CN112351353B - Detection and location method of multi-point crosstalk attack in multi-domain optical network based on distributed PCE - Google Patents

Detection and location method of multi-point crosstalk attack in multi-domain optical network based on distributed PCE Download PDF

Info

Publication number
CN112351353B
CN112351353B CN202011050749.9A CN202011050749A CN112351353B CN 112351353 B CN112351353 B CN 112351353B CN 202011050749 A CN202011050749 A CN 202011050749A CN 112351353 B CN112351353 B CN 112351353B
Authority
CN
China
Prior art keywords
domain
attack
node
crosstalk
alarm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011050749.9A
Other languages
Chinese (zh)
Other versions
CN112351353A (en
Inventor
吴启武
刘雪玥
姜灵芝
姜姗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Engineering University of Chinese Peoples Armed Police Force
Original Assignee
Engineering University of Chinese Peoples Armed Police Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Engineering University of Chinese Peoples Armed Police Force filed Critical Engineering University of Chinese Peoples Armed Police Force
Priority to CN202011050749.9A priority Critical patent/CN112351353B/en
Publication of CN112351353A publication Critical patent/CN112351353A/en
Application granted granted Critical
Publication of CN112351353B publication Critical patent/CN112351353B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q2011/0079Operation or maintenance aspects

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of multi-domain optical networks, and discloses a multi-domain optical network multi-point crosstalk attack detection and positioning method based on a distributed PCE. By using BER detection comparison of the alarm node, the state information value S of the alarm node is obtained nk And obtaining an OALP set through attack discrimination to achieve the purpose of eliminating interference alarm, and then adopting an MD-PLVM algorithm suitable for multi-domain optical network attack positioning to position a multi-point high-power crosstalk attack source of the OALP to obtain an inter-domain link subjected to crosstalk attack and an intra-domain link subjected to crosstalk attack.

Description

基于分布式PCE的多域光网络多点串扰攻击检测与定位方法Detection and location method of multi-point crosstalk attack in multi-domain optical network based on distributed PCE

技术领域technical field

本发明属于多域光网络多点串扰攻击检测与定位技术领域,具体涉及一种基于分布式PCE的多域光网络多点串扰攻击检测与定位方法。The invention belongs to the technical field of multi-domain optical network multi-point crosstalk attack detection and positioning, and in particular relates to a multi-domain optical network multi-point crosstalk attack detection and positioning method based on distributed PCE.

背景技术Background technique

在大规模、大容量、高速率的光网络中,恶意用户很容易利用网络传输的透明特性对域内和域间链路进行高功率串扰攻击,这些有可能发生在任意时刻、任意位置的大功率串扰攻击会在网络中引发攻击传播效应,甚至将导致整个网络的瘫痪,带来不可估计的损失。因此,如何对多域光网络中的大功率串扰攻击做到精准检测和快速定位,是保证网络安全,提高光网络生存性的一项重要研究内容。In large-scale, large-capacity, and high-speed optical networks, malicious users can easily use the transparent characteristics of network transmission to conduct high-power crosstalk attacks on intra-domain and inter-domain links. These high-power attacks may occur at any time and any location. Crosstalk attacks will cause attack propagation effects in the network, and even lead to the paralysis of the entire network, resulting in immeasurable losses. Therefore, how to accurately detect and quickly locate high-power crosstalk attacks in multi-domain optical networks is an important research content to ensure network security and improve the survivability of optical networks.

由于多域光网络的各个域是由不同的服务提供者来管理的,域和域之间互不交换内部信息,这就为跨域的串扰攻击定位带来了难度。基于分布式PCE的多域光网络架构可以很好地解决这个问题,PCE的算路结构和通信机制可以支持对域间链路的攻击定位,同时PCE之间是要求严格同步的,它们不仅掌握本域如拓扑结构和资源信息等方面的网络状态,而且其计算出来的路径集合和预留资源是实时的。Since each domain of a multi-domain optical network is managed by different service providers, the domains do not exchange internal information with each other, which brings difficulty to the location of cross-domain crosstalk attacks. The multi-domain optical network architecture based on distributed PCE can solve this problem well. The path calculation structure and communication mechanism of PCE can support the attack positioning of inter-domain links. At the same time, strict synchronization is required between PCEs. Network status in this domain, such as topology and resource information, and its calculated path set and reserved resources are real-time.

在多域光网络中,由于大功率串扰攻击会引起LP的攻击传播,一旦一条链路遭到大功率串扰攻击,不仅所有经过它的LP都将受到串扰攻击的影响,而且串扰攻击传播会使网络中出现大量的SALP和DALP。因此,一段受到串扰攻击的光路很可能引发光网络中大量告警,传统的网络攻击检测与定位方法根本无法定位串扰攻击源的位置。In a multi-domain optical network, high-power crosstalk attacks will cause LP attack propagation. Once a link is attacked by high-power crosstalk, not only all LPs passing through it will be affected by crosstalk attacks, but also the propagation of crosstalk attacks will cause A large number of SALPs and DALPs appear in the network. Therefore, an optical path under crosstalk attack is likely to cause a large number of alarms in the optical network, and traditional network attack detection and location methods cannot locate the source of the crosstalk attack at all.

发明内容SUMMARY OF THE INVENTION

本发明的目的在于提供一种基于分布式PCE的多域光网络多点串扰攻击检测与定位方法,用以解决现有技术中针对大功率串扰攻击的攻击传播进而引发光网络中产生大量告警,导致的攻击定位阶段工作量大,定位速度低的问题。The object of the present invention is to provide a multi-domain optical network multi-point crosstalk attack detection and positioning method based on distributed PCE, in order to solve the attack propagation for high-power crosstalk attacks in the prior art and cause a large number of alarms in the optical network, The resulting problem is that the workload of the attack positioning phase is large and the positioning speed is low.

为了实现上述任务,本发明采用以下技术方案:In order to realize the above-mentioned tasks, the present invention adopts the following technical solutions:

基于分布式PCE的多域光网络多点串扰攻击检测方法,包括如下步骤:The method for detecting multi-point crosstalk attack in multi-domain optical network based on distributed PCE includes the following steps:

步骤1:采集每个告警节点处的所有攻击光路的BER信息,所述攻击光路的BER信息包括攻击光路的检测BER值,基准BER值和阈值;Step 1: collect the BER information of all attacking optical paths at each alarm node, where the BER information of the attacking optical paths includes the detection BER value, the reference BER value and the threshold value of the attacking optical path;

步骤2:根据每个告警节点处的所有攻击光路的BER信息,获得攻击光路的状态信息集合Zn={Snk};Step 2: According to the BER information of all attacking optical paths at each alarm node, obtain the state information set Z n ={S nk } of the attacking optical paths;

其中,

Figure GDA0003647502200000021
Brnk为第n个告警节点的第k个攻击光路的检测BER值,Bbnk第n个告警节点的第k个攻击光路的基准BER,Btnk表示第n个告警节点的第k个攻击光路的阈值,dBrnk=|Brnk-Bbnk|,Brnk、Bbnk和Btnk的取值范围均为(0,1);in,
Figure GDA0003647502200000021
Br nk is the detection BER value of the k-th attack optical path of the n-th alarming node, Bb nk is the reference BER of the k-th attacking optical path of the n-th alarming node, and Bt nk represents the k-th attacking optical path of the n-th alarming node The threshold of , dBr nk = |Br nk -Bb nk |, the value range of B nk , Bb nk and Bt nk are all (0,1);

步骤3:将每个告警节点处状态信息为2的攻击光路判定为原始攻击光路,获取所有告警节点处的原始攻击光路作为原始攻击光路集。Step 3: Determine the attack light path with the status information of 2 at each alarm node as the original attack light path, and obtain the original attack light paths at all alarm nodes as the original attack light path set.

基于分布式PCE的多域光网络多点串扰攻击检测定位方法,包括如下步骤:The distributed PCE-based multi-domain optical network multi-point crosstalk attack detection and positioning method includes the following steps:

步骤1:将多域光网络中每个域的边界节点和每条光路的目的节点作为告警节点,采集每个告警节点处的所有攻击光路的BER信息,根据如权利要求1所述的基于分布式PCE的多域光网络多点串扰攻击检测方法获得原始攻击光路集;Step 1: The boundary node of each domain and the destination node of each optical path in the multi-domain optical network are used as alarm nodes, and the BER information of all attacked optical paths at each alarm node is collected. The original attack optical path set is obtained by the multi-domain optical network multi-point crosstalk attack detection method based on PCE;

根据原始攻击光路集中每条原始攻击光路中包括原始攻击光路的目的节点DN和原始攻击光路的域边界节点BN,获得DN集和BN集;According to each original attack optical path in the original attack optical path set including the destination node DN of the original attack optical path and the domain boundary node BN of the original attack optical path, the DN set and the BN set are obtained;

步骤2:令DN集和BN集发送信令,根据DN集和BN集的收发信令关系获得多域光网络中所有的串扰攻击域,包括如下子步骤:Step 2: Let the DN set and the BN set send signaling, and obtain all the crosstalk attack domains in the multi-domain optical network according to the sending and receiving signaling relationship between the DN set and the BN set, including the following sub-steps:

步骤2.1:DN集中每个DN向所在域的域内PCE和所在域的所有节点发送域内告警信令,所述域内告警信令包括发送节点的域ID、节点ID以及所有通过该节点的被攻击光路的ID和长度;Step 2.1: Each DN in the DN set sends an intra-domain alarm signaling to the intra-domain PCE and all nodes in the domain where it is located. The intra-domain alarm signaling includes the domain ID of the sending node, the node ID, and all the attacked optical paths passing through the node. id and length;

BN集中每个BN的入口向所在域的域内PCE、域内所有节点、上游域的PCE和上游域的BN发送域间告警信令,还向上游DN和上游BN发送监测信号,所述域间告警信令包括发送节点的域ID、节点ID以及所有通过该节点的被攻击光路的ID和长度;The entry of each BN in the BN set sends inter-domain alarm signaling to the intra-domain PCE, all nodes in the domain, the PCE of the upstream domain, and the BN of the upstream domain, and also sends monitoring signals to the upstream DN and upstream BN. The signaling includes the domain ID of the sending node, the node ID, and the IDs and lengths of all attacked light paths passing through the node;

BN集中每个BN的出口向所在域的域内PCE、域内所有节点、下游域的PCE和下游域的BN发送域间告警信令,还向下游DN和下游BN发送监测信号;The egress of each BN in the BN set sends inter-domain alarm signaling to the intra-domain PCE, all nodes in the domain, the PCE of the downstream domain, and the BN of the downstream domain, and also sends monitoring signals to the downstream DN and downstream BN;

步骤2.2:获取多域光网络中不属于BN集的边界节点收到的信令,若任一不属于BN集的边界节点收到了包含本域的域ID的域间告警信令,则向该任一不属于BN集的边界节点的下游BN发送控制信令,所述控制信令包含发送节点的节点ID,执行步骤2.3;否则,执行步骤2.3;Step 2.2: Obtain the signaling received by the border nodes that do not belong to the BN set in the multi-domain optical network. If any border node that does not belong to the BN set receives the inter-domain alarm signaling including the domain ID of Any downstream BN that does not belong to the border node of the BN set sends control signaling, the control signaling includes the node ID of the sending node, and step 2.3 is performed; otherwise, step 2.3 is performed;

步骤2.3:获取每个域内DN和BN数量,以及BN集中每个BN收到的信令,根据判断准则进行判断,获取多域光网络中所有的串扰攻击域,所述判断准则包括:Step 2.3: Obtain the number of DNs and BNs in each domain, as well as the signaling received by each BN in the BN set, and judge according to the judgment criteria to obtain all the crosstalk attack domains in the multi-domain optical network. The judgment criteria include:

若域内只含有DN而没有BN,则该域被判定为串扰攻击域;If the domain only contains DN but no BN, the domain is judged as a crosstalk attack domain;

若任一域内没有BN收到控制信令且所有的DN和BN都收到了监测信号,则判定该域内无串扰攻击;否则,该域被判定为串扰攻击域;If no BN in any domain receives control signaling and all DNs and BNs receive monitoring signals, it is determined that there is no crosstalk attack in this domain; otherwise, this domain is determined to be a crosstalk attack domain;

若任一BN收到了非本域的域ID的域间告警信令,则将该BN与信令发送节点构成的域间链路加入串扰攻击域;If any BN receives an inter-domain alarm signaling of a domain ID other than its own domain, the inter-domain link formed by the BN and the signaling sending node is added to the crosstalk attack domain;

步骤3:判断串扰攻击域内DN和BN的数量关系,若只含有DN而没有BN,则进行域内串扰攻击定位,获得受到串扰攻击的域内链路;否则,进行域间串扰攻击定位,获得受到串扰攻击的域间链路。Step 3: Determine the quantitative relationship between DNs and BNs in the crosstalk attack domain. If only DNs are included but no BNs, perform intradomain crosstalk attack positioning to obtain intradomain links that are attacked by crosstalk; otherwise, perform interdomain crosstalk attack positioning to obtain crosstalk attacked links. The interdomain link of the attack.

进一步的,步骤3中串扰攻击定位方法采用MD-PLVM算法。Further, the crosstalk attack positioning method in step 3 adopts the MD-PLVM algorithm.

本发明与现有技术相比具有以下技术特点:Compared with the prior art, the present invention has the following technical characteristics:

(1)本发明的检测方法利用对告警处OXC端口ALP的BER检测比对,得出其状态信息值Snk,根据实际值和阈值的关系计算ALP的状态信息值并进行ALP的攻击判别分类,经过攻击判别得到一个OALP集,达到排除干扰告警的目的。减少了攻击定位阶段工作量,提高了定位速度。(1) The detection method of the present invention utilizes the BER detection and comparison of the ALP of the OXC port at the alarm place to obtain its state information value S nk , calculates the state information value of the ALP according to the relationship between the actual value and the threshold value, and performs the attack discrimination and classification of the ALP , and an OALP set is obtained through attack discrimination, so as to achieve the purpose of eliminating interference alarms. The workload of the attack positioning phase is reduced, and the positioning speed is improved.

(2)本发明针对大功率串扰攻击引发光路攻击传播,从而导致光网络中产生大量告警的问题,在PLVM算法思想的基础上,以分布式PCE的网络架构和攻击检测模块输出的OALP集为前提,提出了一种适用于多域光网络多点串扰攻击定位的算法MD-PLVM,实现了对域间和域内的多点串扰攻击源的快速定位。最后,通过仿真实验对基于分布式PCE的多域光网络多点串扰攻击检测与定位方法(DP-CADL)进行验证,实验结果证明,DP-CADL方案能够对多域光网络的多点串扰攻击进行精准检测与快速定位,并且具有较高的定位准确率。(2) The present invention aims at the problem that high-power crosstalk attacks cause optical path attack propagation, thereby causing a large number of alarms to be generated in the optical network. On the premise, an algorithm MD-PLVM, which is suitable for multi-domain optical network multi-point crosstalk attack location, is proposed, which realizes the fast location of multi-point crosstalk attack sources between domains and intra-domains. Finally, the distributed PCE-based multi-domain optical network multi-point crosstalk attack detection and localization method (DP-CADL) is verified by simulation experiments. Accurate detection and fast positioning, and have a high positioning accuracy.

附图说明Description of drawings

图1为实施例中拓扑构成的多域光网络;Fig. 1 is the multi-domain optical network of topology composition in the embodiment;

图2为OXC端口光路的结构示意图;Fig. 2 is the structural schematic diagram of OXC port optical path;

图3为实施例中各ALP的检测BER比较图;Fig. 3 is the detection BER comparison diagram of each ALP in the embodiment;

图4为实施例中的攻击判别结果图;Fig. 4 is the attack discrimination result graph in the embodiment;

图5为实施例中攻击定位准确率示意图;5 is a schematic diagram of the accuracy of attack positioning in the embodiment;

图6为七种情况下的最大攻击定位时延;Figure 6 shows the maximum attack positioning delay in seven cases;

图7为七种情况下的平均攻击定位时延。Figure 7 shows the average attack location delay in seven cases.

具体实施方式Detailed ways

首先对本发明中出现的技术词语进行解释:First, the technical terms that appear in the present invention are explained:

多域光网络:多域光网络存在多个域,每个域内存在多条链路,每个域存在一个PCE负责该域内节点的拓扑结构以及进行域内和域间的链路计算,在多域光网络中,为了使各PCE间能够正常通信和相互协作,需要在PCE和与其通信的网络实体间设计通信协议、标准接口和消息格式。多域光网络G=(V,L,W)中,V代表包括光纤、EDFA、OXC等节点的集合;L代表网络中所有链路的集合,一条L链路可以用V中的有序对来表示;W表示一个节点到另一个节点的功率累加次数。Multi-domain optical network: A multi-domain optical network has multiple domains, each domain has multiple links, and each domain has a PCE responsible for the topology of the nodes in the domain and the calculation of intra-domain and inter-domain links. In an optical network, in order to enable normal communication and mutual cooperation among PCEs, communication protocols, standard interfaces and message formats need to be designed between the PCEs and the network entities that communicate with them. In the multi-domain optical network G=(V, L, W), V represents the set of nodes including optical fibers, EDFA, OXC, etc.; L represents the set of all links in the network, and an L link can use the ordered pair in V to represent; W represents the number of power accumulations from one node to another.

OALP(original attacked LP):原始攻击光路,串扰攻源产生的光路。OALP (original attacked LP): The original attacked optical path, the optical path generated by the crosstalk attack source.

SALP(secondary attacked LP):二阶攻击光路,受到OALP攻击影响的光路,SALP的攻击功率虽然产生了一定程度的损耗但仍具备攻击传播能力。SALP (secondary attacked LP): The second-order attacked optical path, the optical path affected by the OALP attack, although the attack power of SALP has a certain degree of loss, it still has the attack propagation ability.

DALP(destination attacked LP):终点攻击光路,受到SALP攻击影响的光路,DALP的攻击功率衰减严重所以不具备攻击传播能力。DALP (destination attacked LP): The destination attacked optical path, the optical path affected by the SALP attack, the attack power of DALP is severely attenuated, so it does not have the attack propagation capability.

OXC:光交叉连接设备,在本发明中OXC为告警节点。OXC: optical cross-connect equipment, in the present invention, OXC is an alarm node.

OXC端口光路:如图2所示为一个OXC的端口光路定义描述图,用LPn表示第n个OXC的所有光端口的光路集合,LPink表示第n个OXC的第k个输入端口,LPonk表示第n个OXC的第k个输出端口,LPIn={LPin1,LPin2,...,LPinm}为第n个OXC的输入光端口集合,LPOn={LPon1,LPon2,...,LPonm}为第n个OXC的输出光端口集合,且LPn=LPIn∪LPOnOXC port optical path: Figure 2 shows the definition and description of the port optical path of an OXC, with LP n representing the optical path set of all optical ports of the nth OXC, LPi nk representing the kth input port of the nth OXC, LPo nk represents the k-th output port of the n-th OXC, LPI n ={LPi n1 ,LPi n2 ,...,LPi nm } is the input optical port set of the n-th OXC, LPO n ={LPo n1 ,LPo n2 ,...,LPo nm } is the output optical port set of the nth OXC, and LP n =LPI n ∪LPO n .

平行有限边界矢量匹配算法(PLVM):一种最常用的在对光网络多个链路攻击的有效算法,出自文献Mazen Khair,Jun Zheng,Hussein T.Mouftah.Distributed Multi-Failure Localization Protocol for All-Optical Networks.ONDM.2009.,PLVW算法将LVM算法进行扩展,引入执行路由队列的概念对受到不同链路攻击影响的光路进行分类,而后对各个不同攻击的区域进行限定并在各个区域内执行LVM算法,从而实现对多链路攻击定位的目的。Parallel Finite Boundary Vector Matching Algorithm (PLVM): One of the most commonly used and effective algorithms for attacking multiple links in optical networks, from the literature Mazen Khair, Jun Zheng, Hussein T. Mouftah. Distributed Multi-Failure Localization Protocol for All- Optical Networks.ONDM.2009. The PLVW algorithm extends the LVM algorithm, introduces the concept of executing routing queues to classify the optical paths affected by different link attacks, and then limits the areas of different attacks and executes LVM in each area. algorithm, so as to achieve the purpose of locating multi-link attacks.

在本实施例中公开了一种基于分布式PCE的多域光网络多点串扰攻击检测方法,包括如下步骤:This embodiment discloses a distributed PCE-based multi-domain optical network multi-point crosstalk attack detection method, including the following steps:

步骤1:采集每个告警节点处的所有攻击光路的BER信息,所述攻击光路的BER信息包括攻击光路的检测BER值,基准BER值和阈值;Step 1: collect the BER information of all attacking optical paths at each alarm node, where the BER information of the attacking optical paths includes the detection BER value, the reference BER value and the threshold value of the attacking optical path;

步骤2:根据每个告警节点处的所有攻击光路的BER信息,获得攻击光路的状态信息集合Zn={Snk};Step 2: According to the BER information of all attacking optical paths at each alarm node, obtain the state information set Z n ={S nk } of the attacking optical paths;

其中,

Figure GDA0003647502200000061
Brnk为第n个告警节点的第k个攻击光路的检测BER值,Bbnk第n个告警节点的第k个攻击光路的基准BER,Btnk表示第n个告警节点的第k个攻击光路的阈值,dBrnk=|Brnk-Bbnk|,Brnk、Bbnk和Btnk的取值范围均为(0,1);in,
Figure GDA0003647502200000061
Br nk is the detection BER value of the k-th attack optical path of the n-th alarming node, Bb nk is the reference BER of the k-th attacking optical path of the n-th alarming node, and Bt nk represents the k-th attacking optical path of the n-th alarming node The threshold of , dBr nk = |Br nk -Bb nk |, the value range of B nk , Bb nk and Bt nk are all (0,1);

步骤3:将每个告警节点处状态信息为2的攻击光路判定为原始攻击光路,获取所有告警节点处的原始攻击光路作为原始攻击光路集。Step 3: Determine the attack light path with the status information of 2 at each alarm node as the original attack light path, and obtain the original attack light paths at all alarm nodes as the original attack light path set.

对攻击光路的状态信息进行分类,将Snk=0的ALP判定为DALP,将Snk=1的ALP判定为SALP,将Snk=2的ALP判定为OALP,将OALP对应光路集合作为原始攻击光路集,每个状态值的含义如表1所示:Classify the state information of the attacking optical path, determine the ALP with Snk =0 as DALP , determine the ALP with Snk =1 as SALP, determine the ALP with Snk =2 as OALP , and use the set of optical paths corresponding to OALP as the original attack Optical path set, the meaning of each state value is shown in Table 1:

表1攻击光路ALP的状态值含义表Table 1 Meaning table of the status values of the attacking optical path ALP

Figure GDA0003647502200000071
Figure GDA0003647502200000071

在本实施例中还公开了一种基于分布式PCE的多域光网络多点串扰攻击检测定位方法,包括如下步骤:This embodiment also discloses a distributed PCE-based method for detecting and locating a multi-point crosstalk attack in a multi-domain optical network, including the following steps:

步骤1:将多域光网络中每个域的边界节点和每条光路的目的节点作为告警节点,采集每个告警节点处的所有攻击光路的BER信息,根据所述的基于分布式PCE的多域光网络多点串扰攻击检测方法获得原始攻击光路集;Step 1: The boundary node of each domain and the destination node of each optical path in the multi-domain optical network are used as alarm nodes, and the BER information of all attacked optical paths at each alarm node is collected. The multi-point crosstalk attack detection method in the domain optical network obtains the original attack optical path set;

根据原始攻击光路集中每条原始攻击光路中包括原始攻击光路的目的节点DN和原始攻击光路的域边界节点BN,获得DN集和BN集;According to each original attack optical path in the original attack optical path set including the destination node DN of the original attack optical path and the domain boundary node BN of the original attack optical path, the DN set and the BN set are obtained;

步骤2:令DN集和BN集发送信令,根据DN集和BN集的收发信令关系获得多域光网络中所有的串扰攻击域,包括如下子步骤:Step 2: Let the DN set and the BN set send signaling, and obtain all the crosstalk attack domains in the multi-domain optical network according to the sending and receiving signaling relationship between the DN set and the BN set, including the following sub-steps:

步骤2.1:DN集中每个DN向所在域的域内PCE和所在域的所有节点发送域内告警信令,所述域内告警信令包括发送节点的域ID、节点ID以及所有通过该节点的被攻击光路的ID和长度;Step 2.1: Each DN in the DN set sends an intra-domain alarm signaling to the intra-domain PCE and all nodes in the domain where it is located. The intra-domain alarm signaling includes the domain ID of the sending node, the node ID, and all the attacked optical paths passing through the node. id and length;

BN集中每个BN的入口向所在域的域内PCE、域内所有节点、上游域的PCE和上游域的BN发送域间告警信令,还向上游DN和上游BN发送监测信号,所述域间告警信令包括发送节点的域ID、节点ID以及所有通过该节点的被攻击光路的ID和长度;The entry of each BN in the BN set sends inter-domain alarm signaling to the intra-domain PCE, all nodes in the domain, the PCE of the upstream domain, and the BN of the upstream domain, and also sends monitoring signals to the upstream DN and upstream BN. The signaling includes the domain ID of the sending node, the node ID, and the IDs and lengths of all attacked light paths passing through the node;

BN集中每个BN的出口向所在域的域内PCE、域内所有节点、下游域的PCE和下游域的BN发送域间告警信令,还向下游DN和下游BN发送监测信号;The egress of each BN in the BN set sends inter-domain alarm signaling to the intra-domain PCE, all nodes in the domain, the PCE of the downstream domain, and the BN of the downstream domain, and also sends monitoring signals to the downstream DN and downstream BN;

步骤2.2:获取多域光网络中不属于BN集的边界节点收到的信令,若任一不属于BN集的边界节点收到了包含本域的域ID的域间告警信令,则向该任一不属于BN集的边界节点的下游BN发送控制信令,所述控制信令包含发送节点的节点ID,执行步骤2.3;否则,执行步骤2.3;Step 2.2: Obtain the signaling received by the border nodes that do not belong to the BN set in the multi-domain optical network. If any border node that does not belong to the BN set receives the inter-domain alarm signaling including the domain ID of Any downstream BN that does not belong to the border node of the BN set sends control signaling, the control signaling includes the node ID of the sending node, and step 2.3 is performed; otherwise, step 2.3 is performed;

步骤2.3:获取每个域内DN和BN数量,以及BN集中每个BN收到的信令,根据判断准则进行判断,获取多域光网络中所有的串扰攻击域,所述判断准则包括:Step 2.3: Obtain the number of DNs and BNs in each domain, as well as the signaling received by each BN in the BN set, and judge according to the judgment criteria to obtain all the crosstalk attack domains in the multi-domain optical network. The judgment criteria include:

若域内只含有DN而没有BN,则该域被判定为串扰攻击域;If the domain only contains DN but no BN, the domain is judged as a crosstalk attack domain;

若任一域内没有BN收到控制信令且所有的DN和BN都收到了监测信号,则判定该域内无串扰攻击;否则,该域被判定为串扰攻击域;If no BN in any domain receives control signaling and all DNs and BNs receive monitoring signals, it is determined that there is no crosstalk attack in this domain; otherwise, this domain is determined to be a crosstalk attack domain;

若任一BN收到了非本域的域ID的域间告警信令,则将该BN与信令发送节点构成的域间链路加入串扰攻击域;If any BN receives an inter-domain alarm signaling of a domain ID other than its own domain, the inter-domain link formed by the BN and the signaling sending node is added to the crosstalk attack domain;

步骤3:判断串扰攻击域内DN和BN的数量关系,若只含有DN而没有BN,则进行域内串扰攻击定位,获得受到串扰攻击的域内链路;否则,进行域间串扰攻击定位,获得受到串扰攻击的域间链路。Step 3: Determine the quantitative relationship between DNs and BNs in the crosstalk attack domain. If only DNs are included but no BNs, perform intradomain crosstalk attack positioning to obtain intradomain links that are attacked by crosstalk; otherwise, perform interdomain crosstalk attack positioning to obtain crosstalk attacked links. The interdomain link of the attack.

具体的,步骤3中串扰攻击定位方法采用MD-PLVM算法,所述MD-PLVM算法的参数定义如表2:Specifically, in step 3, the crosstalk attack positioning method adopts the MD-PLVM algorithm, and the parameter definitions of the MD-PLVM algorithm are as shown in Table 2:

表2 MD-PLVM算法参数定义表Table 2 MD-PLVM algorithm parameter definition table

Figure GDA0003647502200000081
Figure GDA0003647502200000081

Figure GDA0003647502200000091
Figure GDA0003647502200000091

具体的,步骤2中通过MD-PLVM算法确定串扰攻击域包括如下子步骤:Specifically, in step 2, determining the crosstalk attack domain by the MD-PLVM algorithm includes the following sub-steps:

步骤2a:OALP集包含的DN启动时长为2Dl/v0的计时器,并向域内PCE和所有节点发送“INTRADA”;Step 2a: The DN included in the OALP set starts a timer with a duration of 2D l /v 0 , and sends "INTRADA" to the PCE and all nodes in the domain;

步骤2b:OALP集包含的入口BN启动时长为2d/v0的计时器,并向域内PCE和所有节点发送“INTERDA”,同时也向上游域的PCE和边界节点发送“INTERDA”,另外向下游的BN和DN发送“MS”;Step 2b: The entry BN included in the OALP set starts a timer with a duration of 2d/v 0 , and sends "INTERDA" to the PCE and all nodes in the domain, and also sends "INTERDA" to the PCE and border nodes in the upstream domain, and also sends "INTERDA" to the downstream BN and DN send "MS";

步骤2c:OALP集包含的出口BN启动时长为2d/v0的计时器,并向域内PCE和所有节点发送“INTERDA”,同时也向下游域的PCE和边界节点发送“INTERDA”,另外向下游的BN和DN发送“MS”;Step 2c: The egress BN included in the OALP set starts a timer with a duration of 2d/v 0 , and sends "INTERDA" to PCEs and all nodes in the domain, and also sends "INTERDA" to PCEs and border nodes in the downstream domain, and sends "INTERDA" to the downstream BN and DN send "MS";

步骤2d:当不属于BN集的边界节点收到本ID域的“INTERDA”,将向其连接的下游边界节点发送“GA”;Step 2d: When a border node that does not belong to the BN set receives "INTERDA" in this ID field, it will send "GA" to its connected downstream border node;

步骤2e:若某一边界节点收到了不同ID域的“INTERDA”,则将该节点与信令发送节点构成的域间链路判入串扰攻击域;Step 2e: if a border node receives "INTERDA" of different ID domains, the inter-domain link formed by the node and the signaling sending node is judged into the crosstalk attack domain;

步骤2f:若某一域内只含有DN而没有BN,则该域被判定为串扰攻击域;Step 2f: If a domain contains only DN but no BN, the domain is determined as a crosstalk attack domain;

步骤2g:若某一域内没有出口边界节点收到“GA”,且所有的DN和出口BN都收到了正确的“MS”,则判定该域内无串扰攻击链路。否则,该域被判定为串扰攻击域。Step 2g: If no egress border node in a certain domain receives "GA", and all DNs and egress BNs have received correct "MS", it is determined that there is no crosstalk attack link in this domain. Otherwise, the domain is judged as a crosstalk attack domain.

具体的,步骤3中通过MD-PLVM算法进行域间多点串扰攻击定位包括如下子步骤:Specifically, in step 3, the location of the inter-domain multipoint crosstalk attack by using the MD-PLVM algorithm includes the following sub-steps:

步骤3a:若某一不属于BN集的边界节点收到不同ID域的“INTERDA”,则判定该节点与信令发送节点构成的域间链路受到串扰攻击;Step 3a: if a border node that does not belong to the BN set receives "INTERDA" of different ID domains, then it is determined that the interdomain link formed by the node and the signaling sending node is subject to crosstalk attack;

步骤3b:若某一BN收到不同ID域的“INTERDA”,则寻找这对边界节点中是否至少存在一个节点在2d/v0的时间内收到正确的“MS”,如果有则判定这对边界节点构成的域间链路没有受到串扰攻击,否则判定为受到串扰攻击。Step 3b: If a BN receives "INTERDA" in different ID fields, find out whether at least one node in the pair of border nodes has received the correct "MS" within 2d/v 0 , and if so, determine this. The inter-domain link formed by the border node is not subject to crosstalk attack, otherwise it is determined to be subject to crosstalk attack.

具体的,步骤3中通过MD-PLVM算法进行域内多点串扰攻击定位包括如下子步骤:Specifically, in step 3, the location of the intra-domain multipoint crosstalk attack by the MD-PLVM algorithm includes the following sub-steps:

步骤4a:将域内的DN定义为潜在执行节点PES,各PES向域内的所有节点发送“INTRADA”,该“INTRADA”包含了PES的ID以及所有到达它的OALP在域内部分的长度。Step 4a: Define the DN in the domain as a potential execution node PES, each PES sends "INTRADA" to all nodes in the domain, the "INTRADA" contains the ID of the PES and the length of all the OALPs reaching it in the domain.

步骤4b:当一个PES收到“INTRADA”后,将所有指向它的OALP提取出来,并根据其长度按照从小到大的顺序插入到一个列表中。若两条OALP长度相同,则源节点ID较小的OALP优先插入,若其源节点相同,则连接OALP的节点ID较小的优先插入。Step 4b: When a PES receives "INTRADA", it extracts all OALPs pointing to it, and inserts them into a list in ascending order according to their lengths. If the lengths of the two OALPs are the same, the OALP with the smaller source node ID is inserted preferentially; if the source nodes are the same, the node with the smaller ID connected to the OALP is preferentially inserted.

步骤4c:每一个PES对列表中的OALP依次与后面的OALP进行比较,将两条没有公共链路的OALP分别存入不同的执行路径队列ERQi,其中i=1,2,3,...,n。若列表中的第一条OALP与表中其他OALP都存在公共链路,则转为将第二条OALP与表中其他OALP做比对,依此类推,直到找出两条无公共链路的OALP。若列表中的所有OALP都比对完后仍找不出没有公共链路的OALP,则此攻击被判定为单点串扰攻击,可以利用LVM协议对攻击进行定位。Step 4c: Each PES compares the OALPs in the list with the following OALPs in turn, and stores the two OALPs without a common link in different execution path queues ERQi, where i=1, 2, 3,... ,n. If the first OALP in the list has a common link with other OALPs in the table, the second OALP will be compared with other OALPs in the table, and so on, until two OALPs without public links are found. OALP. If all OALPs in the list are compared and no OALP without a public link can be found, the attack is judged as a single point crosstalk attack, and the LVM protocol can be used to locate the attack.

步骤4d:当找出两条分离的OALP后,将其与列表中剩余的OALP继续比对,其具体步骤如下:Step 4d: After finding two separated OALPs, compare them with the remaining OALPs in the list. The specific steps are as follows:

步骤4d.1:若列表中某条剩余的OALP与这两条无公共链路的OALP的其中一条存在公共链路,则将其加入该OALP所对应的ERQi中。Step 4d.1: If there is a public link between a remaining OALP in the list and one of the two OALPs without a public link, add it to the ERQi corresponding to the OALP.

步骤4d.2:若列表中某条剩余的OALP与这两条无公共链路的OALP都存在公共链路,则判定这条OALP不会对攻击定位提供有用参考,将其忽略。Step 4d.2: If there is a public link between a remaining OALP in the list and the two OALPs without public links, it is determined that this OALP will not provide a useful reference for attack positioning and is ignored.

步骤4d.3:若列表中某条剩余的OALP与这两条无公共链路的OALP都不存在公共链路,则将其添加到一个新的ERQi中。这种情况说明发现一处新的攻击,接着将此OALP与列表中的OALP继续进行比对。Step 4d.3: If there is no public link between a remaining OALP in the list and the two OALPs without public links, add it to a new ERQi. This situation indicates that a new attack has been discovered, and this OALP is then compared with the OALPs in the list.

步骤4d.4:循环此过程,直到列表中所有的剩余光路都进行了比对。Step 4d.4: Loop this process until all remaining light paths in the list have been aligned.

步骤4e:此时,网络中所有OALP都已根据不同攻击产生的影响被分别存入了不同的ERQi中。接下来对每一个ERQi进行单点攻击定位,定位过程可以同时进行,每一个ERQi的攻击定位具体步骤如下:Step 4e: At this point, all OALPs in the network have been stored in different ERQi according to the impact of different attacks. Next, single-point attack positioning is performed on each ERQi. The positioning process can be carried out at the same time. The specific steps of attack positioning for each ERQi are as follows:

步骤4e.1:将ERQi中的第一条OALP定义为执行路径ER,这是因为其链路长度最短,同时将该OALP的PES确定为执行节点ES。Step 4e.1: Define the first OALP in ERQi as the execution path ER, because its link length is the shortest, and at the same time determine the PES of the OALP as the execution node ES.

步骤4e.2:ES将会产生一个关于ER的受到攻击影响的链路向量ALV,同时确定一个限制区域LA。这个LA包括了ER中的所有节点和链路以及其相邻节点。而后ES对LA内的所有节点广播ALV。Step 4e.2: The ES will generate an attack-affected link vector ALV for the ER, while determining a restricted area LA. This LA includes all nodes and links in the ER and its adjacent nodes. Then the ES broadcasts the ALV to all nodes in the LA.

步骤4e.3:当LA中的节点收到ALV,该节点会将自己所在光路的链路向量LV与ALV进行匹配,匹配的结果用一个二进制向量BV表示。对于OALP来说,若其LV与ALV存在公共的链路,则将BV中的对应二进制位设置为1,反之设置为0,并将OALP状态设置为0;对于正常的LP来说,若其LV与ALV存在公共的链路,则将BV中的对应二进制位设置为0,反之设置为1,并将LP状态设置为1。Step 4e.3: When the node in the LA receives the ALV, the node will match the link vector LV of its own optical path with the ALV, and the matching result is represented by a binary vector BV. For OALP, if there is a common link between its LV and ALV, set the corresponding binary bit in BV to 1, otherwise set it to 0, and set the OALP state to 0; for normal LP, if its If there is a common link between LV and ALV, the corresponding binary bit in BV is set to 0, otherwise, it is set to 1, and the LP state is set to 1.

步骤4f:若得到的BV与ER不存在公共链路,则相对应的目的节点将不会把二进制向量发送给ES。反之,相对应的目的节点将会把BV发送给ES。Step 4f: If the obtained BV and ER do not have a common link, the corresponding destination node will not send the binary vector to the ES. On the contrary, the corresponding destination node will send the BV to the ES.

步骤4g:每个ES在LA范围内将接收到的所有BV进行逻辑“与”运算。若结果中“1”的个数为1,则表示该串扰攻击已被准确定位,ES就会把攻击链路的信息传送给本域的PCE,PCE将广播一条ATTACK_LOCATION的消息给所有与它所在域相邻的域的PCE。否则,该ES将扩大LA的范围,即将ALV的相邻节点的邻居节点加入LA范围内,再次进行定位。Step 4g: Each ES performs a logical AND operation on all the BVs received within the LA range. If the number of "1" in the result is 1, it means that the crosstalk attack has been accurately located, the ES will transmit the information of the attack link to the PCE in this domain, and the PCE will broadcast an ATTACK_LOCATION message to all the The PCE of the domain adjacent to the domain. Otherwise, the ES will expand the scope of the LA, that is, the neighbor nodes of the adjacent nodes of the ALV will be added to the scope of the LA, and the positioning will be performed again.

具体的,若某一域内的攻击链路所在的OALP通过该域并传送至其他域时,会引起域间链路两端的BN告警,此时进行跨域OALP的多点串扰攻击定位,选择将域内的DN、在2d/v0时间内没有收到正确的“MS”的出口BN、收到“GA”的出口边界节点全部定义为潜在执行节点PES,而后执行域内多点串扰攻击定位中的步骤4a~步骤4g进行串扰攻击定位。Specifically, if the OALP where the attack link in a certain domain is located passes through this domain and is transmitted to other domains, it will cause BN alarms at both ends of the inter-domain link. The DN in the domain, the egress BN that does not receive the correct "MS" within 2d/v 0 , and the egress border nodes that receive "GA" are all defined as potential execution nodes PES, and then execute the multipoint crosstalk attack positioning in the domain. Steps 4a to 4g perform crosstalk attack positioning.

实施例1Example 1

如图1为一个基于分布式PCE下的34个节点62条链路的多域光网络,为了方便分析,假设该多域光网络建立了较少数量的光路LP。假设网络中建立有11条光路:LP1={3-6-11-34-25},LP2={5-6-12-13},LP3={16-15-21},LP4={16-17-18-19-23},LP5={17-18-19-32},LP6={17-22-24-21-15},LP7={18-19-24-20},LP8={23-18-19-24-20-15},LP9={23-19-24-21},LP10={29-26-27-31},LP11={30-25-26-33}。Figure 1 shows a multi-domain optical network with 34 nodes and 62 links under distributed PCE. For the convenience of analysis, it is assumed that the multi-domain optical network has established a small number of optical paths LP. Suppose there are 11 optical paths in the network: LP1={3-6-11-34-25}, LP2={5-6-12-13}, LP3={16-15-21}, LP4={16- 17-18-19-23}, LP5={17-18-19-32}, LP6={17-22-24-21-15}, LP7={18-19-24-20}, LP8={ 23-18-19-24-20-15}, LP9={23-19-24-21}, LP10={29-26-27-31}, LP11={30-25-26-33}.

假设多域光网络中两处链路遭到了大功率串扰攻击,分别是D1和D3的域间链路{11-34}和D2的域内链路{18-19}。大功率串扰攻击会直接影响到LP1,LP4,LP5,LP7,LP8。这五条光路是大功率串扰攻击源的所在光路,也就是OALP。对于一般的链路故障,这两处攻击仅仅会使五条光路的目的节点和所经过的边界节点产生告警,但由于大功率串扰攻击具有光路攻击传播的特性,在这五条OALP的攻击传播过程中,会对LP6、LP9和LP11产生攻击传播影响,并使它们成为SALP且具备攻击传播能力,这三条SALP接着会对LP3和LP10产生攻击,并使它们成为DALP。也就是说,在整个网络内会有十条光路受到了大功率串扰攻击的影响,它们的目的节点和所经过的边界节点都会产生告警。It is assumed that two links in the multi-domain optical network are attacked by high-power crosstalk, namely the inter-domain links {11-34} of D1 and D3 and the intra-domain links {18-19} of D2. High-power crosstalk attacks will directly affect LP1, LP4, LP5, LP7, and LP8. These five optical paths are the optical paths where the high-power crosstalk attack source is located, that is, OALP. For a general link failure, these two attacks will only generate alarms for the destination nodes and the border nodes passing through the five optical paths. However, because high-power crosstalk attacks have the characteristics of optical path attack propagation, during the attack propagation process of these five OALPs , will have attack propagation effects on LP6, LP9, and LP11, making them SALPs with attack propagation capabilities, and these three SALPs will then attack LP3 and LP10, making them DALPs. That is to say, ten optical paths in the entire network are affected by high-power crosstalk attacks, and alarms will be generated at their destination nodes and the border nodes they pass through.

D1和D3的域间链路{11-34}和D2的域内链路{18-19}遭到大功率串扰攻击,引发网络中n15,n19,n20,n21,n23,n25,n31,n32,n33和n34产生告警,此时的各处告警中存在着干扰告警。各域内PCE收集本域的告警信息,汇总以告警点为目的节点的受到攻击影响的光路ALP,找到它们的ID以及其对应告警处OXC的端口。对这些端口的ALP进行BER检测,根据式(5-1)计算出每一条ALP的dBrnk并与其相应的Btnk做比较,而后按照式(5-2)中的不同关系得出每一条ALP的状态信息值Snk如表5-3所示。接着根据不同的Snk对所有ALP进行攻击判别分类,排除干扰告警节点n21,n31和n33,最终得出一个OALP集,判定结果见表5-4。通过上述步骤分析,基于ALP状态判别的攻击检测模块,可以解决多域光网络中存在的大量干扰告警的问题,并为串扰攻击定位模块输出一个最终的OALP集。The inter-domain links {11-34} of D1 and D3 and the intra-domain links {18-19} of D2 were attacked by high-power crosstalk, causing n15, n19, n20, n21, n23, n25, n31, n32, n33 and n34 generate alarms, and there are interference alarms in various alarms at this time. The PCE in each domain collects the alarm information of the domain, summarizes the optical path ALPs affected by the attack with the alarm point as the destination node, and finds their IDs and the OXC ports corresponding to the alarm points. Perform BER detection on the ALPs of these ports, calculate the dBr nk of each ALP according to equation (5-1) and compare it with its corresponding Bt nk , and then obtain each ALP according to the different relationships in equation (5-2). The state information value S nk of , is shown in Table 5-3. Then, according to different Snk, all ALPs are classified and classified, and the interference alarm nodes n21, n31 and n33 are excluded, and finally an OALP set is obtained. The judgment results are shown in Table 5-4. Through the analysis of the above steps, the attack detection module based on ALP state discrimination can solve the problem of a large number of interference alarms in multi-domain optical networks, and output a final OALP set for the crosstalk attack location module.

表3 ALP的状态信息值Table 3 Status information values of ALP

IDID S<sub>nk</sub>S<sub>nk</sub> LP1LP1 22 LP3LP3 00 LP4LP4 22 LP5LP5 22 LP6LP6 11 LP7LP7 22 LP8LP8 22 LP9LP9 11 LP10LP10 00 LP11LP11 11

表4 ALP状态判别结果Table 4 ALP state discrimination results

攻击状态Attack status 攻击光路IDAttack Light Path ID OALPOALP LP1、LP4、LP5、LP7、LP8LP1, LP4, LP5, LP7, LP8 SALPSALP LP6、LP9、LP11LP6, LP9, LP11 DALPDALP LP3、LP10LP3, LP10

实施例2Example 2

根据测实施例1串扰攻击检模块输出的OALP={LP1,LP4,LP5,LP7,LP8},定义DN={n15,n20,n23,n25,n32},BN={n19,n32,n34}。首先进行大功率串扰攻击域的确定,执行MD-PLVM算法中确定串扰攻击域的Step1~Step7,发现D2的出口边界节点没有收到“GA”,其域内的DN和出口BN也没有收到正确的“MS”,所以判定D2为串扰攻击域。According to the OALP={LP1, LP4, LP5, LP7, LP8} output by the crosstalk attack detection module in the first embodiment, define DN={n15, n20, n23, n25, n32}, BN={n19, n32, n34}. First, determine the high-power crosstalk attack domain, and execute Step1 to Step7 of determining the crosstalk attack domain in the MD-PLVM algorithm. It is found that the exit border node of D2 does not receive "GA", and the DN and exit BN in the domain are also incorrect. Therefore, D2 is determined to be the crosstalk attack domain.

而后对域间的大功率串扰攻击进行定位,发现不属于BN集的n11收到了来自不同ID域即D3的“INTERDA”,于是判定n11与信令发送节点n34之间构成的域间链路{11-34}是大功率串扰攻击源。发现属于BN集的n32收到了不同ID域D2的“INTERDA”,进一步分析发现n32在2d/v0的时间内收到了正确的“MS”,所以判定域间链路{19-32}不是大功率串扰攻击源。Then, the high-power crosstalk attack between domains was located, and it was found that n11, which does not belong to the BN set, received "INTERDA" from a different ID domain, namely D3, so it was determined that the inter-domain link formed between n11 and the signaling sending node n34 { 11-34} are high-power crosstalk attack sources. It is found that n32 belonging to the BN set has received "INTERDA" of different ID domains D2. Further analysis finds that n32 has received the correct "MS" within 2d/v 0 , so it is determined that the inter-domain link {19-32} is not large Power crosstalk attack source.

接下来对D2内的OALP进行串扰攻击定位,发现D2内不仅有DN,还有BN,所以得出D2内含有跨域的OALP,于是将n15、n19、n20和n23全部定义为PES,接着执行MD-PLVM算法中域内OALP串扰攻击定位的步骤,当执行到Step3时发现,当列表里的所有OALP都比对完毕,却仍然找不出没有公共链路的OALP,所以判定D2域内只有一处大功率串扰攻击,于是直接执行Step5的ERQi单点攻击定位:Next, the OALP in D2 is located for crosstalk attack, and it is found that there are not only DNs, but also BNs in D2, so it is concluded that D2 contains cross-domain OALPs, so all n15, n19, n20 and n23 are defined as PES, and then execute In the MD-PLVM algorithm, the OALP crosstalk attack positioning step in the domain is executed. When it is executed to Step 3, it is found that when all the OALPs in the list are compared, but still no OALP without a public link can be found. Therefore, it is determined that there is only one OALP in the D2 domain. High-power crosstalk attack, so directly execute Step5's ERQi single-point attack positioning:

将长度最短的光路LP7定义为执行路径ER,同时确定n20为执行节点ES,ES产生一个ALV并传送给LA中的每一个节点。该ALV如表5所示:Define the light path LP7 with the shortest length as the execution path ER, and at the same time determine n20 as the execution node ES, ES generates an ALV and transmits it to each node in the LA. The ALV is shown in Table 5:

表5table 5

Figure GDA0003647502200000151
Figure GDA0003647502200000151

当n21接收到ES发出的ALV,会将自己所在光路LP3和LP9的链路向量LV与ALV进行匹配,尽管LP3和LP9不属于OALP集,但它们在LP7的LA中,所以n21会对ES做出回应,n21的LV如表6所示:When n21 receives the ALV sent by ES, it will match the link vector LV of its own optical paths LP3 and LP9 with ALV. Although LP3 and LP9 do not belong to the OALP set, they are in the LA of LP7, so n21 will do ES In response, the LV of n21 is shown in Table 6:

表6Table 6

Figure GDA0003647502200000152
Figure GDA0003647502200000152

根据MD-PLVM算法步骤4e.3的匹配规则,对于不属于OALP集的正常LP,若其LV与ALV存在公共的链路,则将BV中的对应二进制位设置为0,反之设置为1,并将LP状态设置为1。同时,n21会将LP的状态和生成的BV传送给ES,匹配后产生的相应的BV及LP状态如表7所示:According to the matching rule in step 4e.3 of the MD-PLVM algorithm, for a normal LP that does not belong to the OALP set, if its LV and ALV have a common link, set the corresponding binary bit in the BV to 0, otherwise set it to 1, and set the LP state to 1. At the same time, n21 will transmit the status of LP and the generated BV to ES, and the corresponding BV and LP status generated after matching are shown in Table 7:

表7Table 7

Figure GDA0003647502200000153
Figure GDA0003647502200000153

Figure GDA0003647502200000161
Figure GDA0003647502200000161

当ES接收到n21的匹配结果后,就会判断出链路{19-24}不是大功率串扰攻击源。当n15接收到ES发出的ALV后,会将自己所在光路LP6和LP8的链路向量LV与ALV进行匹配,n15的LV如表8所示:When ES receives the matching result of n21, it will judge that link {19-24} is not the source of high-power crosstalk attack. When n15 receives the ALV sent by ES, it will match the link vector LV of its own optical paths LP6 and LP8 with the ALV. The LV of n15 is shown in Table 8:

表8Table 8

Figure GDA0003647502200000162
Figure GDA0003647502200000162

根据MD-PLVM算法步骤4e.3的匹配规则,对于OALP来说,若其LV与ALV存在公共的链路,则将BV中的对应二进制位设置为1,反之设置为0,并将OALP状态设置为0。同时,n15会将LP的状态和生成的BV传送给ES,匹配后产生的相应的BV及LP状态如表9所示:According to the matching rule of step 4e.3 of the MD-PLVM algorithm, for OALP, if there is a common link between its LV and ALV, set the corresponding binary bit in BV to 1, otherwise set it to 0, and set the OALP status Set to 0. At the same time, n15 will transmit the status of LP and the generated BV to ES, and the corresponding BV and LP status generated after matching are shown in Table 9:

表9Table 9

Figure GDA0003647502200000163
Figure GDA0003647502200000163

ES将LA范围内接受到的所有BV进行逻辑“与”运算,运算结果中没有“1”,则扩大LA范围,将ALV的相邻节点的邻居节点加入LA范围内。当n23接收到ES发出的ALV后,会将自己所在光路LP4的链路向量LV与ALV进行匹配,n23的LV如表10所示:ES performs a logical "AND" operation on all BVs received in the LA range. If there is no "1" in the operation result, the LA range is expanded, and the neighbor nodes of the adjacent nodes of the ALV are added to the LA range. When n23 receives the ALV sent by ES, it will match the link vector LV of its own optical path LP4 with the ALV. The LV of n23 is shown in Table 10:

表10Table 10

Figure GDA0003647502200000164
Figure GDA0003647502200000164

根据MD-PLVM算法步骤4e.3的匹配规则进行匹配,而后n23会将LP的状态和生成的BV传送给ES,匹配后产生的相应的BV及LP状态如表11所示:Matching is performed according to the matching rules of step 4e.3 of the MD-PLVM algorithm, and then n23 will transmit the state of LP and the generated BV to ES. The corresponding BV and LP state generated after matching are shown in Table 11:

表11Table 11

Figure GDA0003647502200000171
Figure GDA0003647502200000171

至此,ES根据n23传送的BV可以判定链路{18-19}是大功率串扰攻击源,并将信息传送给D2的PCE,PCE将广播一条ATTACK_LOCATION的消息给D1和D3的PCE,串扰攻击定位结束。So far, ES can determine that link {18-19} is the source of high-power crosstalk attack according to the BV transmitted by n23, and transmit the information to the PCE of D2. The PCE will broadcast an ATTACK_LOCATION message to the PCEs of D1 and D3, and the crosstalk attack is located. Finish.

通过上述分析,可以定位出多域光网络的大功率串扰攻击源为链路{11-34}和链路{18-19}。因此,MD-PLVM串扰攻击定位算法可以达到对多域光网络中的多点串扰攻击源进行准确定位的目标。Through the above analysis, it can be located that the high-power crosstalk attack sources of the multi-domain optical network are link {11-34} and link {18-19}. Therefore, the MD-PLVM crosstalk attack localization algorithm can achieve the goal of accurately locating the multipoint crosstalk attack source in the multi-domain optical network.

实施例3Example 3

本实施例采用VPI光网络仿真平台联合Matlab仿真软件,对基于分布式PCE的多域光网络多点串扰攻击检测与定位方法(DP-CADL)的可靠性与有效性进行验证。This embodiment uses the VPI optical network simulation platform and Matlab simulation software to verify the reliability and effectiveness of the distributed PCE-based multi-domain optical network multi-point crosstalk attack detection and location method (DP-CADL).

(1)DP-CADL的多点串扰攻击检测能力(1) Multipoint crosstalk attack detection capability of DP-CADL

注入大功率串扰攻击信号后,连接监测模块的多条光路的目的节点和边界节点产生告警。统计告警处OXC的ID,对这些告警处OXC的端口进行受损LP查找,得到以受损LP为目的节点的需要进行BER检测的OXC为OXC15、OXC20、OXC21、OXC23、OXC25、OXC31、OXC32、OXC33。端口检测后得到的所有受损LP的BER实际检测值如图3所示。After the high-power crosstalk attack signal is injected, the destination nodes and boundary nodes of multiple optical paths connected to the monitoring module generate alarms. Collect statistics on the IDs of the OXCs at the alarm locations, and search for damaged LPs on the OXC ports where the alarms are located. The OXCs that need BER detection for the damaged LPs as the destination node are OXC15, OXC20, OXC21, OXC23, OXC25, OXC31, OXC32, OXC33. The actual detected BER values of all damaged LPs obtained after port detection are shown in Figure 3.

由图3中可以看出,LP1、LP4、LP5、LP7和LP8的BER都处于一个较高的范围,其中LP4的BER最高,说明LP4一定属于OALP;LP3和LP10的BER都处于一个较低的水平,其中LP10的BER最低,但它们的BER都要小于1E-9,已经不具备攻击传播能力,因此LP3和LP10一定属于DALP。As can be seen from Figure 3, the BERs of LP1, LP4, LP5, LP7 and LP8 are all in a high range, and the BER of LP4 is the highest, indicating that LP4 must belong to OALP; the BERs of LP3 and LP10 are in a low range. The BER of LP10 is the lowest, but their BER is less than 1E-9, and they no longer have the ability of attack propagation, so LP3 and LP10 must belong to DALP.

将BER实际检测值与不同OXC的不同端口所对应的基准BER相对比,根据对比输出的状态信息值Snk对ALP进行攻击判别分类,ALP的最终攻击判别如图4所示。可以得出,最终找出的OALP集包含了LP1、LP4、LP5、LP7和LP8,排除的干扰告警为LP3、LP6、LP9、LP10和LP11,与5.3.3实例分析的结果相一致。实验结果说明,DP-CADL具备较好的攻击检测能力,能够达到准确排除多域光网络中干扰告警的目的,具有较高的可靠性。The actual detection value of BER is compared with the benchmark BER corresponding to different ports of different OXCs, and the ALP is classified and classified according to the state information value Snk output by the comparison. The final attack discrimination of ALP is shown in Figure 4. It can be concluded that the OALP set finally found includes LP1, LP4, LP5, LP7 and LP8, and the excluded interference alarms are LP3, LP6, LP9, LP10 and LP11, which is consistent with the result of the example analysis in 5.3.3. The experimental results show that DP-CADL has good attack detection ability, can achieve the purpose of accurately eliminating interference alarms in multi-domain optical networks, and has high reliability.

(2)DP-CADL的多点串扰攻击定位能力(2) DP-CADL's multipoint crosstalk attack location capability

本章将多域光网络的多点串扰攻击问题分为A~G七种不同的攻击情况进行仿真实验的分析与讨论,这七种攻击情况如表12所示。This chapter divides the multi-point crosstalk attack problem of multi-domain optical network into seven different attack situations from A to G to analyze and discuss the simulation experiments. The seven attack situations are shown in Table 12.

攻击代号Attack code 攻击内容attack content AA 仅存在域间多点串扰攻击There are only inter-domain multipoint crosstalk attacks BB 仅存在域内OALP的多点串扰攻击There are only intra-domain OALP multipoint crosstalk attacks CC 仅存在跨域OALP的多点串扰攻击Multipoint Crosstalk Attacks Only Exist in Cross-Domain OALP DD 同时存在域间和域内OALP的多点串扰攻击There are both inter-domain and intra-domain OALP multipoint crosstalk attacks EE 同时存在域间和跨域OALP的多点串扰攻击Multipoint crosstalk attack with simultaneous inter-domain and cross-domain OALP FF 同时存在域内OALP和跨域OALP的多点串扰攻击There are both intra-domain OALP and cross-domain OALP multipoint crosstalk attacks GG 同时存在域间、域内OALP和跨域OALP的多点串扰攻击There are multipoint crosstalk attacks of inter-domain, intra-domain OALP and cross-domain OALP at the same time

设置不同数量的LP请求,观察DP-CADL的攻击定位准确率的变化,同时分析在A~G的不同攻击情况下,DP-CADL的最大攻击定位时延和平均攻击定位时延的变化。Set different numbers of LP requests, observe the change of the attack positioning accuracy of DP-CADL, and analyze the changes of the maximum attack positioning delay and the average attack positioning delay of DP-CADL under different attack conditions of A~G.

图5显示了在不同数量的LP请求下攻击定位的准确率,由图可知,当LP请求数量较少时,攻击定位的准确率较低,但随着LP请求数量的不断增加,攻击定位的准确率迅速增加且增长显著。这是因为随着LP请求数量的增加,多域光网络中能够参与LA范围内定位匹配的有效LP也随之变多,使攻击定位变得更加容易,从而提高了攻击定位的准确率。但当LP请求数量增长到一定的值后,有效LP数目不再有明显的变化,即更多的LP对攻击链路的定位不再有用,因此,攻击定位的准确率将会趋于稳定。Figure 5 shows the accuracy of attack location under different numbers of LP requests. It can be seen from the figure that when the number of LP requests is small, the accuracy of attack location is lower, but as the number of LP requests increases, the attack location increases. Accuracy increased rapidly and significantly. This is because as the number of LP requests increases, the number of valid LPs in the multi-domain optical network that can participate in the positioning and matching within the LA range also increases, which makes attack positioning easier and improves the accuracy of attack positioning. However, when the number of LP requests increases to a certain value, the number of valid LPs no longer changes significantly, that is, more LPs are no longer useful for the location of the attack link, so the accuracy of the attack location will tend to be stable.

图6和图7分别显示了A~G的不同攻击情况下,最大攻击定位时延Tm和平均攻击定位时延Ta随LP请求数量增加而产生的变化。由图可知,随着LP请求数目的增加,Tm和Ta也随之增加,这是因为当LP请求数量增大,攻击检测模块输出的OALP集也会变大,这将会增加对所有OALP进行ERQi的划分阶段所需要的时间,从而使多域光网络的总定位时延增大。观察发现C情况的Tm和Ta要明显大于B情况,这是因为在对跨域OALP的多点串扰攻击定位中,被定义为PES的节点除了DN以外,还增加了在2d/v0时间内没有收到正确的“MS”的出口BN和收到“GA”的出口边界节点,PES节点数量的增加会使总定位时延增大。我们还可以发现F情况下的Tm和Ta要小于C情况,这说明域内OALP的存在会对跨域OALP的多点串扰攻击定位产生一定的帮助。Figures 6 and 7 respectively show the changes of the maximum attack location delay Tm and the average attack location delay Ta with the increase of the number of LP requests under different attack situations A to G. It can be seen from the figure that as the number of LP requests increases, Tm and Ta also increase. This is because when the number of LP requests increases, the OALP set output by the attack detection module will also become larger, which will increase the number of OALPs performed on all OALPs. The time required for the division of ERQi increases the total positioning delay of the multi-domain optical network. It is observed that the Tm and Ta of case C are significantly larger than those of case B, this is because in the multipoint crosstalk attack positioning of cross-domain OALP, in addition to the DN, the nodes defined as PES also increase in 2d/v 0 time The egress BN that does not receive the correct "MS" and the egress border node that receives "GA", the increase in the number of PES nodes will increase the total positioning delay. We can also find that Tm and Ta in case F are smaller than those in case C, which indicates that the existence of intra-domain OALP will help to locate multi-point crosstalk attacks in cross-domain OALP to some extent.

通过对A攻击情况的仿真实验,得到A的最大攻击定位时延Tm为1.031e-4s,平均攻击定位时延Ta为6.9782e-5s。因此,DP-CADL方案可以实现对多域光网络的域间多点串扰攻击快速定位的目的。由图5可以得知,当LP请求数量达到400时,多域光网络的攻击定位准确率已接近于1,而此时的最大攻击定位时延要远小于OSPF所需的攻击定位时间40ms。因此,DP-CADL方案可以实现对多域光网路的域内多点串扰攻击快速定位的目的。Through the simulation experiment of A's attack situation, it is obtained that the maximum attack positioning delay Tm of A is 1.031e-4s, and the average attack positioning delay Ta is 6.9782e-5s. Therefore, the DP-CADL scheme can achieve the purpose of quickly locating the inter-domain multipoint crosstalk attack of the multi-domain optical network. It can be seen from Figure 5 that when the number of LP requests reaches 400, the attack location accuracy rate of the multi-domain optical network is close to 1, and the maximum attack location delay at this time is much smaller than the attack location time required by OSPF, which is 40ms. Therefore, the DP-CADL scheme can achieve the purpose of quickly locating the intra-domain multi-point crosstalk attack of the multi-domain optical network.

综上所述,DP-CADL方案可以对多域光网络的域间和域内多点串扰攻击进行快速定位,并且具有较高的定位准确率。To sum up, the DP-CADL scheme can quickly locate the inter-domain and intra-domain multipoint crosstalk attacks of multi-domain optical networks, and has a high positioning accuracy.

Claims (3)

1. The multi-domain optical network multi-point crosstalk attack detection method based on the distributed PCE is characterized by comprising the following steps of:
step 1: acquiring BER information of all attack light paths at each alarm node, wherein the BER information of the attack light paths comprises detection BER values, reference BER values and threshold values of the attack light paths;
step 2: obtaining a state information set Z of the attack light path according to BER information of all attack light paths at each alarm node n ={S nk };
Wherein,
Figure FDA0003647502190000011
Br nk BER value, Bb, detected for the kth attack path of the nth alarm node nk Reference BER, Bt of kth attack light path of nth alarm node nk Threshold value, dBr, of the kth attack path representing the nth alarm node nk =|Br nk -Bb nk |,Br nk 、Bb nk And Bt nk The value ranges of (A) and (B) are (0, 1);
and step 3: and judging the attack light path with the state information of 2 at each alarm node as an original attack light path, and acquiring the original attack light paths at all the alarm nodes as an original attack light path set.
2. The multi-domain optical network multi-point crosstalk attack detection and positioning method based on the distributed PCE is characterized by comprising the following steps of:
step 1: taking a boundary node of each domain and a destination node of each optical path in a multi-domain optical network as alarm nodes, acquiring BER information of all attack optical paths at each alarm node, and obtaining an original attack optical path set according to the multi-domain optical network multi-point crosstalk attack detection method based on the distributed PCE as claimed in claim 1;
obtaining a DN set and a BN set according to the fact that each original attack light path in the original attack light path set comprises a destination node DN of the original attack light path and a domain boundary node BN of the original attack light path;
and 2, step: the DN set and the BN set are made to send signaling, and all crosstalk attack domains in the multi-domain optical network are obtained according to the receiving and sending signaling relation of the DN set and the BN set, and the method comprises the following substeps:
step 2.1: each DN in the DN set sends an intra-domain alarm signaling to an intra-domain PCE of a domain where the DN set is located and all nodes of the domain where the DN set is located, wherein the intra-domain alarm signaling comprises a domain ID (identity) and a node ID of a sending node and IDs and lengths of all attacked light paths passing through the node;
an inlet of each BN in the BN set sends an inter-domain alarm signaling to an intra-domain PCE of a domain where the BN set is located, all nodes in the domain, a PCE of an upstream domain and a BN of an upstream domain, and also sends monitoring signals to an upstream DN and the upstream BN, wherein the inter-domain alarm signaling comprises a domain ID of a sending node, a node ID and IDs and lengths of all attacked light paths passing through the node;
the outlet of each BN in the BN set sends an inter-domain alarm signaling to a PCE in the domain, all nodes in the domain, a PCE in a downstream domain and a BN in the downstream domain, and also sends monitoring signals to a downstream DN and the downstream BN;
step 2.2: acquiring signaling received by a border node which does not belong to the BN set in the multi-domain optical network, if any border node which does not belong to the BN set receives an inter-domain alarm signaling containing a domain ID of the domain, sending a control signaling to a downstream BN of any border node which does not belong to the BN set, wherein the control signaling contains a node ID of a sending node, and executing the step 2.3; otherwise, executing step 2.3;
step 2.3: acquiring the DN and the BN number in each domain and the signaling received by each BN in a BN set, and judging according to a judgment criterion to acquire all crosstalk attack domains in the multi-domain optical network, wherein the judgment criterion comprises the following steps:
if the domain only contains DN and no BN, the domain is judged as a crosstalk attack domain;
if no BN in any domain receives the control signaling and all DNs and BN receive the monitoring signals, judging that no crosstalk attack exists in the domain; otherwise, the domain is determined as a crosstalk attack domain;
if any BN receives an inter-domain alarm signaling of a domain ID which is not the local domain, an inter-domain link formed by the BN and a signaling sending node is added into a crosstalk attack domain;
and step 3: judging the quantity relation between DN and BN in the crosstalk attack domain, if only DN is contained and BN is not contained, then carrying out crosstalk attack location in the domain, and obtaining the intra-domain link attacked by crosstalk; otherwise, inter-domain crosstalk attack positioning is carried out, and inter-domain links under crosstalk attack are obtained.
3. The multi-domain optical network multi-point crosstalk attack detection and location method based on the distributed PCE of claim 2, wherein the crosstalk attack location method in step3 employs an MD-PLVM algorithm.
CN202011050749.9A 2020-09-29 2020-09-29 Detection and location method of multi-point crosstalk attack in multi-domain optical network based on distributed PCE Active CN112351353B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011050749.9A CN112351353B (en) 2020-09-29 2020-09-29 Detection and location method of multi-point crosstalk attack in multi-domain optical network based on distributed PCE

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011050749.9A CN112351353B (en) 2020-09-29 2020-09-29 Detection and location method of multi-point crosstalk attack in multi-domain optical network based on distributed PCE

Publications (2)

Publication Number Publication Date
CN112351353A CN112351353A (en) 2021-02-09
CN112351353B true CN112351353B (en) 2022-09-06

Family

ID=74361342

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011050749.9A Active CN112351353B (en) 2020-09-29 2020-09-29 Detection and location method of multi-point crosstalk attack in multi-domain optical network based on distributed PCE

Country Status (1)

Country Link
CN (1) CN112351353B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6507012B1 (en) * 1998-02-25 2003-01-14 Massachusetts Institute Of Technology Method and apparatus for detecting malfunctions in communication systems
CN101257416A (en) * 2008-03-11 2008-09-03 南京邮电大学 Networked Abnormal Traffic Defense Method Based on the Combination of Network and Host
CN105357132A (en) * 2015-10-30 2016-02-24 中国人民武装警察部队工程大学 Multi-domain ASON damage perception multicast routing method based on hypergraph model
CN110120836A (en) * 2019-03-26 2019-08-13 中国人民武装警察部队工程大学 A kind of multi-area optical network crosstalk attack detecting node is determining and localization method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9020779B2 (en) * 2011-10-25 2015-04-28 International Business Machines Corporation Detecting cross-talk on processor links
WO2014124694A1 (en) * 2013-02-15 2014-08-21 Telefonaktiebolaget L M Ericsson (Publ) Monitoring of communications network at packet and optical layers

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6507012B1 (en) * 1998-02-25 2003-01-14 Massachusetts Institute Of Technology Method and apparatus for detecting malfunctions in communication systems
CN101257416A (en) * 2008-03-11 2008-09-03 南京邮电大学 Networked Abnormal Traffic Defense Method Based on the Combination of Network and Host
CN105357132A (en) * 2015-10-30 2016-02-24 中国人民武装警察部队工程大学 Multi-domain ASON damage perception multicast routing method based on hypergraph model
CN110120836A (en) * 2019-03-26 2019-08-13 中国人民武装警察部队工程大学 A kind of multi-area optical network crosstalk attack detecting node is determining and localization method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"A crosstalk attack detection and location method based on distributed PCE in multi-domain optical networks";Qiwu Wu,等;《Journal of Physics: Conference Series, Volume 1570, 2020 3rd International Conference on Advanced Algorithms and Control Engineering (ICAACE) 2020》;20200426;全文 *
"基于传染病动力学的多域光网络串扰攻击传播模型";李芳,等;《电子技术应用》;20181130;全文 *
"基于图着色的PCE在光网络中的单播研究";李芳,等;《电子世界》;20170415;全文 *

Also Published As

Publication number Publication date
CN112351353A (en) 2021-02-09

Similar Documents

Publication Publication Date Title
Tan et al. A new framework for DDoS attack detection and defense in SDN environment
Aqdus et al. Detection collision flows in SDN based 5G using machine learning algorithms
Xing et al. Ripple: A programmable, decentralized {Link-Flooding} defense against adaptive adversaries
US7889666B1 (en) Scalable and robust troubleshooting framework for VPN backbones
CN110601983A (en) Method and system for forwarding routing without sensing source of protocol
US20070248006A1 (en) Communication traffic type determination devices and methods
US9838298B2 (en) Packetmirror processing in a stacking system
US10560367B2 (en) Bidirectional constrained path search
CN102315988B (en) Efficient inter-domain routing protocol prefix hijacking detecting method
CN104954367A (en) Internet omnidirectional cross-domain DDoS (distributed denial of service) attack defense method
KR102587055B1 (en) System for Detecting Anomaly Computing Based on Artificial Intelligence
Luo et al. SDN/NFV-based security service function tree for cloud
CN117155629A (en) An artificial intelligence-based active defense method and system for power information system networks
CN118055011A (en) SDN single link fault dynamic grading recovery method based on Transformer flow prediction
CN108965288A (en) A method of it is traced to the source based on stream the cross-domain of fingerprint
CN112351353B (en) Detection and location method of multi-point crosstalk attack in multi-domain optical network based on distributed PCE
CN110120836B (en) Method for determining and positioning crosstalk attack detection node of multi-domain optical network
CN113364810B (en) Link flooding attack detection and defense system and method
CN114567582A (en) SDN network trusted route scheduling method based on path tracking feedback
CN110086779B (en) A communication security discrimination method for multi-domain optical network crosstalk attack
CN112351354B (en) Monitoring node selection and monitoring positioning method for multi-point crosstalk attack of multi-domain optical network
Karakuş Implementation of blockchain-assisted source routing for traffic management in software-defined networks
Wang Investigating the Effectiveness of Stealthy Hijacks against Public Route Collectors: Is AS-Path Prepending Enough to Hide from Public Route Collectors?
Wu et al. A multi-point crosstalk attack detection and location Scheme based on distributed PCE in multi-domain optical networks
Xiao et al. Cross-Security Domain Dynamic Orchestration Algorithm of Network Security Functions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant