Pub Date : 2024-10-05DOI: 10.1016/j.sysarc.2024.103286
Qingqiang He , Nan Guan , Zhe Jiang , Mingsong Lv
The degree of parallelism, which measures how a task can execute concurrently, is an important characterization in scheduling. This paper studies the degree of parallelism in the domain of real-time scheduling of parallel tasks, including the DAG task model and the conditional DAG task model. The definition of the degree of parallelism for DAG tasks is clarified; the definition and computing algorithm of the degree of parallelism for conditional DAG tasks are proposed. By leveraging the degree of parallelism, new response time bounds are derived and simple but effective real-time scheduling approaches are presented. This research is the first work to study the degree of parallelism for conditional DAG tasks and explore its benefits in real-time scheduling. Experimental results demonstrate that the proposed scheduling approaches significantly outperform existing state-of-the-art methods.
并行度衡量任务如何并发执行,是调度中的一个重要特征。本文研究了并行任务实时调度领域的并行度,包括 DAG 任务模型和条件 DAG 任务模型。明确了 DAG 任务并行度的定义;提出了条件 DAG 任务并行度的定义和计算算法。通过利用并行度,得出了新的响应时间界限,并提出了简单而有效的实时调度方法。这项研究首次研究了条件 DAG 任务的并行度,并探索了其在实时调度中的优势。实验结果表明,所提出的调度方法明显优于现有的最先进方法。
{"title":"On the degree of parallelism for parallel real-time tasks","authors":"Qingqiang He , Nan Guan , Zhe Jiang , Mingsong Lv","doi":"10.1016/j.sysarc.2024.103286","DOIUrl":"10.1016/j.sysarc.2024.103286","url":null,"abstract":"<div><div>The degree of parallelism, which measures how a task can execute concurrently, is an important characterization in scheduling. This paper studies the degree of parallelism in the domain of real-time scheduling of parallel tasks, including the DAG task model and the conditional DAG task model. The definition of the degree of parallelism for DAG tasks is clarified; the definition and computing algorithm of the degree of parallelism for conditional DAG tasks are proposed. By leveraging the degree of parallelism, new response time bounds are derived and simple but effective real-time scheduling approaches are presented. This research is the first work to study the degree of parallelism for conditional DAG tasks and explore its benefits in real-time scheduling. Experimental results demonstrate that the proposed scheduling approaches significantly outperform existing state-of-the-art methods.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103286"},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142418577","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-05DOI: 10.1016/j.sysarc.2024.103285
Auangkun Rangsikunpum, Sam Amiri, Luciano Ost
Automotive networks are crucial for ensuring safety as the number of Electronic Control Units (ECUs) grows to support vehicle intelligence. The Controller Area Network (CAN) is commonly used for efficient in-vehicle communication among ECUs. However, its broadcast nature and lack of a dedicated security layer make it vulnerable to attacks. This paper proposes a novel CAN bus Intrusion Detection System (IDS), named BNN-based IDS (BIDS), which efficiently provides both unknown attack detection and known attack classification using a hierarchical two-stage Binarised Neural Network (BNN) and Generative Adversarial Network (GAN). BIDS was validated on three datasets, and its implementation achieves an average inference time of less than 0.170 ms with minimal resource utilisation on a low-cost Field Programmable Gate Array (FPGA). This rapid inference speed enables real-time inference on individual CAN messages using a sliding window technique, eliminating the need to wait for multiple accumulated CAN messages required for data preprocessing. Evaluation metrics demonstrate that our IDS achieves high accuracy in both identifying unseen attacks and categorising known attacks. Furthermore, our FPGA implementation consumes merely 2.09 W, which is a 57% reduction compared to a cutting-edge FPGA-based IDS that is capable of detecting unknown attacks using the same dataset.
随着支持汽车智能化的电子控制单元(ECU)数量不断增加,汽车网络对于确保安全至关重要。控制器区域网络(CAN)通常用于 ECU 之间的高效车内通信。然而,其广播性质和专用安全层的缺乏使其容易受到攻击。本文提出了一种新颖的 CAN 总线入侵检测系统(IDS),名为基于 BNN 的 IDS(BIDS),它利用分层的两级二值化神经网络(BNN)和生成对抗网络(GAN),有效地提供未知攻击检测和已知攻击分类。BIDS 在三个数据集上进行了验证,其实现在低成本现场可编程门阵列 (FPGA) 上以最小的资源利用率实现了小于 0.170 毫秒的平均推理时间。这种快速的推理速度可利用滑动窗口技术对单个 CAN 报文进行实时推理,无需等待数据预处理所需的多个累积 CAN 报文。评估指标表明,我们的 IDS 在识别未见攻击和对已知攻击进行分类方面都达到了很高的准确率。此外,我们的 FPGA 实现仅消耗 2.09 W,与基于 FPGA 的尖端 IDS 相比降低了 57%,后者能够使用相同的数据集检测未知攻击。
{"title":"BIDS: An efficient Intrusion Detection System for in-vehicle networks using a two-stage Binarised Neural Network on low-cost FPGA","authors":"Auangkun Rangsikunpum, Sam Amiri, Luciano Ost","doi":"10.1016/j.sysarc.2024.103285","DOIUrl":"10.1016/j.sysarc.2024.103285","url":null,"abstract":"<div><div>Automotive networks are crucial for ensuring safety as the number of Electronic Control Units (ECUs) grows to support vehicle intelligence. The Controller Area Network (CAN) is commonly used for efficient in-vehicle communication among ECUs. However, its broadcast nature and lack of a dedicated security layer make it vulnerable to attacks. This paper proposes a novel CAN bus Intrusion Detection System (IDS), named BNN-based IDS (BIDS), which efficiently provides both unknown attack detection and known attack classification using a hierarchical two-stage Binarised Neural Network (BNN) and Generative Adversarial Network (GAN). BIDS was validated on three datasets, and its implementation achieves an average inference time of less than 0.170 ms with minimal resource utilisation on a low-cost Field Programmable Gate Array (FPGA). This rapid inference speed enables real-time inference on individual CAN messages using a sliding window technique, eliminating the need to wait for multiple accumulated CAN messages required for data preprocessing. Evaluation metrics demonstrate that our IDS achieves high accuracy in both identifying unseen attacks and categorising known attacks. Furthermore, our FPGA implementation consumes merely 2.09 W, which is a 57% reduction compared to a cutting-edge FPGA-based IDS that is capable of detecting unknown attacks using the same dataset.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103285"},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142418578","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-02DOI: 10.1016/j.sysarc.2024.103284
Changbao Zhou , Jiawei Du , Ming Yan , Hengshan Yue , Xiaohui Wei , Joey Tianyi Zhou
As Deep Neural Networks (DNNs) are increasingly deployed in safety-critical scenarios, there is a growing need to address bit-flip errors occurring in hardware, such as memory. These errors can lead to changes in DNN weights, potentially degrading the performance of deployed models and causing catastrophic consequences. Existing methods improve DNNs’ fault tolerance or robustness by modifying network size, structure, or inference and training processes. Unfortunately, these methods often enhance robustness at the expense of clean accuracy and introduce additional overhead during inference. To address these issues, we propose Sharpness-Aware Minimization for enhancing DNNs’ Robustness against bit-flip errors (SAR), which aims to leverage the intrinsic robustness of DNNs. We begin with a comprehensive investigation of DNNs under bit-flip errors, yielding insightful observations regarding the intensity and occurrence of such errors. Based on these insights, we identify that Sharpness-Aware Minimization (SAM) has the potential to enhance DNN robustness. We further analyze this potential through the relationship between SAM formulation and our observations, building a robustness-enhancing framework based on SAM. Experimental validation across various models and datasets demonstrates that SAR can effectively improve DNN robustness against bit-flip errors without sacrificing clean accuracy or introducing additional inference costs, making it a “double-win” method compared to existing approaches.
{"title":"SAR: Sharpness-Aware minimization for enhancing DNNs’ Robustness against bit-flip errors","authors":"Changbao Zhou , Jiawei Du , Ming Yan , Hengshan Yue , Xiaohui Wei , Joey Tianyi Zhou","doi":"10.1016/j.sysarc.2024.103284","DOIUrl":"10.1016/j.sysarc.2024.103284","url":null,"abstract":"<div><div>As Deep Neural Networks (DNNs) are increasingly deployed in safety-critical scenarios, there is a growing need to address bit-flip errors occurring in hardware, such as memory. These errors can lead to changes in DNN weights, potentially degrading the performance of deployed models and causing catastrophic consequences. Existing methods improve DNNs’ fault tolerance or robustness by modifying network size, structure, or inference and training processes. Unfortunately, these methods often enhance robustness at the expense of clean accuracy and introduce additional overhead during inference. To address these issues, we propose <strong><u>S</u>harpness-<u>A</u>ware Minimization for enhancing DNNs’ <u>R</u>obustness against bit-flip errors</strong> (<strong>SAR</strong>), which aims to leverage the intrinsic robustness of DNNs. We begin with a comprehensive investigation of DNNs under bit-flip errors, yielding insightful observations regarding the intensity and occurrence of such errors. Based on these insights, we identify that Sharpness-Aware Minimization (SAM) has the potential to enhance DNN robustness. We further analyze this potential through the relationship between SAM formulation and our observations, building a robustness-enhancing framework based on SAM. Experimental validation across various models and datasets demonstrates that SAR can effectively improve DNN robustness against bit-flip errors without sacrificing clean accuracy or introducing additional inference costs, making it a “double-win” method compared to existing approaches.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103284"},"PeriodicalIF":3.7,"publicationDate":"2024-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142418579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-28DOI: 10.1016/j.sysarc.2024.103283
Niccolò Borgioli , Federico Aromolo , Linh Thi Xuan Phan , Giorgio Buttazzo
Security threats are becoming an increasingly relevant concern in cyber–physical systems. Cyber attacks on these systems are not only common today but also increasingly sophisticated and constantly evolving. One way to secure the system against such threats is by using intrusion detection systems (IDSs) to detect suspicious or abnormal activities characteristic of potential attacks. State-of-the-art IDSs exploit both signature-based and anomaly-based strategies to detect network threats. However, existing solutions mainly focus on the analysis of statically defined features of the traffic flow, making them potentially less effective against new attacks that cannot be properly captured by analyzing such features. This paper presents an anomaly-based IDS approach that leverages unsupervised neural models to learn the expected network traffic, enabling the detection of unknown novel attacks (as well as previously-known ones). The proposed solution uses an autoencoder to reconstruct the received packets and detect malicious packets based on the reconstruction error. A careful optimization of the model architecture allowed improving detection accuracy while reducing detection time. The proposed solution has been implemented on a real embedded platform, showing that it can support modern high-performance communication interfaces, while significantly outperforming existing approaches in both detection accuracy, inference time, generalization capability, and robustness to poisoning (which is commonly ignored by state-of-the-art IDSs). Finally, a novel mechanism has been developed to explain the detection performed by the proposed IDS through an analysis of the reconstruction error.
{"title":"A convolutional autoencoder architecture for robust network intrusion detection in embedded systems","authors":"Niccolò Borgioli , Federico Aromolo , Linh Thi Xuan Phan , Giorgio Buttazzo","doi":"10.1016/j.sysarc.2024.103283","DOIUrl":"10.1016/j.sysarc.2024.103283","url":null,"abstract":"<div><div>Security threats are becoming an increasingly relevant concern in cyber–physical systems. Cyber attacks on these systems are not only common today but also increasingly sophisticated and constantly evolving. One way to secure the system against such threats is by using intrusion detection systems (IDSs) to detect suspicious or abnormal activities characteristic of potential attacks. State-of-the-art IDSs exploit both signature-based and anomaly-based strategies to detect network threats. However, existing solutions mainly focus on the analysis of statically defined features of the traffic flow, making them potentially less effective against new attacks that cannot be properly captured by analyzing such features. This paper presents an anomaly-based IDS approach that leverages unsupervised neural models to learn the expected network traffic, enabling the detection of unknown novel attacks (as well as previously-known ones). The proposed solution uses an autoencoder to reconstruct the received packets and detect malicious packets based on the reconstruction error. A careful optimization of the model architecture allowed improving detection accuracy while reducing detection time. The proposed solution has been implemented on a real embedded platform, showing that it can support modern high-performance communication interfaces, while significantly outperforming existing approaches in both detection accuracy, inference time, generalization capability, and robustness to poisoning (which is commonly ignored by state-of-the-art IDSs). Finally, a novel mechanism has been developed to explain the detection performed by the proposed IDS through an analysis of the reconstruction error.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103283"},"PeriodicalIF":3.7,"publicationDate":"2024-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142418575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-26DOI: 10.1016/j.sysarc.2024.103282
Ning Bai , Xiaoya Hu , Shouyue Wang
Unmanned aerial systems (UASs) have recently seen widespread use in both military and civilian applications due to their flexibility and versatility. As embedded systems integrating communications, computing and control, UASs are vulnerable due to the generic components and communication protocols they adopt, resulting in numerous cybersecurity threats. This paper provides a comprehensive review of UAS cybersecurity, focusing on its characteristics and challenges. First, the architecture and communication mechanisms of UASs are analyzed. Then, by comparing UAS with industrial control system (ICS) architectures, the security characteristics and challenges specific to UASs are identified. After that, vulnerabilities, threats, and representative research progress in attack and defense techniques are summarized. Additionally, security challenges are categorized across the full life cycle of UASs to develop threat assessment methods and comprehensive protection strategies. Finally, the current status and future prospects of research on UAS cybersecurity are summarized.
{"title":"A survey on unmanned aerial systems cybersecurity","authors":"Ning Bai , Xiaoya Hu , Shouyue Wang","doi":"10.1016/j.sysarc.2024.103282","DOIUrl":"10.1016/j.sysarc.2024.103282","url":null,"abstract":"<div><div>Unmanned aerial systems (UASs) have recently seen widespread use in both military and civilian applications due to their flexibility and versatility. As embedded systems integrating communications, computing and control, UASs are vulnerable due to the generic components and communication protocols they adopt, resulting in numerous cybersecurity threats. This paper provides a comprehensive review of UAS cybersecurity, focusing on its characteristics and challenges. First, the architecture and communication mechanisms of UASs are analyzed. Then, by comparing UAS with industrial control system (ICS) architectures, the security characteristics and challenges specific to UASs are identified. After that, vulnerabilities, threats, and representative research progress in attack and defense techniques are summarized. Additionally, security challenges are categorized across the full life cycle of UASs to develop threat assessment methods and comprehensive protection strategies. Finally, the current status and future prospects of research on UAS cybersecurity are summarized.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103282"},"PeriodicalIF":3.7,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142356929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recent advancements in cloud computing have underscored the critical need for robust security mechanisms to counter evolving cyber-threats. Traditional security solutions such as Intrusion Detection Systems (IDSs) often fall short due to their inability to anticipate the strategies of adaptive cyber adversaries. Game theory is considered a popular analytical tool for understanding the strategic interactions between defenders and adversaries, providing a more informed decision-making process. However, existing game-theoretic IDSs often employ non-comprehensive utility functions with limited parameters that fail to capture the complexity of real-world dynamics. This paper introduces a novel Game-Theoretic Hypervisor-based IDS (GHyIDS), which employs comprehensive utility functions and an innovative belief update model to enhance detection accuracy and adaptability in dynamic cloud environments. To overcome the limitations of existing models, we design comprehensive utility functions by incorporating a wider range of real-world parameters, such as trust score, risk, vulnerability, damage severity, worth of the VM, means, opportunities, and access available to the attacker, as well as success rates of attack detection and execution. We propose a Resource-Aware Static Intrusion Detection Bayesian Game (S-IDBG) and extend it into a Dynamic Multi-Stage IDBG (D-IDBG), enabling the system to dynamically adapt to changes in attack patterns and system vulnerabilities. The belief update model is pivotal in continuously refining the system’s strategies based on observed behaviors and outcomes, allowing for precise adjustments to the evolving threats. Our experimental results show a significant improvement over existing models, with our approach achieving approximately 10% increase in detection rate, 20% reduction in false positive rate and 10% reduction in false negative rate in comparative analysis against state-of-the-art models namely, the trust-based Maxmin game and the repeated Bayesian Stackelberg game.
{"title":"Cloud security in the age of adaptive adversaries: A game theoretic approach to hypervisor-based intrusion detection","authors":"Sadia , Ahsan Saadat , Yasir Faheem , Zainab Abaid , Muhammad Moazam Fraz","doi":"10.1016/j.sysarc.2024.103281","DOIUrl":"10.1016/j.sysarc.2024.103281","url":null,"abstract":"<div><div>Recent advancements in cloud computing have underscored the critical need for robust security mechanisms to counter evolving cyber-threats. Traditional security solutions such as Intrusion Detection Systems (IDSs) often fall short due to their inability to anticipate the strategies of adaptive cyber adversaries. Game theory is considered a popular analytical tool for understanding the strategic interactions between defenders and adversaries, providing a more informed decision-making process. However, existing game-theoretic IDSs often employ non-comprehensive utility functions with limited parameters that fail to capture the complexity of real-world dynamics. This paper introduces a novel Game-Theoretic Hypervisor-based IDS (GHyIDS), which employs comprehensive utility functions and an innovative belief update model to enhance detection accuracy and adaptability in dynamic cloud environments. To overcome the limitations of existing models, we design comprehensive utility functions by incorporating a wider range of real-world parameters, such as trust score, risk, vulnerability, damage severity, worth of the VM, means, opportunities, and access available to the attacker, as well as success rates of attack detection and execution. We propose a Resource-Aware Static Intrusion Detection Bayesian Game (S-IDBG) and extend it into a Dynamic Multi-Stage IDBG (D-IDBG), enabling the system to dynamically adapt to changes in attack patterns and system vulnerabilities. The belief update model is pivotal in continuously refining the system’s strategies based on observed behaviors and outcomes, allowing for precise adjustments to the evolving threats. Our experimental results show a significant improvement over existing models, with our approach achieving approximately 10% increase in detection rate, 20% reduction in false positive rate and 10% reduction in false negative rate in comparative analysis against state-of-the-art models namely, the trust-based Maxmin game and the repeated Bayesian Stackelberg game.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103281"},"PeriodicalIF":3.7,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142323673","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-18DOI: 10.1016/j.sysarc.2024.103279
Yang Ming , Shan Wang , Chenhao Wang , Hang Liu , Yutong Deng , Yi Zhao , Jie Feng
As a novel distributed learning framework for protecting personal data privacy, federated learning, (FL) has attained widespread attention through sharing gradients among users without collecting their data. However, an untrusted cloud server may infer users’ individual information from gradients and global model. In addition, it may even forge incorrect aggregated results to save resources. To deal with these issues, despite that the existing works can protect local model privacy and achieve verifiability of aggregated results, they are defective in protecting global model privacy, guaranteeing verifiability if collusion attacks occur, and suffer from high computation cost. To further tackle the above challenges, a verifiable and collusion-resistant secure aggregation scheme for FL is proposed, named VCSA. Concretely, we combine symmetric homomorphic encryption with single masking to protect model privacy. Meanwhile, we adopt verifiable multi-secret sharing and generalized Pedersen commitment to achieve verifiability and prevent users from uploading incorrect shares. Furthermore, high model accuracy can be ensured even if some users go offline. Security analysis illustrates that our VCSA enhances the security of FL, realizes verifiability despite collusion attacks and robustness to dropout. Performance evaluation displays that our VCSA can reduce at least 28.27% and 79.15% regarding computation cost compared to existing schemes.
{"title":"VCSA: Verifiable and collusion-resistant secure aggregation for federated learning using symmetric homomorphic encryption","authors":"Yang Ming , Shan Wang , Chenhao Wang , Hang Liu , Yutong Deng , Yi Zhao , Jie Feng","doi":"10.1016/j.sysarc.2024.103279","DOIUrl":"10.1016/j.sysarc.2024.103279","url":null,"abstract":"<div><div>As a novel distributed learning framework for protecting personal data privacy, federated learning, (FL) has attained widespread attention through sharing gradients among users without collecting their data. However, an untrusted cloud server may infer users’ individual information from gradients and global model. In addition, it may even forge incorrect aggregated results to save resources. To deal with these issues, despite that the existing works can protect local model privacy and achieve verifiability of aggregated results, they are defective in protecting global model privacy, guaranteeing verifiability if collusion attacks occur, and suffer from high computation cost. To further tackle the above challenges, a verifiable and collusion-resistant secure aggregation scheme for FL is proposed, named VCSA. Concretely, we combine symmetric homomorphic encryption with single masking to protect model privacy. Meanwhile, we adopt verifiable multi-secret sharing and generalized Pedersen commitment to achieve verifiability and prevent users from uploading incorrect shares. Furthermore, high model accuracy can be ensured even if some users go offline. Security analysis illustrates that our VCSA enhances the security of FL, realizes verifiability despite collusion attacks and robustness to dropout. Performance evaluation displays that our VCSA can reduce at least 28.27% and 79.15% regarding computation cost compared to existing schemes.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103279"},"PeriodicalIF":3.7,"publicationDate":"2024-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142319398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-16DOI: 10.1016/j.sysarc.2024.103280
Xinlei Yu , Zhipeng Gao , Chen Zhao , Yan Qiao , Ze Chai , Zijia Mo , Yang Yang
Federated Learning (FL) is a distributed machine learning approach that preserves privacy by allowing numerous devices to collaboratively train a global model without sharing raw data. However, the frequent exchange of model updates between numerous devices and the central server, and some model updates are similar and redundant, resulting in a waste of communication and computation. Selecting a subset of all devices for FL training can mitigate this issue. Nevertheless, most existing device selection methods are biased, while unbiased methods often perform unstable on Non-Independent Identically Distributed (Non-IID) and unbalanced data. To address this, we propose a stable Diversity-aware Unbiased Device Selection (DUDS) method for FL on Non-IID and unbalanced data. DUDS diversifies the participation probabilities for device sampling in each FL training round, mitigating the randomness of the individual device selection process. By using a leader-based cluster adjustment mechanism to meet unbiased selection constraints, DUDS achieves stable convergence and results close to the optimal, as if all devices participated. Extensive experiments demonstrate the effectiveness of DUDS on Non-IID and unbalanced data scenarios in FL.
{"title":"DUDS: Diversity-aware unbiased device selection for federated learning on Non-IID and unbalanced data","authors":"Xinlei Yu , Zhipeng Gao , Chen Zhao , Yan Qiao , Ze Chai , Zijia Mo , Yang Yang","doi":"10.1016/j.sysarc.2024.103280","DOIUrl":"10.1016/j.sysarc.2024.103280","url":null,"abstract":"<div><p>Federated Learning (FL) is a distributed machine learning approach that preserves privacy by allowing numerous devices to collaboratively train a global model without sharing raw data. However, the frequent exchange of model updates between numerous devices and the central server, and some model updates are similar and redundant, resulting in a waste of communication and computation. Selecting a subset of all devices for FL training can mitigate this issue. Nevertheless, most existing device selection methods are biased, while unbiased methods often perform unstable on Non-Independent Identically Distributed (Non-IID) and unbalanced data. To address this, we propose a stable Diversity-aware Unbiased Device Selection (DUDS) method for FL on Non-IID and unbalanced data. DUDS diversifies the participation probabilities for device sampling in each FL training round, mitigating the randomness of the individual device selection process. By using a leader-based cluster adjustment mechanism to meet unbiased selection constraints, DUDS achieves stable convergence and results close to the optimal, as if all devices participated. Extensive experiments demonstrate the effectiveness of DUDS on Non-IID and unbalanced data scenarios in FL.</p></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103280"},"PeriodicalIF":3.7,"publicationDate":"2024-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142272754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-10DOI: 10.1016/j.sysarc.2024.103278
Zeynep Ayhan Kilinc, Ece Guran Schmidt, Klaus Werner Schmidt
Avionics Full-Duplex Switched Ethernet (AFDX) is a fault-tolerant real-time communication bus for safety–critical applications in aircraft. AFDX configures communication channels, denoted as virtual links (VLs), ensuring bounded message delays through traffic shaping at both end-systems and switches. Effective AFDX network design necessitates computing the worst-case end-to-end delay of time-critical VLs to meet specified message deadlines. This paper presents a new method for calculating tight bounds on the worst-case end-to-end delay for each VL in an AFDX network. We introduce the new notion of an extended uninterrupted transmission interval, which is the prerequisite for computing the worst-case queuing delay at switches. Adding up these queuing delays along the path of each VL between end-systems yields a tight upper bound on the worst-case end-to-end delay. The correctness of our results is formally proved, and comprehensive simulation experiments on different example networks confirm the tightness of our bound. These simulations also demonstrate the superior performance of our method compared to existing approaches that offer more pessimistic as well as optimistic results.
{"title":"Computation of tight bounds for the worst-case end-to-end delay on Avionics Full-Duplex Switched Ethernet","authors":"Zeynep Ayhan Kilinc, Ece Guran Schmidt, Klaus Werner Schmidt","doi":"10.1016/j.sysarc.2024.103278","DOIUrl":"10.1016/j.sysarc.2024.103278","url":null,"abstract":"<div><p>Avionics Full-Duplex Switched Ethernet (AFDX) is a fault-tolerant real-time communication bus for safety–critical applications in aircraft. AFDX configures communication channels, denoted as virtual links (VLs), ensuring bounded message delays through traffic shaping at both end-systems and switches. Effective AFDX network design necessitates computing the worst-case end-to-end delay of time-critical VLs to meet specified message deadlines. This paper presents a new method for calculating tight bounds on the worst-case end-to-end delay for each VL in an AFDX network. We introduce the new notion of an extended uninterrupted transmission interval, which is the prerequisite for computing the worst-case queuing delay at switches. Adding up these queuing delays along the path of each VL between end-systems yields a tight upper bound on the worst-case end-to-end delay. The correctness of our results is formally proved, and comprehensive simulation experiments on different example networks confirm the tightness of our bound. These simulations also demonstrate the superior performance of our method compared to existing approaches that offer more pessimistic as well as optimistic results.</p></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103278"},"PeriodicalIF":3.7,"publicationDate":"2024-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142173417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper tackles the problem of optimum Virtual Machine placement, focusing on an industrial use-case dealing with capacity planning for Virtualized Network Functions. The work is framed within an industrial collaboration with the Vodafone network operator, where a particularly important problem is the one of optimum deployment of Softwarized Network Functions within their Virtualized Networking Infrastructure, spanning across several EU countries. The problem is particularly difficult due to the presence of a multitude of placement constraints that are needed in the industrial use-case, including soft affinity constraints, that should be respected only as secondary objective; furthermore, in some EU regions, the size of the problem makes it unfeasible to solve it with traditional MILP-based techniques.
In this work, we review and address limitations of previously proposed heuristics for this kind of problems, and propose a new placement strategy that is shown experimentally to be more effective in dealing with soft affinity constraints. The paper includes an extensive experimental evaluation encompassing a multitude of optimization strategies, applied to a set of problems including both real-world problems that we made available as an open data-set, and additional randomly generated problems mimicking the structure of the original real-world problems.
{"title":"Datacenter optimization methods for Softwarized Network Services","authors":"Luigi Pannocchi , Sourav Lahiri , Silvia Fichera , Antonino Artale , Tommaso Cucinotta","doi":"10.1016/j.sysarc.2024.103270","DOIUrl":"10.1016/j.sysarc.2024.103270","url":null,"abstract":"<div><p>This paper tackles the problem of optimum Virtual Machine placement, focusing on an industrial use-case dealing with capacity planning for Virtualized Network Functions. The work is framed within an industrial collaboration with the Vodafone network operator, where a particularly important problem is the one of optimum deployment of Softwarized Network Functions within their Virtualized Networking Infrastructure, spanning across several EU countries. The problem is particularly difficult due to the presence of a multitude of placement constraints that are needed in the industrial use-case, including soft affinity constraints, that should be respected only as secondary objective; furthermore, in some EU regions, the size of the problem makes it unfeasible to solve it with traditional MILP-based techniques.</p><p>In this work, we review and address limitations of previously proposed heuristics for this kind of problems, and propose a new placement strategy that is shown experimentally to be more effective in dealing with soft affinity constraints. The paper includes an extensive experimental evaluation encompassing a multitude of optimization strategies, applied to a set of problems including both real-world problems that we made available as an open data-set, and additional randomly generated problems mimicking the structure of the original real-world problems.</p></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103270"},"PeriodicalIF":3.7,"publicationDate":"2024-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142147914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号