Future Generation Computer Systems-The International Journal of Escience最新文献

{"title":"Load-aware switch migration for controller load balancing in edge–cloud architectures","authors":"","doi":"10.1016/j.future.2024.107489","DOIUrl":"10.1016/j.future.2024.107489","url":null,"abstract":"<div><p>As the fundamental infrastructure for edge–cloud architectures, the inter-datacenter elastic optical network is used for data analysis and processing. As the demand for applications increases, the large number of service requests increases the processing overhead in the control plane, resulting in unbalanced controller loads. Existing switch migration mechanisms have been proposed for controller load balancing. Unfortunately, most of the existing mechanisms only consider the switch with the highest flow request rate as the migration object in the process of switch selection, and ignore the migration cost generated in the switch migration activity, such as the update cost of flow request message and the deployment cost of migration rule, which may increase the controller load. Additionally, most of them choose the controller with light load as the target controller to associate with the switch to be migrated, without considering whether the target controller is overloaded after the switch migration, which leads to the low load balancing performance of the controller. In view of the above problems, this paper proposes a Load-Aware Switch Migration (LASM) mechanism in edge–cloud architectures. The LASM mechanism models and analyses the cost metrics affecting switch migration and selects lower-cost switches from overloaded controller-controlled domain networks for migration activities. Besides, the LASM mechanism models switch migration based on the 0-1 knapsack problem and avoids overloading the target controllers through a greedy policy to achieving optimal migration activities. The experimental results show that the proposed LASM mechanism improves controller load balancing performance by an average of 34.3%, eliminates migration costs by 30.2%, and reduces response times by an average of 39.3%, respectively, compared to existing solutions.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142084090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing IoT device security in Kubernetes: An approach adopted for network policies and the SARIK framework","authors":"","doi":"10.1016/j.future.2024.107485","DOIUrl":"10.1016/j.future.2024.107485","url":null,"abstract":"<div><p>The Internet of Things (IoT) has ushered in an era of connected devices that, while facilitating real-time data collection and sharing, also exposes these devices to significant security risks. This study addresses the challenges of security risks and vulnerabilities by employing the Network Policy in Kubernetes and focusing on the SARIK framework. SARIK is designed to automate the creation and implementation of network policies, with the aim of enhancing the efficiency and strengthening the protection of IoT devices. Experiments conducted in a controlled environment with Minikube in Kubernetes showed that the implementation of SARIK notably improved the security of IoT devices. Key observations included a noticeable reduction in vulnerability to cyberattacks and a significant increase in the overall resilience of the system. In particular, the study revealed improvements in the performance metrics analyzed, which is evidence of SARIK’s effectiveness in real-world scenarios. Compared with existing frameworks - e.g., those of Sysdig -, SARIK is notable for its integration with Kubernetes network policies and its emphasis on automated security management. Although automation is a key factor in related works, SARIK’s unique approach to leveraging the inherent capabilities of Kubernetes offers a distinct advantage in ensuring the security of IoT environments. This aspect, along with its performance benefits, underlines the value of SARIK’s contribution to IoT security. The application of SARIK in protecting IoT devices in Kubernetes environments meets the need for automated and cohesive strategies to tackle current security threats. This study not only highlights the efficiency of SARIK but also emphasizes the need for evolving security strategies, that can be adapted to dynamic threat modeling in complex and interconnected IT environments.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142048516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"IDAD: An improved tensor train based distributed DDoS attack detection framework and its application in complex networks","authors":"","doi":"10.1016/j.future.2024.07.049","DOIUrl":"10.1016/j.future.2024.07.049","url":null,"abstract":"<div><p>With the vigorous development of Internet technology, the scale of systems in the network has increased sharply, which provides a great opportunity for potential attacks, especially the Distributed Denial of Service (DDoS) attack. In this case, detecting DDoS attacks is critical to system security. However, current detection methods exhibit limitations, leading to compromises in accuracy and efficiency. To cope with it, three key strategies are implemented in this paper: (i) Using tensors to model large-scale and heterogeneous data in complex networks; (ii) Proposing a denoising algorithm based on the improved and distributed tensor train (IDTT) decomposition, which optimizes the tensor train(TT) decomposition in terms of parallel computation and low-rank estimation; (iii) Combining (i), (ii) and Light Gradient Boosting Machine (LightGBM) classification model, an efficient DDoS attack detection framework is proposed. Datasets CIC-DDoS2019 and NSL-KDD are used to evaluate the framework, and results demonstrate that accuracy can reach 99.19% while having the characteristics of low storage consumption and well speedup ratio.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142039998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Program context-assisted address translation for high-capacity SSDs","authors":"","doi":"10.1016/j.future.2024.107483","DOIUrl":"10.1016/j.future.2024.107483","url":null,"abstract":"<div><p>As the capacity of NAND flash-based SSDs keeps increasing, it becomes crucial to design a memory-efficient address translation algorithm that offers high performance when a translation table cannot be entirely loaded in a controller DRAM. Existing flash translation layers (FTL) employ demand-based address translation which caches popular mapping information in DRAM by leveraging locality of I/O references. Owing to the lack of information about detailed behaviors of applications, however, existing demand-based FTLs often suffer from many translation-table misses and thus result in sub-optimal performance. In this paper, we propose a new <u>P</u>rogram context-<u>A</u>ssiste<u>D</u> <u>F</u>lash <u>T</u>ranslation <u>L</u>ayer, called PADFTL. Unlike existing FTLs which are implemented as the form of firmware, PADFTL is vertically integrated with a host-level I/O classifier which provides useful hints for an FTL in an SSD to make a better decision in managing a translation table. The host-level I/O classifier monitors unique behaviors of applications by analyzing their program contexts and categorizes I/O patterns into four types, (1) Loop, (2) Hot, (3) Sequential, and (4) Random, which are then delivered to an SSD through extended interfaces. The SSD-side module of PADFTL partitions a controller DRAM into four zones and isolates mapping information associated with different I/O patterns into separate zones. By employing cache management strategies optimized for individual zones, PADFTL can lower the overall translation-table miss ratio. To evaluate the effectiveness of PADFTL, we implement the host-level classifier in the Linux kernel and PADFTL’s FTL in a trace-driven FTL simulator. In our experimental results, compared to the state-of-the-art FTL, PADFTL increases the overall table hit ratio by 16% while reducing the address translation time by up to 20% on average.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142044500","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Quantum resource estimation for large scale quantum algorithms","authors":"","doi":"10.1016/j.future.2024.107480","DOIUrl":"10.1016/j.future.2024.107480","url":null,"abstract":"<div><p>Quantum algorithms are often represented in terms of quantum circuits operating on ideal (logical) qubits. However, the practical implementation of these algorithms poses significant challenges. Many quantum algorithms require a substantial number of logical qubits, and the inherent susceptibility to errors of quantum computers require quantum error correction. The integration of error correction introduces overhead in terms of both space (physical qubits required) and runtime (how long the algorithm needs to be run for). This paper addresses the complexity of comparing classical and quantum algorithms, primarily stemming from the additional quantum error correction overhead. We propose a comprehensive framework that facilitates a direct and meaningful comparison between classical and quantum algorithms. By acknowledging and addressing the challenges introduced by quantum error correction, our framework aims to provide a clearer understanding of the comparative performance of classical and quantum computing approaches. This work contributes to understanding the practical viability and potential advantages of quantum algorithms in real-world applications.</p><p>We apply our framework to quantum cryptanalysis, since it is well known that quantum algorithms can break factoring and discrete logarithm based cryptography and weaken symmetric cryptography and hash functions. In order to estimate the real-world impact of these attacks, apart from tracking the development of fault-tolerant quantum computers it is important to have an estimate of the resources needed to implement these quantum attacks. This analysis provides state-of-the art snap-shot estimates of the realistic costs of implementing quantum attacks on these important cryptographic algorithms, assuming quantum fault-tolerance is achieved using surface code methods, and spanning a range of potential error rates. These estimates serve as a guide for gauging the realistic impact of these algorithms and for benchmarking the impact of future advances in quantum algorithms, circuit synthesis and optimization, fault-tolerance methods and physical error rates.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167739X24004308/pdfft?md5=be0c60a10fc2a577add0a82282478bd5&pid=1-s2.0-S0167739X24004308-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142020485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Underwater Mediterranean image analysis based on the compute continuum paradigm","authors":"","doi":"10.1016/j.future.2024.107481","DOIUrl":"10.1016/j.future.2024.107481","url":null,"abstract":"<div><p>Human activity depends on the oceans for food, transportation, leisure, and many more purposes. Oceans cover 70% of the Earth’s surface, but most of them are unknown to humankind. This is the reason why underwater imaging is a valuable resource asset to Marine Science. Images are acquired with observing systems, e.g. autonomous underwater vehicles or underwater observatories, that presently transmit all the raw data to land stations. However, the transfer of such an amount of data could be challenging, considering the limited power supply and transmission bandwidth of these systems. In this paper, we discuss these aspects, and in particular how it is possible to couple Edge and Cloud computing for effective management of the full processing pipeline according to the Compute Continuum paradigm.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167739X2400431X/pdfft?md5=604d28ee54ea8468beac4eeba5484fd0&pid=1-s2.0-S0167739X2400431X-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142020484","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Certificateless Proxy Re-encryption with Cryptographic Reverse Firewalls for Secure Cloud Data Sharing","authors":"","doi":"10.1016/j.future.2024.08.002","DOIUrl":"10.1016/j.future.2024.08.002","url":null,"abstract":"<div><p>Cloud computing has enabled data-sharing to be more convenient than ever before. However, data security is a major concern that prevents cloud computing from being widely adopted. A potential solution to secure data-sharing in cloud computing is proxy re-encryption (PRE), which allows a proxy to transform encrypted data from one key to another without accessing the plaintext. When using PRE, various challenges arise, including the leak of information by a trusted third party, collusion attacks, and issues associated with revocation. To overcome these challenges, this paper proposes a novel Certificateless Proxy Reencryption with Cryptographic Reverse Firewall for Secure Cloud Data Sharing (CLPRE-CRF). The new scheme enables secure distribution of encrypted data from a data owner to users through public clouds. Meanwhile, the CLPRE-CRF scheme can resist exfiltration of secret information and forgery of ciphertext in case the scheme is compromised. In addition, the scheme provides a flexible revocation mechanism to prevent unauthorized access to private data. The security analysis demonstrates that the CLPRE-CRF resists chosen-plaintext attacks and collusion attacks. Moreover, performance evaluation indicates that our scheme achieves a 14% and 22% reduction in computation costs during the encryption and decryption algorithms, respectively. Therefore, the proposed CLPRE-CRF scheme is well-suited for cloud computing environments.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141979542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Network-aware federated neural architecture search","authors":"","doi":"10.1016/j.future.2024.07.053","DOIUrl":"10.1016/j.future.2024.07.053","url":null,"abstract":"<div><p>The cooperation between Deep Learning (DL) and edge devices has further advanced technological developments, allowing smart devices to serve as both data sources and endpoints for DL-powered applications. However, the success of DL relies on optimal Deep Neural Network (DNN) architectures, and manually developing such systems requires extensive expertise and time. Neural Architecture Search (NAS) has emerged to automate the search for the best-performing neural architectures. Meanwhile, Federated Learning (FL) addresses data privacy concerns by enabling collaborative model development without exchanging the private data of clients.</p><p>In a FL system, network limitations can lead to biased model training, slower convergence, and increased communication overhead. On the other hand, traditional DNN architecture design, emphasizing validation accuracy, often overlooks computational efficiency and size constraints of edge devices. This research aims to develop a comprehensive framework that effectively balances trade-offs between model performance, communication efficiency, and the incorporation of FL into an iterative NAS algorithm. This framework aims to overcome challenges by addressing the specific requirements of FL, optimizing DNNs through NAS, and ensuring computational efficiency while considering the network constraints of edge devices.</p><p>To address these challenges, we introduce Network-Aware Federated Neural Architecture Search (NAFNAS), an open-source federated neural network pruning framework with network emulation support. Through comprehensive testing, we demonstrate the feasibility of our approach, efficiently reducing DNN size and mitigating communication challenges. Additionally, we propose Network and Distribution Aware Client Grouping (NetDAG), a novel client grouping algorithm tailored for FL with diverse DNN architectures, considerably enhancing efficiency of communication rounds and update balance.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141992847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Context aware clustering and meta-heuristic resource allocation for NB-IoT D2D devices in smart healthcare applications","authors":"","doi":"10.1016/j.future.2024.08.001","DOIUrl":"10.1016/j.future.2024.08.001","url":null,"abstract":"<div><p>The utilization of Device-to-Device (D2D) communication among Narrowband Internet of Things (NB-IoT) devices offers significant potential for advancing intelligent healthcare systems due to its superior data rates, low power consumption, and spectral efficiency. In D2D communication, strategies to mitigate interference and ensure coexistence with cellular networks are crucial. These strategies are aimed at enhancing user data rates by optimally allocating spectrum and managing the transmission power of D2D devices, presenting a complex engineering challenge. Existing studies are limited either by the inadequate integration of NB-IoT D2D communication methods for healthcare, lacking intelligent, distributed, and autonomous decision-making for reliable data transmission, or by insufficient healthcare event management policies during resource allocation in smart healthcare systems. In this work, we introduce an Intelligent Resource Allocation for Smart Healthcare (iRASH) system, designed to optimize D2D communication within NB-IoT environments. The iRASH innovatively integrates the Density-based Spatial Clustering of Applications with Noise (DBSCAN) and Ant Colony Optimization (ACO) algorithms to effectively address the unique requirements of healthcare applications. The proposed system utilizes Belief-Desire-Intention (BDI) agents for dynamic and intelligent clustering of D2D devices, facilitating autonomous decision-making and efficient resource allocation. This approach not only enhances data transmission rates but also reduces power consumption, and is formulated as a Multi-objective Integer Linear Programming (MILP) problem. Given the NP-hard nature of this problem, iRASH incorporates a polynomial-time meta-heuristic-based ACO algorithm, which provides a suboptimal solution. This algorithm adheres to the principles of distributed D2D communication, promoting equitable resource distribution and substantial improvements in utility, energy efficiency, and scalability. Our system is validated through simulations on the Network Simulator version 3 (NS-3) platform, demonstrating significant advancements over existing state-of-the-art solutions in terms of data rate, power efficiency, and system adaptability. As high as improvements of 35% in utility and 50% in energy cost are demonstrated by the iRASH system compared to the benchmark, proving its effectiveness. The outcomes highlight iRASH’s potential to revolutionize D2D communications in smart healthcare settings, paving the way for more responsive and reliable IoT applications.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141979541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Decentralised Identity Management solution for zero-trust multi-domain Computing Continuum frameworks","authors":"","doi":"10.1016/j.future.2024.08.003","DOIUrl":"10.1016/j.future.2024.08.003","url":null,"abstract":"<div><p>The adoption of the Computing Continuum is characterised by the seamless integration of diverse computing environments and devices. In this dynamic landscape, sharing resources across the continuum is becoming a reality and security must move an step forward, specially in terms of authentication and authorisation for such a distributed and heterogeneous environments. The need for robust identity management is paramount and, in this regard, Decentralised Identity Management (DIM) emerges as a promising solution. It leverages decentralised technologies to secure and facilitate identity interactions across the Computing Continuum. Particularly, to enhance security and privacy, it would be desirable to apply the principles of Self-Sovereign Identity (SSI). In this paradigm, users have full ownership and control of their digital identities that empowers individuals to manage and share their identity data on a need-to-know basis. These mechanisms could contribute to improve security properties during continuum resource management operations. In this context, this paper presents the design, workflows and implementation of a solution that provides authentication/authorisation features to distributed zero-trust based infrastructures across the continuum, enhancing security in resource sharing and resource acquisition stages. To this aim, the solution relies on key aspects like decentralisation, interoperability, trust management and privacy-enhancing capabilities. The decentralisation leverages distributed ledger technologies, such as blockchain, to establish a decentralised identity ecosystem. The solution prioritises interoperability, enabling nodes to seamlessly access and share their identities across different domains and environments. Trustworthiness is at the core of DIM, and privacy is also considered, incorporating privacy-preserving techniques that individuals to selectively disclose identity attributes while safeguarding sensitive information. The implementation includes different operations for allowing continuum frameworks to be enhanced with decentralised authentication and authorisation features. The performance has been evaluated measuring the impact for the adoption of the solution. The most expensive task, the self-identity generation, takes only a few seconds (in our deployment) and it is only executed once. Authorisation tasks operate in the millisecond range, which is a totally invaluable time if incorporated into resource acquisition processes in frameworks such as Liqo, used in the scope of FLUIDOS project.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167739X24004291/pdfft?md5=b118fab0128173d8752d4ab90e0703c8&pid=1-s2.0-S0167739X24004291-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141915032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}