As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are in...As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.展开更多
Peer-to-peer (P2P) systems are now very popular. Current P2P systems are broadly of two kinds, structured and unstructured. The tree structured P2P systems used technologies such as distributed hash tables (DHT) and h...Peer-to-peer (P2P) systems are now very popular. Current P2P systems are broadly of two kinds, structured and unstructured. The tree structured P2P systems used technologies such as distributed hash tables (DHT) and hierarchical clustering can search the required target quickly, however, in a tree, the internal node has a higher load and its leave or crash often causes a large population of its offspring's problems, so that in the highly dynamic Internet environment the tree structure may still suffer frequent breaks. On the other hand, most widely used unstructured P2P networks rely on central directory servers or massive message flooding, clearly not scalable. So, we consider both of the above systems' advantages and disadvantages and realize that in the P2P systems one node may fail easily, but that when a number of nodes organized as a set, which we call "super node", the set is robust. Super nodes can be created and updated aware of topology-aware, and used with simple protocol such as flooding or "servers" to exchange information. Furthermore the entire robust super node can be organized into exquisite tree structure. By using this overlay network architecture, P2P systems are robust, efficient, scalable and secure. The simulation results demonstrated that our architecture greatly reduces the alteration time of the structure while decreasing the average delay time, compared to the common tree structure.展开更多
现有跨域人脸活体检测算法,其特征提取过程容易发生过拟合和缺乏特征聚合所导致的泛化性不足问题。针对该问题,提出了跨域人脸活体检测的单边对抗网络算法,将分组卷积与改进的倒残差结构融合替换普通卷积,降低网络参数同时加强人脸细粒...现有跨域人脸活体检测算法,其特征提取过程容易发生过拟合和缺乏特征聚合所导致的泛化性不足问题。针对该问题,提出了跨域人脸活体检测的单边对抗网络算法,将分组卷积与改进的倒残差结构融合替换普通卷积,降低网络参数同时加强人脸细粒度特征的表达能力,并引入自适应特征归一化模块,强调图像中人脸活体信息区域淡化无关背景区域,有效避免人脸活体信息的过拟合并加强来自不同源域的人脸活体检测能力。基于NetVLAD引入通道注意力机制模块,通道注意力机制模块作为特征聚合网络的分支,学习不同源域中人脸局部特征的语义信息,有效增强对不同源域的人脸活体信息分类的泛化能力。设计两模块融合网络以提高未知场景下跨域人脸活体检测精度。在OULU-NPU、CASIA-FASD、MSU-MFSD和Idiap Replay-Attack数据集上的实验结果表明,该算法在跨数据集测试O&C&M to I、O&C&I to M、I&C&M to O、O&M&I to C均有不错的表现,其中,在O&C&I to M及O&M&I to C性能评估指标分别提升了0.99个百分点和0.5个百分点的精度。展开更多
基金supported by State Key Laboratory of Software Development Environment under Grant No. SKLSDE-2009ZX-02China Aviation Science Fund under Grant No.20081951National High Technical Research and Development Program of China (863 Program) under Grant No.2007AA01Z183
文摘As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.
基金Project (Nos. 60502014 and 60432030) supported by the National Natural Science Foundation of China
文摘Peer-to-peer (P2P) systems are now very popular. Current P2P systems are broadly of two kinds, structured and unstructured. The tree structured P2P systems used technologies such as distributed hash tables (DHT) and hierarchical clustering can search the required target quickly, however, in a tree, the internal node has a higher load and its leave or crash often causes a large population of its offspring's problems, so that in the highly dynamic Internet environment the tree structure may still suffer frequent breaks. On the other hand, most widely used unstructured P2P networks rely on central directory servers or massive message flooding, clearly not scalable. So, we consider both of the above systems' advantages and disadvantages and realize that in the P2P systems one node may fail easily, but that when a number of nodes organized as a set, which we call "super node", the set is robust. Super nodes can be created and updated aware of topology-aware, and used with simple protocol such as flooding or "servers" to exchange information. Furthermore the entire robust super node can be organized into exquisite tree structure. By using this overlay network architecture, P2P systems are robust, efficient, scalable and secure. The simulation results demonstrated that our architecture greatly reduces the alteration time of the structure while decreasing the average delay time, compared to the common tree structure.
文摘现有跨域人脸活体检测算法,其特征提取过程容易发生过拟合和缺乏特征聚合所导致的泛化性不足问题。针对该问题,提出了跨域人脸活体检测的单边对抗网络算法,将分组卷积与改进的倒残差结构融合替换普通卷积,降低网络参数同时加强人脸细粒度特征的表达能力,并引入自适应特征归一化模块,强调图像中人脸活体信息区域淡化无关背景区域,有效避免人脸活体信息的过拟合并加强来自不同源域的人脸活体检测能力。基于NetVLAD引入通道注意力机制模块,通道注意力机制模块作为特征聚合网络的分支,学习不同源域中人脸局部特征的语义信息,有效增强对不同源域的人脸活体信息分类的泛化能力。设计两模块融合网络以提高未知场景下跨域人脸活体检测精度。在OULU-NPU、CASIA-FASD、MSU-MFSD和Idiap Replay-Attack数据集上的实验结果表明,该算法在跨数据集测试O&C&M to I、O&C&I to M、I&C&M to O、O&M&I to C均有不错的表现,其中,在O&C&I to M及O&M&I to C性能评估指标分别提升了0.99个百分点和0.5个百分点的精度。