WNSs were mostly homogeneous devices with low computational capabilities assigned simple tasks like gathering information about temperature or humidity in large fields or remote locations. Recently, WSNs have been evolving rapidly and have transformed into employing clever devices capable of performing complex tasks in smart environments. Future WSNs are likely to consist of heterogeneous sensors embedded in many objects performing various types of tasks that are far more advanced than simple data collection. The emergence of the Internet of Things (IoT) represents a typical example of evolved WSNs, in which WSNs include sensors embedded in a variety of ‘things’ in a variety of environments such as homes, factories, vehicles, and hospitals. Traditional network management approaches, designed to manage simple uniform sensor networks, are no longer appropriate to deal with such complex networks. In this work, we propose a new approach for managing heterogeneous WSNs designed to accommodate variabilities associated with different environments. The proposed approach is implemented using genetic algorithms to achieve the flexibility needed to optimize different types of objective functions such as quality of coverage, redundancy and energy-awareness. We report the results of employing the proposed approach under different scenarios with different sets of assumptions and priorities for typical application domains. For assessment purposes, we compare our algorithm with two greedy algorithms used to manage WSNs in different applications. The proposed algorithm performs better than other methods and exhibits the ability to adjust to the different needs of each scenario.

ABSTRACT. Stochastic network calculus is the probabilistic extension of deterministic network calculus for offering stochastic performance guarantee in packet networks. However, it has been shown that the attempts to achieve a scalable stochastic performance bound only have limited success. In this paper, we propose a stochastic network calculus approach to perform scalability analysis for end-to-end delay. With statistical independence assumptions on arrival and services across multiple network nodes, we present a linear delay bound with its moment generating functions. For further improving the scalability of the bound, the tightness of the bound is investigated using Doob's maximal inequality on a suitable martingale construction. Numerical results validate that our solution improve the scalability of stochastic delay bound in terms of the linear scaling and tightness. The results are applicable to general computer network to determine a path that meets the delay requirements.

ABSTRACT. Markov decision processes provide powerful tools for adaptive management of computing and communication in cyber-physical systems. However, efficient solvers are required to provide these capabilities on embedded computing platforms. This paper describes two new MDP solvers for embedded applications: Sparse Value Iteration (SVI) uses sparse matrix methods and runs on small, single-threaded CPU platforms; Sparse Parallel Value Iteration (SPVI) extends this approach to leverage the parallelism of embedded graphics processing units (GPUs) to further improve performance on more sophisticated embedded platforms. Both solvers improve running time and reduce power consumption.

ABSTRACT. The development of Wireless Power Transfer (WPT) facilitates wireless rechargeable sensor networks (WRSNs) receiving considerable attention in the sensor network research community. Most existing works mainly focus on general charging patterns and metrics while overlooking the precedence constraints among tasks, resulting in charging inefficiency. In this paper, we are the first to advance the issue of Scheduling wireless Charging tasks with precedence Constraints (SCPC) with the optimization objective of minimizing the completion time of all the charging tasks under precedence constraints while guaranteeing that the energy capacity of mobile charger (MC) is not exhausted, and the deadlines of charging tasks are not exceeded. In order to address the problem, we first propose the so-called priority-based topological sort scheme to derive an unique feasible sequence on directed acyclic graph (DAG). Then, we combine the proposed priority-based topological sort scheme with the procedure of genetic algorithm to obtain the optimal solution through a series of genetic operators. Finally, we conduct extensive simulations to validate our proposed algorithm under the condition of three different network sizes. The results show that our proposed algorithm outperforms the other two comparison lgorithms by up to 35.5% in terms of completion time.

ABSTRACT. E-Health technologies arose as a suitable approach to support diseases diagnostics and treatment decisions, since the Internet of Things devices can monitor humans over a long period. Most of the E-Health technologies are based on machine learning to analyze and classify patients data, returning a possible diagnosis for health professionals as fast and accurate as possible. However, machine learning techniques have high computational complexity, limiting their usage to meet the real time requirements of E-Health systems. Within this context, this paper proposes an E-Health system to analyze and to classify patients data based on data streams, allowing the diagnosis of anomalies in biological exams. The applied data stream approach enables the online training of the classifiers, as well as a suitable performance for data processing. The experiments performed were based on a database of real patients. The results (considering 19 different anomalies) suggest the feasibility of proposed E-Health system, reaching 96%, 94.21%, 92.14% and 92.53% of accuracy, precision, sensitivity, and cover index, respectively, overcoming the existing solutions.

ABSTRACT. The quality and safety of food is a great concern to the whole society because it is the most basic guarantee for human health and social development and stability. Ensuring food quality and safety is a complex process, and all stages of food processing must be considered, from cultivating, harvesting and storage to preparation and consumption. Grading is one of the essential processes to control food quality. This paper proposed a two-layer image processing system based on machine learning for banana grading. Support Vector Machine is the first layer to classify bananas based on an extracted feature vector that is composed of colour and texture features and YOLOv3 follows up for further locating the defected area on the peel and determining if the inputs belong to mid-ripened or well-ripened class. The performance of the first layer achieved an accuracy of 98.5\% and exceeded other algorithms such as KNN, Naive Bayes, and Random Forest. The classification accuracy of the second layer is 85.7\% and the overall accuracy is 96.4\%

ABSTRACT. Health care services have become a high demand due to the rise in medical technology. As a result, related resources are being depleted. Hospitals no longer have any space to accommodate for incoming patients. Remote Patient Monitoring (RPM) is a solution to this issue by creating a convenient and easy to access healthcare service. However, RPM systems are constrained by issues on data integrity, patient privacy and response time. The integrity of data is key for RPM systems to accurately detect emergencies. Patients emphasize their privacy, which requires health care services to maintain the confidentiality of their patient's information. Wearable health monitors continuously transmit data. This results in high volumes of data that enters the servers. In this paper, we propose an architecture that uses Fog-IoT to an already existing RPM system and addresses these three issues. The introduced system enables the health care providers to verify any of their data through a local server before it is reported to the server. Also, this design incorporates a data filter that controls the outgoing data to maintain patient privacy. Finally, the inclusion of a local server offloads the extra data processing that is required from the server for a better flow of data. Tests in latency were executed to investigate the feasibility of a scalable fog architecture against a standard cloud-device setup. The results show that the proposed fog setup yielded significantly lower latencies under an increasing number of RPM rooms compared to the cloud setup. This result further supports, the fog-IoT as a potential option for a scalable RPM architecture. Overall, this framework makes improvements towards making RPM systems a more ideal means for health care services in managing data.

ABSTRACT. One of the main security issues in telecare medecine information systems is the remote user authentication and key agreement between healthcare professionals and patient’s medical sensors. Many of the proposed approaches are based on multiple factors (password, token, and possibly biometrics). Two-factor authentication protocols do not resist to many possible attacks, three-factor authentication schemes usually come with high resource consumption. Since medical sensors have limited storage and computational capabilities, ensuring a minimal resources consumption becomes a major concern in this context. In this paper, we propose a secure and lightweight three-factor authentication and key generation scheme for securing communications between healtcare professional and patient’s medical sensors. Thanks to formal verification, we prove that this proposal is robust enough against known possible attacks. A comparison with the most relevant related work’s schemes shows that our protocol ensures an optimised resource consumption level.

ABSTRACT. We introduce in this paper a bandwidth aggregation routing solution for multihoming sites. Our routing solution interconnects two distinct multihomed network sites (i.e. network sites that have two or more uplinks to the Internet) and routes local flows between these two network sites. It routes local flows dynamically through several outgoing network paths/links depending on the load (i.e. congestion level) on each path. If a network path/uplink becomes more congested, fewer local flows are routed through it. We detail two path load estimation strategies: one based on RTT measurements and the other based on throughput measurements, both implying passive network measurements. We performed a significant number of experiments in order to show that our multihoming solution performs better than an ECMP-based (i.e. Equal-Cost Multipath) solution in terms of total aggregated throughput and inter-flow fairness.

ABSTRACT. This paper addresses the problem of communication in resource-limited broadcast/receive wireless networks. In large scale and resource-limited wireless networks, as the Internet of Things (IoT), a massive amount of data is becoming increasingly available, and consequently implementing protocols achieving error-free communication channels presents an important challenge. Indeed, in this new kind of network, the prevention of message conflicts and message collisions is a crucial issue. In terms of graph theory, solving this issue amounts to solve the distance-2 coloring problem on the network. This paper presents a first study on dynamic management in distance-2 coloring in resource-limited wireless networks. We propose a distributed distance-2 coloring in a dynamic network where a new node can join the network. Thanks to the proposed protocol, we assign a time slot to the new node without re-running the whole algorithm of time slot assigning. Our protocol is time-efficient and uses only local information with a high probability.

ABSTRACT. Optimized routing in multi-layer multi-domain networks is challenging due to different technologies and different policies in different domains. In this paper, we investigate the problem of using a hierarchical path computation engine to leverage the performance of FlexE - the new flexible Ethernet technology which couldn't be fully achieved from local resource allocation in a single domain. We present a path computation engine for multi-layer multi-domain orchestration that optimizes the network utilization through a hierarchical path computation. We formulate an optimization problem of traffic routing for both FlexE-Aware and FlexE-Unaware modes regarding QoS requirements, intra-domain information privacy and FlexE constraints. To solve the problem, we propose a routing and FlexE assignment algorithm that runs in the MLMD-PCE. Dealing with the issue of poor intra-domain information, we use a novel implicit routing strategy to collect the intra-domain information from the child PCE at each domain. Simulation results show the proposed MLMD-PCE carries 77% more traffic than the current H-PCE.

ABSTRACT. Nowadays, Internet became a crucial tool for service delivery, enhancing network requirements. In this new scenario, through Internet Service Providers (ISPs) tend to evolve to Modern Internet Service Providers (MISPs), addressing situations such as elastic network resource demand that may cause problems of slowness, service interruption and constant disconnections. A promising approach to deal with elastic services is the usage of a network traffic prediction model, but traditional models do have all the necessary features to it. Within this context, this paper presents an adaptive network prediction model for MISPs that adjusts seasonality and trend and removes time series error cycles according to the behavior observed in network traffic. The results, using a real bandwidth data set, suggest that the proposed model improves the existing prediction models.

ABSTRACT. This paper provides a new perspective for IP mobility support in LEO satellite network, that the network mobility should be solved via network driving rather than terminal driving methods. Terminal driving methods comes from terrestrial network which ones are typically reactive to the moving of users and improve the predictability of the terminals’ motion behaviors to enhance the performance. However, the mobility in LEO satellite network most comes from network(satellites) rather than terminals. It is inefficient to solve the continuous, high-speed, global and regular network mobility via terminal driving solutions who are designed for intermittent, low-speed, local and irregular user mobility. After modeling the satellite mobility behavior for single and multiple orbit plane, a network driving mobility management solution, namely NDM, is proposed in this paper, including 1) trigger and selection 2) proxy group handover 3) silent and explicit resource release. NDM utilizes the benefit of network driving and cooperate with terminal driving methods for robust consideration. Evaluations are conducted to proof the feasibility of mechanism to improve performance and apportion cost.

ABSTRACT. Low Earth Orbit (LEO) satellite network is experiencing renewed interest due to its potential to revolutionize wide area communications. However, it may suffer different failure modes than many traditional networks given its location in the complex space environment. In this paper, we address this problem by focusing on the survivability of LEO satellite network under link failures. Specifically, we investigate two kinds of guaranteed based approaches to solve this problem and combine them in a uniform framework using optimization method, e.g., linear programming: 1) protects against any combination of up to k concurrent link failures, for a configurable value k; 2) enables guarantees such as “user i is guaranteed bi network bandwidth at least B% of the time”. Simulation on up-to-date mega-constellation show that our proposed framework can protect delay-sensitive traffic from suffering long delay or data loss. In addition, they can support more traffic demands for the specified level of availability (e.g., 90%) under link failures.