Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP s...Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP spoofing attacks.Attackers can exploit this weakness to impersonate legitimate pods,enabling unauthorized access,lateral movement,and large-scale Distributed Denial of Service(DDoS)attacks.Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead,making them less effective in dynamic Kubernetes environments.This research presents PodCA,an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact.PodCA integrates with Kubernetes’Container Network Interface(CNI)and uses eBPF to monitor and validate packet metadata at the kernel level.It maintains a container network mapping table that tracks pod IP assignments,validates packet legitimacy before forwarding,and ensures network integrity.If an attack is detected,PodCA automatically blocks spoofed packets and,in cases of repeated attempts,terminates compromised pods to prevent further exploitation.Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100%accuracy.Additionally,resource consumption analysis reveals minimal overhead,with a CPU increase of only 2–3%per node and memory usage rising by 40–60 MB.These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead,making it a scalable and efficient security solution for containerized applications.展开更多
Wireless Ad Hoc Networks consist of devices that are wirelessly connected.Mobile Ad Hoc Networks(MANETs),Internet of Things(IoT),and Vehicular Ad Hoc Networks(VANETs)are the main domains of wireless ad hoc network.Int...Wireless Ad Hoc Networks consist of devices that are wirelessly connected.Mobile Ad Hoc Networks(MANETs),Internet of Things(IoT),and Vehicular Ad Hoc Networks(VANETs)are the main domains of wireless ad hoc network.Internet is used in wireless ad hoc network.Internet is based on Transmission Control Protocol(TCP)/Internet Protocol(IP)network where clients and servers interact with each other with the help of IP in a pre-defined environment.Internet fetches data from a fixed location.Data redundancy,mobility,and location dependency are the main issues of the IP network paradigm.All these factors result in poor performance of wireless ad hoc networks.The main disadvantage of IP is that,it does not provide in-network caching.Therefore,there is a need to move towards a new network that overcomes these limitations.Named Data Network(NDN)is a network that overcomes these limitations.NDN is a project of Information-centric Network(ICN).NDN provides in-network caching which helps in fast response to user queries.Implementing NDN in wireless ad hoc network provides many benefits such as caching,mobility,scalability,security,and privacy.By considering the certainty,in this survey paper,we present a comprehensive survey on Caching Strategies in NDN-based Wireless AdHocNetwork.Various cachingmechanism-based results are also described.In the last,we also shed light on the challenges and future directions of this promising field to provide a clear understanding of what caching-related problems exist in NDN-based wireless ad hoc networks.展开更多
Object detection in images has been identified as a critical area of research in computer vision image processing.Research has developed several novel methods for determining an object’s location and category from an...Object detection in images has been identified as a critical area of research in computer vision image processing.Research has developed several novel methods for determining an object’s location and category from an image.However,there is still room for improvement in terms of detection effi-ciency.This study aims to develop a technique for detecting objects in images.To enhance overall detection performance,we considered object detection a two-fold problem,including localization and classification.The proposed method generates class-independent,high-quality,and precise proposals using an agglomerative clustering technique.We then combine these proposals with the relevant input image to train our network on convolutional features.Next,a network refinement module decreases the quantity of generated proposals to produce fewer high-quality candidate proposals.Finally,revised candidate proposals are sent into the network’s detection process to determine the object type.The algorithm’s performance is evaluated using publicly available the PASCAL Visual Object Classes Challenge 2007(VOC2007),VOC2012,and Microsoft Common Objects in Context(MS-COCO)datasets.Using only 100 proposals per image at intersection over union((IoU)=0.5 and 0.7),the proposed method attains Detection Recall(DR)rates of(93.17%and 79.35%)and(69.4%and 58.35%),and Mean Average Best Overlap(MABO)values of(79.25%and 62.65%),for the VOC2007 and MS-COCO datasets,respectively.Besides,it achieves a Mean Average Precision(mAP)of(84.7%and 81.5%)on both VOC datasets.The experiment findings reveal that our method exceeds previous approaches in terms of overall detection performance,proving its effectiveness.展开更多
基金partially supported by Asia Pacific University of Technology&Innovation(APU)Bukit Jalil,Kuala Lumpur,MalaysiaThe funding body had no role in the study design,data collection,analysis,interpretation,or writing of the manuscript.
文摘Kubernetes has become the dominant container orchestration platform,withwidespread adoption across industries.However,its default pod-to-pod communicationmechanism introduces security vulnerabilities,particularly IP spoofing attacks.Attackers can exploit this weakness to impersonate legitimate pods,enabling unauthorized access,lateral movement,and large-scale Distributed Denial of Service(DDoS)attacks.Existing security mechanisms such as network policies and intrusion detection systems introduce latency and performance overhead,making them less effective in dynamic Kubernetes environments.This research presents PodCA,an eBPF-based security framework designed to detect and prevent IP spoofing in real time while minimizing performance impact.PodCA integrates with Kubernetes’Container Network Interface(CNI)and uses eBPF to monitor and validate packet metadata at the kernel level.It maintains a container network mapping table that tracks pod IP assignments,validates packet legitimacy before forwarding,and ensures network integrity.If an attack is detected,PodCA automatically blocks spoofed packets and,in cases of repeated attempts,terminates compromised pods to prevent further exploitation.Experimental evaluation on an AWS Kubernetes cluster demonstrates that PodCA detects and prevents spoofed packets with 100%accuracy.Additionally,resource consumption analysis reveals minimal overhead,with a CPU increase of only 2–3%per node and memory usage rising by 40–60 MB.These results highlight the effectiveness of eBPF in securing Kubernetes environments with low overhead,making it a scalable and efficient security solution for containerized applications.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.2022R1A2C1003549).
文摘Wireless Ad Hoc Networks consist of devices that are wirelessly connected.Mobile Ad Hoc Networks(MANETs),Internet of Things(IoT),and Vehicular Ad Hoc Networks(VANETs)are the main domains of wireless ad hoc network.Internet is used in wireless ad hoc network.Internet is based on Transmission Control Protocol(TCP)/Internet Protocol(IP)network where clients and servers interact with each other with the help of IP in a pre-defined environment.Internet fetches data from a fixed location.Data redundancy,mobility,and location dependency are the main issues of the IP network paradigm.All these factors result in poor performance of wireless ad hoc networks.The main disadvantage of IP is that,it does not provide in-network caching.Therefore,there is a need to move towards a new network that overcomes these limitations.Named Data Network(NDN)is a network that overcomes these limitations.NDN is a project of Information-centric Network(ICN).NDN provides in-network caching which helps in fast response to user queries.Implementing NDN in wireless ad hoc network provides many benefits such as caching,mobility,scalability,security,and privacy.By considering the certainty,in this survey paper,we present a comprehensive survey on Caching Strategies in NDN-based Wireless AdHocNetwork.Various cachingmechanism-based results are also described.In the last,we also shed light on the challenges and future directions of this promising field to provide a clear understanding of what caching-related problems exist in NDN-based wireless ad hoc networks.
基金funded by Huanggang Normal University,China,Self-type Project of 2021(No.30120210103)and 2022(No.2042021008).
文摘Object detection in images has been identified as a critical area of research in computer vision image processing.Research has developed several novel methods for determining an object’s location and category from an image.However,there is still room for improvement in terms of detection effi-ciency.This study aims to develop a technique for detecting objects in images.To enhance overall detection performance,we considered object detection a two-fold problem,including localization and classification.The proposed method generates class-independent,high-quality,and precise proposals using an agglomerative clustering technique.We then combine these proposals with the relevant input image to train our network on convolutional features.Next,a network refinement module decreases the quantity of generated proposals to produce fewer high-quality candidate proposals.Finally,revised candidate proposals are sent into the network’s detection process to determine the object type.The algorithm’s performance is evaluated using publicly available the PASCAL Visual Object Classes Challenge 2007(VOC2007),VOC2012,and Microsoft Common Objects in Context(MS-COCO)datasets.Using only 100 proposals per image at intersection over union((IoU)=0.5 and 0.7),the proposed method attains Detection Recall(DR)rates of(93.17%and 79.35%)and(69.4%and 58.35%),and Mean Average Best Overlap(MABO)values of(79.25%and 62.65%),for the VOC2007 and MS-COCO datasets,respectively.Besides,it achieves a Mean Average Precision(mAP)of(84.7%and 81.5%)on both VOC datasets.The experiment findings reveal that our method exceeds previous approaches in terms of overall detection performance,proving its effectiveness.
