In order to improve the scalability and reliability of Software Defined Networking(SDN),many studies use multiple controllers to constitute logically centralized control plane to provide load balancing and fail over.I...In order to improve the scalability and reliability of Software Defined Networking(SDN),many studies use multiple controllers to constitute logically centralized control plane to provide load balancing and fail over.In this paper,we develop a flexible dormant multi-controller model based on the centralized multi-controller architecture.The dormant multi-controller model allows part of controllers to enter the dormant state under light traffic condition for saving system cost.Meanwhile,through queueing analysis,various performance measures of the system can be obtained.Moreover,we analyze the real traffic of China Education Network and use the results as the parameters of computer simulation and verify the effects of parameters on the system characteristics.Finally,a total expected cost function is established,and genetic algorithm is employed to find the optimal values of various parameters to minimize system cost for the deployment decision making.展开更多
Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware deci...Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.展开更多
The impact of a Distributed Denial of Service(DDoS)attack on Soft-ware Defined Networks(SDN)is briefly analyzed.Many approaches to detecting DDoS attacks exist,varying on the feature being considered and the method us...The impact of a Distributed Denial of Service(DDoS)attack on Soft-ware Defined Networks(SDN)is briefly analyzed.Many approaches to detecting DDoS attacks exist,varying on the feature being considered and the method used.Still,the methods have a deficiency in the performance of detecting DDoS attacks and mitigating them.To improve the performance of SDN,an efficient Real-time Multi-Constrained Adaptive Replication and Traffic Approximation Model(RMCARTAM)is sketched in this article.The RMCARTAM considers different parameters or constraints in running different controllers responsible for handling incoming packets.The model is designed with multiple controllers to handle net-work traffic but can turn the controllers according to requirements.The multi-con-straint adaptive replication model monitors different features of network traffic like rate of packet reception,class-based packet reception and target-specific reception.According to these features,the method estimates the Replication Turn-ing Weight(RTW)based on which triggering controllers are performed.Similarly,the method applies Traffic Approximation(TA)in the detection of DDoS attacks.The detection of a DDoS attack is performed by approximating the incoming traf-fic to any service and using various features like hop count,payload,service fre-quency,and malformed frequency to compute various support measures on bandwidth access,data support,frequency support,malformed support,route sup-port,and so on.Using all these support measures,the method computes the value of legitimate weight to conclude the behavior of any source in identifying the mal-icious node.Identified node details are used in the mitigation of DDoS attacks.The method stimulates the network performance by reducing the power factor by switching the controller according to different factors,which also reduces the cost.In the same way,the proposed model improves the accuracy of detecting DDoS attacks by estimating the features of incoming traffic in different corners.展开更多
Any unknown unitary operations conditioned on a control system can be deterministically performed if ancillary subspaces are available for the target systems [Zhou X Q, et al. 2011 Nat. Commun. 2 413]. In this paper, ...Any unknown unitary operations conditioned on a control system can be deterministically performed if ancillary subspaces are available for the target systems [Zhou X Q, et al. 2011 Nat. Commun. 2 413]. In this paper, we show that previous optical schemes may be extended to general hybrid systems if unknown operations are provided by optical instruments. Moreover, a probabilistic scheme is proposed when the unknown operation may be performed on the subspaces of ancillary high-dimensional systems. Furthermore, the unknown operations conditioned on the multi-control system may be reduced to the case with a control system using additional linear circuit complexity. The new schemes may be more flexible for different systems or hybrid systems.展开更多
Controllers play a critical role in software-defined networking(SDN).However,existing singlecontroller SDN architectures are vulnerable to single-point failures,where a controller's capacity can be saturated by fl...Controllers play a critical role in software-defined networking(SDN).However,existing singlecontroller SDN architectures are vulnerable to single-point failures,where a controller's capacity can be saturated by flooded flow requests.In addition,due to the complicated interactions between applications and controllers,the flow setup latency is relatively large.To address the above security and performance issues of current SDN controllers,we propose distributed rule store(DRS),a new multi-controller architecture for SDNs.In DRS,the controller caches the flow rules calculated by applications,and distributes these rules to multiple controller instances.Each controller instance holds only a subset of all rules,and periodically checks the consistency of flow rules with each other.Requests from switches are distributed among multiple controllers,in order to mitigate controller capacity saturation attack.At the same time,when rules at one controller are maliciously modified,they can be detected and recovered in time.We implement DRS based on Floodlight and evaluate it with extensive emulation.The results show that DRS can effectively maintain a consistently distributed rule store,and at the same time can achieve a shorter flow setup time and a higher processing throughput,compared with ONOS and Floodlight.展开更多
In this study, the phase field method was used to study the multi-controlling factors of dendrite growth in directional solidification. The effects of temperature gradient, propelling velocity, thermal disturbance and...In this study, the phase field method was used to study the multi-controlling factors of dendrite growth in directional solidification. The effects of temperature gradient, propelling velocity, thermal disturbance and growth orientation angle on the growth morphology of the dendritic growth in the solid/liquid interface were discussed. It is found that the redistribution of solute leads to multilevel cavity and multilevel fusion to form multistage solute segregation, and the increase of temperature gradient and propelling velocity can accelerate the dendrite growth of directional solidification, and also make the second dendrites more developed, which reduces the primary distance and the solute segregation. When the temperature gradient is large, the solid-liquid interface will move forward in a flat interface mode,and the thermal disturbance does not affect the steady state behavior of the directionally solidified dendrite tip. It only promotes the generation and growth of the second dendrites and forms the asymmetric dendrite. Meanwhile, it is found that the inclined dendrite is at a disadvantage in the competitive growth compared to the normal dendrite, and generally it will disappear. When the inclination angle is large, the initial primary dendrite may be eliminated by its secondary or third dendrite.展开更多
Genic male sterility (GMS) is very useful for hybrid vigor utilization and hybrid seed production. Although a large number of GMS genes have been identified in plants, little is known about the roles of GDSL lipase me...Genic male sterility (GMS) is very useful for hybrid vigor utilization and hybrid seed production. Although a large number of GMS genes have been identified in plants, little is known about the roles of GDSL lipase members in anther and pollen development. Here, we report a maize GMS gene, ZmMs30, which encodes a novel type of GDSL lipase with diverged catalytic residues. Enzyme kinetics and activity assays show that ZmMs30 has lipase activity and prefers to substrates with a short carbon chain. ZmMs30 is specifically expressed in maize anthers during stages 7-9. Loss of ZmMs30 function resulted in defective anther cuticle, irregular foot layer of pollen exine, and complete male sterility. Cytological and lipidomics analyses demonstrate that ZmMs30 is crucial for the aliphatic metabolic pathway required for pollen exine formation and anther cuticle development. Furthermore, we found that male sterility caused by loss of ZmMs30 function was stable in various inbred lines with different genetic background, and that it didn't show any negative effect on maize heterosis and production, suggesting that ZmMs30 is valuable for crossbreeding and hybrid seed production. We then developed a new multi-control sterility system using ZmMs30 and its mutant line, and demonstrated it is feasible for generating desirable GMS lines and valu. able for hybrid maize seed production. Taken together, our study sheds new light on the mechanisms of anther and pollen development, and provides a valuable male-sterility system for hybrid breeding maize.展开更多
基金the National High-tech R&D Program ("863" Program) of China,the National Science Foundation of China,National Science & Technology Pillar Program of China,the National Science Foundation of China,the Post-Doctoral Funding of China,Tsinghua-Huawei joint research project
文摘In order to improve the scalability and reliability of Software Defined Networking(SDN),many studies use multiple controllers to constitute logically centralized control plane to provide load balancing and fail over.In this paper,we develop a flexible dormant multi-controller model based on the centralized multi-controller architecture.The dormant multi-controller model allows part of controllers to enter the dormant state under light traffic condition for saving system cost.Meanwhile,through queueing analysis,various performance measures of the system can be obtained.Moreover,we analyze the real traffic of China Education Network and use the results as the parameters of computer simulation and verify the effects of parameters on the system characteristics.Finally,a total expected cost function is established,and genetic algorithm is employed to find the optimal values of various parameters to minimize system cost for the deployment decision making.
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (No.61521003)the National Key R&D Program of China (No.2016YFB0800100,No.2016YFB0800101)the National Natural Science Foundation of China (No.61602509)
文摘Current SDN controllers suffer from a series of potential attacks. For example, malicious flow rules may lead to system disorder by introducing unexpected flow entries. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multiple controllers, which could coordinate heterogeneous controllers internally as a "big" controller. This architecture includes an additional plane, the scheduling plane, which consists of transponder, sensor, decider and scheduler. Meanwhile it achieves the functions of communicating, supervising and scheduling between data and control plane. In this framework, we adopt the vote results from the majority of controllers to determine valid flow rules distributed to switches. Besides, an aware dynamic scheduling(ADS) mechanism is devised in scheduler to intensify security of Mcad-SA further. Combined with perception, ADS takes advantage of heterogeneity and redundancy of controllers to enable the control plane operate in a dynamic, reliable and unsteady state, which results in significant difficulty of probing systems and executing attacks. Simulation results demonstrate the proposed methods indicate better security resilience over traditional architectures as they have lower failure probability when facing attacks.
文摘The impact of a Distributed Denial of Service(DDoS)attack on Soft-ware Defined Networks(SDN)is briefly analyzed.Many approaches to detecting DDoS attacks exist,varying on the feature being considered and the method used.Still,the methods have a deficiency in the performance of detecting DDoS attacks and mitigating them.To improve the performance of SDN,an efficient Real-time Multi-Constrained Adaptive Replication and Traffic Approximation Model(RMCARTAM)is sketched in this article.The RMCARTAM considers different parameters or constraints in running different controllers responsible for handling incoming packets.The model is designed with multiple controllers to handle net-work traffic but can turn the controllers according to requirements.The multi-con-straint adaptive replication model monitors different features of network traffic like rate of packet reception,class-based packet reception and target-specific reception.According to these features,the method estimates the Replication Turn-ing Weight(RTW)based on which triggering controllers are performed.Similarly,the method applies Traffic Approximation(TA)in the detection of DDoS attacks.The detection of a DDoS attack is performed by approximating the incoming traf-fic to any service and using various features like hop count,payload,service fre-quency,and malformed frequency to compute various support measures on bandwidth access,data support,frequency support,malformed support,route sup-port,and so on.Using all these support measures,the method computes the value of legitimate weight to conclude the behavior of any source in identifying the mal-icious node.Identified node details are used in the mitigation of DDoS attacks.The method stimulates the network performance by reducing the power factor by switching the controller according to different factors,which also reduces the cost.In the same way,the proposed model improves the accuracy of detecting DDoS attacks by estimating the features of incoming traffic in different corners.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61303039 and 61201253)Chunying Fellowship,and Fundamental Research Funds for the Central Universities,China(Grant No.2682014CX095)
文摘Any unknown unitary operations conditioned on a control system can be deterministically performed if ancillary subspaces are available for the target systems [Zhou X Q, et al. 2011 Nat. Commun. 2 413]. In this paper, we show that previous optical schemes may be extended to general hybrid systems if unknown operations are provided by optical instruments. Moreover, a probabilistic scheme is proposed when the unknown operation may be performed on the subspaces of ancillary high-dimensional systems. Furthermore, the unknown operations conditioned on the multi-control system may be reduced to the case with a control system using additional linear circuit complexity. The new schemes may be more flexible for different systems or hybrid systems.
基金supported by the National Natural Science Foundation of China(Nos.61402357,61272459,and 61402357)the China Postdoctoral Science Foundation(No.2015M570835)+2 种基金the Fundamental Research Funds for the Central Universities,Chinathe Program for New Century Excellent Talents in Universitythe CETC 54 Project(No.ITD-U14001/KX142600008)
文摘Controllers play a critical role in software-defined networking(SDN).However,existing singlecontroller SDN architectures are vulnerable to single-point failures,where a controller's capacity can be saturated by flooded flow requests.In addition,due to the complicated interactions between applications and controllers,the flow setup latency is relatively large.To address the above security and performance issues of current SDN controllers,we propose distributed rule store(DRS),a new multi-controller architecture for SDNs.In DRS,the controller caches the flow rules calculated by applications,and distributes these rules to multiple controller instances.Each controller instance holds only a subset of all rules,and periodically checks the consistency of flow rules with each other.Requests from switches are distributed among multiple controllers,in order to mitigate controller capacity saturation attack.At the same time,when rules at one controller are maliciously modified,they can be detected and recovered in time.We implement DRS based on Floodlight and evaluate it with extensive emulation.The results show that DRS can effectively maintain a consistently distributed rule store,and at the same time can achieve a shorter flow setup time and a higher processing throughput,compared with ONOS and Floodlight.
基金financially supported by the National Natural Science Foundation of China(NSFC)under grant Nos.51774254,51774253,U1610123,51574207,51574206the Science and Technology Major Project of Shanxi Province under grant No.MC2016-06
文摘In this study, the phase field method was used to study the multi-controlling factors of dendrite growth in directional solidification. The effects of temperature gradient, propelling velocity, thermal disturbance and growth orientation angle on the growth morphology of the dendritic growth in the solid/liquid interface were discussed. It is found that the redistribution of solute leads to multilevel cavity and multilevel fusion to form multistage solute segregation, and the increase of temperature gradient and propelling velocity can accelerate the dendrite growth of directional solidification, and also make the second dendrites more developed, which reduces the primary distance and the solute segregation. When the temperature gradient is large, the solid-liquid interface will move forward in a flat interface mode,and the thermal disturbance does not affect the steady state behavior of the directionally solidified dendrite tip. It only promotes the generation and growth of the second dendrites and forms the asymmetric dendrite. Meanwhile, it is found that the inclined dendrite is at a disadvantage in the competitive growth compared to the normal dendrite, and generally it will disappear. When the inclination angle is large, the initial primary dendrite may be eliminated by its secondary or third dendrite.
基金the National Key Research and Development Program of China (2018YFD0100806,2017YFD0102001,2017YFD0101201)the National Transgenic Major Program of China (2018ZX0801006B,2018ZX0800922B)+6 种基金the National Natural Science Foundation of China (31771875,31871702)the Fundamental Research Funds for the Central Universities of China (06500060FRF-BR-17- 009A,-010Aand -011 A)the "Ten Thousand Plann-National High Level Talents Special Support Plan (for X.W.)the National Key Technology R&D Program of China (2014BAD01B02)and the Beijing Science & Technology Plan Program (Z161100000916013).
文摘Genic male sterility (GMS) is very useful for hybrid vigor utilization and hybrid seed production. Although a large number of GMS genes have been identified in plants, little is known about the roles of GDSL lipase members in anther and pollen development. Here, we report a maize GMS gene, ZmMs30, which encodes a novel type of GDSL lipase with diverged catalytic residues. Enzyme kinetics and activity assays show that ZmMs30 has lipase activity and prefers to substrates with a short carbon chain. ZmMs30 is specifically expressed in maize anthers during stages 7-9. Loss of ZmMs30 function resulted in defective anther cuticle, irregular foot layer of pollen exine, and complete male sterility. Cytological and lipidomics analyses demonstrate that ZmMs30 is crucial for the aliphatic metabolic pathway required for pollen exine formation and anther cuticle development. Furthermore, we found that male sterility caused by loss of ZmMs30 function was stable in various inbred lines with different genetic background, and that it didn't show any negative effect on maize heterosis and production, suggesting that ZmMs30 is valuable for crossbreeding and hybrid seed production. We then developed a new multi-control sterility system using ZmMs30 and its mutant line, and demonstrated it is feasible for generating desirable GMS lines and valu. able for hybrid maize seed production. Taken together, our study sheds new light on the mechanisms of anther and pollen development, and provides a valuable male-sterility system for hybrid breeding maize.