The future Sixth-Generation (6G) wireless systems are expected to encounter emerging services with diverserequirements. In this paper, 6G network resource orchestration is optimized to support customized networkslicin...The future Sixth-Generation (6G) wireless systems are expected to encounter emerging services with diverserequirements. In this paper, 6G network resource orchestration is optimized to support customized networkslicing of services, and place network functions generated by heterogeneous devices into available resources.This is a combinatorial optimization problem that is solved by developing a Particle Swarm Optimization (PSO)based scheduling strategy with enhanced inertia weight, particle variation, and nonlinear learning factor, therebybalancing the local and global solutions and improving the convergence speed to globally near-optimal solutions.Simulations show that the method improves the convergence speed and the utilization of network resourcescompared with other variants of PSO.展开更多
Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified ne...Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.展开更多
The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the reali...The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the realization of truly ubiquitous Artificial Intelligence(AI)-based analytics,empowering seamless integration across the entire Continuum(Edge,Fog,Core,Cloud).This paper introduces a Federated Network Intelligence Orchestration approach aimed at scalable and automated Federated Learning(FL)-based anomaly detection in B5Gnetworks.By leveraging a horizontal Federated learning approach based on the FedAvg aggregation algorithm,which employs a deep autoencoder model trained on non-anomalous traffic samples to recognize normal behavior,the systemorchestrates network intelligence to detect and prevent cyber-attacks.Integrated into a B5G Zero-touch Service Management(ZSM)aligned Security Framework,the proposal utilizes multi-domain and multi-tenant orchestration to automate and scale the deployment of FL-agents and AI-based anomaly detectors,enhancing reaction capabilities against cyber-attacks.The proposed FL architecture can be dynamically deployed across the B5G Continuum,utilizing a hierarchy of Network Intelligence orchestrators for real-time anomaly and security threat handling.Implementation includes FL enforcement operations for interoperability and extensibility,enabling dynamic deployment,configuration,and reconfiguration on demand.Performance validation of the proposed solution was conducted through dynamic orchestration,FL,and real-time anomaly detection processes using a practical test environment.Analysis of key performance metrics,leveraging the 5G-NIDD dataset,demonstrates the system’s capability for automatic and near real-time handling of anomalies and attacks,including real-time network monitoring and countermeasure implementation for mitigation.展开更多
It's promising to use Software-Defined Networking(SDN) and Network Functions Virtualization(NFV) to integrate satellite and terrestrial networks. To construct network service function chains in such a multi-domain...It's promising to use Software-Defined Networking(SDN) and Network Functions Virtualization(NFV) to integrate satellite and terrestrial networks. To construct network service function chains in such a multi-domain environment, we propose a horizontal-based Multi-domain Service Function Chaining(Md-SFC) orchestration framework. In this framework, multi-domain orchestrators can coordinate with each other to guarantee the end-to-end service quality. Intra-domain orchestrators also coordinate SDN controllers and NFV management components to implement intra-domain service function chains. Based on this, we further propose a heuristic SFC mapping algorithm with a cooperative inter-domain path calculation method to map service function chains to infrastructures. In this method, master multi-domain orchestrator and intra-domain orchestrators coordinate to select proper inter-domain links. We compare the cooperative method with a naive uncooperative way that domains' topology information is provided to the master multi-domain orchestrator and it calculates the shortest inter-domain path between intra-domain service function chains directly. Simulation results demonstrate that our solution is feasible. It is able to construct end-to-end performance guaranteed service function chain by horizontal-based cooperation. The cooperative inter-domain path calculation method decreasesthe mapping load for the master orchestrator and gets the same end-to-end performance.展开更多
New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and hete...New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.展开更多
New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent years.These technologies are used in diverse environme...New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent years.These technologies are used in diverse environments,such as smart factories,digital healthcare,and smart grids,with increased security concerns.We intend to operate Security Orchestration,Automation and Response(SOAR)in various environments through new concept definitions as the need to detect and respond automatically to rapidly increasing security incidents without the intervention of security personnel has emerged.To facilitate the understanding of the security concern involved in this newly emerging area,we offer the definition of Internet of Blended Environment(IoBE)where various convergence environments are interconnected and the data analyzed in automation.We define Blended Threat(BT)as a security threat that exploits security vulnerabilities through various attack surfaces in the IoBE.We propose a novel SOAR-CUBE architecture to respond to security incidents with minimal human intervention by automating the BT response process.The Security Orchestration,Automation,and Response(SOAR)part of our architecture is used to link heterogeneous security technologies and the threat intelligence function that collects threat data and performs a correlation analysis of the data.SOAR is operated under Collaborative Units of Blended Environment(CUBE)which facilitates dynamic exchanges of data according to the environment applied to the IoBE by distributing and deploying security technologies for each BT type and dynamically combining them according to the cyber kill chain stage to minimize the damage and respond efficiently to BT.展开更多
Network function virtualization is a new network concept that moves network functions from dedicated hardware to software-defined applications running on standard high volume severs. In order to accomplish network ser...Network function virtualization is a new network concept that moves network functions from dedicated hardware to software-defined applications running on standard high volume severs. In order to accomplish network services, traffic flows are usually processed by a list of network functions in sequence which is defined by service function chain. By incorporating network function virtualization in inter-data center(DC) network, we can use the network resources intelligently and deploy network services faster. However, orchestrating service function chains across multiple data centers will incur high deployment cost, including the inter-data center bandwidth cost, virtual network function cost and the intra-data center bandwidth cost. In this paper, we orchestrate SFCs across multiple data centers, with a goal to minimize the overall cost. An integer linear programming(ILP) model is formulated and we provide a meta-heuristic algorithm named GBAO which contains three modules to solve it. We implemented our algorithm in Python and performed side-by-side comparison with prior algorithms. Simulation results show that our proposed algorithm reduces the overall cost by at least 21.4% over the existing algorithms for accommodating the same service function chain requests.展开更多
Dynamic latency over the Intemet is an Important parameter for evaluating the performance of Web service orchestration. In this paper, we propose a performance analyzing and correctness checking method for service orc...Dynamic latency over the Intemet is an Important parameter for evaluating the performance of Web service orchestration. In this paper, we propose a performance analyzing and correctness checking method for service orchestration with dynamic latency simulated in Colored PetriNets (CPNs). First, we extend the CPN to Web Service Composition Orchestration Network System (WS-CONS) for the description of dynamic latency in service orchestration. Secondly, with simulated dynamic latency, a buffer-limited policy and admittance-control policy are designed in WS- CONS and implemented on CPN Tools. In the buffer-limited policy, the passing messages would be discarded if the node capacity is not adequate. In the admittance-control policy, the ability of a message entering the system depends on the number of messages concurrently flowing in the system. This helps to enhance the success rate of message passing. Finally, the system performance is evaluated through running models in CPN Tools. Simulated results show that the dynamic latency plays an important role in the system throughput and response latency. This simulation helps system designers to quickly make proper compromises at low cost.展开更多
Smart cities have different contradicting goals having no apparent solution.The selection of the appropriate solution,which is considered the best compromise among the candidates,is known as complex problem-solving.Sm...Smart cities have different contradicting goals having no apparent solution.The selection of the appropriate solution,which is considered the best compromise among the candidates,is known as complex problem-solving.Smart city administrators face different problems of complex nature,such as optimal energy trading in microgrids and optimal comfort index in smart homes,to mention a few.This paper proposes a novel architecture to offer complex problem solutions as a service(CPSaaS)based on predictive model optimization and optimal task orchestration to offer solutions to different problems in a smart city.Predictive model optimization uses a machine learning module and optimization objective to compute the given problem’s solutions.The task orchestration module helps decompose the complex problem in small tasks and deploy them on real-world physical sensors and actuators.The proposed architecture is hierarchical and modular,making it robust against faults and easy to maintain.The proposed architecture’s evaluation results highlight its strengths in fault tolerance,accuracy,and processing speed.展开更多
The vehicle ad hoc network that has emerged in recent years was originally a branch of the mobile ad hoc network.With the drafting and gradual establishment of standards such as IEEE802.11p and IEEE1609,the vehicle ad...The vehicle ad hoc network that has emerged in recent years was originally a branch of the mobile ad hoc network.With the drafting and gradual establishment of standards such as IEEE802.11p and IEEE1609,the vehicle ad hoc network has gradually become independent of the mobile ad hoc network.The Internet of Vehicles(Vehicular Ad Hoc Network,VANET)is a vehicle-mounted network that comprises vehicles and roadside basic units.This multi-hop hybrid wireless network is based on a vehicle-mounted self-organizing network.As compared to other wireless networks,such as mobile ad hoc networks,wireless sensor networks,wireless mesh networks,etc.,the Internet of Vehicles offers benefits such as a large network scale,limited network topology,and predictability of node movement.The paper elaborates on the Traffic Orchestration(TO)problems in the Software-Defined Vehicular Networks(SDVN).A succinct examination of the Software-defined networks(SDN)is provided along with the growing relevance of TO in SDVN.Considering the technology features of SDN,a modified TO method is proposed,which makes it possible to reduce time complexity in terms of a group of path creation while simultaneously reducing the time needed for path reconfiguration.A criterion for path choosing is proposed and justified,which makes it possible to optimize the load of transport network channels.Summing up,this paper justifies using multipath routing for TO.展开更多
E-business develops rapidly and attracts a large number of merchants and consumers in the past 20 years.Meanwhile,the debate over e-business mode and its critical success factors(CSFs)is a research hotspot in the indu...E-business develops rapidly and attracts a large number of merchants and consumers in the past 20 years.Meanwhile,the debate over e-business mode and its critical success factors(CSFs)is a research hotspot in the industry and the academia.In this study,we propose the CSFs framework of self-run e-business by combining systematic literature review,resource orchestration theory,and empirical firm survey.The quantitative method of content analysis is targeted at the interview data received from 90 managers of JD.com by software NVivo 11.We construct a self-run e-business CSFs framework and find out that the CSFs of self-run e-business are products,organization,and supply chain,respectively.In addition,this study compares different characteristics and their impact on performance in platform-type and self-run e-businesses.Firm managers can derive a better understanding and measurement of e-business activities.展开更多
The exponential growth of Internet ofThings(IoT)devices has created unprecedented challenges in data processing and resource management for time-critical applications.Traditional cloud computing paradigms cannot meet ...The exponential growth of Internet ofThings(IoT)devices has created unprecedented challenges in data processing and resource management for time-critical applications.Traditional cloud computing paradigms cannot meet the stringent latency requirements of modern IoT systems,while pure edge computing faces resource constraints that limit processing capabilities.This paper addresses these challenges by proposing a novel Deep Reinforcement Learning(DRL)-enhanced priority-based scheduling framework for hybrid edge-cloud computing environments.Our approach integrates adaptive priority assignment with a two-level concurrency control protocol that ensures both optimal performance and data consistency.The framework introduces three key innovations:(1)a DRL-based dynamic priority assignmentmechanism that learns fromsystem behavior,(2)a hybrid concurrency control protocol combining local edge validation with global cloud coordination,and(3)an integrated mathematical model that formalizes sensor-driven transactions across edge-cloud architectures.Extensive simulations across diverse workload scenarios demonstrate significant quantitative improvements:40%latency reduction,25%throughput increase,85%resource utilization(compared to 60%for heuristicmethods),40%reduction in energy consumption(300 vs.500 J per task),and 50%improvement in scalability factor(1.8 vs.1.2 for EDF)compared to state-of-the-art heuristic and meta-heuristic approaches.These results establish the framework as a robust solution for large-scale IoT and autonomous applications requiring real-time processing with consistency guarantees.展开更多
Infection and poor tissue repair are the key causes of percutaneous implantation failure. However, there is a lackof effective strategies to cope with due to its high requirements of sterilization, soft tissue healing...Infection and poor tissue repair are the key causes of percutaneous implantation failure. However, there is a lackof effective strategies to cope with due to its high requirements of sterilization, soft tissue healing, andosseointegration. In this work, L-arginine (L-Arg) was loaded onto a sulfonated polyetheretherketone (PEEK)surface to solve this issue. Under the infection condition, nitric oxide (NO) and reactive oxygen species (ROS) areproduced through catalyzing L-Arg by inducible nitric oxide synthase (iNOS) and thus play a role in bacteriasterilization. Under the tissue repair condition, L-Arg is catalyzed to ornithine by Arginase-1 (Arg-1), whichpromotes the proliferation and collagen secretion of L929 and rBMSCs. Notably, L-Arg loading samples couldpolarize macrophages to M1 and M2 in infection and tissue repair conditions, respectively. The results in vivoshow that the L-Arg loading samples could enhance infected soft tissue sealing and bone regeneration. Insummary, L-Arg loading sulfonated PEEK could polarize macrophage through metabolic reprogramming,providing multi-functions of antibacterial abilities, soft tissue repair, and bone regeneration, which gives a newidea to design percutaneous implantation materials.展开更多
Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP s...Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP spoofing attacks.Attackers can exploit this weakness to impersonate legitimate pods,enabling unauthorized access,lateral movement,and large-scale Distributed Denial of Service(DDoS)attacks.Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead,making them less effective in dynamic Kubernetes environments.This research presents PodCA,an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact.PodCA integrates with Kubernetes’Container Network Interface(CNI)and uses eBPF to monitor and validate packet metadata at the kernel level.It maintains a container network mapping table that tracks pod IP assignments,validates packet legitimacy before forwarding,and ensures network integrity.If an attack is detected,PodCA automatically blocks spoofed packets and,in cases of repeated attempts,terminates compromised pods to prevent further exploitation.Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100%accuracy.Additionally,resource consumption analysis reveals minimal overhead,with a CPU increase of only 2–3%per node and memory usage rising by 40–60 MB.These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead,making it a scalable and efficient security solution for containerized applications.展开更多
Metal ions trigger Fenton/Fenton-like reactions,generating highly toxic hydroxyl radicals(•OH)for chemodynamic therapy(CDT),which is crucial in inducing lethal oxidative DNA damage and subsequent cell apoptosis.Howeve...Metal ions trigger Fenton/Fenton-like reactions,generating highly toxic hydroxyl radicals(•OH)for chemodynamic therapy(CDT),which is crucial in inducing lethal oxidative DNA damage and subsequent cell apoptosis.However,tumor cells can counteract this damage through repair pathways,particularly MutT homolog 1(MTH1)protein attenuation of oxidative DNA damage.Suppression of MTH1 can enhance CDT efficacy,therefore,orderly integrating Fenton/Fenton-like agents with an MTH1 inhibitor is expected to significantly augment CDT effectiveness.Carrier-free CuTH@CD,self-assembled through the supramolecular orchestration ofγ-cyclodextrin(γ-CD)with Cu^(2+)and the MTH1 inhibitor TH588,effectively overcoming tumor resistance by greatly amplifying oxidative damage capability.Without additional carriers and mediated by multiple supramolecular regulatory effects,CuTH@CD enables high drug loading content,stability,and uniform size distribution.Upon internalization by tumor cells,CuTH@CD invalidates repair pathways through Cu^(2+)-mediated glutathione(GSH)depletion and TH588-mediated MTH1 inhibition.Meanwhile,both generated Cu^(+)ions and existing ones within the nanoassembly initiate a Fentonlike reaction,leading to the accumulation of•OH.This strategy enhances CDT efficiency with minimal side effects,improving oxidative damage potency and advancing self-delivery nanoplatforms for developing effective chemodynamic tumor therapies.展开更多
The study draws on the prevalent theories for orchestrating cross-organizational innovation and new knowledge development processes,and proposes a new,epistemic perspective for contextualizing innovation with two mana...The study draws on the prevalent theories for orchestrating cross-organizational innovation and new knowledge development processes,and proposes a new,epistemic perspective for contextualizing innovation with two management dimensions,namely,innovation complexity and innovation orchestration preconditions.Innovation complexity concerns the indeterminacy or contingency of new knowledge,or new competence,to be pursued during the course of organizational innovation.Innovation orchestration preconditions refer to the contextual innovation prerequisites that should be well meshed with one another to provide a sufficiency for innovation success.The preconditions include innovation units’structures and connectivity,behavior,and convenorship.The two dimensions describe a context map-an antithetic quad model-to imply four innovation orchestration qualities,namely,coherence,cohesiveness,congruence,and concordance.Based on the quad model,the study sets forth a measurement of the four qualities,which can assess innovation potential.To corroborate the quad model and the corresponding quality measurements,the study discursively observes a cross-sectoral innovation project.The observation results evidence the multi-finality of the four qualities for innovation success.The results reveal that it is necessary for these four qualities to be managed temporally and dynamically at different stages of innovation,and reject a fallacy that any one of these qualities is more necessary than the others.The study posits that if innovation units can be convened in accordance with the four qualities,the likelihood of innovation success will be sufficiently increased.The study finally discusses theoretical and practical implications of orchestration and convenorship.展开更多
Bone repair and regeneration is a complex spatiotemporal process recruiting a variety of cell types,which need to precisely mediated for effective healing post-damage.The concept of osteoimmunology emphasizes the exte...Bone repair and regeneration is a complex spatiotemporal process recruiting a variety of cell types,which need to precisely mediated for effective healing post-damage.The concept of osteoimmunology emphasizes the extensive and intricate crosstalk between the bone and the immune system.Despite the significant advancements in understanding osteoimmunology,the precise role of dendritic cells(DCs)in this field remains under investigation.As key antigen-presenting cells,DCs are critical in orchestrating adaptive immune responses and maintaining tissue homeostasis.Recent researches have further revealed the potential of DCs to influence the development or acceleration of inflammatory and autoimmune bone disease,as well as their interaction with skeletal cells in the context of bone repair and regeneration.展开更多
Phosphoinositide 3-kinase(PI3K)catalyzes the conversion of phosphatidylinositol 4,5-bisphosphate(PIP_(2))to phosphatidylinositol 3,4,5-trisphosphate(PIP_(3)),a key second messenger that orchestrates downstream signali...Phosphoinositide 3-kinase(PI3K)catalyzes the conversion of phosphatidylinositol 4,5-bisphosphate(PIP_(2))to phosphatidylinositol 3,4,5-trisphosphate(PIP_(3)),a key second messenger that orchestrates downstream signaling by recruiting and activating effector proteins,such as protein kinase B(AKT).PI3Ks are categorized into four classes(IA,IB,II,and III)based on structural characteristics and substrate preferences1.Class IA PI3K enzymes are heterodimeric complexes composed of a catalytic subunit(p110α,p110β,or p110δ)and a regulatory subunit(p85α,p55α,p50α,p85β,or p55γ)2.Although the catalytic isoforms p110αand p110β,are ubiquitously expressed across tissues,p110δis predominantly found in leukocytes3.Notably,p85αfunctions as the primary regulatory subunit.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
基金supported by the Social Scientific Research Foundation of China(21VSZ126).
文摘The future Sixth-Generation (6G) wireless systems are expected to encounter emerging services with diverserequirements. In this paper, 6G network resource orchestration is optimized to support customized networkslicing of services, and place network functions generated by heterogeneous devices into available resources.This is a combinatorial optimization problem that is solved by developing a Particle Swarm Optimization (PSO)based scheduling strategy with enhanced inertia weight, particle variation, and nonlinear learning factor, therebybalancing the local and global solutions and improving the convergence speed to globally near-optimal solutions.Simulations show that the method improves the convergence speed and the utilization of network resourcescompared with other variants of PSO.
基金This work was funded by the Deanship of Scientific Research at Jouf University under Grant Number(DSR2022-RG-0102).
文摘Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.
基金supported by the grants:PID2020-112675RBC44(ONOFRE-3),funded by MCIN/AEI/10.13039/501100011033Horizon Project RIGOUROUS funded by European Commission,GA:101095933TSI-063000-2021-{36,44,45,62}(Cerberus)funded by MAETD’s 2021 UNICO I+D Program.
文摘The management of network intelligence in Beyond 5G(B5G)networks encompasses the complex challenges of scalability,dynamicity,interoperability,privacy,and security.These are essential steps towards achieving the realization of truly ubiquitous Artificial Intelligence(AI)-based analytics,empowering seamless integration across the entire Continuum(Edge,Fog,Core,Cloud).This paper introduces a Federated Network Intelligence Orchestration approach aimed at scalable and automated Federated Learning(FL)-based anomaly detection in B5Gnetworks.By leveraging a horizontal Federated learning approach based on the FedAvg aggregation algorithm,which employs a deep autoencoder model trained on non-anomalous traffic samples to recognize normal behavior,the systemorchestrates network intelligence to detect and prevent cyber-attacks.Integrated into a B5G Zero-touch Service Management(ZSM)aligned Security Framework,the proposal utilizes multi-domain and multi-tenant orchestration to automate and scale the deployment of FL-agents and AI-based anomaly detectors,enhancing reaction capabilities against cyber-attacks.The proposed FL architecture can be dynamically deployed across the B5G Continuum,utilizing a hierarchy of Network Intelligence orchestrators for real-time anomaly and security threat handling.Implementation includes FL enforcement operations for interoperability and extensibility,enabling dynamic deployment,configuration,and reconfiguration on demand.Performance validation of the proposed solution was conducted through dynamic orchestration,FL,and real-time anomaly detection processes using a practical test environment.Analysis of key performance metrics,leveraging the 5G-NIDD dataset,demonstrates the system’s capability for automatic and near real-time handling of anomalies and attacks,including real-time network monitoring and countermeasure implementation for mitigation.
基金supported by National High Technology of China ("863 program") under Grant No. 2015AA015702NSAF under Grant No.U1530118+1 种基金NSFC under Grant No.61602030National Basic Research Program of China ("973 program")under Grant No. 2013CB329101
文摘It's promising to use Software-Defined Networking(SDN) and Network Functions Virtualization(NFV) to integrate satellite and terrestrial networks. To construct network service function chains in such a multi-domain environment, we propose a horizontal-based Multi-domain Service Function Chaining(Md-SFC) orchestration framework. In this framework, multi-domain orchestrators can coordinate with each other to guarantee the end-to-end service quality. Intra-domain orchestrators also coordinate SDN controllers and NFV management components to implement intra-domain service function chains. Based on this, we further propose a heuristic SFC mapping algorithm with a cooperative inter-domain path calculation method to map service function chains to infrastructures. In this method, master multi-domain orchestrator and intra-domain orchestrators coordinate to select proper inter-domain links. We compare the cooperative method with a naive uncooperative way that domains' topology information is provided to the master multi-domain orchestrator and it calculates the shortest inter-domain path between intra-domain service function chains directly. Simulation results demonstrate that our solution is feasible. It is able to construct end-to-end performance guaranteed service function chain by horizontal-based cooperation. The cooperative inter-domain path calculation method decreasesthe mapping load for the master orchestrator and gets the same end-to-end performance.
文摘New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.2021R1A2C2011391)and was supported by the Ajou University research fund.
文摘New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent years.These technologies are used in diverse environments,such as smart factories,digital healthcare,and smart grids,with increased security concerns.We intend to operate Security Orchestration,Automation and Response(SOAR)in various environments through new concept definitions as the need to detect and respond automatically to rapidly increasing security incidents without the intervention of security personnel has emerged.To facilitate the understanding of the security concern involved in this newly emerging area,we offer the definition of Internet of Blended Environment(IoBE)where various convergence environments are interconnected and the data analyzed in automation.We define Blended Threat(BT)as a security threat that exploits security vulnerabilities through various attack surfaces in the IoBE.We propose a novel SOAR-CUBE architecture to respond to security incidents with minimal human intervention by automating the BT response process.The Security Orchestration,Automation,and Response(SOAR)part of our architecture is used to link heterogeneous security technologies and the threat intelligence function that collects threat data and performs a correlation analysis of the data.SOAR is operated under Collaborative Units of Blended Environment(CUBE)which facilitates dynamic exchanges of data according to the environment applied to the IoBE by distributing and deploying security technologies for each BT type and dynamically combining them according to the cyber kill chain stage to minimize the damage and respond efficiently to BT.
基金supported by the National Natural Science Foundation of China(61501044)
文摘Network function virtualization is a new network concept that moves network functions from dedicated hardware to software-defined applications running on standard high volume severs. In order to accomplish network services, traffic flows are usually processed by a list of network functions in sequence which is defined by service function chain. By incorporating network function virtualization in inter-data center(DC) network, we can use the network resources intelligently and deploy network services faster. However, orchestrating service function chains across multiple data centers will incur high deployment cost, including the inter-data center bandwidth cost, virtual network function cost and the intra-data center bandwidth cost. In this paper, we orchestrate SFCs across multiple data centers, with a goal to minimize the overall cost. An integer linear programming(ILP) model is formulated and we provide a meta-heuristic algorithm named GBAO which contains three modules to solve it. We implemented our algorithm in Python and performed side-by-side comparison with prior algorithms. Simulation results show that our proposed algorithm reduces the overall cost by at least 21.4% over the existing algorithms for accommodating the same service function chain requests.
基金This paper was supported by the National Natural Science Foundation of China under Grants No.61170053,No.61101214,No.61100205,the National High-Tech Research and Development Plan of China under Grant No.2012AA010902-1,the Natural Science Foundation of Beijing under Grant No.4112027,Special Project of National CAS Union-The High Performace Cloud Service Platform for Enterprise Creative Computing
文摘Dynamic latency over the Intemet is an Important parameter for evaluating the performance of Web service orchestration. In this paper, we propose a performance analyzing and correctness checking method for service orchestration with dynamic latency simulated in Colored PetriNets (CPNs). First, we extend the CPN to Web Service Composition Orchestration Network System (WS-CONS) for the description of dynamic latency in service orchestration. Secondly, with simulated dynamic latency, a buffer-limited policy and admittance-control policy are designed in WS- CONS and implemented on CPN Tools. In the buffer-limited policy, the passing messages would be discarded if the node capacity is not adequate. In the admittance-control policy, the ability of a message entering the system depends on the number of messages concurrently flowing in the system. This helps to enhance the success rate of message passing. Finally, the system performance is evaluated through running models in CPN Tools. Simulated results show that the dynamic latency plays an important role in the system throughput and response latency. This simulation helps system designers to quickly make proper compromises at low cost.
基金This research was supported by Energy Cloud R&D Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science,ICT(2019M3F2A1073387)this research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(2018R1D1A1A09082919)this research was supported by Institute for Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2018-0-01456,AutoMaTa:Autonomous Management framework based on artificial intelligent Technology for adaptive and disposable IoT).Any correspondence related to this paper should be addressed to Dohyeun Kim.
文摘Smart cities have different contradicting goals having no apparent solution.The selection of the appropriate solution,which is considered the best compromise among the candidates,is known as complex problem-solving.Smart city administrators face different problems of complex nature,such as optimal energy trading in microgrids and optimal comfort index in smart homes,to mention a few.This paper proposes a novel architecture to offer complex problem solutions as a service(CPSaaS)based on predictive model optimization and optimal task orchestration to offer solutions to different problems in a smart city.Predictive model optimization uses a machine learning module and optimization objective to compute the given problem’s solutions.The task orchestration module helps decompose the complex problem in small tasks and deploy them on real-world physical sensors and actuators.The proposed architecture is hierarchical and modular,making it robust against faults and easy to maintain.The proposed architecture’s evaluation results highlight its strengths in fault tolerance,accuracy,and processing speed.
基金supported by King Saud Universitythe Deanship of Scientific Research at King Saud University for funding this work through research Group No.(RG-1439-053).
文摘The vehicle ad hoc network that has emerged in recent years was originally a branch of the mobile ad hoc network.With the drafting and gradual establishment of standards such as IEEE802.11p and IEEE1609,the vehicle ad hoc network has gradually become independent of the mobile ad hoc network.The Internet of Vehicles(Vehicular Ad Hoc Network,VANET)is a vehicle-mounted network that comprises vehicles and roadside basic units.This multi-hop hybrid wireless network is based on a vehicle-mounted self-organizing network.As compared to other wireless networks,such as mobile ad hoc networks,wireless sensor networks,wireless mesh networks,etc.,the Internet of Vehicles offers benefits such as a large network scale,limited network topology,and predictability of node movement.The paper elaborates on the Traffic Orchestration(TO)problems in the Software-Defined Vehicular Networks(SDVN).A succinct examination of the Software-defined networks(SDN)is provided along with the growing relevance of TO in SDVN.Considering the technology features of SDN,a modified TO method is proposed,which makes it possible to reduce time complexity in terms of a group of path creation while simultaneously reducing the time needed for path reconfiguration.A criterion for path choosing is proposed and justified,which makes it possible to optimize the load of transport network channels.Summing up,this paper justifies using multipath routing for TO.
基金supported in part by the National Natural Science Foundation of China(2020187)the China Futures Association 17th Joint Research Project(2024370050)+1 种基金the Jinling Institute of Technology High-level Talent Research Fund Project(JIT-B-202404)the Anhui Huishang Futures Technology Center Incubation Project(HSQHBSHZ2023-02).
文摘E-business develops rapidly and attracts a large number of merchants and consumers in the past 20 years.Meanwhile,the debate over e-business mode and its critical success factors(CSFs)is a research hotspot in the industry and the academia.In this study,we propose the CSFs framework of self-run e-business by combining systematic literature review,resource orchestration theory,and empirical firm survey.The quantitative method of content analysis is targeted at the interview data received from 90 managers of JD.com by software NVivo 11.We construct a self-run e-business CSFs framework and find out that the CSFs of self-run e-business are products,organization,and supply chain,respectively.In addition,this study compares different characteristics and their impact on performance in platform-type and self-run e-businesses.Firm managers can derive a better understanding and measurement of e-business activities.
基金supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2025R909),Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘The exponential growth of Internet ofThings(IoT)devices has created unprecedented challenges in data processing and resource management for time-critical applications.Traditional cloud computing paradigms cannot meet the stringent latency requirements of modern IoT systems,while pure edge computing faces resource constraints that limit processing capabilities.This paper addresses these challenges by proposing a novel Deep Reinforcement Learning(DRL)-enhanced priority-based scheduling framework for hybrid edge-cloud computing environments.Our approach integrates adaptive priority assignment with a two-level concurrency control protocol that ensures both optimal performance and data consistency.The framework introduces three key innovations:(1)a DRL-based dynamic priority assignmentmechanism that learns fromsystem behavior,(2)a hybrid concurrency control protocol combining local edge validation with global cloud coordination,and(3)an integrated mathematical model that formalizes sensor-driven transactions across edge-cloud architectures.Extensive simulations across diverse workload scenarios demonstrate significant quantitative improvements:40%latency reduction,25%throughput increase,85%resource utilization(compared to 60%for heuristicmethods),40%reduction in energy consumption(300 vs.500 J per task),and 50%improvement in scalability factor(1.8 vs.1.2 for EDF)compared to state-of-the-art heuristic and meta-heuristic approaches.These results establish the framework as a robust solution for large-scale IoT and autonomous applications requiring real-time processing with consistency guarantees.
基金the National Natural Science Foundation of China(32371397,32000938,U21A20100)The Fundamental Research Funds for The Central Universities(YG2023ZD29)+2 种基金Shenzhen Science and Technology Funding(JCYJ20210324120009026)Laboratory Open Fund of Key Technology and Materials in Minimally Invasive Spine Surgery(2024JZWC-ZDB03,2024JZWC-YBA04)Talent project of Shanghai Tongren Hospital(TRKYRC-xx02)are acknowledged.
文摘Infection and poor tissue repair are the key causes of percutaneous implantation failure. However, there is a lackof effective strategies to cope with due to its high requirements of sterilization, soft tissue healing, andosseointegration. In this work, L-arginine (L-Arg) was loaded onto a sulfonated polyetheretherketone (PEEK)surface to solve this issue. Under the infection condition, nitric oxide (NO) and reactive oxygen species (ROS) areproduced through catalyzing L-Arg by inducible nitric oxide synthase (iNOS) and thus play a role in bacteriasterilization. Under the tissue repair condition, L-Arg is catalyzed to ornithine by Arginase-1 (Arg-1), whichpromotes the proliferation and collagen secretion of L929 and rBMSCs. Notably, L-Arg loading samples couldpolarize macrophages to M1 and M2 in infection and tissue repair conditions, respectively. The results in vivoshow that the L-Arg loading samples could enhance infected soft tissue sealing and bone regeneration. Insummary, L-Arg loading sulfonated PEEK could polarize macrophage through metabolic reprogramming,providing multi-functions of antibacterial abilities, soft tissue repair, and bone regeneration, which gives a newidea to design percutaneous implantation materials.
基金partially supported by Asia Pacific University of Technology&Innovation(APU)Bukit Jalil,Kuala Lumpur,MalaysiaThe funding body had no role in the study design,data collection,analysis,interpretation,or writing of the manuscript.
文摘Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP spoofing attacks.Attackers can exploit this weakness to impersonate legitimate pods,enabling unauthorized access,lateral movement,and large-scale Distributed Denial of Service(DDoS)attacks.Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead,making them less effective in dynamic Kubernetes environments.This research presents PodCA,an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact.PodCA integrates with Kubernetes’Container Network Interface(CNI)and uses eBPF to monitor and validate packet metadata at the kernel level.It maintains a container network mapping table that tracks pod IP assignments,validates packet legitimacy before forwarding,and ensures network integrity.If an attack is detected,PodCA automatically blocks spoofed packets and,in cases of repeated attempts,terminates compromised pods to prevent further exploitation.Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100%accuracy.Additionally,resource consumption analysis reveals minimal overhead,with a CPU increase of only 2–3%per node and memory usage rising by 40–60 MB.These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead,making it a scalable and efficient security solution for containerized applications.
基金funded by Tongzhou District Health Development Research Reserve Project Foundation(No.KJ2024CX024)Natural Science Foundation of Tianjin City(No.23JCQNJC01640)+1 种基金National Natural Science Foundation of China(Nos.82304393,22404122)Beijing Nova Program(No.Z211100002121127).
文摘Metal ions trigger Fenton/Fenton-like reactions,generating highly toxic hydroxyl radicals(•OH)for chemodynamic therapy(CDT),which is crucial in inducing lethal oxidative DNA damage and subsequent cell apoptosis.However,tumor cells can counteract this damage through repair pathways,particularly MutT homolog 1(MTH1)protein attenuation of oxidative DNA damage.Suppression of MTH1 can enhance CDT efficacy,therefore,orderly integrating Fenton/Fenton-like agents with an MTH1 inhibitor is expected to significantly augment CDT effectiveness.Carrier-free CuTH@CD,self-assembled through the supramolecular orchestration ofγ-cyclodextrin(γ-CD)with Cu^(2+)and the MTH1 inhibitor TH588,effectively overcoming tumor resistance by greatly amplifying oxidative damage capability.Without additional carriers and mediated by multiple supramolecular regulatory effects,CuTH@CD enables high drug loading content,stability,and uniform size distribution.Upon internalization by tumor cells,CuTH@CD invalidates repair pathways through Cu^(2+)-mediated glutathione(GSH)depletion and TH588-mediated MTH1 inhibition.Meanwhile,both generated Cu^(+)ions and existing ones within the nanoassembly initiate a Fentonlike reaction,leading to the accumulation of•OH.This strategy enhances CDT efficiency with minimal side effects,improving oxidative damage potency and advancing self-delivery nanoplatforms for developing effective chemodynamic tumor therapies.
基金This research is partially funded by the Hong Kong Polytechnic University,funding account:CRG-G-UA-1R.
文摘The study draws on the prevalent theories for orchestrating cross-organizational innovation and new knowledge development processes,and proposes a new,epistemic perspective for contextualizing innovation with two management dimensions,namely,innovation complexity and innovation orchestration preconditions.Innovation complexity concerns the indeterminacy or contingency of new knowledge,or new competence,to be pursued during the course of organizational innovation.Innovation orchestration preconditions refer to the contextual innovation prerequisites that should be well meshed with one another to provide a sufficiency for innovation success.The preconditions include innovation units’structures and connectivity,behavior,and convenorship.The two dimensions describe a context map-an antithetic quad model-to imply four innovation orchestration qualities,namely,coherence,cohesiveness,congruence,and concordance.Based on the quad model,the study sets forth a measurement of the four qualities,which can assess innovation potential.To corroborate the quad model and the corresponding quality measurements,the study discursively observes a cross-sectoral innovation project.The observation results evidence the multi-finality of the four qualities for innovation success.The results reveal that it is necessary for these four qualities to be managed temporally and dynamically at different stages of innovation,and reject a fallacy that any one of these qualities is more necessary than the others.The study posits that if innovation units can be convened in accordance with the four qualities,the likelihood of innovation success will be sufficiently increased.The study finally discusses theoretical and practical implications of orchestration and convenorship.
基金supported by the“Pioneer and Leading Goose+X”research and development program of Zhejiang Province Science and Technology Department(2024C03193)the National Natural Science Foundation of China(No.82271026)Start-up Fund of Stomatology Hospital,School of Stomatology,Zhejiang University School of Medicine(2023PDF017).
文摘Bone repair and regeneration is a complex spatiotemporal process recruiting a variety of cell types,which need to precisely mediated for effective healing post-damage.The concept of osteoimmunology emphasizes the extensive and intricate crosstalk between the bone and the immune system.Despite the significant advancements in understanding osteoimmunology,the precise role of dendritic cells(DCs)in this field remains under investigation.As key antigen-presenting cells,DCs are critical in orchestrating adaptive immune responses and maintaining tissue homeostasis.Recent researches have further revealed the potential of DCs to influence the development or acceleration of inflammatory and autoimmune bone disease,as well as their interaction with skeletal cells in the context of bone repair and regeneration.
基金supported by grants from the Ministry of Science and Technology of China(Grant No.2020YFA0803301)the Natural Science Foundation of Shandong Province(Grant No.ZR2024QH181)The Postdoctoral Fellowship Program(Grade C)of the China Postdoctoral Science Foundation(Grant No.GZC20240770).
文摘Phosphoinositide 3-kinase(PI3K)catalyzes the conversion of phosphatidylinositol 4,5-bisphosphate(PIP_(2))to phosphatidylinositol 3,4,5-trisphosphate(PIP_(3)),a key second messenger that orchestrates downstream signaling by recruiting and activating effector proteins,such as protein kinase B(AKT).PI3Ks are categorized into four classes(IA,IB,II,and III)based on structural characteristics and substrate preferences1.Class IA PI3K enzymes are heterodimeric complexes composed of a catalytic subunit(p110α,p110β,or p110δ)and a regulatory subunit(p85α,p55α,p50α,p85β,or p55γ)2.Although the catalytic isoforms p110αand p110β,are ubiquitously expressed across tissues,p110δis predominantly found in leukocytes3.Notably,p85αfunctions as the primary regulatory subunit.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
