Current Issue

• 2016, No. 10　Published:25 October 2016 Last issue    Next issue
  Columns in this issue:

• Design and implementation of a hardware

  based large scale Hash flowtable

  WANG Xin,CHEN Shuhui,SU Jinshu

  2016, 38(10): 1955-1960. doi:

  Abstract ( 245 )   PDF (671KB) ( 720 )   　　

  Flowbased packets processing is a main function of many network security applications like firewalls and NIDS. And flow tables are the key data structure for flow processing, so their scale and access performance directly affect the flow processing capability and speed. In this article, we focus on the hardware implementation of largescale flow tables in highspeed networks. We present a hardware based hash flowtable lookup scheme accommodating for ten millions of flows, which has been implemented and tested on an FPGA platform. The proposed scheme is good at avoiding hash collisions while maintaining memory access efficiency. It can support up to 49 million flows lookup operations with limited storage resources. In the prototyped test, a lookup speed of 92Mdesc/s is achieved, which sustains the Ethernet processing capability of approximately 220 Gbps.

  A dimensionally parallel firefly algorithm

  with random attraction on GPU

  LIU Jin1，2，WU Zhijian1，2，WU Shuangke1，2，WANG Hui3，DENG Changshou4

  2016, 38(10): 1961-1966. doi:

  Abstract ( 146 )   PDF (410KB) ( 391 )   　　 Review attachment

  The firefly algorithm (FA) with random attraction is a metaheuristic optimization algorithm. It optimizes the standard FA, reduces the computation time complexity and improves the optimization ability of the standard FA. Solving highdimensional global optimization problem is time consuming. So to reduce the time for solving highdimensional global optimization problems, we simplify the firefly algorithm with random attraction further, and propose a dimensionparallel firefly algorithm with random attraction on GPU. Experimental results show that the proposed algorithm can reduce the computation time effectively while remaining the same optimization ability as the firefly algorithm with random attraction.

  A bit string contentaware data chunking algorithm

  ZHOU Bin1, ZHU Rongbo1, ZHANG Ying2

  2016, 38(10): 1967-1973. doi:

  Abstract ( 100 )   PDF (774KB) ( 474 )   　　 Review attachment

  Aiming at the problem of a large amount of overhead introduced by the content defined chunking algorithm (CDC) in calculating the digital signature, we present a novel data chunking algorithm based on bit string content awareness.The proposed algorithm eliminates unmatched positions to the utmost by taking advantage of the bit feature information acquired through each failure matching.Since the maximum jump length is obtained, intermediate calculation and comparison cost are reduced.Experimental results show that the algorithm can reduce the overhead of digital signature calculation in the process of data chunking, cut down CPU resource consumption for chunk boundary determination, and optimize the time performance of data chunking.

  A virtual machine dynamic scheduling

  algorithm based on load forecast

  WANG Hao，LUO Yu

  2016, 38(10): 1974-1979. doi:

  Abstract ( 280 )   PDF (720KB) ( 597 )   　　 Review attachment

  In order to achieve efficient resource usages and load balancing in the cloud computing system, we need to schedule the cloud computing system on the virtual machine granularity and to migrate the virtual machine from a high load physical node to a low load physical node by the live migration technique. Combining the load forecasting techniques and the virtual machine dynamic scheduling technique, we propose a load forecast scheduling algorithm, which can predict future load changes of the virtual machine via historical load data, and then schedule the virtual machine according to the  load forecast results. The proposed algorithm can effectively avoid the occurrence of high load physical nodes in the cloud computing system, realize load balancing, and improve resource utilization.

  A k-means clustering algorithm

  parallelization design  based on Hash

  ZHANG Bo,XU Weihong,CHEN Yuantao,ZHU Ling

  2016, 38(10): 1980-1985. doi:

  Abstract ( 214 )   PDF (519KB) ( 328 )   　　 Review attachment

  As the traditional kmeans algorithm has poor clustering effect when dealing with massive volume and high dimensional data, and the existing optimization algorithms are not conductive to parallelization, we propose a parallel optimization scheme based on Hash algorithm. We firstly map the massive volume and high dimensional data to a compressed identifier space, then mine the clustering relationship and select the initial clustering center. These steps avoid the sensitivity of the kmeans algorithm to the random selection of the initial clustering center, and reduce the number of iterations. Finally, combined with the MapReduce, the Partition and Combine mechanisms are applied to optimize the parallelization of this algorithm, thus the degree of parallelization and execution efficiency are more strengthened. Experimental results show that the proposed algorithm can improve the clustering accuracy and stability, and has good processing performance as well.

  A bandwidth allocation scheme based on service

  value for multicast in wireless mesh networks

   

  YANG Qiuling1，2，JIN Zhigang1，HUANG Xiangdang2

  2016, 38(10): 1986-1993. doi:

  Abstract ( 139 )   PDF (836KB) ( 321 )   　　 Review attachment

  High delay and low benefit are essential problems when streaming media services run in wireless mesh networks. To solve these problems, we propose a value prioritybased bandwidth allocation scheme for multicast, and the value corresponding to each multicast session is calculated by priority weigh metric which captures the networks priority and benefit priority of services. The scheme first carries out static scheduling based on the value priority of multicast services regardless of their types, and this step can achieve the maximum value of multicast and the maximum benefit of bandwidth by offering the higher value service prior scheduling. When networks congestion occurs, the following dynamic scheduling based on the adjustment of bandwidth requirement and preemptive procedure is carried out, which offers QoS guarantee for applications with low delay constraint. Simulation results show that compared with the existing algorithms, the proposed scheme cannot only offer QoS guarantee for applications, but also achieve the maximum bandwidth benefit.

  A virtual router resource mapping algorithm

  CAO Yang，WANG Baosheng，ZHANG Xiaozhe

  2016, 38(10): 1994-2000. doi:

  Abstract ( 148 )   PDF (460KB) ( 337 )   　　 Review attachment

  Network virtualization technology has attracted many attentions since it was proposed to provide a method to solve the ossification of Internet structure. On the platform of virtual routers, many servers connect with each other as a physical network. Mapping physical network resources to virtual network devices through the virtual network mapping technology can form many virtual networks and meet various needs of users. The resource allocation of virtual routers is a fundamental issue of network virtualization. The utilization rate of virtual network resources and the performance of the system are largely defined by the mapping method between virtual routers instances and physical resources. Aiming at the problem of resource allocation in the virtual router system, we design a physical network resource model and a virtual router resource quest model. We also propose a heuristic algorithm to solve the resource allocation problem, and then analyze the complexity of the algorithm and the utilization of physical resources.

   

  A low power clustering protocol based on fuzzy control

  WANG Lingjiao1,2,PENG Zhiqiang1,2,GUO Hua1,2,ZHONG Yiqun1,2

  2016, 38(10): 2001-2009. doi:

  Abstract ( 107 )   PDF (1104KB) ( 294 )   　　 Review attachment

  Energy consumption is the key factor affecting the network lifecycle in wireless sensor networks,  so low power consumption is expected for the industry. Several existing network clustering protocols, such as LEACH protocol, can solve and reduce network energy consumption to some extent. Although they can prolong the life cycle of the network to a certain extent, there are yet many incalculable factors in the network environment and actual environment. LEACH protocol ignores the residual energy of the current node and the node distribution situation. In this regard, we present a low power clustering protocol based on fuzzy control (LECPFC) to solve the aforementioned problems. In the process of selecting cluster heads, node energy, node degree, node center, distance and listen density etc. are focused. Network configuration and simulation results show that the proposed protocol can greatly improve the work efficiency of the network.

  A security situation assessment model of information system

  based on improved fuzzy analytical hierarchy process

   

  GU Zhaojun,WANG Ruili

  2016, 38(10): 2010-2017. doi:

  Abstract ( 176 )   PDF (894KB) ( 433 )   　　 Review attachment

  We analyze and compare several typical existing methods of security situation assessment. Aiming at subjective randomness which exists in present security situation assessment methods, and the problems of largescale, complex structure and frequent information exchange of the information system, based on the principle of analytic hierarchy process (AHP), we built an index system for the information system. Aiming at the coherence problem that exists in present fuzzy analytical hierarchy process (FAHP), we propose a new consistency modification algorithm and apply it to assessing security situation. Meanwhile, we employ the fuzzy comprehensive evaluation (FCE) method to calculate situation value, and establish a new security situation assessment model, called AHPIFAHPFCE. We describe the constitutional principles and methods, as well as the main tasks of every step. Experimental results show that the model is more effective and accurate than the existing models for security situation assessment of the information system.

   

  A proactive node failure protection

  mechanism based on OpenFlow

  ZHU Shu-hong，LAN Shao-hua

  2016, 38(10): 2018-2024. doi:

  Abstract ( 96 )   PDF (865KB) ( 269 )   　　 Review attachment

  Aiming at node failure, we propose a proactive and fast recovery mechanism, called node failure protection (NFP). The mechanism can ensure the resiliency of the network, and packets can be rerouted to alternative paths by the switches themselves without involving the controller. In the meantime, the alternative paths do not partially overlap the working paths in the main flow table. Experimental results indicate that the NFP is more reliable than reactive approaches as the scale gets larger, and it can fulfill the demand of restoration speed in carrier-grade networks.

  Link life based social network structure evolution analysis

  LIANG Qin1,LI Lei1,LIU Guan-feng2

  2016, 38(10): 2025-2037. doi:

  Abstract ( 106 )   PDF (2307KB) ( 423 )   　　 Review attachment

  Social networks have got increasing attention in recent years, and social networking services (SNSs), such as YouTube, Facebook and Twitter, are among the most popular network applications on the internet. The popularity of these SNSs attracts more and more researchers to focus on the study of the characteristics of the social network, especially the topology of networks, so as to improve current systems and to design new applications of social networks. However, most existing studies only focus on the dynamical network structure changing with time accumulation, and they do not take into account of other properties of the social network structure, such as link life. The link life reflects the phenomenon that the link established in the past may not be permanent and may vanish as time goes by. In this paper, we focus on the influence of link life on the dynamical network structure evolution, more specifically, on the basic and important parameters of the social network structure, including degree, diameter and average clustering coefficients. Experiments on the real datasets from the DBLP shows that the link life is necessary and important, which makes a great difference to the social network structure evolution. Particularly, the trivial perturbation of link life can lead to a dramatic change of the network diameter.

  An enhanced local connectivity-based

  multi-hop broadcast protocol for VANETs

  LI Xue-song,YE Xue-mei,GONG Zheng-zheng,CAI Yan-ning,FAN Qing-gang

  2016, 38(10): 2038-2044. doi:

  Abstract ( 95 )   PDF (1374KB) ( 257 )   　　 Review attachment

  Many applications in VANETs rely on reliable and efficient broadcast while broadcast has to face the so called broadcast storm problem due to the shared medium characteristic of radio channels. Probabilistic broadcast is a simple and effective way to suppress broadcast storm. However, all the existing probabilistic broadcast protocols for VANETs, except the DV-CAST, do not take the network division problem in low traffic density into consideration. On the basis of demonstrating the inherent shortcomings of DV-CAST and taking its idea of handling broadcast with local connectivity, we design and implement an enhanced local connectivity-based broadcast protocol. Simulation results show that the new protocol can achieve better reliability with lower overhead in both dense and sparse traffic scenarios.

  A secure cooperative spectrum detection

  algorithm in cognitive radio networks

  LONG Min，WU Liang

  2016, 38(10): 2045-2050. doi:

  Abstract ( 100 )   PDF (629KB) ( 266 )   　　 Review attachment

  The performance of cooperative spectrum sensing can be affected tremendously when there are spectrum sensing data falsification (SSDF) attacks in cognitive radio networks. To ensure the robustness of spectrum sensing, we propose a sequential spectrum sensing algorithm  in this paper based on the credibility of the weighted sequential spectrum to identify misbehaviors and mitigate their harmful influence on sensing performance. We calculate the local reputation function by using recent sensing information of the cognitive user. Then the credibility value and the stability in the sensing process work jointly to eliminate the impact of malicious users on transmission efficiency. Simulation results show that the new algorithm outperforms the typical cooperative spectrum sensing algorithm in malicious environment.

  A road network equilibrium model of

   bounded rational travelers based on time budget

  CHEN Ling-juan1，2，DAI Jiong1，HU Sheng1，WANG Dian-hai2

  2016, 38(10): 2051-2057. doi:

  Abstract ( 117 )   PDF (562KB) ( 374 )   　　 Review attachment

  In order to analyze travelers’ departure time and route adjustment behavior under bounded rationality, we introduce the prospect theory to describe route choice behavior. Travel behavior is assumed to obey the mechanisms as follows: commuters make a travel time budget according to the maximum punctual arrival probability firstly, set it as the reference point, and then calculate the prospect value of each alternative path and select the path with the maximum prospect value as the travel path. Commuters adopt travel information to adjust the departure time for the next travel. A steady state can thus be achieved after repeated trips. We establish a bi-level user equilibrium model in this paper based on the travel time budget and the prospect theory, and employ the methods of successive average and genetic algorithm to solve the model. In the end, an example is used to test the model and the algorithm. We also analyze the relationship among time budget, route prospect and punctual arrival probability under three different choice rules.

  A scheme of anti-glitch attacks on S-box in block cipher

  ZHANG Shuai-wei,YANG Xiao-yuan,ZHONG Wei-dong,YANG Hai-bin

  2016, 38(10): 2058-2064. doi:

  Abstract ( 123 )   PDF (670KB) ( 274 )   　　 Review attachment

  With the advance of network information age, various electronic products emerge, making people’s life much intelligent and convenient. However, the great convenience also introduce major potential safety hazard. Crypto chips are one of the important means to guarantee information safety, so it is urgent to promote their safety. Taking the glitch attacks on the block cipher chip S-box proposed by Stefan et al as the model background, based on FPGA, we put forward a glitch attack resistance scheme for block cipher chip S-box by adding synchronization registers. The properties of CMOS devices and the Signal Tap function embedded in the QuatusⅡ software of Altera company demonstrate from the perspectives of theory and simulation that the proposed scheme can remarkably reduce the number of glitches, lower the glitch correlation of circuits of all levels , decrease success rate of attacks, improve the security of block cipher S-box and provide subsequent security protection for FPGA crypto chips.

  Broadband data transmission in maritime VHF

  CHEN Liang1，JIN Yong-xing1，TANG Ke-cheng2，GAO Wan-ming2，HU Qin-you1

  2016, 38(10): 2065-2069. doi:

  Abstract ( 110 )   PDF (721KB) ( 422 )   　　 Review attachment

  Marine wireless communication is the base of actualizing and developing e-navigation strategy, but the existing means of maritime communication have many limits in their widespread applications, especially between in ship-shore and ship-ship communication. We propose a  broadband data transmission approach in maritime VHF, which can change the communication ways of maritime VHF. We also build a broadband data transmission model in maritime VHF based on OFDM by analyzing VHF spectrum characteristics. Simulations and experiments show that the proposed approach can obviously increase communication speed of maritime VHF and has lower BER.

  Research on the loophole of offline dynamic data

  authentication in financial IC card specification

  DU Lei,LI Zeng-ju,PENG Qian,SHI Ru-hui,ZHANG Ce

  2016, 38(10): 2070-2076. doi:

  Abstract ( 108 )   PDF (455KB) ( 308 )   　　 Review attachment

   The research focuses on the offline data authentication mechanism in part 5, 12, 13, 14 of “China Financial Integrated Circuit Card Specifications” (JR/T 0025, referred to as “PBOC”), and evaluates its ability against side channel attacks, differential fault analysis and dictionary attacks. We find out that the offline data authentication has a flaw against financial IC card forgery and experiments on the financial cards issued by the bank verify our finding. Finally we propose several countermeasures against these attacks.

  An evolutionary algorithm for finding

  overlapping community structure in complex networks

  JI Kai-zhu,XU Chong,CHEN Bao-xing

  2016, 38(10): 2077-2082. doi:

  Abstract ( 143 )   PDF (631KB) ( 373 )   　　 Review attachment

  The division of the overlapping community structure in complex networks becomes a hot research spot, and a large number of algorithms are proposed for community structure discovery. We propose an individual conformity evolutionary algorithm (ICEA). The basic idea is to perform conformity and variation on the individual according to their probability, find the community partition with optimal (or quasi optimal) module degree in a short time, and use the neighbor voting (NV) algorithm to find overlapping nodes of the network after identifying the community structure. Experiments on real networks show that the proposed algorithm outperforms the classical algorithms in terms of time cost and division results.

  Design of a cockpit display system

  based on homemade GPU JM5400

  FU He，XIE Yong-fang

  2016, 38(10): 2083-2090. doi:

  Abstract ( 1146 )   PDF (958KB) ( 432 )   　　 Review attachment

  The  development of cockpit display system trends to be integrated, digitalized and intelligent. Graphic processing unit (GPU) of high-performance and low power consumption is one of the key components to satisfy cockpit display systems. We analyze the requirements of modern battle planes and design a cockpit display system based on homemade GPU、CPU and operation system. Practical application shows that the proposed design can meet the requirements of equipment localization and information security.

  A background subtraction method based

  on adaptive hybrid model

  LI Wei-sheng，LI Hui-fei

  2016, 38(10): 2091-2100. doi:

  Abstract ( 107 )   PDF (1845KB) ( 339 )   　　

  In view that the existing background modeling method based on local binary similarity pattern (LBSP) is very vulnerable to external environment changes,such as dynamic background,illumination changes,camera shaking and so on,based on fusing pixel texture information with intensity information,we propose an adaptive hybrid model for moving object detecting.First,we use the texture descriptor of each pixel, named multi-channel adaptive local binary similarity pattern (LBSP) information,combined with intensity information,to build a hybrid background model.We then classify the current pixels according to the comparison results between the current pixel and the corresponding hybrid background model,and update the background model with the random updating mechanism.Experimental results show that the proposed method cannot only achieve good results in an ideal outside environment,but also effectively reduce the interference caused by complicated external environment conditions such as dynamic background,illumination changing and camera shaking,thus achieving  better detection results.