Metal ions trigger Fenton/Fenton-like reactions,generating highly toxic hydroxyl radicals(•OH)for chemodynamic therapy(CDT),which is crucial in inducing lethal oxidative DNA damage and subsequent cell apoptosis.Howeve...Metal ions trigger Fenton/Fenton-like reactions,generating highly toxic hydroxyl radicals(•OH)for chemodynamic therapy(CDT),which is crucial in inducing lethal oxidative DNA damage and subsequent cell apoptosis.However,tumor cells can counteract this damage through repair pathways,particularly MutT homolog 1(MTH1)protein attenuation of oxidative DNA damage.Suppression of MTH1 can enhance CDT efficacy,therefore,orderly integrating Fenton/Fenton-like agents with an MTH1 inhibitor is expected to significantly augment CDT effectiveness.Carrier-free CuTH@CD,self-assembled through the supramolecular orchestration ofγ-cyclodextrin(γ-CD)with Cu^(2+)and the MTH1 inhibitor TH588,effectively overcoming tumor resistance by greatly amplifying oxidative damage capability.Without additional carriers and mediated by multiple supramolecular regulatory effects,CuTH@CD enables high drug loading content,stability,and uniform size distribution.Upon internalization by tumor cells,CuTH@CD invalidates repair pathways through Cu^(2+)-mediated glutathione(GSH)depletion and TH588-mediated MTH1 inhibition.Meanwhile,both generated Cu^(+)ions and existing ones within the nanoassembly initiate a Fentonlike reaction,leading to the accumulation of•OH.This strategy enhances CDT efficiency with minimal side effects,improving oxidative damage potency and advancing self-delivery nanoplatforms for developing effective chemodynamic tumor therapies.展开更多
The pollen exine,an inert lipid layer,is the outermost layer of the pollen wall and mainly consists of sporopollenin[1,2].Normal exine contributes to male fertility and geometric patterns of pollen grain[[1],[2],[3]]....The pollen exine,an inert lipid layer,is the outermost layer of the pollen wall and mainly consists of sporopollenin[1,2].Normal exine contributes to male fertility and geometric patterns of pollen grain[[1],[2],[3]].Genetic and physicochemical processes control exine formation and genic male sterility(GMS)genes constitute a significant proportion of identified genetic factors[[1],[2],[3],[4]].To date,more than 200 GMS genes have been identified in plants[4,5].The precise molecular mechanisms underlying exine formation rely on genetic networks established by these GMS genes.However,the specific genetic networks underlying the exine formation remain unclear.展开更多
The pedagogical promise of Competency-Based Education(CBE)has been historically undermined by pro-found challenges of scalability,creating an implementation gap between its theoretical merits and practicalapplication....The pedagogical promise of Competency-Based Education(CBE)has been historically undermined by pro-found challenges of scalability,creating an implementation gap between its theoretical merits and practicalapplication.This paper proposes a testable mechanism model wherein Artificial Intelligence(Al)enables the scaling of CBE through three interconnected pathways-diagnostic tracking,adaptive supply,and teacher or-chestration-formalized within a distributed cognition framework.To operationalize this model,this paper in-troduces novel constructs including the"Adaptive-Autonomy Curve"for systematically cultivating self-regulated learning in personalized environments,and a"Situated Performance-Based Assessment Pipeline"for authentic,scalable evaluation of complex skills.The primary contributions of this work are fourfold:first,it provides a rigorous conceptual taxonomy that delineates CBE from adjacent paradigms such as mastery learning and per-sonalized learning;second,it advances a set of falsifiable propositions to guide future empirical research;third,it formalizes the human-Al pedagogical relationship with operational design principles;and fourth,it presents an integrated governance and interoperability protocol for the responsible and effective implementation of Al in competency-based systems.展开更多
Edge artificial intelligence will empower the ever simple industrial wireless networks(IWNs)supporting complex and dynamic tasks by collaboratively exploiting the computation and communication resources of both machin...Edge artificial intelligence will empower the ever simple industrial wireless networks(IWNs)supporting complex and dynamic tasks by collaboratively exploiting the computation and communication resources of both machine-type devices(MTDs)and edge servers.In this paper,we propose a multi-agent deep reinforcement learning based resource allocation(MADRL-RA)algorithm for end-edge orchestrated IWNs to support computation-intensive and delay-sensitive applications.First,we present the system model of IWNs,wherein each MTD is regarded as a self-learning agent.Then,we apply the Markov decision process to formulate a minimum system overhead problem with joint optimization of delay and energy consumption.Next,we employ MADRL to defeat the explosive state space and learn an effective resource allocation policy with respect to computing decision,computation capacity,and transmission power.To break the time correlation of training data while accelerating the learning process of MADRL-RA,we design a weighted experience replay to store and sample experiences categorically.Furthermore,we propose a step-by-stepε-greedy method to balance exploitation and exploration.Finally,we verify the effectiveness of MADRL-RA by comparing it with some benchmark algorithms in many experiments,showing that MADRL-RA converges quickly and learns an effective resource allocation policy achieving the minimum system overhead.展开更多
With the support of the National Natural Science Foundation of China,the research team directed by Prof.Yu JiaKuo(余家阔)and Jiang Dong(江东)at the Knee Surgery Department of the Institute of Sports Medicine,Beijing K...With the support of the National Natural Science Foundation of China,the research team directed by Prof.Yu JiaKuo(余家阔)and Jiang Dong(江东)at the Knee Surgery Department of the Institute of Sports Medicine,Beijing Key Laboratory of Sports Injuries,Peking University Third Hospital,recently reported the innovative results of the tissue engineered meniscus in Science Translational Medicine(2019,487:eaao0750)展开更多
Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP s...Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP spoofing attacks.Attackers can exploit this weakness to impersonate legitimate pods,enabling unauthorized access,lateral movement,and large-scale Distributed Denial of Service(DDoS)attacks.Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead,making them less effective in dynamic Kubernetes environments.This research presents PodCA,an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact.PodCA integrates with Kubernetes’Container Network Interface(CNI)and uses eBPF to monitor and validate packet metadata at the kernel level.It maintains a container network mapping table that tracks pod IP assignments,validates packet legitimacy before forwarding,and ensures network integrity.If an attack is detected,PodCA automatically blocks spoofed packets and,in cases of repeated attempts,terminates compromised pods to prevent further exploitation.Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100%accuracy.Additionally,resource consumption analysis reveals minimal overhead,with a CPU increase of only 2–3%per node and memory usage rising by 40–60 MB.These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead,making it a scalable and efficient security solution for containerized applications.展开更多
Bone repair and regeneration is a complex spatiotemporal process recruiting a variety of cell types,which need to precisely mediated for effective healing post-damage.The concept of osteoimmunology emphasizes the exte...Bone repair and regeneration is a complex spatiotemporal process recruiting a variety of cell types,which need to precisely mediated for effective healing post-damage.The concept of osteoimmunology emphasizes the extensive and intricate crosstalk between the bone and the immune system.Despite the significant advancements in understanding osteoimmunology,the precise role of dendritic cells(DCs)in this field remains under investigation.As key antigen-presenting cells,DCs are critical in orchestrating adaptive immune responses and maintaining tissue homeostasis.Recent researches have further revealed the potential of DCs to influence the development or acceleration of inflammatory and autoimmune bone disease,as well as their interaction with skeletal cells in the context of bone repair and regeneration.展开更多
Phosphoinositide 3-kinase(PI3K)catalyzes the conversion of phosphatidylinositol 4,5-bisphosphate(PIP_(2))to phosphatidylinositol 3,4,5-trisphosphate(PIP_(3)),a key second messenger that orchestrates downstream signali...Phosphoinositide 3-kinase(PI3K)catalyzes the conversion of phosphatidylinositol 4,5-bisphosphate(PIP_(2))to phosphatidylinositol 3,4,5-trisphosphate(PIP_(3)),a key second messenger that orchestrates downstream signaling by recruiting and activating effector proteins,such as protein kinase B(AKT).PI3Ks are categorized into four classes(IA,IB,II,and III)based on structural characteristics and substrate preferences1.Class IA PI3K enzymes are heterodimeric complexes composed of a catalytic subunit(p110α,p110β,or p110δ)and a regulatory subunit(p85α,p55α,p50α,p85β,or p55γ)2.Although the catalytic isoforms p110αand p110β,are ubiquitously expressed across tissues,p110δis predominantly found in leukocytes3.Notably,p85αfunctions as the primary regulatory subunit.展开更多
Originally extracted from willow bark,salicylic acid(SA)provided the structural basis for the synthesis of acetylsalicylic acid(aspirin)in 1897,a milestone that exemplifies the far-reaching biomedical relevance of pla...Originally extracted from willow bark,salicylic acid(SA)provided the structural basis for the synthesis of acetylsalicylic acid(aspirin)in 1897,a milestone that exemplifies the far-reaching biomedical relevance of plant-derived metabolites(Desborough and Keeling,2017).In plants,SA functions as a pleiotropic phytohormone that orchestrates immune reprogramming,serving as a central mediator of both local defense responses and systemic acquired resistance(SAR).展开更多
It's promising to use Software-Defined Networking(SDN) and Network Functions Virtualization(NFV) to integrate satellite and terrestrial networks. To construct network service function chains in such a multi-domain...It's promising to use Software-Defined Networking(SDN) and Network Functions Virtualization(NFV) to integrate satellite and terrestrial networks. To construct network service function chains in such a multi-domain environment, we propose a horizontal-based Multi-domain Service Function Chaining(Md-SFC) orchestration framework. In this framework, multi-domain orchestrators can coordinate with each other to guarantee the end-to-end service quality. Intra-domain orchestrators also coordinate SDN controllers and NFV management components to implement intra-domain service function chains. Based on this, we further propose a heuristic SFC mapping algorithm with a cooperative inter-domain path calculation method to map service function chains to infrastructures. In this method, master multi-domain orchestrator and intra-domain orchestrators coordinate to select proper inter-domain links. We compare the cooperative method with a naive uncooperative way that domains' topology information is provided to the master multi-domain orchestrator and it calculates the shortest inter-domain path between intra-domain service function chains directly. Simulation results demonstrate that our solution is feasible. It is able to construct end-to-end performance guaranteed service function chain by horizontal-based cooperation. The cooperative inter-domain path calculation method decreasesthe mapping load for the master orchestrator and gets the same end-to-end performance.展开更多
Current orchestration and choreography process engines only serve with dedicate process languages.To solve these problems,an Event-driven Process Execution Model(EPEM) was developed.Formalization and mapping principle...Current orchestration and choreography process engines only serve with dedicate process languages.To solve these problems,an Event-driven Process Execution Model(EPEM) was developed.Formalization and mapping principles of the model were presented to guarantee the correctness and efficiency for process transformation.As a case study,the EPEM descriptions of Web Services Business Process Execution Language(WS-BPEL) were represented and a Process Virtual Machine(PVM)-OncePVM was implemented in compliance with the EPEM.展开更多
New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and hete...New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.展开更多
Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some o...Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some orchestration architecture has been proposed to chain network functions, rare works are focused on how to optimize this process. In this paper, we propose an optimized model for network function orchestration, function combination model(FCM). Our main contributions are as following. First, network functions are featured with a new abstraction, and are open to external providers. And FCM identifies network functions using unique type, and organizes their instances distributed over the network with the appropriate way. Second, with the specialized demands, we can combine function instances under the global network views, and formulate it into the problem of Boolean linear program(BLP). A simulated annealing algorithm is designed to approach optimal solution for this BLP. Finally, the numerical experiment demonstrates that our model can create outstanding composite schemas efficiently.展开更多
The Internet of Things(IoT)has recently become a popular technology that can play increasingly important roles in every aspect of our daily life.For collaboration between IoT devices and edge cloud servers,edge server...The Internet of Things(IoT)has recently become a popular technology that can play increasingly important roles in every aspect of our daily life.For collaboration between IoT devices and edge cloud servers,edge server nodes provide the computation and storage capabilities for IoT devices through the task offloading process for accelerating tasks with large resource requests.However,the quantitative impact of different offloading architectures and policies on IoT applications’performance remains far from clear,especially with a dynamic and unpredictable range of connected physical and virtual devices.To this end,this work models the performance impact by exploiting a potential latency that exhibits within the environment of edge cloud.Also,it investigates and compares the effects of loosely-coupled(LC)and orchestrator-enabled(OE)architecture.The LC scheme can smoothly address task redistribution with less time consumption for the offloading sceneries with small scale and small task requests.Moreover,the OE scheme not only outperforms the LC scheme in the large-scale tasks requests and offloading occurs but also reduces the overall time by 28.19%.Finally,to achieve optimized solutions for optimal offloading placement with different constraints,orchestration is important.展开更多
Kubernetes is an open-source container management tool which automates container deployment,container load balancing and container(de)scaling,including Horizontal Pod Autoscaler(HPA),Vertical Pod Autoscaler(VPA).HPA e...Kubernetes is an open-source container management tool which automates container deployment,container load balancing and container(de)scaling,including Horizontal Pod Autoscaler(HPA),Vertical Pod Autoscaler(VPA).HPA enables flawless operation,interactively scaling the number of resource units,or pods,without downtime.Default Resource Metrics,such as CPU and memory use of host machines and pods,are monitored by Kubernetes.Cloud Computing has emerged as a platform for individuals beside the corporate sector.It provides cost-effective infrastructure,platform and software services in a shared environment.On the other hand,the emergence of industry 4.0 brought new challenges for the adaptability and infusion of cloud computing.As the global work environment is adapting constituents of industry 4.0 in terms of robotics,artificial intelligence and IoT devices,it is becoming eminent that one emerging challenge is collaborative schematics.Provision of such autonomous mechanism that can develop,manage and operationalize digital resources like CoBots to perform tasks in a distributed and collaborative cloud environment for optimized utilization of resources,ensuring schedule completion.Collaborative schematics are also linked with Bigdata management produced by large scale industry 4.0 setups.Different use cases and simulation results showed a significant improvement in Pod CPU utilization,latency,and throughput over Kubernetes environment.展开更多
Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified ne...Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.展开更多
Animal husbandry is the pillar industry in some ethnic areas of China.However,the communication/networking infrastructure in these areas is often underdeveloped,thus the difficulty in centralized management,and challe...Animal husbandry is the pillar industry in some ethnic areas of China.However,the communication/networking infrastructure in these areas is often underdeveloped,thus the difficulty in centralized management,and challenges for the effective monitoring.Considering the dynamics of the field monitoring environment,as well as the diversity and mobility of monitoring targets,traditional WSN(Wireless Sensor Networks)or IoT(Internet of Things)is difficult to meet the surveillance needs.Mobile surveillance that features the collaboration of various functions(camera,sensing,image recognition,etc.)deployed on mobile devices is desirable in a volatile wireless environment.This paper proposes the service function chaining for mobile surveillance of animal husbandry,which orchestrates multi-path multifunction(MPMF)chains to help mobile devices to collaborate in complex surveillance tasks,provide backup chains in case the primary service function chain fails due to mobility,signal strength,obstacle,etc.,and make up for the defects of difficult deployment of monitoring facilities in ethnic areas.MPMF algorithmmodels both mobile devices and various functions deployed on them as abstract graph nodes,so that chains that are required to traverse various functions and hosting mobile devices can be orchestrated in a single graphbased query through modified and adapted Dijkstra-like algorithms,with their cost ordered automatically.Experiment results show that the proposed MPMF algorithm finds multiple least-costly chains that traverse demanded functions in a timely fashion on Raspberry Pi-equipped mobile devices.展开更多
基金funded by Tongzhou District Health Development Research Reserve Project Foundation(No.KJ2024CX024)Natural Science Foundation of Tianjin City(No.23JCQNJC01640)+1 种基金National Natural Science Foundation of China(Nos.82304393,22404122)Beijing Nova Program(No.Z211100002121127).
文摘Metal ions trigger Fenton/Fenton-like reactions,generating highly toxic hydroxyl radicals(•OH)for chemodynamic therapy(CDT),which is crucial in inducing lethal oxidative DNA damage and subsequent cell apoptosis.However,tumor cells can counteract this damage through repair pathways,particularly MutT homolog 1(MTH1)protein attenuation of oxidative DNA damage.Suppression of MTH1 can enhance CDT efficacy,therefore,orderly integrating Fenton/Fenton-like agents with an MTH1 inhibitor is expected to significantly augment CDT effectiveness.Carrier-free CuTH@CD,self-assembled through the supramolecular orchestration ofγ-cyclodextrin(γ-CD)with Cu^(2+)and the MTH1 inhibitor TH588,effectively overcoming tumor resistance by greatly amplifying oxidative damage capability.Without additional carriers and mediated by multiple supramolecular regulatory effects,CuTH@CD enables high drug loading content,stability,and uniform size distribution.Upon internalization by tumor cells,CuTH@CD invalidates repair pathways through Cu^(2+)-mediated glutathione(GSH)depletion and TH588-mediated MTH1 inhibition.Meanwhile,both generated Cu^(+)ions and existing ones within the nanoassembly initiate a Fentonlike reaction,leading to the accumulation of•OH.This strategy enhances CDT efficiency with minimal side effects,improving oxidative damage potency and advancing self-delivery nanoplatforms for developing effective chemodynamic tumor therapies.
基金supported by the National Key Research and Development Program of China(2022YFF1003501 and 2023ZD04076)the National Natural Science Foundation of China(32330076 and 32301886)the Beijing Innovation Consortium of Agriculture Research System(BAIC02-2024).
文摘The pollen exine,an inert lipid layer,is the outermost layer of the pollen wall and mainly consists of sporopollenin[1,2].Normal exine contributes to male fertility and geometric patterns of pollen grain[[1],[2],[3]].Genetic and physicochemical processes control exine formation and genic male sterility(GMS)genes constitute a significant proportion of identified genetic factors[[1],[2],[3],[4]].To date,more than 200 GMS genes have been identified in plants[4,5].The precise molecular mechanisms underlying exine formation rely on genetic networks established by these GMS genes.However,the specific genetic networks underlying the exine formation remain unclear.
文摘The pedagogical promise of Competency-Based Education(CBE)has been historically undermined by pro-found challenges of scalability,creating an implementation gap between its theoretical merits and practicalapplication.This paper proposes a testable mechanism model wherein Artificial Intelligence(Al)enables the scaling of CBE through three interconnected pathways-diagnostic tracking,adaptive supply,and teacher or-chestration-formalized within a distributed cognition framework.To operationalize this model,this paper in-troduces novel constructs including the"Adaptive-Autonomy Curve"for systematically cultivating self-regulated learning in personalized environments,and a"Situated Performance-Based Assessment Pipeline"for authentic,scalable evaluation of complex skills.The primary contributions of this work are fourfold:first,it provides a rigorous conceptual taxonomy that delineates CBE from adjacent paradigms such as mastery learning and per-sonalized learning;second,it advances a set of falsifiable propositions to guide future empirical research;third,it formalizes the human-Al pedagogical relationship with operational design principles;and fourth,it presents an integrated governance and interoperability protocol for the responsible and effective implementation of Al in competency-based systems.
基金Project supported by the National Key R&rD Program of China(No.2020YFB1710900)the National Natural Science Foundation of China(Nos.62173322,61803368,and U1908212)+1 种基金the China Postdoctoral Science Foundation(No.2019M661156)the Youth Innovation Promotion Association,Chinese Academy of Sciences(No.2019202)。
文摘Edge artificial intelligence will empower the ever simple industrial wireless networks(IWNs)supporting complex and dynamic tasks by collaboratively exploiting the computation and communication resources of both machine-type devices(MTDs)and edge servers.In this paper,we propose a multi-agent deep reinforcement learning based resource allocation(MADRL-RA)algorithm for end-edge orchestrated IWNs to support computation-intensive and delay-sensitive applications.First,we present the system model of IWNs,wherein each MTD is regarded as a self-learning agent.Then,we apply the Markov decision process to formulate a minimum system overhead problem with joint optimization of delay and energy consumption.Next,we employ MADRL to defeat the explosive state space and learn an effective resource allocation policy with respect to computing decision,computation capacity,and transmission power.To break the time correlation of training data while accelerating the learning process of MADRL-RA,we design a weighted experience replay to store and sample experiences categorically.Furthermore,we propose a step-by-stepε-greedy method to balance exploitation and exploration.Finally,we verify the effectiveness of MADRL-RA by comparing it with some benchmark algorithms in many experiments,showing that MADRL-RA converges quickly and learns an effective resource allocation policy achieving the minimum system overhead.
文摘With the support of the National Natural Science Foundation of China,the research team directed by Prof.Yu JiaKuo(余家阔)and Jiang Dong(江东)at the Knee Surgery Department of the Institute of Sports Medicine,Beijing Key Laboratory of Sports Injuries,Peking University Third Hospital,recently reported the innovative results of the tissue engineered meniscus in Science Translational Medicine(2019,487:eaao0750)
基金partially supported by Asia Pacific University of Technology&Innovation(APU)Bukit Jalil,Kuala Lumpur,MalaysiaThe funding body had no role in the study design,data collection,analysis,interpretation,or writing of the manuscript.
文摘Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP spoofing attacks.Attackers can exploit this weakness to impersonate legitimate pods,enabling unauthorized access,lateral movement,and large-scale Distributed Denial of Service(DDoS)attacks.Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead,making them less effective in dynamic Kubernetes environments.This research presents PodCA,an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact.PodCA integrates with Kubernetes’Container Network Interface(CNI)and uses eBPF to monitor and validate packet metadata at the kernel level.It maintains a container network mapping table that tracks pod IP assignments,validates packet legitimacy before forwarding,and ensures network integrity.If an attack is detected,PodCA automatically blocks spoofed packets and,in cases of repeated attempts,terminates compromised pods to prevent further exploitation.Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100%accuracy.Additionally,resource consumption analysis reveals minimal overhead,with a CPU increase of only 2–3%per node and memory usage rising by 40–60 MB.These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead,making it a scalable and efficient security solution for containerized applications.
基金supported by the“Pioneer and Leading Goose+X”research and development program of Zhejiang Province Science and Technology Department(2024C03193)the National Natural Science Foundation of China(No.82271026)Start-up Fund of Stomatology Hospital,School of Stomatology,Zhejiang University School of Medicine(2023PDF017).
文摘Bone repair and regeneration is a complex spatiotemporal process recruiting a variety of cell types,which need to precisely mediated for effective healing post-damage.The concept of osteoimmunology emphasizes the extensive and intricate crosstalk between the bone and the immune system.Despite the significant advancements in understanding osteoimmunology,the precise role of dendritic cells(DCs)in this field remains under investigation.As key antigen-presenting cells,DCs are critical in orchestrating adaptive immune responses and maintaining tissue homeostasis.Recent researches have further revealed the potential of DCs to influence the development or acceleration of inflammatory and autoimmune bone disease,as well as their interaction with skeletal cells in the context of bone repair and regeneration.
基金supported by grants from the Ministry of Science and Technology of China(Grant No.2020YFA0803301)the Natural Science Foundation of Shandong Province(Grant No.ZR2024QH181)The Postdoctoral Fellowship Program(Grade C)of the China Postdoctoral Science Foundation(Grant No.GZC20240770).
文摘Phosphoinositide 3-kinase(PI3K)catalyzes the conversion of phosphatidylinositol 4,5-bisphosphate(PIP_(2))to phosphatidylinositol 3,4,5-trisphosphate(PIP_(3)),a key second messenger that orchestrates downstream signaling by recruiting and activating effector proteins,such as protein kinase B(AKT).PI3Ks are categorized into four classes(IA,IB,II,and III)based on structural characteristics and substrate preferences1.Class IA PI3K enzymes are heterodimeric complexes composed of a catalytic subunit(p110α,p110β,or p110δ)and a regulatory subunit(p85α,p55α,p50α,p85β,or p55γ)2.Although the catalytic isoforms p110αand p110β,are ubiquitously expressed across tissues,p110δis predominantly found in leukocytes3.Notably,p85αfunctions as the primary regulatory subunit.
基金supported by grant from the National Natural Science Foundation of China(32330056)。
文摘Originally extracted from willow bark,salicylic acid(SA)provided the structural basis for the synthesis of acetylsalicylic acid(aspirin)in 1897,a milestone that exemplifies the far-reaching biomedical relevance of plant-derived metabolites(Desborough and Keeling,2017).In plants,SA functions as a pleiotropic phytohormone that orchestrates immune reprogramming,serving as a central mediator of both local defense responses and systemic acquired resistance(SAR).
基金supported by National High Technology of China ("863 program") under Grant No. 2015AA015702NSAF under Grant No.U1530118+1 种基金NSFC under Grant No.61602030National Basic Research Program of China ("973 program")under Grant No. 2013CB329101
文摘It's promising to use Software-Defined Networking(SDN) and Network Functions Virtualization(NFV) to integrate satellite and terrestrial networks. To construct network service function chains in such a multi-domain environment, we propose a horizontal-based Multi-domain Service Function Chaining(Md-SFC) orchestration framework. In this framework, multi-domain orchestrators can coordinate with each other to guarantee the end-to-end service quality. Intra-domain orchestrators also coordinate SDN controllers and NFV management components to implement intra-domain service function chains. Based on this, we further propose a heuristic SFC mapping algorithm with a cooperative inter-domain path calculation method to map service function chains to infrastructures. In this method, master multi-domain orchestrator and intra-domain orchestrators coordinate to select proper inter-domain links. We compare the cooperative method with a naive uncooperative way that domains' topology information is provided to the master multi-domain orchestrator and it calculates the shortest inter-domain path between intra-domain service function chains directly. Simulation results demonstrate that our solution is feasible. It is able to construct end-to-end performance guaranteed service function chain by horizontal-based cooperation. The cooperative inter-domain path calculation method decreasesthe mapping load for the master orchestrator and gets the same end-to-end performance.
文摘Current orchestration and choreography process engines only serve with dedicate process languages.To solve these problems,an Event-driven Process Execution Model(EPEM) was developed.Formalization and mapping principles of the model were presented to guarantee the correctness and efficiency for process transformation.As a case study,the EPEM descriptions of Web Services Business Process Execution Language(WS-BPEL) were represented and a Process Virtual Machine(PVM)-OncePVM was implemented in compliance with the EPEM.
文摘New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.
基金supported by the China Postdoctoral Fund Project (No.44603)the National Natural Science Foundation of China (No.61309020)+1 种基金the National key Research and Development Program of China (No.2016YFB0800100, 2016YFB0800101)the National Natural Science Fund for Creative Research Groups Project(No.61521003)
文摘Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some orchestration architecture has been proposed to chain network functions, rare works are focused on how to optimize this process. In this paper, we propose an optimized model for network function orchestration, function combination model(FCM). Our main contributions are as following. First, network functions are featured with a new abstraction, and are open to external providers. And FCM identifies network functions using unique type, and organizes their instances distributed over the network with the appropriate way. Second, with the specialized demands, we can combine function instances under the global network views, and formulate it into the problem of Boolean linear program(BLP). A simulated annealing algorithm is designed to approach optimal solution for this BLP. Finally, the numerical experiment demonstrates that our model can create outstanding composite schemas efficiently.
文摘The Internet of Things(IoT)has recently become a popular technology that can play increasingly important roles in every aspect of our daily life.For collaboration between IoT devices and edge cloud servers,edge server nodes provide the computation and storage capabilities for IoT devices through the task offloading process for accelerating tasks with large resource requests.However,the quantitative impact of different offloading architectures and policies on IoT applications’performance remains far from clear,especially with a dynamic and unpredictable range of connected physical and virtual devices.To this end,this work models the performance impact by exploiting a potential latency that exhibits within the environment of edge cloud.Also,it investigates and compares the effects of loosely-coupled(LC)and orchestrator-enabled(OE)architecture.The LC scheme can smoothly address task redistribution with less time consumption for the offloading sceneries with small scale and small task requests.Moreover,the OE scheme not only outperforms the LC scheme in the large-scale tasks requests and offloading occurs but also reduces the overall time by 28.19%.Finally,to achieve optimized solutions for optimal offloading placement with different constraints,orchestration is important.
文摘Kubernetes is an open-source container management tool which automates container deployment,container load balancing and container(de)scaling,including Horizontal Pod Autoscaler(HPA),Vertical Pod Autoscaler(VPA).HPA enables flawless operation,interactively scaling the number of resource units,or pods,without downtime.Default Resource Metrics,such as CPU and memory use of host machines and pods,are monitored by Kubernetes.Cloud Computing has emerged as a platform for individuals beside the corporate sector.It provides cost-effective infrastructure,platform and software services in a shared environment.On the other hand,the emergence of industry 4.0 brought new challenges for the adaptability and infusion of cloud computing.As the global work environment is adapting constituents of industry 4.0 in terms of robotics,artificial intelligence and IoT devices,it is becoming eminent that one emerging challenge is collaborative schematics.Provision of such autonomous mechanism that can develop,manage and operationalize digital resources like CoBots to perform tasks in a distributed and collaborative cloud environment for optimized utilization of resources,ensuring schedule completion.Collaborative schematics are also linked with Bigdata management produced by large scale industry 4.0 setups.Different use cases and simulation results showed a significant improvement in Pod CPU utilization,latency,and throughput over Kubernetes environment.
基金This work was funded by the Deanship of Scientific Research at Jouf University under Grant Number(DSR2022-RG-0102).
文摘Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.
基金This research was partially supported by the National Key Research and Development Program of China(2018YFC1507005)China Postdoctoral Science Foundation(2018M643448)+1 种基金Sichuan Science and Technology Program(2020YFG0189)Fundamental Research Funds for the Central Universities,Southwest Minzu University(2020NQN18).
文摘Animal husbandry is the pillar industry in some ethnic areas of China.However,the communication/networking infrastructure in these areas is often underdeveloped,thus the difficulty in centralized management,and challenges for the effective monitoring.Considering the dynamics of the field monitoring environment,as well as the diversity and mobility of monitoring targets,traditional WSN(Wireless Sensor Networks)or IoT(Internet of Things)is difficult to meet the surveillance needs.Mobile surveillance that features the collaboration of various functions(camera,sensing,image recognition,etc.)deployed on mobile devices is desirable in a volatile wireless environment.This paper proposes the service function chaining for mobile surveillance of animal husbandry,which orchestrates multi-path multifunction(MPMF)chains to help mobile devices to collaborate in complex surveillance tasks,provide backup chains in case the primary service function chain fails due to mobility,signal strength,obstacle,etc.,and make up for the defects of difficult deployment of monitoring facilities in ethnic areas.MPMF algorithmmodels both mobile devices and various functions deployed on them as abstract graph nodes,so that chains that are required to traverse various functions and hosting mobile devices can be orchestrated in a single graphbased query through modified and adapted Dijkstra-like algorithms,with their cost ordered automatically.Experiment results show that the proposed MPMF algorithm finds multiple least-costly chains that traverse demanded functions in a timely fashion on Raspberry Pi-equipped mobile devices.
