Shui Yu is currently a full Professor of School of Software, University of Technology Sydney, Australia. Dr Yu’s research interest includes Security and Privacy, Networking, Big Data, and Mathematical Modelling. He has published two monographs and edited two books, more than 200 technical papers, including top journals and top conferences, such as IEEE TPDS, TC, TIFS, TMC, TKDE, TETC, ToN, and INFOCOM. Dr Yu initiated the research field of networking for big data in 2013. His h-index is 33. Dr Yu actively serves his research communities in various roles. He is currently serving the editorial boards of IEEE Communications Surveys and Tutorials, IEEE Communications Magazine, IEEE Internet of Things Journal, IEEE Communications Letters, IEEE Access, and IEEE Transactions on Computational Social Systems. He has served many international conferences as a member of organizing committee, such as publication chair for IEEE Globecom 2015, IEEE INFOCOM 2016 and 2017, TPC chair for IEEE BigDataService 2015, and general chair for ACSW 2017. Dr Yu is a final voting member for a few NSF China programs in 2017. He is a Senior Member of IEEE, a member of AAAS and ACM, the Vice Chair of Technical Commuittee on Big Data of IEEE Communication Society, and a Distinguished Lecturer of IEEE Communication Society.
- IEEE Communications Surveys and Tutorials (impact factor 20+, ranked #1 in its field), Area Editor
- IEEE Communications Magazine (impact factor 10.2, ranked #1 in its field), Series Editor.
- IEEE Transactions on Computational Social Systems, since 2017.
- IEEE Internet of Things Journal (impact factor 7.2), since 2016.
- IEEE Communications Letters (impact factor 1.9), since 2016.
- IEEE Transactions on Parallel and Distributed Systems (A* journal), 2013 - 2015.
- IEEE Transactions on Big Data, Theoretical Foundations for Big Data Security and Privacy, 2016.
- IEEE Access, Theoretical Foundation for Big Data Applications, 2016.
- IEEE Cloud Computing, Cloud Security, 2016.
- IEEE Network, Special Issue on Big Data for Networking, 2015.
- IJPEDS, Special Issue on Networking Aspects in Big Data, 2015.
- IEEE JSAC (The second series of Molecular, Biological, and Multi-Scale Communication), 2015.
- IEEE Network, Special Issue on Networking for Big Data, 2014.
- Journal of Multimedia, Special Issue on Social Multimedia Computing: Challenges, Techniques, and Applications, 2013.
- International Journal of Security and Networks, Special Issue on Network Forensics, Security and Privacy, 2012.
- Journal of Peer-to-Peer Networking and Applications, Special Issue on Security, Privacy and Forensics in P2P Networks, 2012.
Can supervise: YES
- Cybersecurity and privacy
- Network Science and big data
- Artifical Intelligence for security and networking
- Mathematical modelling
- More than 14 years teaching experience in Australia, 7 years teaching experience in China, also taught units at Hong Kong and Indonesia.
- Developed more than 10 units in cybersecurity, computer science, data analytics, and computer games.
- Course director of Computer Science (undergraduate)
- Rich experience in teaching large classes and small classes, on-campus students and off-campus students, local students and overseas students
- Excellent teaching evaluation.
- Passionate teacher with well-prepared teaching content
- Guest lecturer of cybersecurity of a number of overseas universities.
Li, G, He, J, Peng, S, Jia, W, Wang, C, Niu, J & Yu, S 2019, 'Energy Efficient Data Collection in Large-scale Internet of Things via Computation Offloading', IEEE Internet of Things Journal.View/Download from: Publisher's site
IEEE Internet of Things (IoT) can be used to promote many advanced applications by utilizing the sensed data collected from various settings. To reduce the energy consumption of IoT devices, and to extend the lifetime of network, the sensed data are usually compressed before their transmission through Compressed Sensing (CS) theory. By reconstructing the sensed data at the edge of network with more resourceful devices, such as laptops and servers, the intensive computation and energy consumption of the IoT nodes could be effectively offloaded. However, most of the existing data collection schemes are limited in their scalability, because the unified data reconstruction models of them are not suitable for large-scale surveillance scenarios. In our proposed scheme, the whole network is first partitioned into a number of data correlated clusters based on spatial correlation. Then, a data collection tree is built to collect the compressed data in a hybrid mode. Finally, the data reconstruction problem is modelled as a group sparse problem and solved through using an ADMM-based algorithm. The performance of data communication and reconstruction of the proposed scheme is evaluated through experiments with real data set. The experimental results show that the proposed scheme can indeed lower the amount of data transmission, prolong the network life, and achieve a higher level of accuracy in data collection compared to existing data collection schemes.
IEEE Internet of Things (IoT) provides a vast number of devices with heterogeneous characteristics connected to the Internet. As a promising networking paradigm that decouples control plane from data plane, Software Defined Networking (SDN) is an appropriate architecture for IoT. The SDN paradigm supports deploying traffic flows dynamically by a centralized controller to SDN switches. In particular, the controller configures forwarding rules of SDN switches to steer traffic. However, forwarding rules are usually stored in expensive and power hungry Ternary Content Addressable Memory (TCAM), which is very limited in quantity for SDN switches. Thus, the shortage of TCAM becomes a fatal bottleneck for scalable flow management for SDN-based IoT. To this end, we propose a method of Forwarding Rule Multiplexing (FRM) to minimize the total number of forwarding rules in SDN-based IoT. We multiplex different traffic flows traversing through the same path into an aggregated flow with the label of VLAN ID. As a result, multiple forwarding rules could be merged into one multiplexed rule. We also extend the method to SDN protection against link failure, and reduce backup path forwarding rules. We formulate the FRM problem as an Integer Linear Programming (ILP) model. Since the problem is NP-hard, we design a polynomial algorithm using the Markov approximation technique. Theoretical analysis indicates that the polynomial algorithm generates near-optimal solution. The extensive emulation results show that the proposed Markov approximation based algorithm reduces the number of forwarding rules by 15.73% in average compared with the benchmark algorithms.
Zhang, H, Dong, Y, Chiclana, F & Yu, S 2019, 'Consensus efficiency in group decision making: A comprehensive comparative study and its optimal design', European Journal of Operational Research, vol. 275, no. 2, pp. 580-598.View/Download from: Publisher's site
© 2018 Elsevier B.V. Consensus reaching processes (CRPs) aim to help decision-makers achieve agreement regarding the solution to a common decision problem, and consequently play an increasingly important role in the resolution of group decision making (GDM) problems. To date, a large number of CRPs have been reported. However, there is a lack of a general framework and criteria to evaluate the efficiency of the different CRPs. This paper aims to fill this gap in the research literature on CRPs. To achieve this goal, firstly, a comprehensive review regarding the different approaches to CRP is reported, and a series of CRPs as the comparison objects are presented. Secondly, the following comparison criteria for measuring the efficiency of CPRs are proposed: the number of adjusted decision-makers, the number of adjusted alternatives, the number of adjusted preference values, the distance between the original and the adjusted preference information (adjustment cost), and the number of negotiation rounds required to reach consensus. Following this, a detailed simulation experiment is designed to analyze the efficiency of different CRPs under the mentioned different comparison criteria. Furthermore, new multi-stage optimization-based CRPs are also developed, which the simulation experiment shows to have better comprehensive consensus efficiency in different GDM settings.
Wang, M, Xu, C, Chen, X, Hao, H, Zhong, L & Yu, S 2019, 'Differential privacy oriented distributed online learning for mobile social video prefetching', IEEE Transactions on Multimedia, vol. 21, no. 3, pp. 636-651.View/Download from: Publisher's site
© 2019 IEEE The ever fast growing mobile social video traffic has motivated the urgent requirement of alleviating backbone pressures while ensuring the user-quality experience. Mobile video prefetching previously caches the future accessed videos at the edge, which has become a promising solution for traffic offloading and delay reduction. However, providing high performance prefetching still remains problematic in the presence of high dynamic mobile users' viewing behaviors and consecutive generated video content. Besides, given the fact that making prefetching decision requires viewing history that is sensitive, the increasing privacy issues should also be considered. In this paper, we propose a differential privacy oriented distributed online learning method for mobile social video prefetching (DPDL-SVP). Through a large-scale data analysis based on one of the most popular online social network sites, WeiBo.cn, we reveal that users' viewing behaviors have strong a relation with video preference, content popularity, and social interactions. We then formulate the prefetching problem as an online convex optimization based on these three factors. Furthermore, the problem is divided into two subproblems, and we implement a distributed algorithm separately to solve them with differential privacy. The performance bound of the proposed online algorithms is also theoretically proved. We conduct a series simulation based on real viewing traces to evaluate the performance of DPDL-SVP. Evaluation results show how our proposed algorithms achieve superior performance in terms of the prediction accuracy, delay reduction, and scalability.
Xu, C, Zhu, L, Liu, Y, Guan, J & Yu, S 2018, 'DP-LTOD: Differential Privacy Latent Trajectory Community Discovering Services over Location-Based Social Networks', IEEE Transactions on Services Computing.View/Download from: UTS OPUS or Publisher's site
IEEE Community detection for Location-based Social Networks (LBSNs) has been received great attention mainly in the field of large-scale Wireless Communication Networks. In this paper, we present a Differential Privacy Latent Trajectory cOmmunity Discovering (DP-LTOD) scheme, which obfuscates original trajectory sequences into differential privacy-guaranteed trajectory sequences for trajectory privacy-preserving, and discovers latent trajectory communities through clustering the uploaded trajectory sequences. Different with traditional trajectory privacy-preserving methods, we first partition original trajectory sequence into different segments. Then, the suitable locations and segments are selected to constitute obfuscated trajectory sequence. Specifically, we formulate the trajectory obfuscation problem to select an optimal trajectory sequence which has the smallest difference with original trajectory sequence. In order to prevent privacy leakage, we add Laplace noise and exponential noise to the outputs during the stages of location obfuscation matrix generation and trajectory sequence function generation, respectively. Through formal privacy analysis,we prove that DP-LTOD scheme can guarantee \epsilon-differential private. Moreover, we develop a trajectory clustering algorithm to classify the trajectories into different kinds of clusters according to semantic distance and geographical distance. Extensive experiments on two real-world datasets illustrate that our DP-LTOD scheme can not only discover latent trajectory communities, but also protect user privacy from leaking.
Li, G, Chen, H, Peng, S, Li, X, Wang, C, Yu, S & Yin, P 2018, 'A Collaborative Data Collection Scheme Based on Optimal Clustering for Wireless Sensor Networks.', Sensors (Basel, Switzerland), vol. 18, no. 8.View/Download from: UTS OPUS or Publisher's site
In recent years, energy-efficient data collection has evolved into the core problem in the resource-constrained Wireless Sensor Networks (WSNs). Different from existing data collection models in WSNs, we propose a collaborative data collection scheme based on optimal clustering to collect the sensed data in an energy-efficient and load-balanced manner. After dividing the data collection process into the intra-cluster data collection step and the inter-cluster data collection step, we model the optimal clustering problem as a separable convex optimization problem and solve it to obtain the analytical solutions of the optimal clustering size and the optimal data transmission radius. Then, we design a Cluster Heads (CHs)-linking algorithm based on the pseudo Hilbert curve to build a CH chain with the goal of collecting the compressed sensed data among CHs in an accumulative way. Furthermore, we also design a distributed cluster-constructing algorithm to construct the clusters around the virtual CHs in a distributed manner. The experimental results show that the proposed method not only reduces the total energy consumption and prolongs the network lifetime, but also effectively balances the distribution of energy consumption among CHs. By comparing it o the existing compression-based and non-compression-based data collection schemes, the average reductions of energy consumption are 17.9% and 67.9%, respectively. Furthermore, the average network lifetime extends no less than 20-times under the same comparison.
Xu, C, Jin, W, Wang, X, Zhao, G & Yu, S 2018, 'MC-VAP: A multi-connection virtual access point for high performance software-defined wireless networks', Journal of Network and Computer Applications, vol. 122, pp. 88-98.View/Download from: UTS OPUS or Publisher's site
© 2018 Elsevier Ltd Aiming to exploit the power of multiple accesses from ubiquitous wireless networks, researchers employed multiple virtualized interfaces connecting to multiple APs for mobile users. However, these schemes require expensive modifications and additional cost on mobile device, which are hard to be implemented. Complementarily, in this paper, we propose a multi-connection virtual access point (MC-VAP) to virtualize and manipulate physical APs to provide multi-path transmission for a user while avoiding any modifications on the user side. As a result, the independent flows from an application can be dispatched to multiple paths separately and transmitted on multiple APs simultaneously, which can improve the throughput obviously. In order to maximize each application's throughput, the flow assignment is formulated as a mixed integer non-linear programming (MINLP) problem. In particular, a low-complexity heuristic algorithm, namely, narrowing search set with cutting-off solution space (NS-CoS) algorithm, is presented to solve the MINLP problem through relaxing it into simple LP problems. Moreover, we implement a prototype of MC-VAP, and the extensive real-world experiments demonstrate that MC-VAP can realize seamless handover and provide faster yet efficient solutions of flow assignment in contrast to the optimal method to achieve multifold throughput improvement for applications over regular WiFi.
Li, L, Deng, N, Ren, W, Kou, B, Zhou, W & Yu, S 2018, 'Multi-Service Resource Allocation in Future Network with Wireless Virtualization', IEEE Access, vol. 6, pp. 53854-53868.View/Download from: UTS OPUS or Publisher's site
© 2013 IEEE. Future network is envisioned to be a multi-service network which can support various types of terminal devices with diverse quality of service requirements. As one of the key technologies, wireless virtualization establishes different virtual networks dependent on different application scenarios and user requirements through flexibly slicing and sharing wireless resources in future networks. In this paper, we first propose a service-centric wireless virtualization model to slice network according to service types. In this model, how to share and slice wireless resource is one of the fundamental issues to be addressed. Therefore, we formulate and solve a multi-service resource allocation problem to realize spectrum virtualization. Different from the existing strategies, we decouple the multi-service resource allocation problem in the proposed virtualization model to make it easier to solve. Specifically, it is solved in two stages: inter-slice resource allocation and intra-slice resource scheduling. In the first stage, we formulate the inter-slice resource allocation as a discrete optimization problem and propose a heuristic algorithm to get sub-optimal solution of this NP-hard problem. In the second stage, we modify several existing scheduling algorithms suitable for scheduling users of several specific services. Numerical results show the superiority of the proposed scheduling algorithms over the existing ones when applied to schedule specific services. Moreover, proposed resource allocation scheme is verified to meet the properties of virtualization and solves the multi-service resource allocation problem well.
Zhou, L, Fu, A, Yu, S, Su, M & Kuang, B 2018, 'Data integrity verification of the outsourced big data in the cloud environment: A survey', Journal of Network and Computer Applications, vol. 122, pp. 1-15.View/Download from: UTS OPUS or Publisher's site
© 2018 Elsevier Ltd With the explosive growth of data and the rapid development of science technology, big data analysis has attracted increasing attention. Due to the restrictive performance of traditional devices, cloud computing emerges as a convenient storage and computing platform for big data analysis. Driven by benefits, cloud servers may intentionally delete or modify outsourced big data. Therefore, users need to make sure that the servers correctly store the outsourced big data prior to deploying the cloud computing applications in practice. To resolve the issue, many researchers have concentrated on enabling users to check the completeness of data with data integrity verification (DIV) technique. We have therefore collated a summary of the existing literature, aiming to present a solid and stimulating review of current academic achievements for interested readers. Firstly, we present a fundamental introduction by defining seven major topics in order to offer a summary of the existing research domain for DIV study. Secondly, we classify the state-of-the-art DIV solutions into four categories, and then we parse each category based on dynamics, providing a clear and hierarchical classification of forthcoming DIV efforts. Thirdly, we discuss the principal topics and technical means utilized to equip DIV schemes with different requirements. Finally, we discuss the issues and challenges anticipated in future work, thus suggesting possible directions for follow-up research.
Xiao, Y, Pei, Q, Liu, X & Yu, S 2018, 'A Novel Trust Evaluation Mechanism for Collaborative Filtering Recommender Systems', IEEE Access, vol. 6, pp. 70268-70312.View/Download from: UTS OPUS or Publisher's site
© 2018 IEEE. In online social networks (OSNs), high trust value entities play an important role in service recommendation when users inquire certain service. Generally, users in OSNs are more willing to choose those services recommended by high trust value entities. In fact, users may suffer from great loss of property once they accept some bad services provided by high trust value entities. However, current schemes do not consider this problem. Hence, we propose a scheme called RHT (recommendation from high trust value entities) to evaluate the trust degree of service recommended by high trust value entities. To be specific, there exist other users who provide their ratings to the service recommended by a high trust value entity, and RHT first selects the trusted ones from those users by computing the similarity between target user and them. Simultaneously, RHT also withstands malicious attacks during the trusted nodes selection. In addition, we also design an adaptive trust computation method to calculate trust value according to the ratings of trusted users. The experimental results show that RHT has higher accuracy in trust evaluation compared with current representative schemes and do effectively resistant four common attacks when choosing trusted nodes.
Ma, H, Yu, S, Gabbouj, M & Mueller, P 2018, 'Guest Editorial Special Issue on Multimedia Big Data in Internet of Things', IEEE Internet of Things Journal, vol. 5, no. 5, pp. 3405-3407.View/Download from: Publisher's site
Qu, Y, Yu, S, Gao, L, Zhou, W & Peng, S 2018, 'A hybrid privacy protection scheme in cyber-physical social networks', IEEE Transactions on Computational Social Systems, vol. 5, no. 3, pp. 773-784.View/Download from: UTS OPUS or Publisher's site
© 2014 IEEE. The rapid proliferation of smart mobile devices has significantly enhanced the popularization of the cyber-physical social network, where users actively publish data with sensitive information. Adversaries can easily obtain these data and launch continuous attacks to breach privacy. However, existing works only focus on either location privacy or identity privacy with a static adversary. This results in privacy leakage and possible further damage. Motivated by this, we propose a hybrid privacy-preserving scheme, which considers both location and identity privacy against a dynamic adversary. We study the privacy protection problem as the tradeoff between the users aiming at maximizing data utility with high-level privacy protection while adversaries possessing the opposite goal. We first establish a game-based Markov decision process model, in which the user and the adversary are regarded as two players in a dynamic multistage zero-sum game. To acquire the best strategy for users, we employ a modified state-action-reward-state-action reinforcement learning algorithm. Iteration times decrease because of cardinality reduction from n to 2, which accelerates the convergence process. Our extensive experiments on real-world data sets demonstrate the efficiency and feasibility of the propose method.
Zhang, Y, Dong, P, Yu, S, Luo, H, Zheng, T & Zhang, H 2018, 'An adaptive multipath algorithm to overcome the unpredictability of heterogeneous wireless networks for high-speed railway', IEEE Transactions on Vehicular Technology, vol. 67, no. 12, pp. 11332-11344.View/Download from: UTS OPUS or Publisher's site
© 2018 IEEE. Accessing Internet services in high-speed mobile scenario is an increasing demand for passengers and vendors. Owing to the bandwidth limitation of a single wireless network, researchers attempt to utilize the heterogeneous wireless networks along tracks to achieve multipath parallel transmission. These multipath transmission schemes usually depend on the accurate estimation of network quality to achieve high performance. However, due to the unpredictability of wireless networks in high-speed mobile scenario, current multipath transmission schemes perform poorly. In this paper, first, we make quantitative analysis for the unpredictability of wireless networks. With lots of results of real experiments, we make quantitative analysis for the estimation error of classical algorithms in different scenarios. Second, aiming at the unpredictability of wireless networks, we propose a multipath transmission algorithm named receiver adaptive incremental delay (RAID) that can aggregate bandwidth for heterogeneous networks independent of accurate network quality estimation. Final, we deploy the RAID algorithm into a real system. Abundant of real experiments and simulations prove that our proposed algorithm has a better performance than the earliest completion first algorithm and the weighted round Robin (WRR) algorithm in high-speed mobile scenario.
Yuan, B, Jin, H, Zou, D, Yang, LT & Yu, S 2018, 'A Practical Byzantine-Based Approach for Faulty Switch Tolerance in Software-Defined Networks', IEEE Transactions on Network and Service Management, vol. 15, no. 2, pp. 825-839.View/Download from: UTS OPUS or Publisher's site
© 2004-2012 IEEE. Over the past few years, software-defined networking (SDN) has stimulated worldwide interests in both academia and industry for its proven benefits. However, the reliability of SDN has become a significant barrier in adopting it. Many efforts have been made to enhance the reliability of SDNs. However, the research all assume a benign data plane, and overlook the fundamental question: what if the switches provide tainted network state information (controller's inputs) to the controller? To obtain a global view and produce networking decisions, SDN controllers must collect detailed and up-to-date network state information from the switches. Therefore, tainted inputs can easily disrupt the correctness of controller and reduce the reliability of SDN. In this paper, we argue that faulty switches can easily taint the controller's inputs in SDN, which would further mislead the controller. We investigate possible consequences of the existence of faulty switches with thorough analyses and practical examples. Aiming at enhancing the reliability of SDNs, we design and implement a prototype system that leverages Byzantine model to automatically tolerate faulty switches. Extensive experiments show that the proposed system can guarantee the correctness of the controller's inputs (specifically, flow statistics information) even when faulty switches exist with trivial overheads.
Wang, X, Xu, C, Zhao, G, Xie, K & Yu, S 2018, 'Efficient Performance Monitoring for Ubiquitous Virtual Networks Based on Matrix Completion', IEEE Access, vol. 6, pp. 14524-14536.View/Download from: UTS OPUS or Publisher's site
© 2013 IEEE. Inspired by the concept of software-defined network and network function virtualization, vast virtual networks are generated to isolate and share wireless resources for different network operators. To achieve fine-grained resource control and scheduling among virtual networks (VNs), network performance monitoring is essential. However, due to limitation of hardware, real-time performance monitoring is impossible for a complete virtual network. In this paper, taking advantage of the low-rank characteristic of 90 virtual access points (VAPs) measurement data, we propose an intelligent measurement scheme, namely, adaptive and sequential sampling based on matrix completion (MC), which exploits from the MC to construct the complete data of VN performance from a partial direct monitoring data. First, to construct the initial measurement matrix, we propose a sampling correction model based on dispersion and coverage. Second, a stopping condition for the sequential sampling is introduced, based on the stopping condition, the sampling process for a period can stop without waiting for the matrix reconstruction to reach certain of accuracy level. Finally, the sampled VAPs are determined by referring the back-forth completed matrixes' normalized mean absolute error. The experiments show that our approach can achieve a constant network perception and maintain a relatively low error rate with a small sampling rate.
Liu, Q, Li, P, Zhao, W, Cai, W, Yu, S & Leung, VCM 2018, 'A survey on security threats and defensive techniques of machine learning: A data driven view', IEEE Access, vol. 6, pp. 12103-12117.View/Download from: UTS OPUS or Publisher's site
© 2013 IEEE. Machine learning is one of the most prevailing techniques in computer science, and it has been widely applied in image processing, natural language processing, pattern recognition, cybersecurity, and other fields. Regardless of successful applications of machine learning algorithms in many scenarios, e.g., facial recognition, malware detection, automatic driving, and intrusion detection, these algorithms and corresponding training data are vulnerable to a variety of security threats, inducing a significant performance decrease. Hence, it is vital to call for further attention regarding security threats and corresponding defensive techniques of machine learning, which motivates a comprehensive survey in this paper. Until now, researchers from academia and industry have found out many security threats against a variety of learning algorithms, including naive Bayes, logistic regression, decision tree, support vector machine (SVM), principle component analysis, clustering, and prevailing deep neural networks. Thus, we revisit existing security threats and give a systematic survey on them from two aspects, the training phase and the testing/inferring phase. After that, we categorize current defensive techniques of machine learning into four groups: security assessment mechanisms, countermeasures in the training phase, those in the testing or inferring phase, data security, and privacy. Finally, we provide five notable trends in the research on security threats and defensive techniques of machine learning, which are worth doing in-depth studies in future.
Shen, S, Huang, L, Zhou, H, Yu, S, Fan, E & Cao, Q 2018, 'Multistage Signaling Game-Based Optimal Detection Strategies for Suppressing Malware Diffusion in Fog-Cloud-Based IoT Networks', IEEE Internet of Things Journal, vol. 5, no. 2, pp. 1043-1054.View/Download from: UTS OPUS or Publisher's site
© 2018 IEEE. We consider the Internet of Things (IoT) with malware diffusion and seek optimal malware detection strategies for preserving the privacy of smart objects in IoT networks and suppressing malware diffusion. To this end, we propose a malware detection infrastructure realized by an intrusion detection system (IDS) with cloud and fog computing to overcome the IDS deployment problem in smart objects due to their limited resources and heterogeneous subnetworks. We then employ a signaling game to disclose interactions between smart objects and the corresponding fog node because of malware uncertainty in smart objects. To minimize privacy leakage of smart objects, we also develop optimal strategies that maximize malware detection probability by theoretically computing the perfect Bayesian equilibrium of the game. Moreover, we analyze the factors influencing the optimal probability of a malicious smart object diffusing malware, and factors influencing the performance of a fog node in determining an infected smart object. Finally, we present a framework to demonstrate a potential and practical application of suppressing malware diffusion in IoT networks.
Wang, X, Xu, C, Zhao, G & Yu, S 2018, 'Tuna: An Efficient and Practical Scheme for Wireless Access Point in 5G Networks Virtualization', IEEE Communications Letters, vol. 22, no. 4, pp. 748-751.View/Download from: UTS OPUS or Publisher's site
© 1997-2012 IEEE. Recently, network function virtualization (NFV) has been widely used in 5G innovation. However, with the implementation of NFV, virtualized wireless access point has suffered a significant performance degradation. In this letter, we propose an efficient packet processing scheme (Tuna) to improve the performance of wireless network virtualization. Specifically, we locate management frame into user space for virtualization, and place control and data frame in kernel space to reduce packet processing delay. Moreover, hostapd and network address translation are modified to accelerate packet processing. We implemented the prototype of the proposed scheme, and the experimental results demonstrate that Tuna can improve both delay and throughput dramatically.
Li, T, Zhou, H, Luo, H & Yu, S 2018, 'SERvICE: A Software Defined Framework for Integrated Space-Terrestrial Satellite Communication', IEEE Transactions on Mobile Computing, vol. 17, no. 3, pp. 703-716.View/Download from: Publisher's site
© 2017 IEEE. The existing satellite communication systems suffer from traditional design, such as slow configuration, inflexible traffic engineering, and coarse-grained Quality of Service (QoS) guarantee. To address these issues, in this paper, we propose SERvICE, a Software dEfined fRamework for Integrated spaCe-tErrestrial satellite Communication, based on Software Defined Network (SDN) and Network Function Virtualization (NFV). We first introduce the three planes of SERvICE, Management Plane, Control Plane, and Forwarding Plane. The framework is designed to achieve flexible satellite network traffic engineering and fine-grained QoS guarantee. We analyze the agility of the space component of SERvICE. Then, we give a description of the implementation of the prototype with the help of the Delay Tolerant Network (DTN) and OpenFlow. We conduct two experiments to validate the feasibility of SERvICE and the functionality of the prototype. In addition, we propose two heuristic algorithms, namely the QoS-oriented Satellite Routing (QSR) algorithm and the QoS-oriented Bandwidth Allocation (QBA) algorithm, to guarantee the QoS requirement of multiple users. The algorithms are also evaluated in the prototype. The experimental results show the efficiency of the proposed algorithms in terms of file transmission delay and transmission rate.
Qu, Y, Yu, S, Zhou, W, Peng, S, Wang, G & Xiao, K 2018, 'Privacy of Things: Emerging Challenges and Opportunities in Wireless Internet of Things', IEEE Wireless Communications, vol. 25, no. 6, pp. 91-97.View/Download from: UTS OPUS or Publisher's site
© 2002-2012 IEEE. The proliferation of wireless devices and appliances is facilitating the rapid development of the Internet of Things (IoT). Numerous state-of-the-art applications are being used in, for example, smart cities, autonomous vehicles, and biocomputing. With the popularization of IoT, new challenges are emerging with respect to privacy issues. In this article, we first summarize privacy constraints and primary attacks based on new features of IoT. Then we present three case studies to demonstrate principal vulnerabilities and classify existing protection schemes. Built on this analysis, we identify three key challenges: a lack of theoretical foundation, the trade-off optimization between privacy and data utility, and system isomerism over-complexity and high scalability. Finally, we illustrate possible promising future directions and potential solutions to the emerging challenges facing wireless IoT scenarios. We aim to assist interested readers in investigating the unexplored parts of this promising domain.
Li, J, Luo, H, Zhang, S, Yu, S & Wolf, T 2018, 'Traffic Engineering in Information-Centric Networking: Opportunities, Solutions and Challenges', IEEE Communications Magazine, vol. 56, no. 11, pp. 124-130.View/Download from: UTS OPUS or Publisher's site
Ding, Z, Dong, Y, Kou, G, Palomares, I & Yu, S 2018, 'Consensus formation in opinion dynamics with online and offline interactions at complex networks', International Journal of Modern Physics C, vol. 29, no. 07, pp. 1850046-1850046.View/Download from: Publisher's site
Feng, B, Zhang, H, Zhou, H & Yu, S 2017, 'Locator/Identifier Split Networking: A Promising Future Internet Architecture', IEEE Communications Surveys and Tutorials, vol. 19, no. 4, pp. 2927-2948.View/Download from: Publisher's site
© 1998-2012 IEEE. The Internet has achieved unprecedented success in human history. However, its original design has encountered many challenges in the past decades due to the significant changes of context and requirements. As a result, the design of future networks has received great attention from both academia and industry, and numerous novel architectures have sprung up in recent years. Among them, the locator/identifier (Loc/ID) split networking is widely discussed for its decoupling of the overloaded IP address semantics, which satisfies several urgent needs of the current Internet such as mobility, multi-homing, routing scalability, security, and heterogeneous network convergence. Hence, in this paper, we focus on Loc/ID split network architectures, and provide a related comprehensive survey on their principles, mechanisms, and characteristics. First, we illustrate the major serious problems of the Internet caused by the overloading of IP address semantics. Second, we classify the existing Loc/ID split network architectures based on their properties, abstract the general principle and framework for each classification, and demonstrate related representative architectures in detail. Finally, we summarize the fundamental features of the Loc/ID split networking, compare corresponding investigated architectures, and discuss several open issues and opportunities.
Xu, C, Han, Z, Zhao, G & Yu, S 2017, 'A sleeping and offloading optimization scheme for energy-efficient WLANs', IEEE Communications Letters, vol. 21, no. 4, pp. 877-880.View/Download from: Publisher's site
© 1997-2012 IEEE. In this letter, we propose an access point (AP) sleeping and user offloading optimization scheme to improve energy efficiency in densely deployed WLANs. Through real trace analysis, we investigate AP energy efficiency to obtain the sleep-awake threshold, which is used to select sleep or awake APs according to real-time status information monitored on controller. Moreover, we formulate the user offloading problem as a reverse auction process to optimize energy efficiency of APs involved in offloading. Simulation results demonstrate that, comparing to traditional methods, our scheme can achieve up to 20% energy saving while maintaining effective system coverage and throughput.
Xu, C, Jin, W, Zhao, G, Tianfield, H, Yu, S & Qu, Y 2017, 'A Novel Multipath-Transmission Supported Software Defined Wireless Network Architecture', IEEE Access, vol. 5, pp. 2111-2125.View/Download from: Publisher's site
© 2013 IEEE. The inflexible management and operation of today's wireless access networks cannot meet the increasingly growing specific requirements, such as high mobility and throughput, service differentiation, and high-level programmability. In this paper, we put forward a novel multipath-transmission supported software-defined wireless network architecture (MP-SDWN), with the aim of achieving seamless handover, throughput enhancement, and flow-level wireless transmission control as well as programmable interfaces. In particular, this research addresses the following issues: 1) for high mobility and throughput, multi-connection virtual access point is proposed to enable multiple transmission paths simultaneously over a set of access points for users and 2) wireless flow transmission rules and programmable interfaces are implemented into mac80211 subsystem to enable service differentiation and flow-level wireless transmission control. Moreover, the efficiency and flexibility of MP-SDWN are demonstrated in the performance evaluations conducted on a 802.11 based-testbed, and the experimental results show that compared to regular WiFi, our proposed MP-SDWN architecture achieves seamless handover and multifold throughput improvement, and supports flow-level wireless transmission control for different applications.
Gao, L, Luan, TH, Yu, S, Zhou, W & Liu, B 2017, 'FogRoute: DTN-Based Data Dissemination Model in Fog Computing', IEEE Internet of Things Journal, vol. 4, no. 1, pp. 225-235.View/Download from: Publisher's site
© 2017 IEEE. Fog computing, known as 'cloud closed to ground,' deploys light-weight compute facility, called Fog servers, at the proximity of mobile users. By precatching contents in the Fog servers, an important application of Fog computing is to provide high-quality low-cost data distributions to proximity mobile users, e.g., video/live streaming and ads dissemination, using the single-hop low-latency wireless links. A Fog computing system is of a three tier Mobile-Fog-Cloud structure; mobile user gets service from Fog servers using local wireless connections, and Fog servers update their contents from Cloud using the cellular or wired networks. This, however, may incur high content update cost when the bandwidth between the Fog and Cloud servers is expensive, e.g., using the cellular network, and is therefore inefficient for nonurgent, high volume contents. How to economically utilize the Fog-Cloud bandwidth with guaranteed download performance of users thus represents a fundamental issue in Fog computing. In this paper, we address the issue by proposing a hybrid data dissemination framework which applies software-defined network and delay-tolerable network (DTN) approaches in Fog computing. Specifically, we decompose the Fog computing network with two planes, where the cloud is a control plane to process content update queries and organize data flows, and the geometrically distributed Fog servers form a data plane to disseminate data among Fog servers with a DTN technique. Using extensive simulations, we show that the proposed framework is efficient in terms of data-dissemination success ratio and content convergence time among Fog servers.
Jiang, J, Wen, S, Yu, S, Xiang, Y & Zhou, W 2017, 'Identifying Propagation Sources in Networks: State-of-the-Art and Comparative Studies', IEEE Communications Surveys and Tutorials, vol. 19, no. 1, pp. 465-481.View/Download from: Publisher's site
© 2016 IEEE. It has long been a significant but difficult problem to identify propagation sources based on limited knowledge of network structures and the varying states of network nodes. In practice, real cases can be locating the sources of rumors in online social networks and finding origins of a rolling blackout in smart grids. This paper reviews the state-of-the-art in source identification techniques and discusses the pros and cons of current methods in this field. Furthermore, in order to gain a quantitative understanding of current methods, we provide a series of experiments and comparisons based on various environment settings. Especially, our observation reveals considerable differences in performance by employing different network topologies, various propagation schemes, and diverse propagation probabilities. We therefore reach the following points for future work. First, current methods remain far from practice as their accuracy in terms of error distance () is normally larger than three in most scenarios. Second, the majority of current methods are too time consuming to quickly locate the origins of propagation. In addition, we list five open issues of current methods exposed by the analysis, from the perspectives of topology, number of sources, number of networks, temporal dynamics, and complexity and scalability. Solutions to these open issues are of great academic and practical significance.
© 2016 IEEE. Complementary to the fancy big data applications, networking for big data is an indispensable supporting platform for these applications in practice. This emerging research branch has gained extensive attention from both academia and industry in recent years. In this new territory, researchers are facing many unprecedented theoretical and practical challenges. We are therefore motivated to solicit the latest works in this area, aiming to pave a comprehensive and solid starting ground for interested readers. We first clarify the definition of networking for big data based on the cross disciplinary nature and integrated needs of the domain. Second, we present the current understanding of big data from different levels, including its formation, networking features, mathematical representations, and the networking technologies. Third, we discuss the challenges and opportunities from various perspectives in this hopeful field. We further summarize the lessons we learned based on the survey. We humbly hope this paper will shed light for forthcoming researchers to further explore the uncharted part of this promising land.
Sood, K, Yu, S & Xiang, Y 2016, 'Performance analysis of software-defined network switch using M/Geo/1 model', IEEE Communications Letters, vol. 20, no. 12, pp. 2522-2525.View/Download from: Publisher's site
© 1997-2012 IEEE. The aim of this letter is to propose an analytical model to study the performance of software-defined network (SDN) switches. Here, SDN switch performance is defined as the time that an SDN switch needs to process packet without the interaction of controller. We exploit the capabilities of queueing theory-based M/Geo/1 model to analyze the key factors, flow-table size, packet arrival rate, number of rules, and position of rules. The analytical model is validated using extensive simulations. This letter reveals that these factors have significant influence on the performance of an SDN switch.
Sood, K, Yu, S, Xiang, Y & Cheng, H 2016, 'A General QoS Aware Flow-Balancing and Resource Management Scheme in Distributed Software-Defined Networks', IEEE Access, vol. 4, pp. 7176-7185.View/Download from: Publisher's site
© 2016 IEEE. Due to the limited service capabilities of centralized controllers, it is difficult to process high volume of flows within reasonable time. This particularly degrades the strict quality of service (QoS) requirements of interactive media applications, which is non-negligible factor. To alleviate this concern, distributed deployments of software-defined network (SDN) controllers are inevitable and have gained a predominant position. However, to maintain application specific QoS requirements, the number of resources used in network directly impacts the capital and operational expenditure. Hence, in distributed SDN architectures, issues such as flow arrival rate, resources required and operational cost have significant mutual dependencies on each other. Therefore, it is essential to research feasible methods to maintain QoS and minimize resources provisioning cost. Motivated from this, we propose a solution in a distributed SDN architectures that provides flow-balancing (with guaranteed QoS) in pro-active operations of SDN controllers, and attempts to optimize the use of instance resources provisioning costs. We validate our solution using the tools of queuing theory. Our studies indicate that with our solution, a network with minimum resources and affordable cost with guaranteed application QoS can be set-up.
© 2013 IEEE. One of the biggest concerns of big data is privacy. However, the study on big data privacy is still at a very early stage. We believe the forthcoming solutions and theories of big data privacy root from the in place research output of the privacy discipline. Motivated by these factors, we extensively survey the existing research outputs and achievements of the privacy field in both application and theoretical angles, aiming to pave a solid starting ground for interested readers to address the challenges in the big data case. We first present an overview of the battle ground by defining the roles and operations of privacy systems. Second, we review the milestones of the current two major research categories of privacy: data clustering and privacy frameworks. Third, we discuss the effort of privacy study from the perspectives of different disciplines, respectively. Fourth, the mathematical description, measurement, and modeling on privacy are presented. We summarize the challenges and opportunities of this promising topic at the end of this paper, hoping to shed light on the exciting and almost uncharted land.
Li, P, Guo, S, Yu, S & Vasilakos, AV 2014, 'Reliable multicast with pipelined network coding using opportunistic feeding and routing', IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 12, pp. 3264-3273.View/Download from: Publisher's site
© 2013 IEEE. Multicast is an important mechanism in modern wireless networks and has attracted significant efforts to improve its performance with different metrics including throughput, delay, energy efficiency, etc. Traditionally, an ideal loss-free channel model is widely used to facilitate routing protocol design. However, the quality of wireless links is affected or even jeopardized resulting in transmission failures by many factors like collisions, fading or the noise of environment. In this paper, we propose a reliable multicast protocol, called CodePipe, with energy-efficiency, high throughput and fairness in lossy wireless networks. Building upon opportunistic routing and random linear network coding, CodePipe can not only eliminate coordination between nodes, but also improve the multicast throughput significantly by exploiting both intra-batch and inter-batch coding opportunities. In particular, four key techniques, namely, LP-based opportunistic routing structure, opportunistic feeding, fast batch moving and inter-batch coding, are proposed to offer significant improvement in throughput, energy-efficiency and fairness.Moreover, we design an efficient online extension of CodePipe such that it can work in a dynamic network where nodes join and leave the network as time progresses. We evaluate CodePipe on ns2 simulator by comparing with other two state-of-art multicast protocols,MORE and Pacifier. Simulation results show that CodePipe significantly outperforms both of them.
Xie, Y, Hu, J, Xiang, Y, Yu, S, Tang, S & Wang, Y 2013, 'Modeling oscillation behavior of network traffic by nested hidden Markov model with variable state-duration', IEEE Transactions on Parallel and Distributed Systems, vol. 24, no. 9, pp. 1807-1817.View/Download from: Publisher's site
Network traffic modeling is a fundamental problem in communication. A traffic model should be able to capture and reproduce various properties of a real trace. Despite the widespread success of most numerical models in various applications, few actually focus on the oscillation behavior proven to be one of the basic properties in network traffic. In this paper, a new mathematical method is proposed to model and synthesize stationary and nonstationary oscillatory processes of network traffic. The proposed model is based on the structure of the hierarchical hidden Markov model, which includes two nested hidden Markov chains and one observable process. The first-layer hidden Markov chain with variable state-duration controls the time-varying oscillatory process. Conditional on the first-layer Markov chain, the local fluctuation process is modeled by the second-layer hidden Markov chain. Algorithms are derived for inference of model parameters and traffic synthesis. The proposed approach is compared with four classical models for performance evaluation. The selected performance criterion includes time structure, statistical properties, self-similarity, queuing behavior and multiscale properties. The flexibility and accuracy of the proposed model results in a close fit to the real traces. © 1990-2012 IEEE.
Meng, S, Li, Q, Chen, S, Yu, S, Qi, L, Lin, W, Xu, X & Dou, W 2018, 'Temporal-sparsity aware service recommendation method via hybrid collaborative filtering techniques', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), pp. 421-429.View/Download from: Publisher's site
© Springer Nature Switzerland AG 2018. Temporal information has been proved to be an important factor to recommender systems. Both of user behaviors and QoS performance of services are time-sensitive, especially in dynamic cloud environment. Furthermore, due to the data sparsity problem, it is still difficult for existing recommendation methods to get the similarity relationships between services or users well. In view of these challenges, in this paper, we propose a temporal-sparsity aware service recommendation method based on hybrid collaborative filtering (CF) techniques. Specifically, temporal influence is considered into classical neighborhood-based CF model by distinguishing temporal QoS metrics from stable QoS metrics. To deal with the sparsity problem, a time-aware latent factor model based on a tensor decomposition model is applied to mine the temporal similarity between services. Finally, experiments are designed and conducted to validate the effectiveness of our proposal.
Li, P, Guo, S, Yu, S & Vasilakos, AV 2012, 'CodePipe: An opportunistic feeding and routing protocol for reliable multicast with pipelined network coding', Proceedings - IEEE INFOCOM, pp. 100-108.View/Download from: Publisher's site
Multicast is an important mechanism in modern wireless networks and has attracted significant efforts to improve its performance with different metrics including throughput, delay, energy efficiency, etc. Traditionally, an ideal loss-free channel model is widely used to facilitate routing protocol design. However, the quality of wireless links would be affected or even jeopardized by many factors like collisions, fading or the noise of environment. In this paper, we propose a reliable multicast protocol, called CodePipe, with advanced performance in terms of energy-efficiency, throughput and fairness in lossy wireless networks. Built upon opportunistic routing and random linear network coding, CodePipe not only simplifies transmission coordination between nodes, but also improves the multicast throughput significantly by exploiting both intra-batch and inter-batch coding opportunities. In particular, four key techniques, namely, LP-based opportunistic routing structure, opportunistic feeding, fast batch moving and inter-batch coding, are proposed to offer substantial improvement in throughput, energy-efficiency and fairness. We evaluate CodePipe on ns2 simulator by comparing with other two state-of-art multicast protocols, MORE and Pacifier. Simulation results show that CodePipe significantly outperforms both of them. © 2012 IEEE.
Yu, S, Zhao, G, Guo, S, Yang, X & Vasilakos, AV 2011, 'Browsing behavior mimicking attacks on popular web sites for large botnets', 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011, pp. 947-951.View/Download from: Publisher's site
With the significant growth of botnets, application layer DDoS attacks are much easier to launch using large botnet, and false negative is always a problem for intrusion detection systems in real practice. In this paper, we propose a novel application layer DDoS attack tool, which mimics human browsing behavior following three statistical distributions, the Zipf-like distribution for web page popularity, the Pareto distribution for page request time interval for an individual browser, and the inverse Gaussian distribution for length of browsing path. A Markov model is established for individual bot to generate attack request traffic. Our experiments indicated that the attack traffic that generated by the proposed tool is pretty similar to the real traffic. As a result, the current statistics based detection algorithms will result high false negative rate in general. In order to counter this kind of attacks, we discussed a few preliminary solutions at the end of this paper. © 2011 IEEE.