Showing papers in "IEEE Transactions on Services Computing in 2017"
TL;DR: A new cryptographic primitive called attribute-based encryption scheme with outsourcing key-issuing and outsourcing decryption, which can implement keyword search function (KSF-OABE) and is proved secure against chosen-plaintext attack (CPA).
Abstract: Cloud computing becomes increasingly popular for data owners to outsource their data to public cloud servers while allowing intended data users to retrieve these data stored in cloud. This kind of computing model brings challenges to the security and privacy of data stored in cloud. Attribute-based encryption (ABE) technology has been used to design fine-grained access control system, which provides one good method to solve the security issues in cloud setting. However, the computation cost and ciphertext size in most ABE schemes grow with the complexity of the access policy. Outsourced ABE (OABE) with fine-grained access control system can largely reduce the computation cost for users who want to access encrypted data stored in cloud by outsourcing the heavy computation to cloud service provider (CSP). However, as the amount of encrypted files stored in cloud is becoming very huge, which will hinder efficient query processing. To deal with above problem, we present a new cryptographic primitive called attribute-based encryption scheme with outsourcing key-issuing and outsourcing decryption, which can implement keyword search function (KSF-OABE). The proposed KSF-OABE scheme is proved secure against chosen-plaintext attack (CPA). CSP performs partial decryption task delegated by data user without knowing anything about the plaintext. Moreover, the CSP can perform encrypted keyword search without knowing anything about the keywords embedded in trapdoor.
246 citations
TL;DR: This article provides a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system that can withstand collusion attack performed by revoked users cooperating with existing users and proves the security of the scheme under the divisible computation Diffie-Hellman assumption.
Abstract: With the development of cloud computing, outsourcing data to cloud server attracts lots of attentions. To guarantee the security and achieve flexibly fine-grained file access control, attribute based encryption (ABE) was proposed and used in cloud storage system. However, user revocation is the primary issue in ABE schemes. In this article, we provide a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system. The issue of user revocation can be solved efficiently by introducing the concept of user group. When any user leaves, the group manager will update users’ private keys except for those who have been revoked. Additionally, CP-ABE scheme has heavy computation cost, as it grows linearly with the complexity for the access structure. To reduce the computation cost, we outsource high computation load to cloud service providers without leaking file content and secret keys. Notably, our scheme can withstand collusion attack performed by revoked users cooperating with existing users. We prove the security of our scheme under the divisible computation Diffie-Hellman assumption. The result of our experiment shows computation cost for local devices is relatively low and can be constant. Our scheme is suitable for resource constrained devices.
242 citations
TL;DR: A novel public auditing scheme for secure cloud storage based on dynamic hash table (DHT), which is a new two-dimensional data structure located at a third parity auditor (TPA) to record the data property information for dynamic auditing.
Abstract: Cloud storage is an increasingly popular application of cloud computing, which can provide on-demand outsourcing data services for both organizations and individuals. However, users may not fully trust the cloud service providers (CSPs) in that it is difficult to determine whether the CSPs meet their legal expectations for data security. Therefore, it is critical to develop efficient auditing techniques to strengthen data owners’ trust and confidence in cloud storage. In this paper, we present a novel public auditing scheme for secure cloud storage based on dynamic hash table (DHT), which is a new two-dimensional data structure located at a third parity auditor (TPA) to record the data property information for dynamic auditing. Differing from the existing works, the proposed scheme migrates the authorized information from the CSP to the TPA, and thereby significantly reduces the computational cost and communication overhead. Meanwhile, exploiting the structural advantages of the DHT, our scheme can also achieve higher updating efficiency than the state-of-the-art schemes. In addition, we extend our scheme to support privacy preservation by combining the homomorphic authenticator based on the public key with the random masking generated by the TPA, and achieve batch auditing by employing the aggregate BLS signature technique. We formally prove the security of the proposed scheme, and evaluate the auditing performance by detailed experiments and comparisons with the existing ones. The results demonstrate that the proposed scheme can effectively achieve secure auditing for cloud storage, and outperforms the previous schemes in computation complexity, storage costs and communication overhead.
191 citations
TL;DR: The results of this study confirms that new meta-heuristic algorithms have not yet been applied for solving QoS-aware web services composition and describes future research directions in this area.
Abstract: Web service composition concerns the building of new value added services by integrating the sets of existing web services. Due to the seamless proliferation of web services, it becomes difficult to find a suitable web service that satisfies the requirements of users during web service composition. This paper systematically reviews existing research on QoS-aware web service composition using computational intelligence techniques (published between 2005 and 2015). This paper develops a classification of research approaches on computational intelligence based QoS-aware web service composition and describes future research directions in this area. In particular, the results of this study confirms that new meta-heuristic algorithms have not yet been applied for solving QoS-aware web services composition.
168 citations
TL;DR: This paper proposes a redundant VM placement optimization approach to enhancing the reliability of cloud services and shows that the proposed approach outperforms four other representative methods in network resource consumption in the service recovery stage.
Abstract: With rapid adoption of the cloud computing model, many enterprises have begun deploying cloud-based services. Failures of virtual machines (VMs) in clouds have caused serious quality assurance issues for those services. VM replication is a commonly used technique for enhancing the reliability of cloud services. However, when determining the VM redundancy strategy for a specific service, many state-of-the-art methods ignore the huge network resource consumption issue that could be experienced when the service is in failure recovery mode. This paper proposes a redundant VM placement optimization approach to enhancing the reliability of cloud services. The approach employs three algorithms. The first algorithm selects an appropriate set of VM-hosting servers from a potentially large set of candidate host servers based upon the network topology. The second algorithm determines an optimal strategy to place the primary and backup VMs on the selected host servers with k-fault-tolerance assurance. Lastly, a heuristic is used to address the task-to-VM reassignment optimization problem, which is formulated as finding a maximum weight matching in bipartite graphs. The evaluation results show that the proposed approach outperforms four other representative methods in network resource consumption in the service recovery stage.
148 citations
TL;DR: Results indicate the system and embedded decision algorithm are able to provide decisions on selecting wireless medium and cloud resources based on different context of the mobile devices, and achieve significant reduction on makespan and energy, with the improved service availability when compared with existing offloading schemes.
Abstract: Mobile cloud computing (MCC) has become a significant paradigm for bringing the benefits of cloud computing to mobile devices’ proximity. Service availability along with performance enhancement and energy efficiency are primary targets in MCC. This paper proposes a code offloading framework, called mCloud, which consists of mobile devices, nearby cloudlets and public cloud services, to improve the performance and availability of the MCC services. The effect of the mobile device context (e.g., network conditions) on offloading decisions is studied by proposing a context-aware offloading decision algorithm aiming to provide code offloading decisions at runtime on selecting wireless medium and appropriate cloud resources for offloading. We also investigate failure detection and recovery policies for our mCloud system. We explain in details the design and implementation of the mCloud prototype framework. We conduct real experiments on the implemented system to evaluate the performance of the algorithm. Results indicate the system and embedded decision algorithm are able to provide decisions on selecting wireless medium and cloud resources based on different context of the mobile devices, and achieve significant reduction on makespan and energy, with the improved service availability when compared with existing offloading schemes.
130 citations
TL;DR: The idea is that several detection methods are combined and executed in parallel during an optimization process to find a consensus regarding the identification of web service antipatterns using a cooperative parallel evolutionary algorithm (P-EA).
Abstract: Service Oriented Architecture (SOA) is widely used in industry and is regarded as one of the preferred architectural design technologies. As with any other software system, service-based systems (SBSs) may suffer from poor design, i.e., antipatterns, for many reasons such as poorly planned changes, time pressure or bad design choices. Consequently, this may lead to an SBS product that is difficult to evolve and that exhibits poor quality of service (QoS). Detecting web service antipatterns is a manual, time-consuming and error-prone process for software developers. In this paper, we propose an automated approach for detection of web service antipatterns using a cooperative parallel evolutionary algorithm (P-EA). The idea is that several detection methods are combined and executed in parallel during an optimization process to find a consensus regarding the identification of web service antipatterns. We report the results of an empirical study using eight types of common web service antipatterns. We compare the implementation of our cooperative P-EA approach with random search, two single population-based approaches and one state-of-the-art detection technique not based on heuristic search. Statistical analysis of the obtained results demonstrates that our approach is efficient in antipattern detection, with a precision score of 89 percent and a recall score of 93 percent.
106 citations
TL;DR: In this article, the authors propose a predictive process monitoring framework for estimating the probability that a given predicate will be fulfilled upon completion of a running case, taking into account both the sequence of events observed in the current trace, as well as data attributes associated to these events.
Abstract: The enactment of business processes is generally supported by information systems that record data about each process execution (a.k.a. case). This data can be analyzed via a family of methods broadly known as process mining. Predictive process monitoring is a process mining technique concerned with predicting how running (uncompleted) cases will unfold up to their completion. In this paper, we propose a predictive process monitoring framework for estimating the probability that a given predicate will be fulfilled upon completion of a running case. The framework takes into account both the sequence of events observed in the current trace, as well as data attributes associated to these events. The prediction problem is approached in two phases. First, prefixes of previous (completed) cases are clustered according to control flow information. Second, a classifier is built for each cluster using event data attributes to discriminate between cases that lead to a fulfillment of the predicate under examination and cases that lead to a violation within the cluster. At runtime, a prediction is made on a running case by mapping it to a cluster and applying the corresponding classifier. The framework has been implemented in the ProM toolset and validated on a log pertaining to the treatment of cancer patients in a large hospital.
102 citations
TL;DR: The formulation and proposed algorithms have no special assumption on network topology or policy specifications, therefore, they have broad range of applications in various types of networks such as enterprise, data center and broadband access networks.
Abstract: Previous works have proposed various approaches to implement service chaining by routing traffic through the desired middleboxes according to pre-defined policies. However, no matter what routing scheme is used, the performance of service chaining depends on where these middleboxes are placed. Thus, in this paper, we study middlebox placement problem, i.e., given network information and policy specifications, we attempt to determine the optimal locations to place the middleboxes so that the performance is optimized. The performance metrics studied in this paper include the end-to-end delay and the bandwidth consumption, which cover both users’ and network providers’ interests. We first formulate it as 0-1 programming problem, and prove it is NP-hard. We then propose two heuristic algorithms to obtain the sub-optimal solutions. The first algorithm is a greedy algorithm, and the second algorithm is based on simulated annealing. Through extensive simulations, we show that in comparison with a baseline algorithm, the proposed algorithms can reduce 22 percent end-to-end delay and save 38 percent bandwidth consumption on average. The formulation and proposed algorithms have no special assumption on network topology or policy specifications, therefore, they have broad range of applications in various types of networks such as enterprise, data center and broadband access networks.
92 citations
TL;DR: This paper proposes a ratio-based method to calculate the similarity computation, and proposes a new method to predict the unknown value by comparing the values of a similar service and the current service that are invoked by common users.
Abstract: Recently, collaborative filtering-based methods are widely used for service recommendation. QoS attribute value-based collaborative filtering service recommendation mainly includes two important steps. One is the similarity computation, and the other is the prediction for QoS attribute value, which the user has not experienced. In previous studies, the performances of some methods need to be improved. In this paper, we propose a ratio-based method to calculate the similarity. We can get the similarity between users or between items by comparing the attribute values directly. Based on our similarity computation method, we propose a new method to predict the unknown value. By comparing the values of a similar service and the current service that are invoked by common users, we can obtain the final prediction result. The performance of the proposed method is evaluated through a large data set of real web services. Experimental results show that our method obtains better prediction precision, lower mean absolute error ( $MAE$ ) and faster computation time than various reference schemes considered.
81 citations
TL;DR: This work reduces the problem space with a scenario tree reduction algorithm, and performs a sensitivity analysis that finds the tolerance of the solution to parameter changes, and shows that sensitivity analysis of prices can be useful for both users and providers in maximizing cost efficiency.
Abstract: Cloud computing exploits virtualization to provision resources efficiently. Increasingly, Virtual Machines (VMs) have high bandwidth requirements; however, previous research does not fully address the challenge of both VM and bandwidth provisioning. To efficiently provision resources, a joint approach that combines VMs and bandwidth allocation is required. Furthermore, in practice, demand is uncertain. Service providers allow the reservation of resources. However, due to the dangers of over- and under-provisioning, we employ stochastic programming to account for this risk. To improve the efficiency of the stochastic optimization, we reduce the problem space with a scenario tree reduction algorithm, that significantly increases tractability, whilst remaining a good heuristic. Further we perform a sensitivity analysis that finds the tolerance of our solution to parameter changes. Based on historical demand data, we use a deterministic equivalent formulation to find that our solution is optimal and responds well to changes in parameter values. We also show that sensitivity analysis of prices can be useful for both users and providers in maximizing cost efficiency.
TL;DR: An entropy-based method to quantify the most reliable workflow deployments on federated clouds is introduced and an extension of the Bell-LaPadula Multi-Level security model is applied to address application security requirements.
Abstract: The significant growth in cloud computing has led to increasing number of cloud providers, each offering their service under different conditions – one might be more secure whilst another might be less expensive or more reliable. At the same time user applications have become more and more complex. Often, they consist of a diverse collection of software components, and need to handle variable workloads, which poses different requirements on the infrastructure. Therefore, many organisations are considering using a combination of different clouds to satisfy these needs. It raises, however, a non-trivial issue of how to select the best combination of clouds to meet the application requirements. This paper presents a novel algorithm to deploy workflow applications on federated clouds. First, we introduce an entropy-based method to quantify the most reliable workflow deployments. Second, we apply an extension of the Bell-LaPadula Multi-Level security model to address application security requirements. Finally, we optimise deployment in terms of its entropy and also its monetary cost, taking into account the cost of computing power, data storage and inter-cloud communication. We implemented our new approach and compared it against two existing scheduling algorithms: Extended Dynamic Constraint Algorithm (EDCA) and Extended Biobjective dynamic level scheduling (EBDLS). We show that our algorithm can find deployments that are of equivalent reliability but are less expensive and meet security requirements. We have validated our solution through a set of realistic scientific workflows, using well-known cloud simulation tools (WorkflowSim and DynamicCloudSim) and a realistic cloud based data analysis system (e-Science Central).
TL;DR: This work designs two concrete schemes for providing ADS-B with authentication based on three-level hierarchical identity-based signature (HIBS) with batch verification and gives a formal security proof for the extended scheme.
Abstract: Automatic dependent surveillance-broadcast (ADS-B) has become a crucial part of next generation air traffic surveillance technology and will be mandatorily deployed for most of the airspaces worldwide by 2020. Each aircraft equipped with an ADS-B device keeps broadcasting plaintext messages to other aircraft and the ground station controllers once or twice per second. The lack of security measures in ADS-B systems makes it susceptible to different attacks. Among the various security issues, we investigate the integrity and authenticity of ADS-B messages. We propose a new framework for providing ADS-B with authentication based on three-level hierarchical identity-based signature (HIBS) with batch verification. Previous signature-based ADS-B authentication protocols focused on how to generate signatures efficiently, while our schemes can also significantly reduce the verification cost, which is critical to ADS-B systems, since at any time an ADS-B receiver may receive lots of signatures. We design two concrete schemes. The basic scheme supports partial batch verification and the extended scheme provides full batch verification. We give a formal security proof for the extended scheme. Experiment results show that our schemes with batch verification are tremendously more efficient in batch verifying $n$ signatures than verifying $n$ signatures independently. For example, the running time of verifying 100 signatures is 502 and 484 ms for the basic scheme and the extended scheme respectively, while the time is 2500 ms if verifying the signatures independently.
TL;DR: In this article, a hybrid approach for automatic composition of web services that generates semantic input-output based compositions with optimal end-to-end QoS, minimizing the number of services of the resulting composition.
Abstract: In this paper we present a hybrid approach for automatic composition of web services that generates semantic input-output based compositions with optimal end-to-end QoS, minimizing the number of services of the resulting composition. The proposed approach has four main steps: 1) generation of the composition graph for a request; 2) computation of the optimal composition that minimizes a single objective QoS function; 3) multi-step optimizations to reduce the search space by identifying equivalent and dominated services; and 4) hybrid local-global search to extract the optimal QoS with the minimum number of services. An extensive validation with the datasets of the Web Service Challenge 2009-2010 and randomly generated datasets shows that: 1) the combination of local and global optimization is a general and powerful technique to extract optimal compositions in diverse scenarios; and 2) the hybrid strategy performs better than the state-of-the-art, obtaining solutions with less services and optimal QoS.
TL;DR: Simulation results depict improved performance of pH in comparison to the traditional hardware pricing algorithms, viz.
Abstract: This paper proposes a dynamic and optimal pricing scheme for provisioning Sensors-as-a-Service (Se-aaS) [1] within the sensor-cloud infrastructure. Existing cloud pricing models are limited in terms of the homogeneity in service-types, and hence, are not compliant for the heterogeneous service oriented architecture of Se-aaS. We propose a new pricing model comprising of two components, applicable for Se-aaS architecture: pricing attributed to Hardware ( pH ) and pricing attributed to Infrastructure ( pI ). pH addresses the problem of pricing the physical sensor nodes subject to variable demand and utility of the end-users. It maximizes the profit incurred by every sensor owner, while keeping in mind the end-users’ utility. pI mainly focuses on the pricing incurred due to the virtualization of resources. It takes into account the cost for the usage of the infrastructural resources, inclusive of the cost for maintaining virtualization within sensor-cloud. pI maximizes the profit of the sensor-cloud service provider (SCSP) by considering the user satisfaction. Simulation results depict improved performance of pH in comparison to the traditional hardware pricing algorithms, viz. PPM and Sprite, in terms of the residual energy, proximity to the base station (BS), received signal strength (RSS), overhead, and cumulative energy consumption. The results also show the tendency of the sensor-owners to converge to the end-user utility, but not exceed it. We also analyze the performance of pI. The results show the optimality in the profit incurred by SCSP and the user satisfaction.
TL;DR: This paper proposes a new type of Social-aware Ridesharing Group (SaRG) queries which retrieve a group of riders by taking into account their social connections and spatial proximities and proves that the SaRG query problem is NP-hard.
Abstract: With the deep penetration of smartphones and geo-locating devices, ridesharing is envisioned as a promising solution to transportation-related problems in metropolitan cities, such as traffic congestion and air pollution. Despite the potential to provide significant societal and environmental benefits, ridesharing has not so far been as popular as expected. Notable barriers include social discomfort and safety concerns when traveling with strangers. To overcome these barriers, in this paper, we propose a new type of Social-aware Ridesharing Group (SaRG) queries which retrieve a group of riders by taking into account their social connections and spatial proximities. While SaRG queries are of practical usefulness, we prove that, however, the SaRG query problem is NP-hard. Thus, we design an efficient algorithm with a set of powerful pruning techniques to tackle this problem. We also present several incremental strategies to accelerate the search speed by reducing repeated computations. Moreover, we propose a novel index tailored to our problem to further speed up query processing. Experimental results on real datasets show that our proposed algorithms achieve desirable performance.
TL;DR: This article studies and predicts three types of unsuccessful executions in traces of a Google datacenter, and develops three on-line prediction models that can classify jobs and events into four classes upon arrival time, using independent or nested Neural Networks.
Abstract: Motivated by the high complexity of today’s datacenters, a large body of studies tries to understand workloads and resource utilization in datacenters. However, there is little work on exploring unsuccessful job and task executions. In this article, we study and predict three types of unsuccessful executions in traces of a Google datacenter, namely $\sf {fail}$ , $\sf {kill}$ , and $\sf {eviction}$ . We first quantitatively show their strongly negative impact on machine time and the resulting task slowdown. We analyze patterns of unsuccessful jobs and tasks, particularly focusing on their interdependencies, and we uncover their root causes by inspecting key workload and system attributes. Furthermore, we develop three on-line prediction models that can classify jobs and events into four classes upon arrival time, using independent or nested Neural Networks. We explore different combinations of feature sets and techniques to reduce the computational overhead. Our evaluation results show that the proposed models can accurately classify 94.4 percent of jobs and 76.8 percent of events into four classes.
TL;DR: This paper presents a self-adaptive decision making approach capable to adaptively produce autoscaling decisions that lead to well-compromised trade-offs without heavy human intervention, and experimentally compares it to four state-of-the-arts autoscaled approaches.
Abstract: Elasticity in the cloud is often achieved by on-demand autoscaling. In such context, the goal is to optimize the Quality of Service (QoS) and cost objectives for the cloud-based services. However, the difficulty lies in the facts that these objectives, e.g., throughput and cost, can be naturally conflicted; and the QoS of cloud-based services often interfere due to the shared infrastructure in cloud. Consequently, dynamic and effective trade-off decision making of autoscaling in the cloud is necessary, yet challenging. In particular, it is even harder to achieve well-compromised trade-offs, where the decision largely improves the majority of the objectives; while causing relatively small degradations to others. In this paper, we present a self-adaptive decision making approach for autoscaling in the cloud. It is capable to adaptively produce autoscaling decisions that lead to well-compromised trade-offs without heavy human intervention. We leverage on ant colony inspired multi-objective optimization for searching and optimizing the trade-offs decisions, the result is then filtered by compromise-dominance, a mechanism that extracts the decisions with balanced improvements in the trade-offs. We experimentally compare our approach to four state-of-the-arts autoscaling approaches: rule, heuristic, randomized and multi-objective genetic algorithm based solutions. The results reveal the effectiveness of our approach over the others, including better quality of trade-offs and significantly smaller violation of the requirements.
TL;DR: This work proposes a multidimensional trust based algorithm that effectively filters out malicious nodes exhibiting various attack behaviors by penalizing them with loss of reputation, which ultimately leads to high user satisfaction.
Abstract: With the proliferation of fairly powerful mobile devices and ubiquitous wireless technology, we see a transformation from traditional mobile ad hoc networks (MANETs) into a new era of service-oriented MANETs wherein a node can provide and receive services. Requested services must be decomposed into more abstract services and then bound; we formulate this as a multi-objective optimization (MOO) problem to minimize the service cost, while maximizing the quality of service and quality of information in the service a user receives. The MOO problem is an SP-to-service assignment problem. We propose a multidimensional trust based algorithm to solve the problem. We carry out an extensive suite of simulations to test the relative performance of the proposed trust-based algorithm against a non-trust-based counterpart and an existing single-trust-based beta reputation scheme. Our proposed algorithm effectively filters out malicious nodes exhibiting various attack behaviors by penalizing them with loss of reputation, which ultimately leads to high user satisfaction. Further, our proposed algorithm is efficient with linear runtime complexity while achieving a close-to-optimal solution.
TL;DR: A Semi-Markov Process (SMP) formulation of composite services with failures and restarts is developed that can compute both its performance and reliability using a single SMP and detect its performance/reliability bottlenecks by applying the formal sensitivity analysis technique.
Abstract: When combining several services into a composite service, it is non-trivial to determine, prior to service deployment, performance and reliability values of the composite service. Moreover, once the service is deployed, it is often the case that during operation it fails to meet its service-level agreement (SLA) and one needs to detect what has gone wrong (i.e., performance/reliability bottlenecks). To study these issues, we develop a Semi-Markov Process (SMP) formulation of composite services with failures and restarts. By explicitly including failure states into the SMP representation of a service, we can compute both its performance and reliability using a single SMP. We can also detect its performance and reliability bottlenecks by applying the formal sensitivity analysis technique. We demonstrate our approach by choosing a representative example that is validated using experiments on real web services.
TL;DR: The proposed risk assessment framework uses Bayesian networks to not only assess but also to analyze attacks on WSNs and will first review the impact of attacks on a WSN and estimate reasonable time frames that predict the degradation of WSN security parameters like confidentiality, integrity and availability.
Abstract: A sensor cloud consists of various heterogeneous wireless sensor networks (WSNs). These WSNs may have different owners and run a wide variety of user applications on demand in a wireless communication medium. Hence, they are susceptible to various security attacks. Thus, a need exists to formulate effective and efficient security measures that safeguard these applications impacted from attack in the sensor cloud. However, analyzing the impact of different attacks and their cause-consequence relationship is a prerequisite before security measures can be either developed or deployed. In this paper, we propose a risk assessment framework for WSNs in a sensor cloud that utilizes attack graphs. We use Bayesian networks to not only assess but also to analyze attacks on WSNs. The risk assessment framework will first review the impact of attacks on a WSN and estimate reasonable time frames that predict the degradation of WSN security parameters like confidentiality, integrity and availability. Using our proposed risk assessment framework allows the security administrator to better understand the threats present and take necessary actions against them. The framework is validated by comparing the assessment results with that of the results obtained from different simulated attack scenarios.
TL;DR: This work considers the enumeration of maximal bipartite cliques (bicliques) from a large graph, a task central to many data mining problems arising in social network analysis and bioinformatics, and shows theoretically that the algorithm is work optimal, i.e., it performs the same total work as its sequential counterpart.
Abstract: We consider the enumeration of maximal bipartite cliques (bicliques) from a large graph, a task central to many data mining problems arising in social network analysis and bioinformatics. We present novel parallel algorithms for the MapReduce framework, and an experimental evaluation using Hadoop MapReduce. Our algorithm is based on clustering the input graph into smaller subgraphs, followed by processing different subgraphs in parallel. Our algorithm uses two ideas that enable it to scale to large graphs: (1) the redundancy in work between different subgraph explorations is minimized through a careful pruning of the search space, and (2) the load on different reducers is balanced through a task assignment that is based on an appropriate total order among the vertices. We show theoretically that our algorithm is work optimal, i.e., it performs the same total work as its sequential counterpart. We present a detailed evaluation which shows that the algorithm scales to large graphs with millions of edges and tens of millions of maximal bicliques. To our knowledge, this is the first work on maximal biclique enumeration for graphs of this scale.
TL;DR: By taking advantage of the structural and behavioral features of process models, an efficient approach which leverages effective heuristics and trace replaying to significantly reduce the overall search space for seeking the optimal alignment is presented.
Abstract: The aligning of event logs with process models is of great significance for process mining to enable conformance checking, process enhancement, performance analysis, and trace repairing. Since process models are increasingly complex and event logs may deviate from process models by exhibiting redundant, missing, and dislocated events, it is challenging to determine the optimal alignment for each event sequence in the log, as this problem is NP-hard. Existing approaches utilize the cost-based A* algorithm to address this problem. However, scalability is often not considered, which is especially important when dealing with industrial-sized problems. In this paper, by taking advantage of the structural and behavioral features of process models, we present an efficient approach which leverages effective heuristics and trace replaying to significantly reduce the overall search space for seeking the optimal alignment. We employ real-world business processes and their traces to evaluate the proposed approach. Experimental results demonstrate that our approach works well in most cases, and that it outperforms the state-of-the-art approach by up to 5 orders of magnitude in runtime efficiency.
TL;DR: A novel Coupled Semi-Supervised Mutual Reinforcement-based Label Propagation (CSMRLP) algorithm is proposed for the accuracy of AQ classification, and extensive experiments show the effectiveness of the proposed method in AQ prediction and suggestions on how to create a question that will receive high AQ.
Abstract: Community question answering services (CQAS) (e.g., Yahoo! Answers) provides a platform where people post questions and answer questions posed by others. Previous works analyzed the answer quality (AQ) based on answer-related features, but neglect the question-related features on AQ. Previous work analyzed how asker- and question-related features affect the question quality (QQ) regarding the amount of attention from users, the number of answers and the question solving latency, but neglect the correlation between QQ and AQ (measured by the rating of the best answer), which is critical to quality of service (QoS). We handle this problem from two aspects. First, we additionally use QQ in measuring AQ, and analyze the correlation between a comprehensive list of features (including answer-related features) and QQ. Second, we propose the first method that estimates the probability for a given question to obtain high AQ. Our analysis on the Yahoo! Answers trace confirmed that the list of our identified features exert influence on AQ, which determines QQ. For the correlation analysis, the previous classification algorithms cannot consider the mutual interactions between multiple ( $>$ 2) classes of features. We then propose a novel Coupled Semi-Supervised Mutual Reinforcement-based Label Propagation (CSMRLP) algorithm for this purpose. Our extensive experiments show that CSMRLP outperforms the Mutual Reinforcement-based Label Propagation (MRLP) and five other traditional classification algorithms in the accuracy of AQ classification, and the effectiveness of our proposed method in AQ prediction. Finally, we provide suggestions on how to create a question that will receive high AQ, which can be exploited to improve the QoS of CQAS.
TL;DR: A novel Security SLA model is presented and a security-driven planning process that can be adopted to determine the (optimum) deployment of security-related software components is illustrated to demonstrate the applicability of the approach.
Abstract: Dealing with the provisioning of cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that they are understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLOs)), (ii) automating the provisioning of security mechanisms able to grant desired security features (by means of a security-driven resource allocation process), and (iii) continuously monitoring the services in order to verify the fulfillment of specified Security SLOs (by means of cloud security monitoring solutions). We propose to face the Security SLA life cycle management with a framework able to enrich cloud applications with security features. In this paper we (i) present a novel Security SLA model and (ii) illustrate a security-driven planning process that can be adopted to determine the (optimum) deployment of security-related software components. Such process takes into account both specific implementation constraints of the security components to be deployed and customers security requirements, and enables the automatic provisioning and configuration of all needed resources. In order to demonstrate the applicability of the approach, we present and discuss a practical application of the model on a real case study.
TL;DR: A dynamic instance provisioning strategy based on the large deviation principle, which is capable of calculating the minimum number of instances for the upcoming demands subject to the overload probability below a desired threshold is proposed.
Abstract: In an IaaS cloud, virtual machines (VMs), also called instances, may be classified as reserved instances and on-demand instances. The reserved instances having long-term commitments and one-time payment are appropriate for the steady or predictable workloads, while for short-term, spiky or unpredictable workloads, the on-demand instances having flexible hourly payment and no long-term commitments may be more suitable for reducing the cost. In this paper, we consider the economical provisioning of reserved and/or on-demand instances for meeting time-varying computing workload of compute-intensive applications. In order to achieve this, we conceive a strategy for determining the amount of the purchased instances dynamically in order to minimize the total computing cost while keeping quality-of-service (QoS). By mapping QoS as the overload probability, we propose a dynamic instance provisioning strategy based on the large deviation principle, which is capable of calculating the minimum number of instances for the upcoming demands subject to the overload probability below a desired threshold. In addition, a reserved instance provisioning strategy for further reducing the total cost is also proposed by applying the autoregressive (AR) model to calculate the number of reserved instances for the average computation requirements. Finally, the simulations are performed based on real workload traces to show the attainable performance of the proposed instance provisioning strategy for the computing service in an IaaS cloud.
TL;DR: Detailed security analysis shows that the proposed EPOC achieves the goal of outsourcing computation of a private function over public data without privacy leakage to unauthorized parties, and performance evaluations via extensive simulations demonstrate that EPOC is efficient in both computation and communications.
Abstract: In this paper, we propose a new efficient privacy-preserving outsourced computation framework over public data, called EPOC. EPOC allows a user to outsource the computation of a function over multi-dimensional public data to the cloud while protecting the privacy of the function and its output. Specifically, we introduce three types of EPOC in order to tradeoff different levels of privacy protection and performance. We present a new cryptosystem called Switchable Homomorphic Encryption with Partially Decryption (SHED) as the core cryptographic primitive for EPOC. We introduce two coding techniques, called message pre-coding technique and message extending and coding technique respectively, for messages encrypted under a composite order group. Furthermore, we propose a Secure Exponent Calculation Protocol with Public Base (SEPB), which serves as the core sub-protocol in EPOC. Detailed security analysis shows that the proposed EPOC achieves the goal of outsourcing computation of a private function over public data without privacy leakage to unauthorized parties. In addition, performance evaluations via extensive simulations demonstrate that EPOC is efficient in both computation and communications.
TL;DR: A distributed online scheduling and management algorithm which does not require any priori statistical knowledge of request arrivals is proposed which can achieve arbitrary tradeoff between performance and energy efficiency.
Abstract: With the increasing popularity of services published online, energy consumption of services computing systems is growing dramatically. Besides Quality of Service (QoS), energy efficiency has become an important issue and drawn significant attention. However, energy efficient request scheduling and service management for large-scale services computing systems face challenges because of the high dynamics and unpredictability of request arrivals. In this paper, we jointly consider the conflicting metrics of performance, queue congestion and energy consumption. We propose a distributed online scheduling and management algorithm which does not require any priori statistical knowledge of request arrivals. Mathematical analysis is conducted which demonstrates that our algorithm can achieve arbitrary tradeoff between performance and energy efficiency. Numerical and real trace data based experiments are carried out to validate the effectiveness of our algorithm in optimizing energy efficiency while stabilizing the system.
TL;DR: This paper first formulate the network functions composition problem as a non-linear optimization model to accurately capture the congestion of physical resources and proposes innovative orchestration mechanisms based on both centralized and distributed approaches, aimed at unleashing the potential of the NFV technology.
Abstract: Network Functions Virtualization (NFV) has recently gained momentum among network operators as a means to share their physical infrastructure among virtual operators, which can independently compose and configure their communication services. However, the spatio-temporal correlation of traffic demands and computational loads can result in high congestion and low network performance for virtual operators, thus leading to service level agreement breaches. In this paper, we analyze the congestion resulting from the sharing of the physical infrastructure and propose innovative orchestration mechanisms based on both centralized and distributed approaches, aimed at unleashing the potential of the NFV technology. In particular, we first formulate the network functions composition problem as a non-linear optimization model to accurately capture the congestion of physical resources. To further simplify the network management, we also propose a dynamic pricing strategy of network resources, proving that the resulting system achieves a stable equilibrium in a completely distributed fashion, even when all virtual operators independently select their best network configuration. Numerical results show that the proposed approaches consistently reduce resource congestion. Furthermore, the distributed solution well approaches the performance that can be achieved using a centralized network orchestration system.
TL;DR: It is shown that, besides energy consumption, service level agreement (SLA) violations also severely degrade the cost-efficiency of data centers, and proposes two heuristics: Least-Reliable-First (LRF) and Decreased-Density-Greedy (DDG).
Abstract: Cost savings have become a significant challenge in the management of data centers. In this paper, we show that, besides energy consumption, service level agreement (SLA) violations also severely degrade the cost-efficiency of data centers. We present online VM placement algorithms for increasing cloud provider’s revenue. First, First-Fit and Harmonic algorithm are devised for VM placement without considering migrations. Both algorithms get the same performance in the worst-case analysis, and equal to the lower bound of the competitive ratio. However, Harmonic algorithm could create more revenue than First-Fit by more than 10 percent when job arriving rate is greater than 1.0. Second, we formulate an optimization problem of maximizing revenue from VM migration, and prove it as NP-Hard by a reduction from 3-Partition problem. Therefore, we propose two heuristics: Least-Reliable-First (LRF) and Decreased-Density-Greedy (DDG). Experiments demonstrate that DDG yields more revenue than LRF when migration cost is low, yet leads to losses when SLA penalty is low or job arriving rate is high, due to the large number of migrations. Finally, we compare the four algorithms above with algorithms adopted in Openstack using a real trace, and find that the results are consistent with the ones using synthetic data.