Showing papers by "Yan Chen published in 2019"
TL;DR: This paper applies a systematic classification of SDN faults, compares and analyze existing SDN fault management solutions in the literature, and conducts a gap analysis between solutions developed in an academic research context and practical deployments.
Abstract: Software-defined networking (SDN) has emerged as a new network paradigm that promises control/data plane separation and centralized network control While these features simplify network management and enable innovative networking, they give rise to persistent concerns about reliability The new paradigm suffers from the disadvantage that various network faults may consistently undermine the reliability of such a network, and such faults are often new and difficult to resolve with existing solutions To ensure SDN reliability, fault management , which is concerned with detecting, localizing, correcting and preventing faults, has become a key component in SDN networks Although many SDN fault management solutions have been proposed, we find that they often resolve SDN faults from an incomplete perspective which may result in side effects More critically, as the SDN paradigm evolves, additional fault types are being exposed Therefore, comprehensive reviews and constant improvements are required to remain on the leading edge of SDN fault management In this paper, we present the first comprehensive and systematic survey of SDN faults and related management solutions identified through advancements in both the research community and industry We apply a systematic classification of SDN faults, compare and analyze existing SDN fault management solutions in the literature, and conduct a gap analysis between solutions developed in an academic research context and practical deployments The current challenges and emerging trends are also noted as potential future research directions This paper aims to provide academic researchers and industrial engineers with a comprehensive survey with the hope of advancing SDN and inspiring new solutions
57 citations
12 Jun 2019
TL;DR: This paper deploys 4 hardware IoT honeypots and 108 specially designed software IoT Honeypots, and successfully attracts a wide variety of real-world IoT attacks, with a focus on fileless attacks, including the prevalence, exploits, environments, and impacts.
Abstract: With the wide adoption, Linux-based IoT devices have emerged as one primary target of today's cyber attacks. Traditional malware-based attacks can quickly spread across these devices, but they are well-understood threats with effective defense techniques such as malware fingerprinting and community-based fingerprint sharing. Recently, fileless attacks---attacks that do not rely on malware files---have been increasing on Linux-based IoT devices, and posing significant threats to the security and privacy of IoT systems. Little has been known in terms of their characteristics and attack vectors, which hinders research and development efforts to defend against them. In this paper, we present our endeavor in understanding fileless attacks on Linux-based IoT devices in the wild. Over a span of twelve months, we deploy 4 hardware IoT honeypots and 108 specially designed software IoT honeypots, and successfully attract a wide variety of real-world IoT attacks. We present our measurement study on these attacks, with a focus on fileless attacks, including the prevalence, exploits, environments, and impacts. Our study further leads to multi-fold insights towards actionable defense strategies that can be adopted by IoT vendors and end users.
51 citations
TL;DR: In this paper, the authors investigated detrital zircon with UPb ages ranging from 779´±´16´Ma to 3006´±''36´Ma, with a prominent peak at ca. 852´`Ma.
36 citations
TL;DR: This study studied the SMPs of the repaired shells (prismatic layers) 5-20 days after shell damage in the pearl oyster Pinctada fucata by integrating transcriptomics and proteomics and compared the microstructure difference between repaired and mature shells.
Abstract: Shells of pearl oysters are natural biominerals with remarkable properties that can be repaired after damage. The repair process can be regulated by biomacromolecules, especially shell matrix proteins (SMPs). Identifying SMPs is critical for further understanding the process. Although proteomic methods have been used to reveal the complex protein mixture in mature shells, the proteomics of repaired shells after shell damage have not been reported before. In the work described here, we studied the SMPs of the repaired shells (prismatic layers) 5-20 days after shell damage in the pearl oyster Pinctada fucata by integrating transcriptomics and proteomics and then compared the microstructure difference between repaired and mature shells. Although the repaired shells are calcite, similar to mature shells, the microstructures of repaired shells during the regeneration process were different, which could simulate the embryonic shell formation process. In total, we found 49 SMPs from the repaired shells, including some proteins that exist only in mature nacreous layers. Peroxidase-like protein and β-N-acetylhexosaminidase may be important players in shell repair. In addition, SMPs have the capability to affect the CaCO3 crystallization process in vitro, altering the packing and reducing the crystallinity of the crystals. This study could improve our understanding of the shell repair process and lay the foundation for studying SMPs-controlled biomineralization.
21 citations
06 Nov 2019
TL;DR: A novel subtree-based deobfuscation method that performs obfuscation detection and emulation-based recovery at the level of subtrees in the abstract syntax tree of PowerShell scripts is designed, which is able to further design the first semantic-aware PowerShell attack detection system.
Abstract: In recent years, PowerShell is increasingly reported to appear in a variety of cyber attacks ranging from advanced persistent threat, ransomware, phishing emails, cryptojacking, financial threats, to fileless attacks. However, since the PowerShell language is dynamic by design and can construct script pieces at different levels, state-of-the-art static analysis based PowerShell attack detection approaches are inherently vulnerable to obfuscations. To overcome this challenge, in this paper we design the first effective and light-weight deobfuscation approach for PowerShell scripts. To address the challenge in precisely identifying the recoverable script pieces, we design a novel subtree-based deobfuscation method that performs obfuscation detection and emulation-based recovery at the level of subtrees in the abstract syntax tree of PowerShell scripts. Building upon the new deobfuscation method, we are able to further design the first semantic-aware PowerShell attack detection system. To enable semantic-based detection, we leverage the classic objective-oriented association mining algorithm and newly identify 31 semantic signatures for PowerShell attacks. We perform an evaluation on a collection of 2342 benign samples and 4141 malicious samples, and find that our deobfuscation method takes less than 0.5 seconds on average and meanwhile increases the similarity between the obfuscated and original scripts from only 0.5% to around 80%, which is thus both effective and light-weight. In addition, with our deobfuscation applied, the attack detection rates for Windows Defender and VirusTotal increase substantially from 0.3% and 2.65% to 75.0% and 90.0%, respectively. Furthermore, when our deobfuscation is applied, our semantic-aware attack detection system outperforms both Windows Defender and VirusTotal with a 92.3% true positive rate and a 0% false positive rate on average.
19 citations
TL;DR: An integrated framework to identify learning engagement from three facets: affect, behavior and cognitive state, which are conveyed by learner’s facial expressions, eye movement behaviors and the overall performance during short video learning session is proposed.
Abstract: “Lack of supervision” is a particularly challenging problem in E-learning or distance learning environments. A wide range of research efforts and technologies have been explored to alleviate its impact by monitoring students’ engagement, such as emotion or learning behaviors. However, the current research still lacks multi-dimensional computational measures for analyzing learner’s engagement from the interactions that occur in digital learning environment. In this paper, we propose an integrated framework to identify learning engagement from three facets: affect, behavior and cognitive state, which are conveyed by learner’s facial expressions, eye movement behaviors and the overall performance during short video learning session. To recognize the three states of learners, three channel data is recorded: 1) video/image sequence captured by camera; 2) eye movement information from a non-intrusive and cost-effective eye tracker; and 3) click stream data from mouse. Based on these modalities, a multi-channel data fusion strategy is designed that concatenates time series features of three channels in the same time segment to predict course learning performance. We also presented a new method to make the self-reported annotations more reliable without using external observers’ verification. To validate the approach and methods, 46 participants were invited to attend a representative on-line course that consists of short videos in our designed learning environment. The results demonstrated the effectiveness of the proposed framework and methods in monitoring learning engagement. More importantly, a prototype system was developed to detect learner’s emotional and eye behavioral engagement in real-time as well as predict the learning performance of learners after they had completed each short video course.
15 citations
19 Aug 2019
14 citations
TL;DR: SDNKeeper is a generic and fine-grained policy enforcement system for the SDN-based cloud, which can defend against unauthorized attacks and avoid network resource misconfiguration and achieves accurate and efficient access control with insignificant throughput degradation and computational overhead.
9 citations
20 May 2019
TL;DR: It can be demonstrated from the evaluation results that the proposed grant-free transmission schemes are able to work together and accomplish the latency and the reliability requirements for the URLLC services, showing significant gains over the basic grant- free transmission design.
Abstract: The next generation new radio (NR) network, or the fifth generation (5G) system, will be able to enhance significantly the current Long Term Evolution (LTE), or the fourth generation (4G) network from many perspectives and initiations. One of such initiations is to support Ultra Reliable and Low Latency Communication (URLLC) services, especially to support the transmission of small but critical control related packets with periodic and aperiodic traffic patterns with very stringent latency (e.g, less than 1 ms)and reliability (up to 99.999% or 99.9999%). Grant-free transmission is one of the feasible and promising technology to meet such requirement especially for uplink transmissions. While some basic grant-free features have been proposed and standardized in NR Release 15, there are still space to improve. In this paper, three enhanced features for grant-free transmission are proposed and carefully evaluated via system level simulations. It can be demonstrated from the evaluation results that the proposed grant-free transmission schemes are able to work together and accomplish the latency and the reliability requirements for the URLLC services, showing significant gains over the basic grant-free transmission design.
7 citations
Journal Article•
TL;DR: FALCON is presented, the first FAult Localization tool for SDN CONtrol plane, which designs a novel causal inference mechanism based on differential checking, which symmetrically compares two system behaviors with similar processes and identifies the causality in related code execution paths to explain why a fault happened in the SDN network.
5 citations
19 Aug 2019
TL;DR: CEGAR further refines the abstract model by generating new predicates to rule out the current spurious example, and the model checker prioritizes more essential variables over other variables, so that the model checking will terminate faster.
Abstract: model is safe, the concrete model should also be safe. However, when a counterexample is found on the abstract model, it is either feasible on the concrete model, or a spurious example due to a high abstraction level. Therefore, CEGAR further refines the abstract model by generating new predicates to rule out the current spurious example. A number of heuristics have designed to generate predicates. Unfortunately, because the specification is usually written by humans, none of the heuristics are using any knowledge in addition to the explicit model itself. As a united platform, CellScope is able to share knowledge in between its specification and verification parts. Particularly, when constructing CFAs, CellScope distinguishes protocol related variables from program control related variables. In addition, dummy adversary variables are recorded by CellScope when building message channels. An abstract model consists of these variables can largely capture the behavior of the underlying protocol yet remains small in size. Therefore, after finding the set of contradicting predicates, our model checker prioritizes more essential variables over other variables. In this way, CellScope captures the essence of the concrete model and selects new predicates more wisely. Consequently, the model checking will terminate faster. 3.2 Model Decomposition with Weakest Precondition The execution time of verification grows fast as the size of the model grows. Nevertheless, formal models are always entangled, making decomposing them into separate ones infeasible. Cellular network models, on the other hand, can be easier decomposed into protocol layers. Meanwhile, a single layer can further be divided into function modules. The interactions in between are limited to a few messages. To verify a safety property, CellScope starts from verifying the function module in which the violation to the property can occur. Then, CellScope proceed by constructing the set of weakest preconditions on the interface between modules, from which the violation can be reached. In the same way it propagates backward, until reaches the initial module. ACKNOWLEDGMENT We would like to thank the anonymous reviewers for their valuable comments.
TL;DR: A novel causal inference mechanism based on differential checking is designed, which symmetrically compares two system behaviors with similar processes and identifies the causality in related code execution paths with concrete contexts to explain why a fault happened in the SDN network.
Patent•
19 Jul 2019
TL;DR: In this paper, an uplink information transmission method and device are used for solving the problem that in the prior art, when UCI is carried on a PUSCH for transmission, the requirement for high transmission reliability of URLLC uplink data cannot be met.
Abstract: An uplink information transmission method and device are used for solving the problem that in the prior art, when UCI is carried on a PUSCH for transmission, the requirement for high transmission reliability of URLLC uplink data cannot be met. The uplink information transmission method comprises the following steps that the terminal equipment receives downlink control information (DCI) sent by thenetwork equipment, a transmission resource of a physical uplink shared channel (PUSCH) scheduled by the DCI is determined according to the DCI, the transmission resource of the PUSCH is overlapped with a transmission resource time domain of the physical uplink control channel (PUCCH), and the PUCCH is used for bearing uplink control information (UCI) to be transmitted; and when the first condition is satisfied, the terminal device sends the uplink data on the PUSCH, and does not send the UCI on the PUSCH, so that the reduction of the transmission reliability of the uplink data caused by the UCI carried on the PUSCH is avoided.
19 Aug 2019
TL;DR: It is suggested that the transcription factor Pf-Rel can up-regulate the expression of the matrix protein genes Prismalin-14 and MSI60 during shell formation in P. fucata, which improves the understanding of transcription regulation at the molecular level during molluscan shell development.
Abstract: Molluscan shell is a biomineral that consists of a highly organized calcium carbonate composite. Organisms mainly use matrix proteins to elaborately control the biomineralization process, but knowledge of their regulatory mechanisms is limited. The transcription factor Pf-Rel, which belongs to the Rel/nuclear factor-κB family, was shown to regulate transcription at the Nacrein promoter in the pearl oyster Pinctada fucata. Here, we further explored the transcriptional regulation mechanisms of Pf-Rel on the matrix proteins Prismalin-14 and MSI60. The relative expression levels of Prismalin-14 and MSI60 were high in the mantle edge and mantle pallial tissues of P. fucata. These three genes were significantly up-regulated after shell notching, suggesting that they might play important roles during shell formation. Importantly, Pf-Rel gene knockdown by RNA interference led to down-regulation of Prismalin-14 and MSI60 expression. In transient co-transfection assays, Pf-Rel significantly up-regulated the promoter activities of the Prismalin-14 and MSI60 genes in a dose-dependent manner. Furthermore, the promoter regions of Prismalin-14 (-1794 to -1599 bp) and MSI60 (-2244 to -1141 bp) were required for the activation by Pf-Rel. Altogether, these results suggest that the transcription factor Pf-Rel can up-regulate the expression of the matrix protein genes Prismalin-14 and MSI60 during shell formation in P. fucata, which improves our understanding of transcription regulation at the molecular level during molluscan shell development.
20 May 2019
TL;DR: This article provides a systematic overview of the state-of-art design of the NOMA transmission based on a unified transmitter and receiver design framework, followed by comprehensive link level evaluations in various aspects to provide quantitative understanding of the relative performance of the various kinds of N OMA transmitter and Receiver design.
Abstract: Non-orthogonal multiple access (NOMA) is an efficient method for radio resource sharing and has been identified as a promising technology in the fifth generation (5G) wireless networks to meet the requirement of system capacity, user connectivity and service latency. Various NOMA schemes have been proposed in the last few years, such as transmitter transparent NOMA, linear spreading based NOMA and sparse code based NOMA at transmitter side, as well as linear minimum mean square error (LMMSE), expectation propagation algorithm (EPA) and message passing algorithm (MPA) at receiver side. This article provides a systematic overview of the state-of-art design of the NOMA transmission based on a unified transmitter and receiver design framework, followed by comprehensive link level evaluations in various aspects to provide quantitative understanding of the relative performance of the various kinds of NOMA transmitter and receiver design.
02 Jul 2019
TL;DR: The expectation propagation algorithm (EPA) is proposed to combine with EM, thus leading to an iterative joint UE and symbol detection receiver with low-complexity implementation and high performance.
Abstract: By introducing a structured sparse prior distribution over the transmitted signals, the user equipment (UE) detection problem in grant-free non-orthogonal multiple access (NOMA) is formulated within the expectation maximization (EM) learning framework, where the active state of each user corresponds to the unknown parameters in the prior. The structure of the sparse prior comes from the fact that the active state of each user remains the same during one Time-Frequency block of the grant-free NOMA systems. However, direct implementation of the expectation step of EM is intractable which requires the computation of posterior distributions of transmitted symbols. To address this problem, we propose to combine the expectation propagation algorithm (EPA) with EM, thus leading to an iterative joint UE and symbol detection receiver with low-complexity implementation and high performance.
Patent•
30 Jan 2019
TL;DR: In this article, the authors proposed a method for transmitting indicative information about a code book to a terminal device in a non-orthogonal multiple access system (NOMA).
Abstract: FIELD: electrical communication engineering.SUBSTANCE: invention relates to communication. Device for transmitting indicative information about a code book contains: a first determination module with the possibility of determination in accordance with one or more code books, the first codebook to be used by the terminal device to send the uplink data stream; the second determination module with the possibility of determining indicative information about the code book used to indicate the first codebook determined by the first determination module; sending module with the ability to send indicative information about the code book determined by the second determination module to the terminal device.EFFECT: technical result of the invention consists in the possibility of a network device to specify a code book to a terminal device in a non-orthogonal multiple access system.15 cl, 38 dwg, 2 tbl
Patent•
14 Nov 2019TL;DR: In this paper, the authors proposed a transmission method that improves performance of detecting a terminal device by a network device by grouping N terminal devices into a plurality of groups in each of L adjacent slots.
Abstract: This application provides a transmission method that improves performance of detecting a terminal device by a network device. The method includes may include determining, by a network device, frequency hopping sequences of N terminal devices grouped into a plurality of groups in each of L adjacent slots, where any two terminal devices in each group of terminal devices use a same frequency resource, any two groups of terminal devices in each slot use different frequency resources, and each group of terminal devices in each slot includes a maximum of K terminal devices, pilot signals used by each group of terminal devices are elements in a set that includes K different pilot signals, and pilot signals used by any two terminal devices in each group in each slot are different. The method may also include sending, by the network device, first indication information to a first terminal device in the N terminal devices, where the first indication information determines a frequency hopping sequence of the first terminal device and a pilot signal used by the first terminal device in each slot.
12 Oct 2019
TL;DR: A new Behavior-Item based Hybrid Intent-aware Framework (BIHIF) is proposed, in which the user’s main intent is extracted based on user behaviors and interactive items, respectively, and the two intent vectors are combined and extracted by the full connection layer to obtain the user's real intent.
Abstract: Sequence recommendation is one of the hotspots of recommendation algorithm research. Most of the existing sequence recommendation methods focus on how to use the items’ attributes to characterize the user’s preferences, ignoring that the user behavior also can reflect the preference for items. However, user behavior often has problems of mis-interaction and random interaction, which leads to fully utilizing it difficultly. Therefore, this paper proposes a new Behavior-Item based Hybrid Intent-aware Framework (BIHIF). In this framework, the user’s main intent is extracted based on user behaviors and interactive items, respectively, the two intent vectors are combined and extracted by the full connection layer to obtain the user’s real intent. We use real intent and item vector to calculate the score of the candidate items and make Top-K recommendations. Based on the framework, we implement models respectively by MLP and GRU, which show good results in the experiments based on three real-world datasets.