1、Intelligent Collaboration of Cloud-network-edge-terminal for Typical IndustriesWHITE PAPER V9.0D2023.03AbstractFrom cloud computing to fog computing to edge computing,we have witnessed the continuous integration and development of radio access networks and computing,to offer users the supreme custom

2、ized service experience.However,cloud computing has extremely high transmission delay,while edge devices limited by resources cannot support complex computing and undermines the protection of user data and privacy.To this end,we propose the integration of cloud-based training and edge reasoning.By i

3、mplementing customized service on demand by cloud-network-edge-terminal intelligent collaboration,such integration supports the typical applications in various vertical industries.This not only reduces data transmission delays but also protects the user data.As the cloud-network-edge-terminal intell

4、igent collaboration oriented to typical industries are still in the bud,our white paper analyzes the research on these technologies,mainly including:(1)Key technologies of cloud-network-edge-terminal intelligent collaboration:First,we describe the concepts and characteristics of cloud computing and

5、edge computing briefly.Second,we describe the key technologies such as network slicing,Software Defined Network(SDN),and Artificial Intelligence(AI)according to the differentiated needs of vertical industries.Third,we analyze their applications in cloud-network-edge-terminal collaboration.(2)Researc

6、h on the security of cloud-network-edge-terminal collaboration:First,we expound on security issues and challenges faced by cloud-network-edge-terminal collaboration.Second,we analyze the security management architecture and security technologies of cloud-network-edge-terminal collaboration.Third,wed

7、escribe the security management of the cloud-network-edge-terminal collaboration life cycle.(3)Typical industrials of cloud-network-edge-terminal collaboration:As the core part of the white paper,this section analyzes the typical industrials of cloud-network-edge-terminal intelligent collaboration i

8、n representative emerging business scenarios,such as the Internet of Things,smart healthcare,smart transportation,and cloud mobile phones.Introduction of Cloud-Network-Edge-Terminal Collaboration Related Works Current Research on Cloud-Network-Edge-Terminal Collaboration Network ArchitectureCurrent

9、Research on Cloud-Network-Edge-Terminal CollaborationStructure of White PaperCloud-Network-Edge-Terminal Collaboration Architectures Oriented to Typical IndustriesCloud-Edge Collaboration ArchitectureCloud-Network-Edge-Terminal Collaboration Architecture Research on Key Technologies of Cloud-Network

10、 Edge-Terminal Intelligent Collaboration Overview of Cloud Computing and Edge ComputingNetwork SlicingOverviewApplication in Cloud-Network-Edge-Terminal CollaborationSoftware Defined NetworkOverviewApplication in Cloud-Network-Edge-Terminal CollaborationArtificial IntelligenceOverviewApplication of

11、Machine Learning in Cloud-Network-Edge-Terminal CollaborationApplication of Federated Learning in Cloud-Network-Edge-Terminal CollaborationApplication of Knowledge Graph in Cloud-Network-Edge-Terminal CollaborationResearch on Cloud-Network-Edge-Terminal Collaboration SecuritySecurity Challenges Face

12、d by Cloud-Network-Edge-Terminal CollaborationLack of Secure and Trusted Network ArchitectureInadequate Security Authentication MechanismRisk of Private Data LeakageInfrastructure Security RisksOpen-Source Software Security RisksCloud-Network-Edge-Terminal Collaboration Security ArchitectureBasic Se

13、curityVirtualization Security1 1.1 1.1.11.1.21.22 2.1 2.2 3 3.1 3.2 3.2.1 3.2.2 3.3 3.3.1 3.3.23.4 3.4.1 3.4.23.4.33.4.44 4.1 4.1.14.1.24.1.34.1.44.1.54.24.2.14.2.201 01 010102 030406080872323333333535353637ContentsData SecurityApplication SecurityKey Technologies of Cloud-Netw

14、ork-Edge-Terminal Collaboration Security Network Security Access StandardsLightweight Security TechnologiesEdge Computing SecurityData Privacy ProtectionSecurity IsolationAdvanced Persistent Threat Defense Technologies Security Management of Cloud-Network-Edge-Terminal Collaboration LifecycleProduct

15、 Development SecurityThird-Party Component SecurityO&M Security ManagementSecurity Incident ManagementTypical Application Cases of Cloud-Network-Edge-Terminal CollaborationFace RecognitionScenario OverviewAnalysis of Performance RequirementsPotential Demands and Applications for Cloud-Network-Edge-T

16、erminal CollaborationAutonomous DrivingScenario OverviewPerformance AnalysisPotential Demands and Applications for Cloud-Network-Edge-Terminal CollaborationInternet of ThingsScenario OverviewAnalysis of Performance RequirementsPotential Demands for Cloud-Network-Edge-Terminal CollaborationAudio and

17、Video ServicesScenario OverviewAnalysis of Performance RequirementsPotential Demands and Applications for Cloud-Network-Edge-Terminal CollaborationSmart TransportationScenario OverviewAnalysis of Performance RequirementsPotential Demands and Applications for Cloud-Network-Edge-Terminal Collaboration

18、4.2.34.2.44.3 4.3.14.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.4 4.4.14.4.24.4.34.4.455.15.1.15.1.25.1.35.25.2.15.2.25.2.35.35.3.15.3.25.3.35.45.4.15.4.25.4.35.55.5.15.5.25.5.3373840 4040 41 43 44 45 45 4547495575967272737476767677Smart HealthcareScenario OverviewAnalysis of Performance Re

19、quirements Potential Demands and Applications for Cloud-Network-Edge-Terminal CollaborationCloud Mobile Phones Scenario Overview Analysis of Performance Requirements Potential Demands and Applications for Cloud-Network-Edge-Terminal Collaboration Research on Cloud-Network-Edge-Terminal Intelligent C

20、ollaboration for 6G 6G-Oriented Cloud-Network-Edge-Terminal Intelligent ArchitectureOverall Architecture DescriptionArchitectural FeaturesService-Oriented RANOverview of Service-Oriented RANCharacteristics of Service-Oriented RAN TechnologyAcknowledgement5.65.6.15.6.2 5.6.35.7 5.7.1 5.7.2 5.7.3 6 6.

21、1 6.1.16.1.26.26.2.16.2.27797980 8083 83 84 85 86 86 8787888890911.About Cloud-Network-Edge-Terminal Collaboration1.1 Development StatusEdge computing enables short-distance intelligent services and accurate and fast data processing.It features less resource occupation and low processing latency,but

22、 it does not support the global control of resources.Cloud computing boasts sufficient computing and storage resources,but it is limited by a slow processing speed and a large latency in user interaction.Building a cloud-network-edge-terminal collaboration architecture enables more convenient commun

23、ication and more reliable data interaction between IoT terminal devices,catering to diversified services in different industries.By combining the advantages of cloud computing and edge computing,cloud-network-edge-terminal collaboration emerged at the right moment.Through cloud-edge collaboration ne

24、tworks,it helps offer end users low-latency services with a faster speed of data processing.1.1.1 Current Research on Cloud-Network-Edge-Terminal Collaboration Network ArchitectureThe cloud-network-edge-terminal collaboration architecture has attracted widespread attention from the industry in recen

25、t years.For example,the KubeEdge architecture1 deploys cloud applications to edge nodes,and it features cloud-edge collaboration,edge autonomy,and computing settlement capabilities2.The OpenYurt architecture3 is cloud native and capable of the unified management of massive edge resources,data,and se

26、rvices on cloud servers.1.1.2 Current Research on Cloud-Network-Edge-Terminal CollaborationAbundant research on collaboration methods such as resource collaboration,intelligent collaboration,and data collaboration has been done in the industry and academia.There is a long list of research projects,s

27、uch as the joint communication and computing resource collaborative allocation algorithm45,cloud-edge collaborative computing offloading,computing,and communication resource allocation solution6,cloud-edge collaborative framework for real-time intelligent video monitoring of coal mine downhole envir

28、onment7,cloud-edge-terminal integrationDeep Adapter framework8,edge-edge collaboration AI on-demand learning and offloading mechanism9,cloud-edge collaboration real-time query system Surveil Edge for large-scale monitoring of video streams10,and industrial cloud-edge collaboration computing platform

29、 Sophon Edge11.Cloud-network-edge-terminal collaboration also draws attention in academia at home and abroad,both in terms of framework and collaboration-01-Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industriesmethods.Among them,one of the important topics is the intelligen

30、t connection of everything through intelligent algorithm collaborative training and reasoning via clouds,networks,edges,and terminals.1.2 Structure of White PaperThis white paper has seven chapters,and each chapter describes the following:Chapter I analyzes the current research on cloud-network-edge

31、-terminal collaboration architecture and collaboration methods both at home and abroad,and then briefly gives the outline and structure of the full text of the white paper.Chapter II discusses the main architecture of cloud-network-edge-terminal collaboration,and gives a brief analysis of cloud-edge

32、 collaboration and cloud-network-edge-terminal collaboration architectures.Chapter III introduces the key technologies of cloud-network edge-terminal collaboration,and highlights the application of these technologies in cloud-network-edge-terminal collaboration.Chapter IV explains the security techn

33、ologies of cloud-network edge-device collaboration in detail,including the security risks faced by cloud-network-edge-terminal collaboration,and a detailed description of the security framework and security management technologies of cloud-network-edge-terminal collaboration.Chapter V presents cloud

34、-network-edge-terminal collaboration in typical scenarios,including a brief description of application scenarios,information about the performance requirements of these application scenarios,and an analysis of the application of cloud-network-edge-terminal collaboration in typical industries.Chapter

35、 VI looks forward to the cloud-network-edge-end intelligent collaboration architectures in the 6G era.Chapter VII expresses heartfelt gratitude to all the authors of this white paper.References1 J.Chen and X.Ran,Deep Learning With Edge Computing:A Review,Proceedings of the IEEE,vol.107,no.8,pp.1655-

36、1674,Aug.2019.2 Liu Guangyi,Jin Jing,Wang Qixing,et al.Vision and Requirements of 6G:Digital Twin and Ubiquitous Intelligence J.Mobile Communications,2020,44(6):3-9.3 Yu Peng,Intelligent Management and Control Architecture for B5G/6G Edge Networks J.Mobile Communications,2020,44(6):90-95.-02-Intelli

37、gent Collaboration of Cloud-network-edge-terminal for Typical Industries2.Cloud-Network-Edge-Terminal Collaboration Architectures Oriented to Typical IndustriesA cloud-network-edge-terminal collaboration architecture consists of a cloud center,edge domains,and networks.The cloud center is the center

38、 for centralized data processing.It is responsible for the analysis and processing of heavy-flow data over a long period.With the capabilities of intelligent business decision-making and management,it realizes full life cycle management and periodic operation and maintenance of edge nodes.Edge domai

39、ns or edge nodes can access the cloud center.The cloud center analyzes and processes the data uploaded by edge domains and edge nodes.Edge domains are responsible for collecting,storing,and processing data of edge nodes.The networks include core networks,bearer networks,and access networks.4 J.Ren,G

40、.Yu,Y.He and G.Y.Li,“Collaborative Cloud and Edge Computing for Latency Minimization,”IEEE Transactions on Vehicular Technology,vol.68,no.5,pp.5031-5044,May 2019.5 J.Ren,Y.He,G.Yu and G.Y.Li,“Joint Communication and Computation Resource Allocation for Cloud-Edge Collaborative System,”2019 IEEE Wirel

41、ess Communications and Networking Conference(WCNC),2019,pp.1-6.6 C.Kai,H.Zhou,Y.Yi and W.Huang,“Collaborative Cloud-Edge-End Task Offloading in Mobile-Edge Computing Networks With Limited Communication Capability,”IEEE Transactions on Cognitive Communications and Networking,vol.7,no.2,pp.624-634,Jun

42、.2021.7 W.Tang et al.,“Wireless Communications with Programmable Metasurface:New Paradigms,Opportunities,and Challenges on Transceiver Design,”IEEE Wireless Communications,vol.27,no.2,pp.180-187,Apr.2020.8 Y.Zhao,H.Yu,H.Xu,“6G mobile communication networks:vision,challenges,and key technologies,”Sci

43、entia Sinica Informations,2019,49(8):963-987.9 Zhang Tong,Ren Yijing,Yan Shi.Artificial Intelligence-Driven 6G Networks:Endogenous Intelligence J.Telecommunications Science,2020,9:14-22.10 Y.Sun,Z.Wang,S.Yuan,et al.The sixth-generation mobile communication network with endogenous intelligence:archit

44、ectures,use cases and challenges,Application of Electronic Technique,2021,47(3):8-13.11 N.Dragoni,I.Lanese,S.Larsen,et al.Microservices:How to make your application scale,International Andrei Ershov Memorial Conference on Perspectives of System Informatics,2017:95-104.Intelligent Collaboration of Cl

45、oud-network-edge-terminal for Typical Industries-03-Figure 2.1 Cloud-Edge Collaboration Architecture-04-2.1 Cloud-Edge Collaboration ArchitectureIn a traditional cloud-edge collaboration architecture,the data processing procedure is:After data is generated on terminal devices,RANs upload the data to

46、 edge servers,and then the edge servers execute the computing tasks.In the case of heavy computing workloads and complex computing tasks,edge servers upload the complex tasks to the cloud server for processing.After finishing the computing tasks,the cloud server delivers the computing results to edg

47、e servers that forward the results to terminal devices.Therefore,cloud-edge collaboration is implemented,as shown in Figure 2.1.The following takes the cloud-edge collaboration architecture based on Software Defined Network(SDN)as an example for analysis.First of all,the centralized SDN-based contro

48、l plane gives information about the usage of different resources by cloud servers and edge servers and provides a desirable number of resources that meet their needs according to different service types.Then,the compatibility of SDN with access control,wide area network,and cloud computing technolog

49、ies enables the flexible creation of virtual network functions to be deployed in RANs,greatly simplifying network management.Finally,the SDN-based cloud-edge collaborative network better leverages the advantages of cloud computing and edge computing to meet the demands for resource allocation and ta

50、sk scheduling.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-05-Figure 2.2 describes the SDN-based cloud-edge collaboration system architecture.It can be seen from the figure that the architecture is mainly composed of an infrastructure layer,a control layer,an appli

51、cation layer,and a user layer.The infrastructure layer consists of edge servers and cloud servers.The edge servers are responsible for collecting the current status of the network,and then sending information about the current status to the control layer through a southbound interface.After receivin

52、g the relevant information,the control layer processes the data and performs computing tasks according to its own rules.The control layer is connected to the infrastructure layer through a northbound interface.It controls each edge computing network and cloud computing network environment level by l

53、evel,for the coordinated control of edge computing and cloud computing and the collaborative computing of clouds and edges.The control layer is connected to the application layer through a southbound interface.The application layer aims to provide end users with applications that meet performance re

54、quirements.Through controllers on the control layer,applications can access terminal devices.The tasks issued by terminal devices are delivered from the application layer to the control layer.The control layer makes decisions and calls the underlying infrastructure resources to execute tasks of the

55、application layer.The control layer is the core of the entire architecture.Cloud computer devices and edge computing devices can be integrated into a unified architecture through the control layer.This layer includes local controllers and a global controller.For local resource scheduling and task de

56、cision-making,in the case of complex computing tasks,local controllers submit the task to the global controller for decision and processing.In addition to optimized real-time load,less cost of the global controller,and shorter latency,the SDN-based cloud-edge collaborative computing architecture als

57、o keeps each layer of controllers independent relatively and ensures the security and stability of the computing network.However,the cloud-edge collaboration system involves multiple cloud computing platforms,multi-device access control,and resource scheduling.Therefore,a further unified standard is

58、 still needed for the SDN-based cloud-edge collaboration system architecture.Intelligent Collaboration of Cloud-network-edge-terminal for Typical IndustriesFigure 2.2 SDN-Based Cloud-Edge Collaboration Architecture2.2 Analysis of Cloud-Network-Edge-Terminal Collaboration ArchitectureA cloud-network

59、edge-terminal architecture consists of edge computing devices,cloud computing devices,and communication networks,including access networks,bearer networks,and core networks.In the cloud-network-edge-terminal collaboration architecture,cloud computing and edge computing need to embed into communicati

60、on networks,and network technologies need to incorporate into cloud computing and edge computing.This is a profound change to network architectures and requires high collaboration between clouds,networks,edges,and terminals.The 5G core networks have been fully cloud-based,enabling the storage and pr

61、ocessing of massive data.However,different applications in vertical industries have different requirements for computing power,storage capacity,and response time of their networks.For instance,autonomous driving technology requires ultra-low response time,while UHD video streaming requires high data

62、 transmission rates.Therefore,besides that edge computing offers users low-latency service in the principle of proximity,edge computing platforms need to use technologies such as container and network functions virtualization to further improve efficiency and reduce O&M costs.Intelligent Collaborati

63、on of Cloud-network-edge-terminal for Typical Industries-06-07-In vertical industries,a large number of bearer network devices are needed to work in complex scenarios under wider bandwidth,so the bearer networks for vertical industries require wider bandwidth and larger capacity.Meanwhile,various se

64、rvices in vertical industries,such as industrial control,Internet of Vehicles,and smart healthcare,require low bit error rates and low latency.Therefore,the bearer networks need to provide and process ultra-low latency services.The Radio Access Network(RAN)is one of the key networks to implement fut

65、ure emerging applications.With its continuous development,vertical industries witness the growth of RANs,mainly in the following aspects:1)RANs become more and more complex.The competition and integration of different access technologies,as well as the support for the application in different vertic

66、al industries,are the main driving factors to increase the RAN complexity.2)RANs need to support more complex services,including Enhanced Mobile Broadband(eMBB),Ultra-reliable and Low Latency Communications(uRLLC),and Massive Machine Type Communications(mMTC).3)With the development of optical fiber

67、technologies and the expansion of optical fiber coverage,RANs are extending to more applications and promoting all-fiber connections in various vertical industries to build a unified all-optical structure.The cloud-network-edge-terminal collaboration architecture gives birth to more emerging service

68、s.In the cloud,applications shake off the yoke of limited resources.On the network,distributed computing devices connected by the network stimulate the surge of more low-latency applications.On the edge,the cloud-edge-terminal collaboration ushers into emerging applications,such as cloud games.Based

69、 on the cloud and edge,the networks help the efficient circulation of resources in vertical industries,thereby improving the operational capabilities of the entire network architecture.Although the cloud-network-edge-terminal collaboration has spawned more applications and brought users the supreme

70、service experience,there are still many problems in its development process.The problems include the following:1)Breakthroughs in network technology:New network technologies need to balance network quality and cost.How to weigh the benefits and costs of operators in the network deployment process be

71、comes one of the challenges to the development of cloud-network-edge-terminal collaboration.2)Facing the problem of massive ubiquitous access in the future,besides benefits and costs,a flexible and dynamic service configuration must be implemented.Based on users service-level agreements,multiple dim

72、ensions of network resources must be considered to improve the network service performance.3)Due to the limited computing power of edge servers,how to introduce Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries3.Research on Key Technologies of Cloud-Network Edge-Termina

73、l Intelligent Collaboration and TailoringCloud-Network-Edge-Terminal Collaboration is a further extension of cloud computing and edge computing.Based on cloud computing and edge computing,it integrates the technologies such as network slicing(tailoring technologies),SDN,and AI,for cloud-edge collabo

74、ration on demand and dynamic and optimized system scheduling,thereby supporting the creation,operation,and evaluation of complex applications in vertical industries.3.1 Overview of Cloud Computing and Edge ComputingAs a supercomputing model,cloud computing is to share users online software,hardware,

75、and information resources based on the Internet,thus maximizing the storage and computing capabilities of computers.Cloud computing was first proposed by Google in 2007,and it is a new computing model established on the basis of distributed computing,parallel computing,and network computing.In a bro

76、ad sense,cloud computing means that users obtain services online via the networks on demand or in a manner that is easy to expand.Such services include hardware,software,and information resources,and can be traded and charged.In a narrow sense,cloud computing is the delivery and use mode of computer

77、 infrastructure as commodities,in which users pay to obtain the required hardware/software resources through the network in a way of demand and easy extension.Cloud computing has many advantages:1)Users can access the cloud anytime and anywhere through networks.Cloud computing not only has its own s

78、ystem but also integrates various heterogeneous information devices.Users can access cloud resources as long as their networks are available.2)Self-services:Cloud computing provides an automated software operating environment where users can obtain requested services according to their individual ne

79、eds without interacting with service providers.This greatly reduces operating costs.3)Resource pooling:Cloud computing puts all software,hardware,and information resources in a virtualized operating environment.When users request services,these resources will be combined on demand to meet users serv

80、ice needs.4)Elastic supply:Instead of a static user privacy and security technologies into lightweight devices deployed on edge computing platforms also need to be solved urgently.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-08-service supply,cloud computing automa

81、tically scale up resources in case of excessive visits for faster resource pooling,or slows down the pooling if the visits decrease.This method spins up and down dynamically as the visits vary.5)Measurable services:The services provided by cloud computing are measurable.The resource pool scales up o

82、r down according to users different needs for services.Users only need to pay for the content and times of service received.Cloud computing is a centralized service.All data is transmitted to the cloud through the network for processing.Such a high-concentration nature of resources makes cloud compu

83、ting highly versatile.With the explosive growth of IoT devices and data,however,it has become increasingly apparent that aggregated services based on cloud computing models are revealing their shortcomings in real-time performance,network constraints,resource overhead,and privacy protection.In order

84、 to address the shortcomings of centralized cloud computing,the concept of edge computing emerged as a solution.Edge computing refers to a distributed and open platform that provides edge services in the principle of proximity by integrating networks,computing,storage,and applications at the edge of

85、 the network,closer to the source of objects or data.With a shorter transmission link,edge computing is faster and more efficient in response to service needs on the data generation side,and the local processing of data can also improve user privacy protection.In addition,edge computing makes servic

86、es less dependent on networks,so that basic services become available even offline.Figure 3.1 Cloud Computing and Edge ComputingIntelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-09-Edge computing can be traced back to the concept of functional caching in content distrib

87、ution networks.After edge computing entered a period of rapid development in 2015,associations and alliances focusing on edge computing were established in succession.This led to the gradual formation of various definitions,standards,and specifications.The OpenStack Foundation,which aims to promote

88、the development,dissemination,and use of cloud operating systems,and the Edge Computing Industry Alliance which is jointly established by Huawei Technologies Co.,Ltd.,Shenyang Institute of Automation under the Chinese Academy of Sciences,and some other institutions,have defined edge computing.These

89、definitions may be somewhat different,but there is a consensus on the core concept of edge computing.That is,edge computing is a new computing model that executes computing at the edge of the network.The edge referred means any resource from the data source to the cloud,and its operation objects inc

90、lude downlink data from cloud services and uplink data from IoE services.Edge computing has the following advantages:1)Better data security:In the edge computing architecture,data is collected and calculated locally,and no longer transmitted to the cloud.Therefore,critical sensitive information may

91、not be transmitted through networks,effectively avoiding privacy leaks during data transfer.2)Shorter interaction latency:IoT applications need to process a huge amount of data,whereas edge computing is closer to the data source.This means the latter enables more real-time and faster data processing

92、,shorter latency caused resulting from data upload to the cloud server and data backhaul,and higher system efficiency.The timeliness and immediacy of edge computing are crucial to applications with rigorous requirements for response time,such as autonomous driving and video monitoring applications.3

93、)Lower bandwidth cost:The increasing number of IoT devices requires higher and higher network transmission,on the contrary,edge computing does not occupy too many resources because it requires fewer data interactions with the cloud.Therefore,edge computing is more cost-effective in both data computi

94、ng and storage.This is especially critical for applications that need to forward data based on the Internet or across domains.In addition to lowering the transmission cost by reducing the amount of network transmission data,edge computing also further improves the computing efficiency of the cloud c

95、omputing center.4)Lower energy consumption:Since data is processed at the edge of the network,and does not go to the cloud,the energy consumption of cloud servers will be lower.Based on the above analysis,both cloud computing and edge computing have their own advantages.By relying on either of them,

96、we could hardly achieve the KPI requirements for various performance Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-10-indicators.In this context,studies need to be done in the industry and academia to opt for appropriate network architectures that adapt to the devel

97、opment of vertical industries.3.2 Network Slicing3.2.1 OverviewThe RANs for the IoT and vertical industries provide customized services for different application scenarios to meet their different performance requirements.For example,industrial-grade application scenarios such as autonomous driving a

98、nd smart industry require ultra-low latency and industrial-grade reliability.Virtual reality,augmented reality,and holographic images require high bandwidth.Smart city/home,smart water,and other IoT sensor access services require large-scale access to massive IoT terminals.A single physical network

99、does not cater to diversified service requirements.Moreover,the explosive traffic growth and device access brought about by the rapid development of the mobile Internet and IoTs have resulted in the problems such as insufficient resources and difficult management.As a result,network slicing came out

100、.Its basic idea is to build virtual logical subnets that have different characteristics and are isolated from each other on demand through deep decoupling and flexible reconfiguration of network functions based on shared physical infrastructure under a unified open network architecture.Different vir

101、tual logical subnets can provide users with customized services,adapting to the needs of various service types and improving the usage of network resources.As one of the key technologies of 5G/6G networks,network slicing has the following features:(1)Isolation:This is the most essential and importan

102、t feature of network slicing.Even if different users have conflicts in performance requirements when using the services provided by network slicing,the service performance and security can still be guaranteed for all users in the network.1)In terms of performance,each network slice has its separate

103、performance requirements,and the resource blockage of a network slice will not affect other network slices.2)In terms of security,when a network slice fails,the resources and services being used by other network slices will not be affected and can still run normally.The isolation of network slicing

104、involves not only the data plane but also the control plane,including network topology isolation and bandwidth isolation.In most cases,the isolation degree of a network slice depends on how much the physical network infrastructure and resources are shared or privately used.Intelligent Collaboration

105、of Cloud-network-edge-terminal for Typical Industries-11-(2)Customization:This guarantees the efficient utilization of allocated resources for each user in the network slice,which in turn enables the satisfaction of different service requirements.Customization can be achieved by abstracting the topo

106、logy of the underlying physical network infrastructure and scheduling virtual network functions and resources for each network slice.(3)Virtualization:This feature is the prerequisite for implementing network slicing.Network slicing can be built only after operators virtualize the computing,storage,

107、and communication resources in networks,and necessary network functions on general physical infrastructure by using Software Defined Network/Network Function Virtualization(SDN/NFV)technologies.(4)General unified platform:Network slicing can be built on the basis of general SDN/NFV infrastructure an

108、d server platforms to ensure efficient operation with lower costs.(5)Low network complexity:In a traditional network,functions are highly dependent on each other.Each communication service requires dedicated devices,and the device functions may overlap or depend on each other,which means higher comp

109、lexity.Network slicing virtualizes network functions by decoupling software and hardware.This ensures that each network slice only contains the network functions required for its service type and that the functions of different slices do not affect each other,making network operations easier.3.2.2 A

110、pplication in Cloud-Network-Edge-Terminal CollaborationFor network slicing applications,it is preferable that massive data be processed in a centralized way in the cloud data center,and that some small-scale data be processed locally in edge computing,with the processing results to be reported to th

111、e cloud data center.In this way,cloud-edge collaboration can make rapid processing decisions.Therefore,cloud computing and edge computing complement each other,and network slicing can span different resource domains(including clouds and edges),guaranteeing the availability in different resource doma

112、ins.Taking the network slicing of a power supply project as an example,in its network slicing structure,the virtual network main controller is deployed in the cloud and multiple sub-controllers are at the edges.The main controller manages the entire network and can create network slices to support d

113、ifferent network services according to real-time service needs.Sub-controllers,managed by the main controller,Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-12-control their local networks(edge networks).The virtual network control center performs unified control ove

114、r network devices and implements the interconnection of cloud and edge resources by building a dedicated management network(physical management plane)in the cloud and at the edges.The main controller module deployed in the cloud and the sub-controllers at the edges form a virtual network control str

115、ucture.The main controller manages the network policies and backbone network configuration of the entire network,while the sub-controllers manage network edges,follow the control policy of the main controller,and manage network policies within their edge ranges.Controllers manage physical communicat

116、ion modes in a unified manner,which can shield the differences between the underlying transmission networks,thus providing a unified virtual network interface for network applications.Given the characteristics of underlying physical networks,different network slices can be built for the flexible sch

117、eduling of network functions and resources and the on-demand customization of network services.The main controller in the cloud and the sub-controllers at the edges exchange information via network control protocols.Depending on their types,network controllers use different control protocols to comm

118、unicate with controlled network devices.The main controller manages the physical topology and routing of the entire network,the building of virtual networks,and the release of forwarding rules.Moreover,it is also responsible for managing network virtualization in the cloud.In addition,the main contr

119、oller also manages all sub-controllers,sends network control policies to each sub-controller,and exchanges topology information with sub-controllers to form a global network topology.Sub-controllers only manage network virtualization in their own areas and,under the management of the network control

120、 center(main controller),exchange network information in its managed area with the network control center.Cloud-network-edge-terminal collaboration based on network slicing manages the ubiquitous communication IoT,addressing:1)the challenges faced by existing communication networks,such as flexible

121、access,security,and scheduling of massive terminals,2)the different requirements of various vertical industries for network service quality,and 3)the operation and maintenance issues of existing networks.This helps build convenient and flexible network infrastructures for the development of RANs,wit

122、h the following advantages:Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-13-14-(1)As the layered network control management architecture combines the main controller and multiple sub-controllers,it tackles the problems such as excessive control range of a single con

123、troller,low management efficiency,and collaborative control between the cloud and edges.(2)Hierarchical multi-region collaboration control is implemented.The main controller manages and controls sub-controllers,and manages the data transmission between sub-domains and external networks.The sub-contr

124、ollers manage the data transmission within their own network sub-domains.(3)Multi-network integration control and the coordination and control of 5G networks make it possible for the unified management of multiple physical networks.3.3 Software Defined NetworkThe rapid development of communication t

125、echnologies comes along with diversified applications and high redundancy requirements and gradually uncovers the demerits of traditional networks.Traditional networks and their devices need to be configured manually and cannot be programmed.They are static and difficult to change,with complex confi

126、gurations.Their functions cannot be made into full play.Software Defined Network(SDN)decouples the data plane and control plane,and makes controllers programmable,providing more flexible and convenient solutions for future networks.3.3.1 OverviewSince its birth,SDN has aroused great attention and de

127、ep thinking in global academia and industries.SDN originated from the Ethane project led by Stanford University in the United States,which first proposed the definition and core idea of SDN.Subsequently,major universities and industrial giants around the world swarmed into the research on SDN.Among

128、them,the most important standardization organization for SDN is the Open Networking Foundation(ONF).ONF is a non-profit organization jointly established by Google,Facebook,Yahoo,and other companies in early 2011,focusing on SDN development,standardization,and commercialization.ONF defines SDN as an

129、emerging network architecture that decouples the control plane from the data plane and supports network programmability.Intelligent Collaboration of Cloud-network-edge-terminal for Typical IndustriesSDN has its own unique networking mode.Figure 3.2 shows the SDN network architecture proposed by ONF.

130、The architecture diagram includes the application plane,control plane,data plane,control and management plane,and interfaces between the planes.The functions of the planes are as follows:(1)The application plane includes a number of SDN applications designed to meet user needs.It is also the part th

131、at users care about the most.It communicates with the control plane through an open Northbound Interface(NBI)and sends user requests to the controller of the control plane in a programmable manner.In addition,these applications can also provide more advanced northbound interfaces by abstracting and

132、encapsulating their application logic.(2)The control plane is composed of SDN controllers,which are pivotal to the SDN for centralized control.The controllers are located between the data plane and the application plane.They interact with the data plane through the southbound interface and abstract

133、the states and events of the underlying infrastructure for upper-layer applications to use.Also,the application plane requests are sent to the underlying infrastructure through the SDN northbound interface.In a large SDN,the control plane has multiple SDN controllers that communicate through the eas

134、tbound/westbound interface to share network information and coordinate their decision-making process.(3)The data plane consists of switching devices such as switches and routers.These switching devices do not have control functions and are mainly designed for two tasks.First,they collect network sta

135、te information such as network topology and traffic statistics and send it to the controllers of the control plane.Secondly,they forward network packets according to the forwarding policy issued by the controllers.(4)The control and management plane configures the switching devices at the infrastruc

136、ture layer,determines the control area for the controllers,and signs service-level agreements.In fact,most SDN architectures do not include a control and management plane.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-15-Figure 3.2 SDN Architecture DiagramBased on th

137、e above definition and architecture of the SDN,it can be concluded that SDN has the following advantages:(1)Independent forwarding and control:The SDN breaks the tight coupling of control and forwarding in traditional networks so that they can serve different purposes.The controllers of the control

138、plane are used for global logic control,and manage the switching devices of the data plane in a unified manner from a global perspective.On the other hand,the switching devices of the data plane perform high-performance and distributed network forwarding.(2)Flexible and programmable network:The prog

139、rammability of SDN is manifest in many respects.In addition to the flexible and programmable network enabled through powerful programming interfaces,switches at the infrastructure layer and controllers at the control layer can call be implemented through software programming.This allows users to fle

140、xibly expand functions as needed.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-16-(3)Centralized control:The SDN controls the entire network through controllers,which manage all network elements including switches and routers in a programmable manner.This facilitate

141、s dynamic adjustments to forwarding policies according to changes in network traffic,enhancing the performance of the entire network.3.3.2 Application in Cloud-Network-Edge-Terminal CollaborationWith the rise of cloud computing,problems such as low utilization,high maintenance costs,and complex mana

142、gement and deployment of devices in traditional data centers are increasingly prominent.Fortunately,SDN technology is an ideal solution pertaining to needs and challenges such as centralized management,flexible networking,multi-path forwarding,flexible deployment and intelligent migration of virtual

143、 machines,virtual multi-tenancy,and IaaS in large data center networks.To design a cloud-network collaboration SDN architecture,it is necessary to meet the requirements of intra-cloud networks,inter-cloud connections,and cloud-based migration networks,and manage multiple domains and heterogeneous ne

144、twork resource systems to enable collaborative work and one-stop management services.The cloud-network collaboration architecture of large service providers is composed of at least access,backbone network,and cloud center,which involves not only the planning of the overall architecture but also the

145、integration of technologies of multiple domains.The following project example is provided to introduce the application of SDN in cloud-network collaboration.The project has realized cloud-network collaboration management and collaborative work.Network infrastructure is reconstructed based on SDN tec

146、hnology,public cloud,and private cloud resources are connected,end-to-end automatic network service deployment and scheduling(SDN business orchestration)are available,and corporate customers are provided with cloud-based migration,cross-cloud connections(including data centers,public clouds,and priv

147、ate clouds),branch networking,and more services,with the last mile issue of cloud computing addressed as well.The architecture is an SDN solution of Tethrnet as shown in Figure 3.3:Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-17-Figure 3.3 SDN Cloud-Network Collabo

148、ration Architecture(Source:https:/ deployment details are as follows:(1)SDN orchestration and service platformTo meet the requirements and service process of customers,multi-domain service orchestration capabilities are provided,offering orchestration for public and hybrid cloud interconnections,L2/

149、L3VPN networks,and the integration of SD-WAN access to cloud and backbone networks.Through the orchestration capabilities and service platform,unified end-to-end scheduling of resources,SLA service quality assurance,path planning,and VPN tenant security management are enabled.Additionally,a unified

150、northbound API specification and YANG model are available for edge domains,backbone networks,and multi-domain services for connecting with various cloud service providers,and realizing connection and decoupling of controllers from different manufacturers.This dispenses with the trouble that traditio

151、nal business systems have to call multiple network domains and lays the foundation for customers to develop their cloud-network collaboration capabilities.Given that customers business requirements,environments,and processes are complicated,considerable customized developments are performed in the p

152、roject using the Terra business orchestrator.Apart from that,the SDN data center controllers,SD-Core backbone network controllers,and SD-WAN edge access controllers are all managed at the Terra business orchestration layer.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industri

153、es-18-(2)Cloud data center networkThe following respects are prioritized:In the cloud center,consider deploying the VPC network of the cloud resource pool and the BM network of the physical resource pool with a hybrid overlay network,including OpenStack Neutron linkage.Secondly,consider purchasing n

154、etwork devices from multiple manufacturers for different POD areas,managing VXLAN/EVPN networks of multiple manufacturers by a certain means,and providing unified logical network service capabilities for the upper layer.Thirdly,focus on the collaborative management of the VPC network and external ne

155、tworks,especially the backbone network,to enable interconnection and unified management for the VPC network and edge routers(GW/VBR).The project implements the above functions based on the TerraDC controller with L4L7 NFV service management added.(3)Backbone networkThe focus is on the automatic prov

156、isioning of L2VPN and L3VPN business and the SLA and traffic engineering design of important businesses.The backbone network of the service provider employs Multi-protocol Label Switching(MPLS)/Segment Routing Traffic Engineering(SRTE)for the main backbone network routers and connects with the cloud

157、 center and tenant branches through a virtual private network(L2VPN/L3VPN).The customer uses SRTE to achieve SLA for different types of business and uses SR+SDN to reconstruct the new-generation backbone network to achieve traffic scheduling and management.Since PE nodes are to be connected to the d

158、ata center and public cloud,it is also important to ensure interconnection between PE nodes and edge routers(GW/VBR)and automatic connection for SD-WAN access.The above-mentioned functions are realized based on the TerraCore controller.(4)Edge access networkWhen designing the edge access network,pri

159、ority is given to SD-WAN POP node networking design and detection,multi-line POP node design and networking,and integration of POP nodes and the MPLS of the backbone network.The CPE on the access side uses automatic detection technology to select the optimal POP nodes.In addition,when integrating wi

160、th MPLS,the issue of how to prevent routing loops and feedback,as well as the perfect collaboration between SD-WAN tenants and MPLS tenants,must be taken into account to address the last mile problem of MPLS.The above-mentioned functions are realized based on TerraEdge.Intelligent Collaboration of C

161、loud-network-edge-terminal for Typical Industries-19-New cloud service providers pursue resource logic management and second-level response while traditional operator networks or traditional network models can no longer support greater business elasticity and faster growth.The emergence of cloud-net

162、work collaboration and SDN technology abstracts and simplifies the entire physical network into a single logical network resource pool and defines the automatic process of user services with software to enable multi-system linkage and multi-domain network linkage for automatic and rapid end-to-end b

163、usiness deployment.A power network slicing solution based on cloud-edge collaboration has been proposed,where the network controller is deployed in the central cloud and the sub-controllers are deployed in the edge cloud,so that flexible slicing can be achieved using the SDN and NFN for the power co

164、mmunication network.The SDN is mainly used in the network slicing control system.As shown in Figure 3.4,an SDN controller or NFV management controller is integrated into the main controller and sub-controllers with an SDN client or NFV agent deployed on the controlled network devices.The main contro

165、ller is in the central cloud and the network sub-controller is in the edge cloud to coordinate network virtualization and transmission control processes.Figure 3.4 Cloud-Edge Collaboration Control Architecture(W.Chuanjun,W.Hailin,C.Jinming and J.Hao,Research on Power Network Slicing Technology Based

166、 on Cloud-Edge Collaboration,2021 IEEE International Conference on Power Electronics,Computer Applications(ICPECA),2021,pp.743-753)Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-20-The main controller in the cloud and the sub-controllers at the edges exchange informa

167、tion and enable control via network control protocols.The switching protocols include OpenFlow,Border Gateway Protocol(BGP),Netconf,Simple Network Management Protocol(SNMP),and so on.Regional collaboration control is adopted in the solution as each sub-controller manages a regional edge cloud networ

168、k while the main controller manages and controls the entire network by managing and coordinating the sub-controllers.By integrating the SDN and NFV technology,the cloud-edge collaboration architecture deals with the problem of existing devices falling short in supporting new technologies,and provide

169、s convenient and flexible network infrastructure for the development of new network services.3.4 Artificial Intelligence3.4.1 OverviewArtificial Intelligence(AI)was coined by McCarthy at Dartmouth in 1956.In the 1960s,the perceptron was proposed,and expert systems and knowledge engineering appeared

170、in the 1970s.In the next ten years or so,AI went through a slump.However,in the mid-1980s,research on artificial neural networks made breakthroughs and boosted the development of AI.Rumelhart came up with the backpropagation(BP)learning algorithm in 1969,which solved the learning problem of multi-la

171、yer artificial neuron networks and set off a research boom centering around artificial neuron networks.In 1985,Geoffrey Hinton replaced the original single feature layer in the perception with hidden layers and used the BP algorithm to calculate network parameters.In 1989,Yann LeCun employed deep ne

172、ural networks to recognize handwritten characters of postal codes on letters.With the continuous improvement of computer performance since 1987,the AI hardware market shrunk sharply and AI experienced its second trough.In 2006,Hinton proposed Deep Belief Networks(DBN)that reduced the difficulty of l

173、earning hidden layer parameters.Also,the training time of the algorithm has a nearly linear relationship with the size and depth of networks,which allowed AI to enter public view once again and flourish in a new phase of rapid development.In 2010,the DARPA of the U.S.Department of Defense decided to

174、 fund deep learning projects.In 2012,Hinton reduced the Top-5 error rate of ImageNet image classification from 26%to 15%.Two years later,Google increased the accuracy of language recognition from 84%to 98%with Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-21-the acc

175、uracy on the mobile Android systems up by 25%.Apart from that,Googles facial recognition system FaceNet achieved an accuracy rate of 99.63%on the LFW dataset.In 2016,DeepMinds AlphaGo software which had 1,920 CPUs and 280 GPUs defeated Lee Sedol,a renowned Go champion.In April 2017,AlphaGo continued

176、 to challenge Ke Jie and other Chinese Go players,and AI commenced its new journey of advancement.While AI evolved based on artificial neural networks,reinforcement learning relying on Markov decision processes was also advancing.In 1954,Minsky initiated the concepts and terms of reinforcement and r

177、einforcement learning.In 1957,Bellman proposed a dynamic programming method for solving the optimal control problem and the random and discrete Markov decision process of optimal control.After that,Howard came up with a policy iteration method to solve the Markov Decision Process(MDP).Thence,reinfor

178、cement learning entered a trough that lasted for about thirty years.In 1989,Q-learning created by Watkins further expanded the application of reinforcement learning and completed reinforcement learning.Reinforcement learning was once overshadowed by supervised learning for a certain period of time,u

179、ntil 2013 when DeepMind published a paper on utilizing reinforcement learning to play Atari games,which opened up ten years of the remarkable development of reinforcement learning.In October 2015,DeepMinds AlphaGo defeated Fan Hui,a well-known professional Go player.In March 2016,through tens of tho

180、usands of practice and reinforcement,AlphaGo defeated Lee Sedol by winning a margin of 4-1.Soon after that,Master(AlphaGo version)appeared on and Tencents in December 2016 and scored 60 consecutive victories,storming the Go world invincibly.Figure 3.5 History of AI Development(Source:https:/ Collabo

181、ration of Cloud-network-edge-terminal for Typical Industries-22-Figure 3.6 Development of Reinforcement Learning(Source:https:/ Reinforcement Learning(DRL)is created by combining reinforcement learning and artificial neural networks.It is widely applied in autonomous driving,cybernetics,recommender

182、systems,smart grids,intelligent transportation networks,network flows,and more fields.With the rapid development of 5G networks and the advent of the Internet of Everything era,the surge in the number of network edge devices will continue to generate massive edge data.However,as the computing capabi

183、lity of user terminals is limited,it is necessary to compute,communicate and store the above data through cloud computing data centers.In the face of rapidly increasing data,the traditional cloud computing model often fails in terms of timeliness,bandwidth,data privacy,and security.Hence,the edge co

184、mputing model is created to process and compute the massive data generated by user terminals.Mobile Edge Computing(MEC)means communication data is transmitted and computed at the edge of the network.The network edge is anywhere between cloud computing data centers and user terminals,and it serves to

185、 process uplink data from user terminals and downlink data from cloud centers.The edge side uses its advantages to introduce and integrate AI technology step by step so that AI algorithms can run smoothly at the edge,which is known as edge intelligence.Although edge intelligence can empower AI in ed

186、ge computing and even terminal devices,it can only compute a small amount of data due to its limit in computing,storage,and network resources.In addition to that,the development of 5G networks has greatly increased network transmission rates.Hence,it is of significance to combine cloud computing,5G

187、network,and edge computing to enable AI applications.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-23-3.4.2 Application of Machine Learning in Cloud-Network-Edge-Terminal CollaborationOver the past two decades,machine learning has been widely seen in data mining,com

188、puter vision,natural language processing,biometric recognition,search engines,medical diagnosis,credit card fraud detection,securities market analysis,DNA sequencing,voice and handwriting recognition,strategic games,robotics,and more.From an academic perspective,machine learning can be divided into

189、supervised learning,unsupervised learning,reinforcement learning,and deep learning.As 5G networks,edge computing,and cloud computing are growing,machine learning is being applied in cloud-network-edge-terminal collaboration.Also,industries have been implementing machine learning alike.Schneider Elec

190、tric cooperated with Amazon AWS to establish an AI industrial visual inspection platform relying on Amazon SageMaker and related services.The platform facilitated Schneider Electrics automatic and intelligent inspection processes,improved its product quality and reliability,and realized unified clou

191、d-to-edge management through cloud-edge collaboration,enabling both model iterations/upgrades and management of multiple edge terminals at once.China Mobile is active in deploying new AI infrastructure,including new AI infrastructure,new platform infrastructure,and new cloud-network infrastructure t

192、o build AI infrastructure capabilities featuring cloud-network-edge-terminal collaboration.China Mobiles network covers a great many cities across China with central clouds and edge clouds built.It combines cloud,network,and edge to leverage the advantages of cloud-network integration and cloud-edge

193、 collaboration.With AI computing resources being properly arranged,China Mobile aims to create a ubiquitous and intelligent connection+computing infrastructure and build a massive data resource system.For the sake of a more effective application of machine learning in cloud-network-edge-terminal col

194、laboration,many cloud-edge collaboration architectures are currently made accessible at home and abroad.For example,Sedna,Huaweis edge-cloud collaboration AI project,is designed for cross-edge-cloud collaboration training and reasoning,such as joint reasoning,incremental learning,federated learning,

195、and lifelong learning.Sedna supports a broad range of existing AI frameworks including TensorFlow,PyTorch,PaddlePaddle,and MindSpore.Existing AI applications can be seamlessly migrated to Sedna for quick edge-cloud collaboration training and reasoning,bringing advantages such as reduced costs,improv

196、ed model performance,and well-protected data privacy.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-24-Figure 3.7 Sedna Architecture DiagramSedna has the following components:GlobalManager:It is used for the management of edge-cloud collaboration AI tasks,cross-edge-

197、cloud collaboration and management,and central configuration management.LocalController:It is used for the local process control of edge-cloud collaboration AI tasks and general local management,dealing with models,datasets,state synchronization,and so on.Worker:It is a training/reasoning program de

198、veloped based on existing AI frameworks and serves to perform training or reasoning tasks.Different characteristics correspond to different Worker groups.Worker can be deployed at the edge or in the cloud for collaboration.Lib:It is mainly designed for AI developers and application developers to obt

199、ain edge-cloud collaboration AI functions and applications.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-25-3.4.3 Application of Federated Learning in Cloud-Network-Edge-Terminal CollaborationFederated Learning was proposed in 2016 for protecting data privacy and so

200、lving problems such as data silos.According to the distribution of data sources of parties involved,federated learning can be divided into horizontal federated learning,vertical federated learning,and federated transfer learning.The focus of federated learning is to realize data transmission and int

201、eraction between parties through encryption technology for joint modeling,with the data of the parties well-kept in their databases.Thereby,it prioritizes secure computing during data exchange.The proposal of this concept has also aroused extensive attention in both the academic and industrial world

202、s.Figure 3.8 is a basic architecture diagram of Federated Learning,which is basically composed of a server and clients.The clients use local privacy data for model training and upload their model parameters or gradients to the server.Then,the server waits for the parameters from the client synchrono

203、usly and asynchronously.Generally,the model parameters are aggregated by means of federated averaging and returned to the clients.The process is repeated until the model reaches the required accuracy.Figure 3.8 Federated Learning ArchitectureThe typical design of federated learning consists of train

204、ing local models on local data samples and exchanging parameters(weights in DNNs for example)between these local models to generate a global model.The steps of federated learning may be coordinated using a central server,which serves as a reference clock,or they can be peer-to-peer without a central

205、 server.The federated learning process is Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-26-27-divided into multiple rounds,and each round consists of four steps:Step 1:local training-All local servers compute training gradients or parameters and send locally trained

206、 model parameters to the central server.Step 2:model aggregation-The central server securely aggregates parameters from multiple local servers without learning any local information.Step 3:parameter broadcasting-The central server broadcasts the aggregated parameters to the local servers.Step 4:mode

207、l update-All the local servers update their models based on the aggregated parameters and check the performance of the updated models.As a result,an optimal global learning model is generated following multiple rounds of local training and update exchanges between the central server and the local se

208、rvers.In order to solve problems such as difficulty in collecting device data,closed architecture,and data silos,giants in the industry such as Huawei and ZTE have come up with cloud-edge collaboration solutions based on open cloud-native architectures.According to diversified business needs,Huawei

209、has summed up the application scenarios such as cloud-side video analysis collaboration,cloud-side application integration collaboration,cloud-side IoT sensing collaboration,and cloud-side container cluster collaboration.Also,it has implemented cloud-edge collaboration applications in Deppon Express

210、,Digital China,and more enterprises to meet the challenges in bandwidth,energy consumption,and communication efficiency,and ensure privacy and security protection.FATE,WeBanks open-source framework of federated learning,and Tencent Cloud Shield Sandbox have made it possible to solve the problem of p

211、rivacy breaches.For one thing,existing data asset parties on public clouds can use the Shield Sandbox to deploy FATE,enabling companies with data advantages in their industry to further tap into the value of data while ensuring security.For another,the Shield Sandbox can use FATE to create a digital

212、 ecosystem in Tencent Cloud,allowing companies and institutions that rely heavily on data to implement AI applications under the premise of privacy protection.In addition,the Shield Sandbox team has further improved FATE during their cooperation.Intelligent Collaboration of Cloud-network-edge-termin

213、al for Typical Industries3.4.4 Application of Knowledge Graph in Cloud-Network-Edge-Terminal CollaborationKnowledge Graph was proposed by Google in 2012 as an important branch of AI technology.It is a structured semantic knowledge base for describing concepts in the physical world,as well as their r

214、elationships,in symbolic forms.Basically,it is composed of an entity-relationship-entity triplet and an entity-property value pair.Entities are connected by relationships to form a meshed knowledge structure.The origin of Knowledge Graph can be traced back to 1960.In the early phase of AI developmen

215、t,there were two major schools,that is,symbolism and connectionism.Symbolism focused on simulating the human mind and using computer symbols to represent knowledge in the human brain while connectionism centered around the simulation of the physiological structure of the human brain and developed ar

216、tificial neural networks.As a result,the concept of Semantic Networks was proposed as a method of knowledge representation,which is mainly used in the field of natural language understanding.In 1970,with the proposal and commercial development of expert systems,knowledge base construction,and knowle

217、dge representation were emphasized.Basically,the idea of expert systems is that experts make decisions based on the knowledge in their brains.Thereby,in order to realize artificial intelligence,computer symbols should be used to represent such knowledge and inference engines should be employed to im

218、itate how the human brain processes knowledge.Knowledge representation methods commonly used in early expert systems include Frame-based Languages and Production Rules.Frame-based Languages describe categories,individuals,and properties regarding the objective world,and are mostly used to facilitate

219、 natural language understanding.Production Rules describe logical structures and represent procedural knowledge.In 1980,the philosophical concept Ontology was introduced into AI research to represent knowledge.The entity of a piece of knowledge may be a person,an object,or an abstract concept,and On

220、tology is the general term for their ontologies.In 1989,Tim Berners-Lee invented the World Wide Web at European Organization for Nuclear Research.Thence,people could include their documents in links.Based on the concept of the World Wide Web,the concept of the Semantic Web was created in 1998.With S

221、emantic Web,not only web pages but also objective entities(such as people,institutions,places,Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-28-etc.)can all be linked to networks.In 2012,Google launched its Knowledge Graph-based search engine.Figure 3.9 shows the wor

222、kflow of the entire cloud-network-edge-terminal collaboration knowledge graph,involving devices,edge terminals,and a cloud node.The devices are image acquisition terminals.The edge terminals complete tasks related to scene graph generation,and the cloud node shares scene graphs and extracts deep inf

223、ormation.Each edge terminal corresponds to multiple devices.The graph data collected by the devices is uploaded to the corresponding edge terminals to generate scene graphs.In addition,the devices can subscribe to the scene graph data generated by the edge terminals,meeting the requirement of scene

224、graph sharing among devices.The cloud node corresponds to multiple edge terminals,and more general knowledge graphs can be aggregated based on the scene graph data uploaded by all the edge terminals.Figure 3.9 Knowledge Graph Workflow(Source:https:/ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=96

225、51576)In industry,some companies at home and abroad have also applied knowledge graphs to their products.Tencent Knowledge Graph is a one-stop platform integrating a graph database,graph computing engine,and visualized graph analysis capability.In the fields of finance,security,the Internet of Every

226、thing,government,enterprises,and more,massive data interactions generate a Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-29-30-large amount of data.Such complex and related data contains considerable business information and commercial value.Tencent Knowledge Graph

227、supports the storage and computing of hundreds of billions of node relationships and responds to online operations such as node search,multi-hop query,and shortest path analysis.It supports offline computing models such as PageRank,community detection,similarity calculation,and fuzzy subgraph matchi

228、ng.Also,Tencent Knowledge Graph can efficiently extract combined entities and relationships from heterogeneous data to generate knowledge graphs and supports various visualization solutions pertaining to graph structure layout,rendering,and more.It performs testing and verification based on Tencents

229、 massive social media and business data to provide a customized one-stop solution according to customer needs in various scenarios.IoT terminal devices such as medical instruments and GPS systems of vehicles easily and continuously generate terabytes of data.Tencent Knowledge Graph provides a comple

230、te set of solutions from engine-level products to industry knowledge applications in terms of access,management,and analysis of IoT data.The native graph computing framework allows customers to exploit the huge value behind the data.Figure 3.10 Application of Knowledge Graph in IoTRelying on its dis

231、tributed StellarDB graph database and Sophon KG Knowledge Graph Platform,Transwarp Technology provides banks and more users with functions such as knowledge acquisition,graph construction and storage,graph update and iteration,and graph computing and analysis.The platforms are powerful enough to mee

232、t the requirements of high availability,resource management and control,visualization effects,and NLP capabilities.Intelligent Collaboration of Cloud-network-edge-terminal for Typical IndustriesTranswarps graph knowledge solutions are more reliable and greater in performance.They support super-large

233、-scale graphs,comparative analysis of graphs,visual statistics,timing analysis,various layout and style settings,large 3D displays,and NLP.Compared with building a knowledge graph platform based on an open-source system,building a knowledge graph platform based on Transwarps self-developed products

234、is more favorable.Graph database:Transwarps platform does not rely on open-source components but on Stellar DB,a distributed graph database.In addition to boasting performance 4 to 6 times greater than its open-source counterpart,Stellar DB is capable of storing graph data with trillions of edges an

235、d is characterized by fast query response,powerful analysis ability,and high stability.Graph algorithms:Transwarps KG and Stellar DB platforms support a variety of graph algorithms,and the built-in financial scene NLP model supports semi-automatic text-based graph building,whereas the graph algorith

236、ms based on open-source solutions require manual development,which costs more and does not support NLP.Clusters:The underlying layers of Transwarps platforms are based on containers,facilitating resource management and control and bringing higher availability.Also,resources can be shared with ease a

237、nd the capacity can be scaled up/down as needed.The resource isolation of open-source solutions is not that reliable as improper operations may cause the entire cluster to go down.Apart from that,open-source solutions trail Transwarps solutions in high availability,resource sharing,and elasticity.Fi

238、gure 3.11 Transwarp Knowledge Graph Architecture(Source:https:/marketing-1253207870.cos.ap- Collaboration of Cloud-network-edge-terminal for Typical Industries-31-4.Research on Cloud-Network-Edge-Terminal Collaboration SecurityThe fifth-generation mobile communication technology(5G)adopts a service-

239、oriented network architecture.It introduces new key technologies such as Network Functions Virtualization,Network Slicing,and Edge Computing to greatly improve mobile network services,and supports applications including Enhanced Mobile Broadband(eMBB),Massive Machine Type Communications(mMTC),and Ul

240、tra-reliable and Low Latency Communications(uRLLC)and so forth.More services and applications are moving to the cloud,which extends traditional human-to-human communications to intelligent connections between things and between people and things,and further advances the development of mobile communi

241、cation technology and its application in a great many fields.Driven by business development,the cloud,network,and edge are given new features.Therefore,the integration of the cloud,network,edge,and terminal is a natural course in the process.The cloud,network,edge,and terminal are planned by centeri

242、ng around business and customers to provide the shortest path,optimal experience,and security guarantee for cloud-based migration and inter-cloud connections,realize cloud network edge end collaboration,and realize cloud-network-edge-terminal collaboration,and enable orchestration and scheduling of

243、the cloud,network,and edge with an integrated architecture.4.1 Security Challenges Faced by Cloud-Network-Edge-Terminal CollaborationAt present,network attacks including information leakage and privacy compromise have resulted in great losses to users.However,much greater network security and reliab

244、ility are required for future cloud-network-edge-terminal collaboration businesses represented by the Internet of Vehicles and precision manufacturing.5G introduces slicing,Network Function Virtualization(NFV),MEC,and more new technologies to support the customization of intelligent network services

245、,rendering the network form,ecosystem,business model,and trust and risk relationships more dynamic and complex.The use of centralized orchestration and software-defined capabilities brings not only new centralization features to networks but also new challenges to security.In addition,supervision an

246、d security laws and regulations become even more stringent.Security is currently facing more challenges.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-32-33-4.1.1 Lack of Secure and Trusted Network ArchitectureThe existing IP networks do not consider the issue of net

247、work security and credibility and lack basic security design.The security of the Internet is generally based on patches made at the application layer,so that local security technologies are being stacked without systematically introducing a security protection system or mechanism for global applicat

248、ions,leading to defects such as protection redundancy,lack of solution integrity,and excessive cost.Given the uncertainty of user/terminal activities and the ubiquitous variability of threats,the existing network protection modes and security capabilities can barely meet the security requirements of

249、 new service-oriented networks or adapt to the rapid evolution of network polymorphism,significantly restricting future network development and application.4.1.2 Inadequate Security Authentication MechanismIn the future B5G/6G networks,a new network architecture will be derived in application scenar

250、ios such as the Internet of Vehicles,telemedicine,industrial networks,and computing power and network integration.It features ubiquitous interconnection and interaction of all things and requires greater network security and credibility.Massive terminals,ubiquitous heterogeneous access,and diverse a

251、pplications give rise to favorable conditions for IP address spoofing and DDoS attacks,resulting in unauthorized traffic redirection and transmission,unavailability of application resources,and other issues.From the perspective of identity management,identity management systems provide communication

252、 terminals with the root of trust for all interactions.However,the heterogeneous application scenarios in future networks complicate the identity distribution and verification mechanisms of communication terminals,and lack collaborative or federated identity management.Furthermore,centralized manage

253、ment systems involve the risk of being untrustworthy or being attacked,which may lead to serious security consequences.4.1.3 Risk of Private Data LeakageThe popularity of big data,cloud computing,the Internet,social networks,and various smart terminals makes personal data prone to more abuses.Additi

254、onally,the weak position of natural persons limits their ability to control their own data.The privacy security risks involved in a cloud-network-edge-terminal architecture are shown in Figure 4.1:Intelligent Collaboration of Cloud-network-edge-terminal for Typical IndustriesFigure 4.1 Privacy Secur

255、ity RisksAccording to the principle of privacy protection,customers private information must be kept confidential,that is,anyone without permission cannot view or disclose it.In the event it is necessary to disclose certain data that contains private information,that information must be anonymized.P

256、rivate data refers to information that can be directly or indirectly related to someones personal information.For example,if a known number can be used to track a specific user,that number is private data.This type of information is called direct personal information.Information that cannot be direc

257、tly related to a user is known as indirect personal information.Anonymization means whenever an exported file involves user privacy,relevant data must be protected through hashing or encryption.During data processing of terminals,access networks,and core networks,the risks of privacy data leakage in

258、clude:Data collection:Information may be disclosed during collection.Data transmission:Information may be disclosed during signaling and data transmission.Use,storage,maintenance,and destruction of data:Information may be disclosed during the processing,storage,and maintenance of signaling and data

259、in virtual networks.Outgoing data provision:Attackers may utilize public networks to attack business systems to obtain user information,abuse business systems,or leak user information.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-34-4.1.4 Infrastructure Security Ris

260、ksBase station equipment involves the deployment environment,hardware equipment,software versions,data,files,and more.Security threats to the deployment environment and hardware include impacts on the environments such as changed temperature and smoke or direct damage to the hardware itself.Threats

261、to the base station software include unauthorized login and unauthorized access that destruct data and files and cause functions of the base station to be unavailable.4.1.5 Open-Source Software Security RisksWhile open-source software is free,innovative,efficient,and makes relevant products competit

262、ive,it must be managed as an asset,comply with license rules,and meet security requirements like internally developed software.It is necessary to be aware that security vulnerabilities related to open-source software code may appear in products.All the known security vulnerabilities in open-source s

263、oftware and those revealed in security communities must be checked,assessed,and fixed using the same threat model during HPPD development.When selecting open-source software,it is necessary to fully consider security factors including coding security and fixing known security vulnerabilities.Any ope

264、n-source code used must be identified and existing open-source components must be checked for security(such as detecting security vulnerabilities with Black Duck).4.2 Cloud-Network-Edge-Terminal Collaboration Security ArchitectureA typical network architecture of cloud-network-edge-terminal collabor

265、ation is shown in Figure 4.2:Figure 4.2 Architecture of Cloud-Network-Edge-Terminal CollaborationIntelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-35-In a typical hybrid private network scenario in the ToB industry,the base station can be shared by the ToC public networ

266、k and the ToB private network.Based on the local business processing requirements,the local traffic splitting gateway is deployed downwards for the campus-specific UPF/MEC,and dedicated resources are isolated by means of slicing on the software for ToB industry users.When the slice-based logical par

267、titioning is performed in the same cell,the resources on the wireless air interface side are isolated by the resource scheduling method based on time,frequency,and airspace without affecting each other.The data bearers(DRB)of different slices are mapped to their corresponding PRBs,and the PRBs requi

268、red by each slice are partitioned and scheduled according to the frequency domain or the percentage of total resources.A typical security framework of cloud-network-edge-terminal collaboration for industry applications is shown in Figure 4.3:4.2.1 Basic SecurityThe decoupling of software and hardwar

269、e,and the introduction of NFV and SDN have made the original private and closed dedicated network equipment become standard and open general-purpose Figure 4.3 Cloud-Network-Edge-Terminal Collaboration Security ArchitectureIntelligent Collaboration of Cloud-network-edge-terminal for Typical Industri

270、es-36-equipment,which also blurred the boundaries of network protection.Network virtualization and openness render networks more vulnerable and the centralized deployment of networks allows network threats to spread faster and more widely.As network functional entities share infrastructure resources

271、,it is necessary to enable secure resource isolation technology to ensure the secure operation of upper-layer 5G network functions and systems.Resource isolation can be achieved with a virtual isolation mechanism so that the functional entity of each network cannot access any other resources except

272、those specified in virtual machine/container management.Security protection for virtualized networks also requires the credibility of the network infrastructure,which is more important for infrastructure deployed in a non-trusted environment,such as base station cloudification and edge computing.Wit

273、h trusted computing technology,a hardware root of trust is integrated into the network functional entity platform to create a chain of trust involving the computing environment,basic software,applications,and services,and protect the integrity of the software and hardware environment of the network

274、functional entities by relying on level-by-level integrity inspection.4.2.2 Virtualization SecurityWith the help of network virtualization technology,5G network slicing allows a logical network with complete functions to be subdivided based on 5G infrastructure to provide special,secure,and differen

275、tiated network services for users in vertical industries.Unlike traditional physical private networks that are private and closed,the virtualized private network generated by 5G network slicing in an open environment brings an end-to-end security isolation mechanism and a customized security service

276、 mechanism.The security concept of 5G network slicing covers the wireless,bearer,and core network sides.In addition to traditional mobile network security mechanisms(such as access authentication,access layer,non-access layer signaling security,data encryption,and data integrity protection),an end-t

277、o-end security isolation mechanism between network slices and customized security services are also available.4.2.3 Data SecurityRisks of eavesdropping,tampering,and leakage of user data may occur during transmission.To reduce security risks in applications,5G technology offers more robust methods t

278、o protect data security.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-37-In terms of cryptographic algorithms for confidentiality protection,5G continues to use 4G algorithms such as Advanced Encryption Standard(AES),SNOW 3G,and ZUC.The 128-bit key used by these alg

279、orithms is proven by the industry to be secure.Furthermore,longer security keys and more reliable security protection algorithms will be considered in order to cope with the possible impact of quantum computing on the symmetric key system in the future.To protect data transmission between networks,5

280、G has also integrated Security Edge Protection Proxies(SEPP).SEPP establishes a secure TLS transmission channel between operators to protect the confidentiality and integrity of certain information,effectively preventing data from being tampered with or eavesdropped on during transmission.As technol

281、ogy evolves,the threat of IMSI-catchers is increasingly prominent.Attackers may obtain user data by inducing industry users to access IMSI-catchers.However,5G can protect broadcast or unicast of base stations by allowing industry users to access only after the communication has been verified,so as t

282、o avoid data leakage caused by connection to IMSI-catchers.In addition,5G can completely protect the generation,processing,and use of data in industrial applications.In the process of data generation and processing,data is classified by sensitivity and encrypted transmission links are established be

283、tween security domains.Differentiated data security technologies are used according to the specific security levels.Data requesters are authorized and verified to ensure that the purpose and scope of data usage are in line with security policies.Apart from that,the use of important business data is

284、audited so that the confidentiality and integrity of data can be protected for industry users.4.2.4 Application SecurityIn view of the security requirements and problems brought by massive terminals,ubiquitous connections,and diversified applications of the Industrial Internet,Internet of Things,and

285、 other networks,in combination with the characteristics of new network architecture system,security factors are deeply integrated into network design and construction from top to bottom,and an integrated endogenous trusted security protection system is built from the perspective of the whole system.

286、Security requirements and security attributes are integrated into the system architecture so that they can be adaptively adjusted with system changes to continuously ensure the security of cloud-network-edge-terminal collaboration.The following features are included:Intelligent Collaboration of Clou

287、d-network-edge-terminal for Typical Industries-38-(1)Trusted security identifier naming systemThe trusted security identifier naming system comprehensively covers the role information of users,services,networks,etc.In combination with the multi-level trust association and transmission mechanism,it c

288、an not only ensure the authenticity and validity of the identity of network participants but also meet the trusted interoperability requirements in the large-scale open interconnection scenario of heterogeneous networks.(2)New network endogenous security model and architectureIt is the three-dimensi

289、onal endogenous security model and architecture supporting the new network architecture.Based on the new network identifier naming system,it realizes multi-level end-to-end traffic security transmission capability by collaborating with the service plane,control plane,and management plane through tru

290、sted identity management,authentication,authorization,verification,and other technologies.(3)Heterogeneous communication,trusted communication,and zero-trust defense technologyOn the strength of cross-domain identity management,trusted identity authentication,and other technologies,the whole-process

291、 trusted forwarding of network traffic in multi-party communication scenarios is realized for the whole-process trusted authentication and forwarding mechanism of heterogeneous attribution.Based on the end-to-end flexible on-demand trusted communication mechanism,the identity-related trusted scheme

292、is designed from multiple perspectives of the source host,routing node,and target host to realize the trusted guarantee of the whole system.According to the user,application,or scenario needs,key information is verified at different nodes as required to achieve a high-performance and lightweight rea

293、l-time verification mechanism.In view of the difficulty in protecting against internal threats and the passive response situation caused by the fuzzy security boundary of network cloudification,a dynamic concealed network model is proposed.Based on technologies such as mobile target defense,dynamic

294、real-time verification of digital identity,and minimum authorization,a dynamic and concealed network that only allows Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-39-legitimate users to access with the least permission is constructed on demand,and the attack surfac

295、e is dynamically changed.Thus accurate and orderly management of security access and immunity to internal attacks are achieved.(4)High-performance trusted forwarding applicationIt refers to high-performance routing devices supporting trusted forwarding,which meet the requirements of the new network

296、identifier system and support authentication and forwarding based on trusted identifiers.4.3 Key Technologies of Cloud-Network-Edge-Terminal Collaboration Security4.3.1 Network Security Access StandardsThe mobile communication network is a commercial telecommunication network.The mobility,reliabilit

297、y,and security of network access have been fully considered at the beginning of the standard design.Through ID(subscriber identity module(SIM)/universal subscriber identity module(USIM),authentication and authorization,access control,channel and carrier encryption,and other methods,good secure commu

298、nication capability is provided.Inheriting the security features of 4G,the 5G network optimizes authentication and authorization,privacy protection,data transmission security,network architecture,and interoperability security.Compared with non-3GPP access mechanisms such as Wi-Fi and private enterpr

299、ise networks,5G enables better mobility and provides users with more robust service security,stricter data protection,and stronger user privacy protection.5G offers a two-way authentication capability based on a unified authentication framework,enabling both terminals and networks to confirm the leg

300、itimacy of the other partys identity.This can not only avoid illegal user access but also prevent fraud or user information stealing via pseudo base stations and pseudo hotspots.4.3.2 Lightweight Security TechnologiesThe 3GPP R15/R16 security standards focus on the requirements related to the securi

301、ty architecture and Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-40-process of the 5G system,including security framework,access security,confidentiality and integrity protection of user data,mobility,session management security,privacy protection of user identity,

302、and interoperability with evolved packet system(EPS).At present,the research on security technologies is mainly for the higher layers,such as the transport layer and network layer,while that for the physical layer is less.However,5G security vulnerabilities often appear at the physical layer,for exa

303、mple,GSMA CVD-2019-0030 ReVoLTE attack vulnerability.Although the PDCP layer is encrypted,attackers can still steal information by monitoring the physical layer.Therefore,it is necessary to improve the 5G security system and carry out research on key technologies based on the multi-dimensional risk

304、analysis that is conducted to comprehensively ensure 5G product security and business evolution.5G physical layer security is mainly oriented to the new access technologies and new application scenarios introduced by 5G communication systems.From the perspective of the physical layer,the focus is to

305、 analyze the key technologies of physical layer information security suitable for 5G communication,construct the physical layer security architecture of 5G communication systems,and further study the key technologies of physical layer security such as channel estimation,security precoding,and wirele

306、ss channel key generation under this architecture.Thus,air interfaces in the open space are effectively protected,and the secure transmission of the bit stream between user access devices and the access networks is realized.4.3.3 Edge Computing SecurityMulti-access edge computing(MEC)is one of the c

307、ore technologies to enable the diversification of 5G services.MEC pushes service capabilities and applications to the edge of the network and makes the deployment location closer to users,thus reducing bandwidth pressure for the transmission network and greatly reducing network latency.In this way,t

308、he low-latency service needs such as the Internet of Vehicles and Industrial Internet can be met.The 5G network supports MEC through such functions as sinking deployment of user plane function(UPF)and flexible splitting.The MEC platform needs to carry some network functions and vertical industry app

309、lications,as shown in Figure 4.4:Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-41-Figure 4.4 Network Functions and Vertical IndustriesDue to the particularity of the physical location,network boundary,and carrier,when using the services provided by MEC,industry cust

310、omers pay special attention to the industrydata asset security:When industry applications and network functions are deployed on the same platform,the network boundary is fuzzy.If there is no trust mechanism,isolation mechanism,etc.,it is easy to breed internal threats(virtual machine escape,mirror t

311、ampering,data theft,etc.)on the platform,which increases the leakage risk of sensitive industry data assets;In order to improve the service experience and shorten the service delay,measures such as sinking the user-plane transmission function,deploying industry services close to users,and making the

312、 security mechanism lightweight are usually used.However,this may lead to the risk of asset data being stolen or tampered with during transmission.In this regard,it is necessary to reinforce the security of MEC from multiple aspects such as the platform layer,network layer,and service management lay

313、er to ensure the security of industry data assets during transmission,processing,and storage.MEC is a multi-element system carrying multiple systems of mobile communication network functions,network capability opening services,industry applications,etc.It is necessary to build an effective trust rel

314、ationship to provide a trust basis for the safe coexistence of multiple systems.In Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-42-addition to establishing a trust relationship among users,industry applications,and capability opening services(such as location servi

315、ce),it is also necessary to consider building trust among mobile terminals,network slicing,and the MEC platform.By introducing trusted computing technology,MEC platform security is verified level by level from system startup to upper-layer applications to build a trusted MEC platform.For the platfor

316、m,different functional domains should be determined,such as the management domain,core network domain,and basic service domain,and inter-domain isolation and access control should be reinforced.Intrusion detection technology,abnormal traffic analysis,anti-APT technology,etc.can be deployed as requir

317、ed to detect malware,malicious attacks,and other behaviors to prevent threats from expanding horizontally.MEC nodes are located at the edge of the network and in an open network environment with weak operator control.Hence,the risk of data theft and leakage is high.In order to ensure the security of

318、 industry customers data assets operated and stored on MEC,it is necessary to authenticate,authorize,and audit the behaviors of all parties using MEC,and manage the ownership,use right,and O&M right of data assets by permission and domain.In the process of MEC deployment and service operation,the da

319、ta that may be involved in MEC applications must be identified,including user identifiers and access locations.Data with high security requirements needs to be stored with encryption means used.For high-value asset data in the industry,secure transmission methods such as IPSec/transport layer securi

320、ty(TLS)should be used to avoid data leakage or tampering during transmission.For data processing,analysis,and use,it is necessary to comply with local data privacy regulations,standardize data processing in combination with authentication,authorization,etc.of data operation objects,and record the op

321、eration process.If data privacy is involved,the data needs to be desensitized before use.4.3.4 Data Privacy ProtectionRisks of eavesdropping,tampering and leakage of user data may occur during transmission.To reduce security risks in industry applications,5G technology offers more robust methods to

322、protect data security.In terms of cryptographic algorithms for confidentiality protection,5G continues to use 4G algorithms such as Advanced Encryption Standard(AES),SNOW 3G,and ZUC.The 128-bit key used by these Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-43-algor

323、ithms is proven by the industry to be secure.Furthermore,longer security keys and more reliable security protection algorithms will be considered in order to cope with the possible impact of quantum computing on the symmetric key system in the future.To protect data transmission between networks,5G

324、has also integrated Security Edge Protection Proxies(SEPP).SEPP establishes a secure TLS transmission channel between operators to protect the confidentiality and integrity of certain information,effectively preventing data from being tampered with or eavesdropped on during transmission.As technolog

325、y evolves,the threat of IMSI-catchers is increasingly prominent.Attackers may obtain user data by inducing industry users to access IMSI-catchers.However,5G can protect broadcast or unicast of base stations by allowing industry users to access only after the communication has been verified,so as to

326、avoid data leakage caused by connection to IMSI-catchers.In addition,5G can completely protect the generation,processing,and use of data in industrial applications.In the process of data generation and processing,data is classified by sensitivity and encrypted transmission links are established betw

327、een security domains.Differentiated data security technologies are used according to the specific security levels.Data requesters are authorized and verified to ensure that the purpose and scope of data usage are in line with security policies.Apart from that,the use of important business data is au

328、dited so that the confidentiality and integrity of data can be protected for industry users.4.3.5 Security IsolationWith the help of network virtualization technology,5G network slicing allows a logical network with complete functions to be subdivided based on 5G infrastructure to provide special,se

329、cure,and differentiated network services for users in vertical industries.Unlike traditional physical private networks that are private and closed,the virtualized private network generated by network slicing in an open environment brings an end-to-end security isolation mechanism and a customized se

330、curity service mechanism.The security concept of network slicing covers the wireless,bearer,and core network sides.In addition to traditional mobile network security mechanisms(such as access authentication,access layer,non-access layer signaling security,data encryption,and data integrity protectio

331、n),an end-to-end security isolation mechanism between network slices and customized security services are also available.Intelligent Collaboration of Cloud-network-edge-terminal for Typical Industries-44-4.3.6 Advanced Persistent Threat Defense TechnologiesAmong numerous threats,the advanced persist

332、ent threat(APT)is more destructive.APT attacks aim to interfere with the operation of infrastructure and destroy its sensitive information.Its attack chain is divided into reconnaissance and detection,penetration and exploitation,command control,lateral movement,data leakage and destruction,etc.Sinc

333、e the occurrence of the Aurora and Stuxnet attacks in 2010,attacks on important infrastructure have emerged one after another.This is the biggest challenge facing 5G industry applications.In the officially implemented classified cybersecurity protection 2.0 standard,anti-APT attack technology is listed as a necessary evaluation item to ensure industry network security.To cope with the security thr