CN114401137B - Backup network shortest path blocking method and device based on dual algorithm - Google Patents

Backup network shortest path blocking method and device based on dual algorithm Download PDF

Info

Publication number
CN114401137B
CN114401137B CN202210043448.6A CN202210043448A CN114401137B CN 114401137 B CN114401137 B CN 114401137B CN 202210043448 A CN202210043448 A CN 202210043448A CN 114401137 B CN114401137 B CN 114401137B
Authority
CN
China
Prior art keywords
network
backup
node
model
blocking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210043448.6A
Other languages
Chinese (zh)
Other versions
CN114401137A (en
Inventor
朱先强
戴周璇
陆敏
朱承
周鋆
刘斌
张维明
丁兆云
黄松平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202210043448.6A priority Critical patent/CN114401137B/en
Publication of CN114401137A publication Critical patent/CN114401137A/en
Application granted granted Critical
Publication of CN114401137B publication Critical patent/CN114401137B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/20Design optimisation, verification or simulation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/02CAD in a network environment, e.g. collaborative CAD or distributed simulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/04Constraint-based CAD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Geometry (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to a backup network shortest path blocking method and device based on a dual algorithm. The method comprises the following steps: establishing a network model according to the shortest blocking problem of the node network; the target of an attacker in the network model is to block network links in the node network to maximize the shortest path of a defender when the resources are limited, and the target of the defender is to search the shortest path from a starting node to a target node in the node network; establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending party activates and enables the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack party; constructing a backup activation shortest path blocking model according to constraint conditions and an optimization target; and solving based on a dual algorithm. The application considers that the defending party can carry out link backup and activate when in attack so as to reduce the influence of the attack on the network.

Description

Backup network shortest path blocking method and device based on dual algorithm
Technical Field
The application relates to the technical field of computer processing, in particular to a backup network shortest path blocking method and device based on a dual algorithm.
Background
The network blocking (Network Interdiction) is an operation optimization problem closely related to network structure and node attribute, and has the core of researching targets and behaviors of both attack and defense parties in the network, and has wide application in the fields of military, transportation, economy and the like at present. Since both the policies and actions of the defender and the blocker of the network need to be considered, the network blocking problem also generally needs to be considered from the perspective of the master-slave gaming problem. Contrary to the network blocking problem is the network protection problem: how to formulate a protection strategy of nodes or edges by using limited protection resources aiming at possible blocking of the own network by blocking parties so that the influence of blocking of the own network is as small as possible. Therefore, in the field of network security, it is very important to study the problem of network blocking, both from the point of view of the network attack or the network defender.
The existing research is continuously developed in the aspects of modeling, solving and the like of the network blocking problem, but some challenges restricting the practical application of the existing research still exist, including:
the existing network blocking research mainly considers how to make the hostile network inefficient at the minimum cost and even paralysis the whole network from the point of view of an attacker. The existing research generally assumes that the defender always passively responds to attacks and seldom considers active defense in the attack and defense process, so that the actual attack and defense decision characteristics are difficult to effectively reflect.
However, in the actual process, the defender has a certain defending resource for deploying the active defending strategy in the attack and defense process besides optimizing the decision based on the self target, so that in the blocking problem research, the model is difficult to accurately describe the actual attack and defense process and the actual attack and defense decision characteristics cannot be effectively reflected due to the fact that the active defending strategy of the defender is ignored.
Disclosure of Invention
Based on this, it is necessary to provide a dual algorithm-based backup network shortest blocking method and device, which consider that a defender can perform link backup and activate backup during attack, so as to reduce the influence of the attack on the network.
The backup network shortest path blocking method based on the dual algorithm comprises the following steps:
establishing a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
Constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
In one embodiment, establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model includes:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
where the backup network is defined as G (N, a), n= {1,2,..the } represents a set of nodes, a= { (i, j) |i, j e N } represents a set of network links, b= { (i, j) |i, j e N } represents a set of link backups, B is a proper subset of a, i, j represents a node number.
In one embodiment, constructing the backup activation shortest blocking model according to the constraint conditions and the optimization targets in the backup network model includes:
y k ≤z k
k∈A r k x k ≤R
k∈S q k z k ≤Q
x k ∈{0,,1},x k =0,/>
y k ∈{0,1},
z k =1,z k ∈{0,1},/>
wherein: s represents a starting node, t represents a target node; c k Representing the length of link k e A; r is (r) k Representing blocking resources required by an attacker to block a link k, wherein R represents the total amount of the blocking resources; q k The backup activation resource required by the defensive side to activate the link k is represented, and Q represents the total amount of the backup activation resource; FS (i) represents the outgoing edge set of node i, and RS (i) represents the incoming edge set of node i; x is x k To block variables for aggressors, y k To defend againstSquare path selection variable, z k Activating variables for defenses is backed up.
In one embodiment, before solving the backup activation shortest path blocking model based on a dual algorithm, the method further comprises:
converting the backup activation shortest blocking model to obtain formal expression:
y k ≤z k
k∈A r k x k ≤R
k∈S q k z k ≤Q
x k ∈{0,1},x k =0,/>
y k ∈[0,1],
z k =1,z k ∈[0,1],/>
in one embodiment, the dual algorithm comprises:
converting the backup activation shortest blocking model to a minimization problem and normalizing in vector form:
where y and z are vector forms of the inner layer path selection variable and the backup activation variable, y s Is a non-negative residual variable generated at normalization;T 1 and T 2 Respectively is in the shape of [ n ] m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i 1 ,I 2 ,I 3 Is of the shape [ m ]]Is a matrix of units of (a); a, a 1 Is a coefficient vector, b is a constant vector;
The inner layer minimization problem is dual-turned into a single layer optimization problem:
ω 1 ,ω 2 ,ω 3 ,ω 4 ≥0
x k ∈{0,1},x k =0,/>
wherein ω is a dual variable satisfying relationship b T ω=C T y。
In one embodiment, the network model and the backup network model each include a plurality of nodes, between which a network link or a backup link is formed, the network link or the link backup each having a link cost.
Backup network shortest blocking device based on dual algorithm includes:
the network model building module is used for building a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
the backup network model building module is used for building a backup network according to the node network and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
The backup activation shortest blocking model building module is used for building a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
and the solving module is used for solving the backup activation shortest blocking model based on a dual algorithm.
A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor when executing the computer program performs the steps of:
establishing a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
Constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor realizes the steps of:
establishing a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
And solving the backup activation shortest blocking model based on a dual algorithm.
The backup network shortest blocking method and the backup network shortest blocking device based on the dual algorithm provide an expansion problem of the shortest network blocking problem: the backup network shortest blocking problem additionally considers that a defender can carry out link backup on the basis of the original shortest blocking problem and can activate backup during attack so as to reduce the influence of the attack on the network, and the backup network model can accurately describe the actual attack and defense process and effectively reflect the actual attack and defense decision characteristics; a planning model of a backup network shortest blocking problem is provided, a backup network scene and specific settings are described, the backup activation shortest blocking model is equivalently converted according to the characteristics of the proposed planning model, and a dual algorithm framework is provided on the basis of the equivalent conversion for solving the problem, so that defense resources are deployed to ensure uninterrupted operation of the network and minimum reduced efficiency when the network is attacked.
Drawings
FIG. 1 is a flow diagram of a backup network shortest path blocking method based on a dual algorithm in one embodiment;
FIG. 2 is a schematic diagram of a backup network shortest path blocking case one in one embodiment;
FIG. 3 is a schematic diagram of a backup network shortest path blocking case two in one embodiment;
FIG. 4 is a schematic diagram of backup network shortest path blocking case three in one embodiment;
FIG. 5 is a graph of shortest paths after blocking for different backup link ratios for a 100 node network in one embodiment;
FIG. 6 is a graph of a shortest path after blocking for different backup link ratios for a 200 node network in one embodiment;
FIG. 7 is a block diagram of a backup network shortest blocking mechanism based on a dual algorithm in one embodiment;
FIG. 8 is an internal block diagram of a computer device in one embodiment;
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
As shown in fig. 1 to 6, the dual algorithm-based backup network shortest path blocking method provided by the present application, in one embodiment, includes the following steps:
102, establishing a network model according to the shortest blocking problem of a node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the starting node to the target node in the node network.
Step 104, establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending party activates and enables the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack party.
And step 106, constructing a backup activation shortest path blocking model according to constraint conditions and optimization targets in the backup network model.
And step 108, solving the backup activation shortest blocking model based on a dual algorithm.
Blocking refers to the purpose of degrading certain performance or disabling functions of a target network by taking measures such as intrusion, interference on the network level or thermal attack, destruction on the physical level.
Network blocking (Network Interdiction): and the blocking action is implemented on the network with the specific function, so that the function index of the network is reduced to the maximum extent. The network blocking problem includes both attack and defense of the network: aggressors and defenders. Wherein, the defender of the network maintains the functional network and optimizes the service thereof, and is responsible for realizing and maintaining certain optimization indexes of the network, such as the shortest or maximum flow transmission of the information flow from the initial node s to the target node t; under a certain blocking resource constraint, an attacker tries to block nodes or links in the network, so that the performance of the network is reduced or the function is disabled, for example, the shortest path from the initial node s to the target node t of the target network information flow is maximized or the maximum flow is minimized through blocking the edges or the nodes.
Shortest network blocking (Shortest Path Network Interdiction, SPNI): shortest network blocking is a particular example of a network blocking problem, where the defender goal is to minimize the shortest path (shortest path length or shortest information transfer time) from the originating node to the target node, and the aggressor goal is to block nodes or links in the network using limited resources so that the defender's shortest path is maximized.
From the perspective of the network itself coping with faults, the operators of the network can usually prepare in advance to ensure the functions and performances of the network, and take actions such as backup activation, succession, repair and the like after the network is damaged. In the previous shortest path blocking study, the defender selects a new shortest path after the aggressor blocks without other defensive measures, so the defender is always in a passive position. However, in a real situation, as an operator and a maintainer of the network, a defensive party can design and implement a backup mechanism according to actual requirements of toughness, elasticity, safety and the like.
Thus, considering the interference facing the aggressor, the defender can backup some edges in advance and activate some backup edges when some edges of the network are blocked. Typically, the backup links set up in a network system are determined by the physical conditions and budget of the system itself, and it is costly to activate the backup links. Based on the above consideration, the defender can backup some links in advance when constructing the network based on the system condition and budget, activate corresponding backup edges temporarily when the network is attacked, select paths containing backup edges for information transfer, and the selected paths containing backup edges are generally shorter than those without backup mechanism. That is, the backup mechanism may improve the toughness of the network against malicious attacks.
The application provides a new blocking problem of a single-layer network, in the attack and defense scene of the single-layer network, aiming at the situation that a defending party is under passive attack, from the perspective of the defending party, on the basis of the original shortest path target, a network backup mechanism is considered, namely, a defending strategy of link backup is considered, namely, the defending party backs up a part of links in the network in advance, when the network is attacked, the defending party activates a part of backup links for service circulation, avoids the attacked links, minimizes the influence of the network attack on the network, and thus improves the toughness of the network when the network is attacked.
Since in practical situations, the network attacks and defenders are not simple attacks-modes of selecting escape paths, the defenders can also have resources for deploying the defenses. Therefore, in order to explore the influence of the active defense mechanism of pre-backup and temporary activation on the attack and defense decision in the network blocking attack and defense process, a new network blocking problem is proposed and researched on the basis of the information flow shortest network blocking problem by taking the active defense mechanism of a defender in the network into consideration: the backup network shortest blocking problem is that under the blocking strategy of an attacker, the defensive party can activate the pre-backed-up link and put into use so as to reduce the influence of the attack on the network functions and performances.
Taking the shortest path model as an example, a backup network model is provided, a backup network shortest path blocking model is established for the backup network shortest path blocking problem, and a basic description and a mathematical planning model of the problem are provided.
In order to eliminate the influence of the defending Fang Bianliang integer constraint, the model is equivalently converted by a method of loosening variables, a dual algorithm is provided for the backup network shortest blocking problem, an optimal blocking strategy of an attacker and an optimal path selection strategy and a backup activation strategy of a defender are solved, and model and algorithm verification experiments, algorithm performance comparison experiments and model effect analysis experiments under different backup link ratios are performed by using simulation data.
The network backup proportion has saturation characteristic to the model effect, and the research on the problem provides theoretical basis and decision support for attack and defense decisions and attack and defense resource allocation of a decision maker in the backup network. The problem can give out blocking strategies of an attacker, path selection strategies and backup activation strategies of the defender based on a backup network mechanism of the defender.
In one embodiment, the network model and the backup network model each include a plurality of nodes, between which a network link or a backup link is formed, the network link or the link backup each having a link cost.
In a given network G, the defender of the network (i.e., the user of the network) attempts to pass information or traffic flows from the originating node s to the target node t. Each link in the network has a certain passing cost (such as time delay, resource consumption, etc.), so the goal of the defender is to realize the business flow from s to t with the minimum passing cost of the link; as a counterparty of the network, an attacker wishes to break down its network or prevent its implementation of the traffic flow by attacking the links in the network G. However, in practical situations, the resources of the attacker are limited, and the node and the link may be repaired after the attack, which only increases the response time of the network. The model thus considers that an attacker allocates limited attack resources in the network to increase the defensive party's experience costs, such as increasing its need to complete the business process or the resource consumption to complete the business process. Besides the basic network setting and the targets of both the attack and the defense, the model considers that the defender can backup a part of the network when constructing the network, and can select a part of backup edges from the backup edges to activate for use when the network is attacked, thereby ensuring that the influence of the network is as small as possible.
The constructed network is shown in fig. 2, the letters and numbers in the nodes represent their numbers, the solid lines represent normal network links, the broken lines represent backup links, and after being activated, they can be considered normal links, but cannot be attacked at any time. The number on a link represents the cost of going through, considered here as a time delay, representing the time required for information to travel through this link.
Fig. 2 to 4 show examples of shortest network blocking.
When the backup is not considered, assuming that an attacker can only block 3 links, and when the attacker is not attacked, the shortest circuit of the network is s-3-t in fig. 2, and the time delay is 8; when an attacker blocks the network, the shortest path of the network is shown as s-1-3-t in fig. 3, the time delay is 12, s-3, s-4,1-2, the number in brackets on the blocked solid line indicates the time delay after the link is blocked.
When backup activation is considered, the broken lines in the graph can be used as normal links for information transmission; if the consumed resource activates the backup when not attacked, the shortest path of the network is s-5-t in figure 2, and the time delay is shortened from 8 to 6 compared with the time delay without considering the backup; when an attacker blocks the network, the shortest path of the network is s-4-t in fig. 4, and the time delay is shortened from 12 to 10 compared with the case when backup is not considered.
Therefore, the backup activation is considered in the network, so that the toughness of the network can be effectively improved, and when the network is not attacked, the network can temporarily improve the performance of the network by activating the backup, as shown in the case of fig. 2; when the network is attacked, the network function can be ensured to operate effectively by activating the backup, as shown in the case of fig. 4. Meanwhile, the situation is that an attacker can only block 3 links, and the effect is more obvious when the attacker blocks more resources. However, when the backup is activated, resources (such as power) are consumed, so that the application selects the link for backup activation under the condition of limited resources so as to ensure the normal use of network functions.
In one embodiment, according to the backup network model, planning the backup network model, and establishing a backup activation shortest blocking model includes:
description of the problem: in the backup network model, a starting node s and a target node t; the defender pre-backs up a part of the link, and the link cannot pass when the backup link is not activated. The defender aims at searching the shortest path from the starting node s to the target node t in the network, and the length of the path from the starting node s to the target node t is defined as the sum of the lengths of the links passing through the s-t path; the attacker goal is to block some links in the network with limited resources R to maximize the shortest path of the defender; after the network is blocked by the attack party, the defending party activates and starts a small number of backup links according to the current network state so as to minimize the attack effect of the attack party;
Symbol prescribes: the backup network is defined as G (N, a), where n= {1,2,.+ -. Is a set of nodes, a= { (i, j) |i, j e N } is a set of network links, b= { (i, j) |i, j e N } is a set of link backups, B is a proper subset of a, i, j is a node number, and nodes s and t are the starting and destination nodes, respectively; c k Representing the length of link k e A, which will increase by d when link k is blocked k (d k > 0) to c k +d k (when d k When large enough, then link k can be considered to be completely blocked from passing); r is (r) k (r k > 0) represents blocking resources required by an attacker to block a link k, and the total blocking resources are defined as R; q k (q k > 0) represents backup active resources required by the defender to activate the link k, and the total backup active resources are defined as Q; let FS (i) and RS (i) represent an outgoing edge set and an incoming edge set of node i, respectively, where FS (i) = { (i ', j')ea|i '=i } and RS (i) = { (j', i ')ea|i' =i };
definition of binary variable x k As an aggressor blocking variable, 1 is taken to represent an aggressor blocking link k, and 0 is taken to represent unblocked; definition of the binary variable y k Selecting a variable for the defending party path, wherein 1 is taken to represent that the defending party path passes through a link k, and 0 is taken to represent that the defending party path does not pass through the link k; definition of the binary variable z k For defensive side to backup the activation variable, when k is E B, z k Taking 1 to represent the defensive side activating backup link k, taking 0 to represent not activating, when k is E A-B, z k Taking a fixed value of 1, and not considering the fixed value as a backup side; bold represents the vector form of the corresponding scalar.
Planning model: according to the above description of the problem and the related symbol specification, the backup network shortest blocking problem (Backup Network Shortest Path Interdiction, BNSPI) is a two-layer mixed integer programming problem, and based on the MXSP-P model for edge blocking, a programming model of the BNSPI problem can be obtained, that is, the backup activation shortest blocking model is expressed as follows:
k∈A r k x k ≤R (4)
k∈S q k z k ≤Q (5)
wherein, formula (2) is a flow conservation constraint, ensuring that the defender experiences a complete s-t path. Equation (3) indicates that the defender cannot pass through the inactive backup edge. Equation (4) and equation (5) represent blocking resource constraints of the aggressor and backup activation resource constraints of the defender, respectively. Equation (6) is an aggressor block variable constraint and indicates that the backup link cannot be blocked. (7) The defensive path selection variable and the defensive backup activation variable (8) indicate that only the backup side can be activated (1 is taken when activated, 0 is not taken when not activated), and the non-backup side takes a fixed value of 1.
The shortest blocking problem is a classical two-layer planning problem, comprising two parts: solving the shortest problem and the blocking resource allocation problem of the outer layer by the inner layer correspond to the minimization and maximization problems in the two-layer planning model respectively. The two-layer planning problem can be solved by linearly coupling the inner-layer minimization problem, so that the minimization problem is converted into the maximized problem, and the maxmin conflict in the original problem is solved, so that the original two-layer planning problem is converted into a single-layer planning problem. In the backup network shortest path blocking problem, the inner layer variable y k And Z k Are integer variables that take values 0-1, so the problem is a mixed integer programming problem (Mixed Integer Linear Programme, MILP). Since the linear dual theory can only be applied to the linear programming model, consider the variable y k And z k Relaxation to continuous space converts the problem from a mixed integer programming problem to a linear programming problem.
In BNCI, when all y in the optimal solution k When 0 or 1 is taken, only one path from the starting node s to the target node t is taken in the graph G; when there is y in the optimal solution k When the value is within the range (0, 1), it means that there are more than two paths from the start node s to the target node t, and two cases occur at this time: (1) If the lengths of the paths are not equal, then the optimal solution must fall on the shortest one of the paths, indicating that the current solution is not the optimal solution, so this is not the case; (2) If the paths are equal in length, the final solution must fall on one of the s-t paths, any y at this time, since the flow conservation constraints ensure that the defender experiences a complete s-t path k Either 0 or 1.
Thus, in the backup network shortest blocking problem BNCI, when the problem gets the optimal solution, two discrete integer variables, path selection variable y k And backup activation variable z k Equivalent to two continuous variablesAnd
therefore, the BNCI problem can be expressed in a reformation mode, and the BNCI problem is different from the original model in that the values of two variables of a defender are relaxed to the range of [0,1 ].
In one embodiment, before solving the backup activation shortest path blocking model based on a dual algorithm, the method further comprises:
converting the backup activation shortest blocking model to obtain formal expression:
k∈A r k x k ≤R (12)
k∈s q k z k ≤Q (13)
although the backup network shortest blocking problem is more complex and contains more variables and constraints than the shortest blocking problem, both problems can be solved by Dual-and-Combine (Dual) methods due to the similarity of the objective functions and constraint structures of the two problems.
In one embodiment, a dual algorithm is used to solve:
firstly, fixing a blocking variable x of an outer layer, and regarding x as a constant; the maximization goal of the outer layer can be ignored temporarily, the minimization problem of the inner layer is obtained, and the vector form of the maximization goal is normalized and then is marked as BNSI-S, and the expression is as follows:
Wherein all vectors are column vectors. y and z are vector forms of the inner layer path selection variable and the backup activation variable, y s Is a non-negative residual variable generated at normalization;T 1 and T 2 Respectively is of the shape [ n, m ]],[(m-l)*m]Where n is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network. I 1 ,I 2 ,I 3 Is of the shape [ m ]]Is a unit matrix of (a). a, a 1 Is a coefficient vector and b is a constant vector. In order to express the constraint more clearly, the variables and the coefficients in the BNSI-S constraint are separated, and the arrangement is shown in a formula (18), wherein the left matrix is a variable coefficient, and the right matrix corresponds to the vector of the variables. (18) In the left matrix, the first row corresponds to a stream conservation constraint (2), the second row corresponds to a backup activation variable constraint (8), the third row corresponds to a constraint (3), and the fourth row corresponds to a backup activation resource constraint (5). When multiplication is performed, the first column of the left block matrix is multiplied by y, the second column is multiplied by z, and the last two columns are multiplied by y s Multiplying.
Then, after the inter-layer minimization problem is coupled,the corresponding maximized dual form is obtained, where the inner and outer layer problems have the same optimization direction. Finally, by relaxing C T And the fixed x in the (b) is a decision variable, so that BNSI is converted into a single-layer optimization problem, and the single-layer optimization problem can be solved by a standard optimization solver. The dual form of BNCSPI is denoted BNCSPI-D, expressed as follows:
ω 1 ,ω 2 ,ω 3 ,ω 4 ≥0 (24)
Wherein ω is a dual variable satisfying relationship b T ω=C T y。
The backup network shortest blocking method and the backup network shortest blocking device based on the dual algorithm provide an expansion problem of the shortest network blocking problem: the backup network shortest blocking problem additionally considers that a defender can carry out link backup on the basis of the original shortest blocking problem and can activate backup during attack so as to reduce the influence of the attack on the network, and the backup network model can accurately describe the actual attack and defense process and effectively reflect the actual attack and defense decision characteristics; a planning model of the backup network shortest blocking problem is provided, a backup network scene and specific settings are described, the backup activation shortest blocking model is equivalently converted according to the characteristics of the proposed planning model, and a dual algorithm framework is provided on the basis of the equivalent conversion for solving the problem.
It should be understood that, although the steps in the flowchart of fig. 1 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 1 may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of other steps or sub-steps of other steps.
In one embodiment, backup network shortest blocking experiments are performed, backup network shortest blocking data adopts BA network data generated by simulation, and table 1 shows two solutions of BNSPI problems in the simulated network data: the performance comparison of the dual algorithm and the Bende decomposition algorithm under different network scales shows that the solving efficiency of the two algorithms is not greatly different.
Table 1 comparison of backup network shortest path blocking algorithm
Table 2 shows the shortest path lengths in different scale networks under different conditions in the simulated network data, each scale network containing 100 simulated graphs. In all cases, the number of given blocked links is 10; 15% of the links are randomly backed up, and up to 2 backup links may be activated. Wherein ASP represents the average shortest path length of the simulated graph under the non-blocking-non-active backup condition, ASP-B represents the average shortest path length of the simulated graph under the non-blocking-active backup condition, ASP-I represents the average shortest path length of the simulated graph under the blocking-active backup condition, and ASP-I-B represents the average shortest path length of the simulated graph under the blocking-active backup condition.
Table 2 simulation network experimental results table
It can be seen from table 2 that by activating the backup link when not under attack, a path shorter than the original shortest path can be found in some cases, but the backup advantage is not obvious from this point of view because the experiment adopts a random backup strategy. As can be seen by comparing the data of the two columns of ASP-I and ASP-I-B, the influence of the attack on the network can be effectively reduced by activating the backup link after the network is blocked. In fact, since the experimental data takes the average value of the shortest of the plurality of cases, which includes the case where part of the backup strategy is not effective, in the specific case where the backup is effective, the effect of the backup activation is more remarkable than the result in the above table.
The effect of the model when a different number of nodes are backed up in each network is tested below. Experiments were performed in BA networks of 100 nodes and 200 nodes, respectively, and an attacker blocked at most 10% of the total number of links, wherein each scale of network generated 100 blocking cases, and the ASP-I-B values were used as the effect evaluation index of the model, and the results are shown in fig. 5 and 6.
From the above results, as the proportion of backup links increases, the average shortest path ASP-I-B after network outage decreases. The ASP-I-B value is fast to fall initially, the falling rate is gradually slowed down when the backup proportion reaches 15% -20%, and the falling trend of the ASP-I-B value is gradually gentle when the backup proportion reaches 25% -30%. This shows that with the increase of the proportion of the backup links, the toughness of the network can be effectively improved at first, and when the proportion of the backup links reaches about 15%, the backup links reach maximum efficiency, i.e. the backup can achieve good effect with less resource consumption. When the proportion of the backup links is increased, the cost performance of the backup links is gradually reduced, namely the number of the backup links is increased but no obvious effect exists. When the backup proportion reaches about 25%, the link backup effect reaches saturation, the income of continuously increasing the number of backup links is low, and the resource waste can be caused.
In summary, the experimental result verifies the correctness of the model and the algorithm, the proposed algorithm can accurately solve the blocking strategy of the attacker, the backup activation strategy and the path selection strategy of the defender are given based on the current blocking condition, and meanwhile, the validity of the link backup mechanism in coping with the network attack is also verified. The data for the subsequent experiments show that the more links are not backed up, the better the backup proportion is, the saturation exists to a certain extent, the number of the backup links is increased after the saturation point is reached, and the income is greatly reduced.
The application is based on the classical shortest network blocking problem, and provides an expansion problem of the shortest network blocking problem: backup network shortest blocking problem. Based on the original shortest path blocking problem, the fact that a defender can carry out link backup is additionally considered, and backup can be activated when the defender attacks, so that the influence of the attacks on the network is reduced. And then a planning model of the backup network shortest blocking problem is provided, and the backup network scene and specific settings are described. According to the proposed planning model, the model is subjected to equivalent conversion aiming at the characteristics of the model, and related evidence is provided, on the basis, a dual algorithm framework is finally provided for solving the problem, and the correctness of the algorithm is proved. Because the experiment adopts a random backup strategy, the backup activation is not effective in many cases, and the path length of the cases is averaged to serve as an evaluation index, so that the experiment result can not fully embody the advantage of the backup activation, but in the case that the backup activation is effective, the influence effect on reducing the network attack is quite remarkable.
As shown in fig. 7, in one embodiment, an apparatus is provided comprising: a network model creation module 702, a backup network model creation module 704, a backup activation shortest path blocking model creation module 706, and a solution module 708, wherein:
a network model building module 702, configured to build a network model according to a shortest blocking problem of a node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the starting node to the target node in the node network.
A backup network model building module 704, configured to build a backup network according to the node network, and obtain a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending party activates and enables the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack party.
And the backup activation shortest blocking model establishing module 706 is configured to construct a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model.
A solving module 708, configured to solve the backup activation shortest blocking model based on a dual algorithm.
In one embodiment, the backup network model building module 704 is further configured to build a backup network according to the node network, and obtain a backup network model according to the backup network and the network model, where the obtaining the backup network model includes:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
where the backup network is defined as G (N, a), n= {1,2,..the } represents a set of nodes, a= { (i, j) |i, j e N } represents a set of network links, b= { (i, j) |i, j e N } represents a set of link backups, B is a proper subset of a, i, j represents a node number.
In one embodiment, the backup activation shortest path blocking model creation module 706 is further configured to: constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model:
k∈A r k x k ≤R
k∈S q k z k ≤Q
wherein: s represents a starting node, t represents a target node; c k Representing the length of link k e A; r is (r) k Representing blocking resources required by an attacker to block a link k, wherein R represents the total amount of the blocking resources; q k The backup activation resource required by the defensive side to activate the link k is represented, and Q represents the total amount of the backup activation resource; FS (i) represents the outgoing edge set of node i, and RS (i) represents the incoming edge set of node i; x is x k To block variables for aggressors, y k Selecting variables for defensive path, z k Activating variables for defenses is backed up.
In one embodiment, the solving module 708 is further configured to, prior to solving the backup activation shortest blocking model based on a dual algorithm, further comprise:
converting the backup activation shortest blocking model to obtain formal expression:
y k ≤z k
k∈A r k x k ≤R
k∈S q k z k ≤Q
x k ∈{0,1},x k =0,/>
y k ∈[0,1],
z k =1,z k ∈[0,1],/>
in one embodiment, the solution module 708 is further configured to perform the dual algorithm comprising:
converting the backup activation shortest blocking model to a minimization problem and normalizing in vector form:
/>
where y and z are vector forms of the inner layer path selection variable and the backup activation variable, y s Is a non-negative residual variable generated at normalization;T 1 and T 2 Respectively is in the shape of [ n ] m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i 1 ,I 2 ,I 3 Is of the shape [ m ] ]Is a matrix of units of (a); a, a 1 Is a coefficient vector, b is a constant vector;
the inner layer minimization problem is dual-turned into a single layer optimization problem:
ω 1 ,ω 2 ,ω 3 ,ω 4 ≥0
x k ∈{0,1},x k =0,/>
wherein ω is a dual variable satisfying relationship b T ω=C T y。
In one embodiment, the backup network model building module 704 is further configured to: the network model and the backup network model each comprise a plurality of nodes, network links or backup links are formed between the nodes, and the network links or the link backups have link costs.
For specific limitation of the dual algorithm-based backup network shortest blocking device, reference may be made to the above limitation of the dual algorithm-based backup network shortest blocking method, and the description thereof will not be repeated here. The above-mentioned dual algorithm-based backup network shortest blocking means may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure thereof may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a dual algorithm-based backup network shortest blocking method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like. The computer device may be a simulation device, the input means inputs relevant information to the simulation device, the processor executes the programs in the memory for combined simulation, and the display screen displays the relevant simulation results.
It will be appreciated by those skilled in the art that the structure shown in FIG. 8 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In an embodiment a computer device is provided comprising a memory storing a computer program and a processor implementing the steps of the method of the above embodiments when the computer program is executed.
In one embodiment, a computer readable storage medium is provided, on which a computer program is stored which, when executed by a processor, implements the steps of the method of the above embodiments.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims (6)

1. The backup network shortest blocking method based on the dual algorithm is characterized by comprising the following steps:
establishing a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
Establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
solving the backup activation shortest blocking model based on a dual algorithm;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model comprises:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
wherein the backup network is defined as G (N, a), n= {1,2,.+ -. Represents a set of nodes, a= { (i, j) |i, j e N } represents a set of network links, b= { (i, j) |i, j e N } represents a set of link backups, B is a proper subset of a, i, j represents a node number;
According to constraint conditions and optimization targets in the backup network model, constructing a backup activation shortest blocking model comprises the following steps:
k∈S q k z k ≤Q
wherein: s represents a starting node, t represents a target node; c k Representing the length of link k e A; r is (r) k Representing blocking resources required by an attacker to block a link k, wherein R represents the total amount of the blocking resources; q k The backup activation resource required by the defensive side to activate the link k is represented, and Q represents the total amount of the backup activation resource; FS (i) represents the outgoing edge set of node i, and RS (i) represents the incoming edge set of node i; x is x k To block variables for aggressors, y k Selecting variables for defensive path, z k Backup activation variable for defender, d k Indicating the length of link k that increases when it is blocked;
the dual algorithm comprises:
converting the backup activation shortest blocking model to a minimization problem and normalizing in vector form:
where y and z are vector forms of the inner layer path selection variable and the backup activation variable, y s Is a non-negative residual variable generated during normalization;T 1 And T 2 Respectively is in the shape of [ n ] m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i 1 ,I 2 ,I 3 Is of the shape [ m ]]Is a matrix of units of (a); a, a 1 Is a coefficient vector, b is a constant vector;
the inner layer minimization problem is dual-turned into a single layer optimization problem:
ω 1234 ≥0
wherein ω is a dual variable satisfying relationship b T ω=c T y。
2. The method of claim 1, further comprising, prior to solving the backup activation shortest blocking model based on a dual algorithm:
converting the backup activation shortest blocking model to obtain formal expression:
k∈A r k x k ≤R
k∈S q k z k ≤Q
3. the method according to claim 1 or 2, wherein the network model and the backup network model each comprise a plurality of nodes, between which a network link or a backup link is formed, the network link or the link backup each having a link cost.
4. The backup network shortest blocking device based on the dual algorithm is characterized by comprising the following components:
the network model building module is used for building a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
The backup network model building module is used for building a backup network according to the node network and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
the backup activation shortest blocking model building module is used for building a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
the solving module is used for solving the backup activation shortest blocking model based on a dual algorithm;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model comprises:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
wherein the backup network is defined as G (N, a), n= {1,2,.+ -. Represents a set of nodes, a= { (i, j) |i, j e N } represents a set of network links, b= { (i, j) |i, j e N } represents a set of link backups, B is a proper subset of a, i, j represents a node number;
According to constraint conditions and optimization targets in the backup network model, constructing a backup activation shortest blocking model comprises the following steps:
k∈S q k z k ≤Q
wherein: s represents a starting node, t represents a target node; c k Representing the length of link k e A; r is (r) k Representing blocking resources required by an attacker to block a link k, wherein R represents the total amount of the blocking resources; q k The backup activation resource required by the defensive side to activate the link k is represented, and Q represents the total amount of the backup activation resource; FS (i) represents the outgoing edge set of node i, and RS (i) represents the incoming edge set of node i; x is x k To block variables for aggressors, y k Selecting variables for defensive path, z k Backup activation variable for defender, d k Indicating the length of link k that increases when it is blocked;
the dual algorithm comprises:
converting the backup activation shortest blocking model to a minimization problem and normalizing in vector form:
where y and z are vector forms of the inner layer path selection variable and the backup activation variable, y s Is a non-negative residual variable generated at normalization;T 1 and T 2 Respectively is in the shape of [ n ] m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i 1 ,I 2 ,I 3 Is of the shape [ m ]]Is a matrix of units of (a); a, a 1 Is a coefficient vector, b is a constant vector;
the inner layer minimization problem is dual-turned into a single layer optimization problem:
ω 1234 ≥0
wherein ω is a dual variable satisfying relationship b T ω=C T y。
5. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 3 when the computer program is executed.
6. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 3.
CN202210043448.6A 2022-01-14 2022-01-14 Backup network shortest path blocking method and device based on dual algorithm Active CN114401137B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210043448.6A CN114401137B (en) 2022-01-14 2022-01-14 Backup network shortest path blocking method and device based on dual algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210043448.6A CN114401137B (en) 2022-01-14 2022-01-14 Backup network shortest path blocking method and device based on dual algorithm

Publications (2)

Publication Number Publication Date
CN114401137A CN114401137A (en) 2022-04-26
CN114401137B true CN114401137B (en) 2023-09-08

Family

ID=81231411

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210043448.6A Active CN114401137B (en) 2022-01-14 2022-01-14 Backup network shortest path blocking method and device based on dual algorithm

Country Status (1)

Country Link
CN (1) CN114401137B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104380672A (en) * 2012-04-27 2015-02-25 瑞典爱立信有限公司 Three stage folded clos optimization for 802.1aq
CN105516184A (en) * 2015-12-31 2016-04-20 清华大学深圳研究生院 Increment deployment SDN network-based method for defending link flooding attack
CN111478811A (en) * 2020-04-07 2020-07-31 中国人民解放军国防科技大学 Network key point analysis method based on double-layer information flow transmission
CN111756687A (en) * 2020-05-15 2020-10-09 国电南瑞科技股份有限公司 Defense measure configuration method and system for coping with network attack
CN112436957A (en) * 2020-11-03 2021-03-02 深圳市永达电子信息股份有限公司 PDRR network security guarantee model parallel implementation system based on cloud computing
CN112565272A (en) * 2020-12-09 2021-03-26 中国人民解放军国防科技大学 Method and device for blocking minimum Steiner tree of double-layer network and computer equipment
CN112738125A (en) * 2021-01-07 2021-04-30 中国重型机械研究院股份公司 Network security collaborative defense system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080025209A1 (en) * 2006-07-31 2008-01-31 Technion Research And Development Foundation Ltd. Method and apparatus for protecting a communication network against failure

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104380672A (en) * 2012-04-27 2015-02-25 瑞典爱立信有限公司 Three stage folded clos optimization for 802.1aq
CN105516184A (en) * 2015-12-31 2016-04-20 清华大学深圳研究生院 Increment deployment SDN network-based method for defending link flooding attack
CN111478811A (en) * 2020-04-07 2020-07-31 中国人民解放军国防科技大学 Network key point analysis method based on double-layer information flow transmission
CN111756687A (en) * 2020-05-15 2020-10-09 国电南瑞科技股份有限公司 Defense measure configuration method and system for coping with network attack
CN112436957A (en) * 2020-11-03 2021-03-02 深圳市永达电子信息股份有限公司 PDRR network security guarantee model parallel implementation system based on cloud computing
CN112565272A (en) * 2020-12-09 2021-03-26 中国人民解放军国防科技大学 Method and device for blocking minimum Steiner tree of double-layer network and computer equipment
CN112738125A (en) * 2021-01-07 2021-04-30 中国重型机械研究院股份公司 Network security collaborative defense system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于动态多重网络的目标体系建模与分析";朱承等;《指挥与控制学报》;第第2卷卷(第第4期期);全文 *

Also Published As

Publication number Publication date
CN114401137A (en) 2022-04-26

Similar Documents

Publication Publication Date Title
Zhang et al. Modeling and simulation of the vulnerability of interdependent power-water infrastructure networks to cascading failures
Huang et al. A large-scale markov game approach to dynamic protection of interdependent infrastructure networks
Zhuang et al. A model for analyzing the effect of moving target defenses on enterprise networks
CN112565272B (en) Method and device for blocking minimum Steiner tree of double-layer network and computer equipment
Lalropuia et al. Modeling cyber-physical attacks based on stochastic game and Markov processes
Lou et al. A framework of hierarchical attacks to network controllability
Lai et al. Simplified swarm optimization with initialization scheme for dynamic weapon–target​ assignment problem
CN111400890A (en) Attack-defense structure-based power grid upgrading method for resisting malicious data attack
Huang et al. Factored markov game theory for secure interdependent infrastructure networks
Liu et al. Robustness of partially interdependent networks under combined attack
Shakarian et al. Power grid defense against malicious cascading failure
Wu et al. Allocation of defensive and restorative resources in electric power system against consecutive multi-target attacks
Davarikia et al. A novel approach in strategic planning of power networks against physical attacks
Yadav et al. SmartPatch: A patch prioritization framework
CN114401137B (en) Backup network shortest path blocking method and device based on dual algorithm
Ravishankar et al. Time dependent network resource optimization in cyber–physical systems using game theory
CN114401200B (en) Backup network shortest path blocking method and device based on Bende decomposition algorithm
Banerjee et al. On the entity hardening problem in multi-layered interdependent networks
Ge et al. A game theory based optimal allocation strategy for defense resources of smart grid under cyber-attack
CN116684152A (en) Active defense method, device and system for multiple aggressors
Shao et al. Multistage attack–defense graph game analysis for protection resources allocation optimization against cyber attacks considering rationality evolution
Wang et al. Optimal voting strategy against rational attackers
CN116248335A (en) Network attack and defense strategy selection method and system based on intelligent evolution game
Zhang et al. Defending against stealthy attacks on multiple nodes with limited resources: A game-theoretic analysis
Emadi et al. On the characterization of saddle point equilibrium for security games with additive utility

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant