CN112351354B - Monitoring node selection and monitoring positioning method for multi-point crosstalk attack of multi-domain optical network - Google Patents

Monitoring node selection and monitoring positioning method for multi-point crosstalk attack of multi-domain optical network Download PDF

Info

Publication number
CN112351354B
CN112351354B CN202011055805.8A CN202011055805A CN112351354B CN 112351354 B CN112351354 B CN 112351354B CN 202011055805 A CN202011055805 A CN 202011055805A CN 112351354 B CN112351354 B CN 112351354B
Authority
CN
China
Prior art keywords
node
nodes
monitoring
attack
array
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011055805.8A
Other languages
Chinese (zh)
Other versions
CN112351354A (en
Inventor
吴启武
刘雪玥
姜姗
姜灵芝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Engineering University of Chinese Peoples Armed Police Force
Original Assignee
Engineering University of Chinese Peoples Armed Police Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Engineering University of Chinese Peoples Armed Police Force filed Critical Engineering University of Chinese Peoples Armed Police Force
Priority to CN202011055805.8A priority Critical patent/CN112351354B/en
Publication of CN112351354A publication Critical patent/CN112351354A/en
Application granted granted Critical
Publication of CN112351354B publication Critical patent/CN112351354B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q2011/0079Operation or maintenance aspects
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of multi-domain optical networks, and discloses a method for selecting, monitoring and positioning monitoring nodes of multi-point crosstalk attack of a multi-domain optical network. The invention describes the influence of the nodes in the network by using different characteristic attributes of the nodes, obtains a monitoring node set according with monitoring density through a two-round selection mechanism, selects the nodes with high influence in the network as much as possible to place monitoring devices, and achieves the purposes of monitoring crosstalk attack in real time and accurately positioning crosstalk attack source nodes.

Description

Method for selecting monitoring node and monitoring and positioning multi-point crosstalk attack of multi-domain optical network
Technical Field
The invention belongs to the technical field of multi-domain optical networks, and particularly relates to a method for selecting, monitoring and positioning monitoring nodes of multi-point crosstalk attack of a multi-domain optical network.
Background
With the rapid development of optical transmission technology, an optical network carries multi-service, high-capacity and high-rate information transmission tasks, the flexibility and scalability of the optical network meet the continuously increasing network transmission requirements of users, and meanwhile, the transparency of the optical network brings risks and challenges to the safety of the optical network. Therefore, how to realize effective monitoring and accurate positioning of the multi-point crosstalk attack in the multi-domain optical network is an important problem which needs to be solved urgently at present.
At present, effective monitoring and accurate positioning of multi-domain optical network crosstalk attack still have certain challenges. Document [1] (li wei, wang fang, zhao, full optical network attack detection and location [ J ]. modern electronic technology, 2008,31(15):18-20.) proposes a parameter comparison and monitoring method of comprehensive monitoring device, but the method has low monitoring efficiency and the problem of influencing signal power, and can not accurately locate the crosstalk attack. In order to increase the speed of attack monitoring and realize effective monitoring, document [2] (wangrauang. distributed network abnormal attack detection model simulation analysis [ J ]. computer measurement and control, 2016,24(10):61-63.) proposes a distributed network abnormal attack monitoring method, but the method is not suitable for the environment of multi-domain optical network. In order to realize the positioning of various attack types and improve the accuracy of attack positioning, the optical network fault positioning algorithm based on the binary tree is proposed in the document [3] (Wangqun, good. research on the optical network fault positioning algorithm based on the binary tree [ J ]. the university of Guilin electronics science and technology, 2008,28(4):273-276.), but the method is only suitable for a single domain and has higher algorithm complexity. The document [4] (Wu T, Somani A K. Necessary and knowledge condition for k cross talk attack in all-optical networks [ C ] Global electronic communication Conference,2003,5:2541 + 2546.) proposes effective routing strategies and routing algorithms for the accurate positioning of multi-domain optical network cross talk attacks, but they are only suitable for the case of single point attacks. In document [5] (Yan H, Wang R Y, Mao Q J, et al. a fast multi-fault localization mechanism for multi-domain all-optical networks [ C ] International Conference on Advanced Computer and Engineering,2010: 158-. In the document [6] (Li Fang, Multi-domain optical network crosstalk attack detection and intrusion-tolerant technical research [ D ]. Shaanxi: Wushu engineering university, 2018.), for the purpose of realizing real-time monitoring, a multi-domain optical network crosstalk attack monitoring and positioning method based on the gray theory is provided, but a monitoring model of the method only adopts an OSA device for visual judgment, so that the accuracy of crosstalk attack monitoring and positioning is not ideal.
In summary, the current research on monitoring and positioning of the optical network crosstalk attack is not mature enough, and most of the researches are directed at a single-domain environment or a single-point attack situation, and a monitoring and positioning method for multi-domain and multi-point crosstalk attack is lacked.
Disclosure of Invention
The invention aims to provide a method for selecting and positioning monitoring nodes of multi-domain optical network multi-point crosstalk attack, which is used for solving the problem that a monitoring and positioning method aiming at multi-domain and multi-point crosstalk attack is lacked in the prior art.
In order to realize the task, the invention adopts the following technical scheme:
a method for selecting monitoring nodes of multi-point crosstalk attack of a multi-domain optical network is used for obtaining the position arrangement of the monitoring nodes in the multi-domain optical network, and comprises the following steps:
step 1: acquiring a plurality of source nodes and a plurality of destination nodes of crosstalk attack, and acquiring a propagation path set U of the crosstalk attack according to links from all the source nodes to the destination nodes, wherein each link comprises a plurality of intermediate nodes;
step 2: numbering all intermediate nodes in the path set U to obtain the numbers of all the intermediate nodes; establishing an array Z 1 Setting the node number in the array Z, calculating NAP values of the intermediate nodes, sorting all the intermediate nodes from large to small according to the NAP values, and storing all the intermediate node numbers in the array Z according to the sorting 1 In (1), obtain the array Z 1 The array Z 1 The length of (b) is n, and n is the total number of intermediate nodes of the path set U;
and step 3: establishing an array Z 2 And set to null, extract array Z 1 The first x middle nodes are numbered and then stored in an array Z 2 Wherein y is more than x and less than n, y is the total number of the monitoring nodes, and an array Z is obtained 2 Said array Z 2 Is x;
and 4, step 4: establishing an array Z 3 And set to null, calculate Z 2 The clustering coefficient of each intermediate node, will Z 2 The middle nodes in the cluster are sorted from small to large according to the clustering coefficient value, and Z is sorted according to the sorting 2 In the middle of all intermediate node numbers are stored in the array Z 3 In (1), obtain the array Z 3 Said array Z 3 Is x;
and 5: extract array Z 3 And taking the middle and front y intermediate nodes as monitoring nodes to obtain a monitoring node set.
Further, in step2, the NAP value of the intermediate node is calculated according to formula i:
Figure RE-GDA0002813080900000031
wherein theta represents the possibility of the intermediate node v itself being attacked, 0-1, N represents the total number of nodes in the upstream neighbor node set of the intermediate node v, v i Represents the ith node in the upstream neighbor node set of the intermediate node v, and P represents the attack propagation probability of the downstream neighbor node of the intermediate node v.
A method for selecting, monitoring and positioning monitoring nodes of multi-point crosstalk attack of a multi-domain optical network comprises the following steps:
step a: the method for selecting the monitoring node of the multi-point crosstalk attack of the multi-domain optical network according to any one of claims 1 to 2 is adopted to obtain a monitoring node set, a monitoring device is arranged at each node in the monitoring node set, the multi-domain optical network is subjected to crosstalk attack detection, and crosstalk attack detection results of the nodes output by each monitoring device are obtained, wherein the crosstalk attack detection results comprise an alarm state and a safety state;
step b: if the alarm state of any node is alarm, taking the node with the alarm state as an alarm node to execute the step c; otherwise, the current network does not receive the crosstalk attack;
step c: if the alarm node has no upstream node, the alarm node is an attack source node; otherwise, detecting the safety state of the upstream node of the alarm node;
step d: if the security state of the upstream node is attacked by crosstalk, taking the upstream node as an alarm node, and returning to the step d;
and if the security state of the upstream node is not attacked by crosstalk, the alarm node is an attack source node.
Further, the monitoring devices are referred to as an eye monitor and a BER monitor.
Compared with the prior art, the invention has the following technical characteristics:
(1) the invention describes the influence of the nodes in the network by using different characteristic attributes of the nodes, obtains a monitoring node set according with monitoring density through a two-round selection mechanism, selects the nodes with high influence in the network as much as possible to place monitoring devices, and achieves the purposes of monitoring crosstalk attack in real time and accurately positioning crosstalk attack source nodes.
(2) The invention can realize the high-efficiency and real-time detection of the multi-domain optical network crosstalk attack under the condition of limited detection equipment by the monitoring placement selection method.
(3) The invention adopts a distributed positioning method to position the multi-domain optical network crosstalk attack. The general distributed positioning algorithm uses the communication information of local upstream nodes and downstream nodes, and needs to repeatedly consider different alarm parameter values of the upstream nodes and the downstream nodes. The crosstalk attack propagation path of the multi-domain optical network is propagated from a source attack node to a downstream node through a link, and the high-power crosstalk attack generates power attenuation in the propagation process, and the attack effect is no longer obvious after the three nodes are crossed and cannot propagate indefinitely. In order to realize the positioning of the crosstalk attack source node, the crosstalk attack is detected in real time, alarm information of each channel is collected, and the characteristics of crosstalk attack propagation of the multi-domain optical network are combined, so that the positioning of the crosstalk attack source node is realized by adopting an attack parameter analysis method considering continuous upstream nodes.
Figure illustrates the drawings
FIG. 1 is a flow chart of the present invention for locating a node of a source of crosstalk attack;
FIG. 2 is a schematic diagram of a joint monitoring device for crosstalk attack according to the present invention;
fig. 3 is a hierarchical PCE-based NSF network topology in an embodiment;
FIG. 4 is a schematic diagram of the positioning of a node as a source of crosstalk attack in an embodiment;
FIG. 5 is a graph comparing the accuracy of the three detection and localization methods in the examples.
The reference numbers in the figures denote: inputting user signal as Tx 1 ~Tx 6 The main attack node of the high-power crosstalk attack is OXC 1 ~OXC 7 The secondary attack node is F 1 ~F 6 、EDFA 1 ~EDFA 3 The monitoring node is M 1 ~M 6
Detailed Description
Multi-domain optical networks: in the multi-domain optical network, in order to enable normal communication and mutual cooperation among PCEs, a communication protocol, a standard interface and a message format need to be designed between the PCE and a network entity communicating with the PCE. In the multi-domain optical network G ═ (V, L, W), V represents a set including nodes such as optical fibers, EDFAs, OXCs, and the like; l represents the set of all links in the network, and one L link can be represented by an ordered pair in V; w represents the number of power accumulations from one node to another. And the source node of the crosstalk attack is q, the destination node is p, and the monitoring point set is M. The multi-domain optical network is set to have a stable node set and a stable link set, and a large number of nodes and links cannot be added suddenly.
An intermediate node: all nodes in the link except the source node and the destination node are intermediate nodes.
Monitoring the nodes: nodes with monitoring devices placed are called non-monitoring nodes.
And (3) neighbor nodes: nodes in an area which can be covered by a communication radius by taking the nodes as a center, namely all nodes which can directly communicate with the sensor node are called as neighbor nodes of the nodes, an upstream neighbor node is a father node of the nodes, and a downstream neighbor node is a child node of the nodes.
A monitoring device: and the monitoring node is arranged and used for collecting crosstalk attack data and analyzing the crosstalk attack data to obtain a crosstalk attack detection result.
BER monitor: BER (bit Error rate), the BER of the monitoring signal is calculated by using an analytical expression method, and common calculation methods comprise a numerical method and a Monte Carlo method.
High-power crosstalk attack source: since the average optical power of the attack signal is much larger than that of the user signal, when it is 20dB larger than the user signal, it is possible to cause a crosstalk attack and to perform attack propagation.
Upstream neighbor node set uns (upstream neighbor set): in the process of high-power crosstalk attack propagation, a set of multiple nodes which are likely to be attacked by node v through propagation of multiple links, called a downstream neighbor set DNS of node v, is represented as: dns (v) ═ v i |v→v i },v,v i ∈V。
A set of downstream neighbor nodes dns (downlink neighbor set). In the high-power crosstalk attack propagation process, a set of a plurality of nodes which are likely to propagate to the node v and accumulate attack power, called as an upstream neighbor set UNS of the node v, is represented as: uns (v) ═ v i |v i →v},v,v i ∈V。
In this embodiment, a method for selecting a monitoring node for a multi-point crosstalk attack in a multi-domain optical network is disclosed, which is used to obtain the location arrangement of the monitoring node in the multi-domain optical network, and is characterized by including the following steps:
step 1: acquiring a plurality of source nodes and a plurality of destination nodes of crosstalk attack, and acquiring a propagation path set U of the crosstalk attack according to links from all the source nodes to the destination nodes, wherein each link comprises a plurality of intermediate nodes;
step 2: numbering all intermediate nodes in the path set U to obtain the numbers of all the intermediate nodes; establishing an array Z 1 Setting the node number in the array Z, calculating NAP values of the intermediate nodes, sorting all the intermediate nodes from large to small according to the NAP values, and storing all the intermediate node numbers in the array Z according to the sorting 1 In (1), obtain the array Z 1 Said array Z 1 The length of the path set U is n, and n is the total number of intermediate nodes of the path set U;
and step 3: establishing an array Z 2 And set to null, extract array Z 1 The first x middle nodes are numbered and then stored in an array Z 2 Wherein y is more than x and less than n, y is the total number of the monitoring nodes, and an array Z is obtained 2 Said array Z 2 Is x;
and 4, step 4: establishing an array Z 3 And set to null, calculate Z 2 The clustering coefficient of each intermediate node, will Z 2 Middle of (1)The nodes are sorted from small to large according to the clustering coefficient value, and Z is sorted according to the sorting 2 In the middle of all intermediate node numbers are stored in the array Z 3 In (1), obtain the array Z 3 Said array Z 3 Is x;
and 5: extract array Z 3 And taking the middle and front y intermediate nodes as monitoring nodes to obtain a monitoring node set.
Specifically, in step2, the NAP value of the intermediate node is calculated according to formula i:
Figure RE-GDA0002813080900000071
wherein theta represents the possibility of the intermediate node v itself being attacked, 0-1, N represents the total number of nodes in the upstream neighbor set of the intermediate node v, v i Represents the ith node in the upstream neighbor set of the intermediate node v, and P represents the attack propagation probability of the neighbor node which is attacked by the node v in the multi-domain optical network.
Specifically, Z is calculated by formula II 2 The cluster coefficient of each intermediate node in the cluster,
C v =2E v /k v (k v -1) formula II
Wherein k is v The total number of edges interconnected between nodes directly connected to node v, in degrees of intermediate node v, is E v . If a leaf node with the value of 1 is encountered during calculation, the clustering coefficient is set to be infinite, and the leaf node with the value of 1 is prevented from being selected
The embodiment also discloses a method for selecting, monitoring and positioning the monitoring nodes of the multi-point crosstalk attack of the multi-domain optical network, which comprises the following steps:
step a: the method comprises the steps that a monitoring node set is obtained by adopting a multi-point crosstalk attack monitoring node selection method of a multi-domain optical network, a monitoring device is arranged at each node in the monitoring node set, crosstalk attack detection is carried out on the multi-domain optical network, and a crosstalk attack detection result of each node is obtained, wherein the crosstalk attack detection result comprises an alarm state and a safety state;
step b: if the alarm state of any node is alarm, taking the node with the alarm state as an alarm node to execute the step c; otherwise, the current network does not receive the crosstalk attack;
step c: if the alarm node has no upstream node, the alarm node is an attack source node; otherwise, detecting the safety state of the upstream node of the alarm node;
step d: if the security state of the upstream node is attacked by crosstalk, taking the upstream node as an alarm node, and returning to the step d;
and if the security state of the upstream node is not attacked by crosstalk, the alarm node is an attack source node.
In this embodiment, whether a node is an attack source node is determined, and the specific positioning steps are as follows:
step 1: the monitoring node set carries out real-time detection on the multi-domain optical network crosstalk attack, and when a certain monitoring node is influenced by the attack, the monitoring node set is switched to an alarm state and generates alarm information.
Step 2: in a multi-domain optical network based on a layered PCE architecture, a cPCE of each domain is responsible for collecting alarm information of the domain, and a pPCE collects the alarm information through a control plane.
Step 3: when finding that the alarm parameter M of a certain monitoring node is 1, starting to detect an upstream non-monitoring node N connected with the node after receiving alarm information; if M is equal to 0, the node M is detected to be in a normal state, and further detection on the node N is not needed.
Step 4: when M is equal to 1, when performing attack detection on the upstream non-monitoring node N, if an attack parameter N of the node N is equal to 1, N is affected by crosstalk attack, and further attack detection needs to be performed on the upstream non-monitoring node N' of N; if N is equal to 0, node N is not attacked and is in a secure state.
Step 5: when M is 1 and N is 1, and attack detection is performed on a secondary upstream node N ', if an attack parameter N' is 1 and an upstream non-monitoring node N 'exists in N', attack detection needs to be performed on N ″; if N 'is 0 or N' has no connected upstream node, the node N is determined as an attack source node.
Step 6: when M is equal to 1, N 'is equal to 1, and attack detection is carried out on the three upstream nodes N', if an attack parameter N 'is equal to 1, the N' is judged as an attack source node; if N ″ > is 0, it is determined that the node N' is an attack source node.
The method can be used for repeatedly judging the distribution of each node of the multi-domain optical network, and accurately positioning the crosstalk attack source nodes at each position in the multi-domain optical network.
Specifically, the monitoring devices generally include a wavelength meter, an optical power meter, an Optical Spectrum Analyzer (OSA), an Optical Time Domain Reflectometer (OTDR), an eye diagram monitor, and a BER monitor.
Preferably, the monitoring devices are an eye monitor and a BER monitor. The Eye monitor and the BER monitor have better attack detection capability, and can detect in-band out-of-band crosstalk and gain competition. The wavelength meter can detect both power attenuation and wavelength shift, but cannot detect critical attack types such as crosstalk between in and out of band and gain competition. In summary, in this embodiment, an Eye-BER monitor combination is adopted, and the crosstalk attack is jointly monitored by comprehensively analyzing the attack power, the Eye diagram and the bit error rate of the monitoring signal.
The embodiment also discloses a monitoring and positioning system based on the multipoint crosstalk attack, which comprises a crosstalk attack monitoring module, an alarm module and a crosstalk attack positioning module;
the crosstalk attack monitoring module comprises a monitoring node selection module, a data information acquisition module and a monitoring data analysis module; the monitoring node selection module adopts monitoring nodes of multi-point crosstalk attack of the multi-domain optical network to select and obtain a monitoring node set, and each node of the monitoring node set is provided with a monitoring device; the data information acquisition module acquires crosstalk attack data through a monitoring device; the monitoring data analysis module is used for calculating nodes where source attack occurs and the degree of the source attack by crosstalk according to the crosstalk attack data obtained by the data information acquisition module;
the alarm module is used for obtaining a crosstalk attack detection result according to a node where the crosstalk attack monitoring module outputs source attack, wherein the crosstalk attack detection result comprises an alarm state and a safety state;
and the crosstalk attack positioning module is used for acquiring an attack source node according to the alarm state and the safety state of the node.
Specifically, the data information collection module collects crosstalk attack data which may be generated in the information transmission process after screening through a monitoring node set of the monitoring placement selection module, wherein the crosstalk attack data includes attack power, signal waveforms, signal frequency spectrums, BER and the like.
Specifically, the detection data analysis module analyzes, classifies, discriminates and collates the crosstalk attack data submitted by the data information acquisition module. Different crosstalk attack types have respective monitoring information characteristics, in-band crosstalk attack occurs at an optical cross connector, phase shift and time delay are generated, signal attenuation and BER are increased; the out-of-band crosstalk attack occurs at the optical fiber, and has the characteristics of high power, signal attenuation and BER increase; gain contention arises at the optical amplifier, which causes the high power crosstalk signal power to become higher while causing severe attenuation of the user signal. The main basis of detection is: attack power analysis, eye diagram analysis and bit error rate analysis.
Example 1
In this embodiment, an NSF network topology is adopted to perform example analysis on the proposed multi-domain optical network crosstalk attack monitoring method, the NSF network has 14 nodes and 20 links in total, a hierarchical PCE architecture thereof is shown in fig. 4, the NSF network is divided into three domains D1, D2, and D3, each domain has a different number of nodes, and each domain has a certain number of boundary nodes connected to the other two domains.
Setting the multi-domain optical network G to be (14,17), and setting the crosstalk attack source node to be q 1 、q 6 The destination node is p 7 、p 9 、 p 13 . Firstly, entering a monitoring placement selection module, finding domains where an attack source node and a destination node are located in a network by pPCE, and calculating by using Dijkstra algorithm to obtain a path set u of attack propagation 1 ={q 1 ,n 2 ,n 8 ,p 7 }, u 2 ={q 1 ,n 2 ,n 8 ,p 9 },u 3 ={q 1 ,n 4 ,n 5 ,p 7 },u 4 ={q 1 ,n 4 ,n 11 ,p 13 },u 5 ={q 6 ,n 5 ,p 7 },u 6 ={q 6 ,n 10 ,p 9 },u 7 ={q 6 ,n 10 ,n 12 ,p 13 },u 8 ={q 6 ,n 14 ,n 12 ,p 9 },u 9 ={q 6 ,n 14 ,p 13 }. Natural sequence numbering the nodes except the source node and the destination node in the nine path sets, calculating NAP values of the 8 nodes, and establishing an array Z after sequencing 1 . Suppose the monitored density y is 4 and the candidate density x is 6. After the first round of selection by step3, n is 2 And n 11 Removing to obtain a new array Z 2 Calculating the clustering coefficient of each node, and establishing an array Z after sorting 3 A second selection pass through step5, extracting Z 3 And taking the nodes with the middle-to-front y proportion as monitoring detection points. Array Z 3 Ranked first is the set of paths u 1 And u 2 Node n in (1) 8 And then in turn a set of paths u 3 And u 5 Node n in (1) 5 Set of paths u 3 And u 4 N in (1) 4 Set of paths u 7 And u 8 Node n in (1) 12 . If the monitored density y is 6, n is added 10 And n 14 To monitor a node, it can aggregate u paths 6 And u 9 More direct monitoring is performed. Through the analysis of the steps, the monitoring points are set by selecting the corresponding node sets according to different monitoring densities in the actual situation, and the purpose of monitoring the crosstalk attack of the multi-domain optical network can be achieved.
Example 2
There are various types of crosstalk attacks in multi-domain optical networks, where the in-band crosstalk occurring at the OXC causes more severe damage to the user signal, where the OXC is used as the main attack node, fiber Fibers and gain amplifier ED, in a multi-domain optical networkAnd the FA is a secondary attack node and performs example analysis on the provided multi-domain optical network crosstalk attack positioning method. As shown in FIG. 4, the input user signal is set to Tx 1 ~Tx 6 The main attack node of the high-power crosstalk attack is OXC 1 ~OXC 7 The secondary attack node is F 1 ~F 6 、EDFA 1 ~EDFA 3 The monitoring node is M 1 ~M 6
To the user signal input Tx 2 、Tx 6 N of (A) 1 And N 2 High-power crosstalk attack signals are injected into the two positions, monitoring nodes in the network monitor crosstalk attacks, the monitoring nodes are switched to an alarm state and send alarm information, PCE collects the alarm information through a control plane, at the moment, the situation that the alarm information is sent out at the position M6 is found, and the specific positioning steps of the crosstalk attack source nodes are as follows:
step 1: it is found that an alarm message is sent out at M6, and the attack monitoring is carried out on the optical path of the OXC7 under the monitoring of M6.
Step 2: the analysis found that a condition of a cross-talk attack existed for both nodes OXC6 and EDFA2 connected to OXC7, thereby initiating monitoring of the optical path into node OXC6 and node EDFA 2.
Step 3: the eye pattern and the bit error rate at M2 are observed and analyzed, and the eye pattern and the bit error rate are less affected, which indicates that Tx5 is not the entrance end of the crosstalk attack source.
Step 4: the monitoring result of M5 is analyzed, and the vertical opening of the 'eye' is good, the eye pattern is clearer, and the Tx4 is not the entrance end of the crosstalk attack source. Thus, excluding the possibility that the node OXC3 is a source node of crosstalk attack, Tx6 is determined to be the input of one of the sources of crosstalk attack.
Step 5: in the determination of the other propagation path, by analyzing the monitoring result of M1, the possibility that the node OXC1 is a crosstalk attack source node can be excluded.
Step 6: comparing the monitoring results of M3 and M4, the attack effect at M3 is found to be larger than that at M4, and Tx2 is determined as the input end of another crosstalk attack source.
From the above analysis, when the M6 sends an alarm message, the Tx2 and Tx6 are finally located as the input ends of the crosstalk attack source by monitoring the monitoring node and the distributed location method for analyzing the continuous upstream nodes, and the determination result is consistent with the initial setting of the text. Therefore, the method can achieve the purpose of accurately positioning the crosstalk attack source nodes at all positions in the multi-domain optical network.
Example 3
In this embodiment, a VPI optical network software platform is used to perform simulation experiments, and comparative analysis is performed on a crosstalk attack detection and positioning method (abbreviated as I-CADL) based on gray theory, which is provided by the invention and is based on parameter comparison, and a crosstalk attack detection and positioning method (abbreviated as P-CADL) based on gray theory, which is provided by a multi-domain optical network multi-point crosstalk attack detection and positioning method (abbreviated as I-CADL) and a reference [1] (lie, wang, peak, and attack detection and positioning in all-optical network [ J ]. modern electronic technology, 2008,31(15):18-20 ]) and is based on parameter comparison, and a crosstalk attack detection and positioning method (abbreviated as G-CADL) provided by a reference [6] (lie, multi-domain optical network crosstalk attack detection and intrusion tolerance technology research [ D ]. shanxi: university of armed police engineering, 2018 ]. The main modules used in the simulation experiment building process comprise a signal sending module, a signal transmission module, a high-power crosstalk attack source module and a signal receiving and detecting module.
FIG. 5 is a graph comparing the accuracy of three types of I-CADL, G-CADL and P-CADL cross-talk attack detection and positioning methods in different time periods. The observation and analysis show that the three detection and positioning methods can achieve the purpose of detecting and positioning the crosstalk attack in the multi-domain optical network, but the efficiency and the accuracy of the detection and positioning are different. The method has the advantages that the accuracy rate of the G-CADL is slightly higher than that of the I-CADL in the early stage of attack detection and positioning, certain advantages are achieved in detection efficiency, the number of nodes affected by crosstalk attack propagation is increased along with the spread of the crosstalk attack in a multi-domain optical network, the accuracy rate of the I-CADL is highest in the middle and later stages of attack detection and positioning, the advantages are obvious, the G-CADL is second, the accuracy rate of the P-CADL is lowest in the whole detection and positioning process, and the detection and positioning efficiency is low.
The I-CADL comprises a monitoring placement selection module based on a layered PCE and a local immune algorithm and a distributed positioning method for continuous upstream node parameter analysis, and has the characteristics of low monitoring cost and better real-time performance. The method has good real-time performance, and the detection and positioning efficiency of the method has certain advantages in the early stage, but the judgment and analysis of the crosstalk attack by the G-CADL are only based on the detection result of the spectrum analyzer, and quantitative analysis cannot be carried out, so that the accuracy cannot follow up at the same time in the middle and later stages with gradually complex attack propagation conditions and gradually lags behind the I-CADL. The P-CADL is proposed based on a parameter comparison method, since the method requires photoelectric conversion, the speed of detection and positioning depends on the photoelectric conversion time, which causes the efficiency to be reduced, and meanwhile, the power of the signal may be affected in the process of extracting the signal, so that the accuracy is not high enough.

Claims (4)

1. A method for selecting monitoring nodes of multi-point crosstalk attack of a multi-domain optical network is used for obtaining the position arrangement of the monitoring nodes in the multi-domain optical network, and is characterized by comprising the following steps:
step 1: acquiring a plurality of source nodes and a plurality of destination nodes of crosstalk attack, and acquiring a propagation path set U of the crosstalk attack according to links from all the source nodes to the destination nodes, wherein each link comprises a plurality of intermediate nodes;
step 2: numbering all intermediate nodes in the path set U to obtain the numbers of all the intermediate nodes; establishing an array Z 1 Setting the node number in the array Z, calculating NAP values of the intermediate nodes, sorting all the intermediate nodes from large to small according to the NAP values, and storing all the intermediate node numbers in the array Z according to the sorting 1 In (1), obtain the array Z 1 The array Z 1 The length of (b) is n, and n is the total number of intermediate nodes of the path set U;
and 3, step 3: establishing an array Z 2 And set to null, extract array Z 1 The first x middle nodes are numbered and then stored in an array Z 2 Wherein y is more than x and less than n, y is the total number of the monitoring nodes, and an array Z is obtained 2 Said array Z 2 Is x;
and 4, step 4: establishing an array Z 3 And set to null, calculate Z 2 The clustering coefficient of each intermediate node, will Z 2 The middle nodes in the cluster are sorted from small to large according to the clustering coefficient value, and Z is sorted according to the sorting 2 In the middle of all intermediate node numbers are stored in the array Z 3 In (1), obtain the array Z 3 Said array Z 3 Is x;
and 5: extract array Z 3 And taking the middle and front y intermediate nodes as monitoring nodes to obtain a monitoring node set.
2. The method according to claim 1, wherein in step2, the NAP value of the intermediate node is calculated according to formula i:
Figure FDA0002710825540000011
wherein theta represents the possibility of the intermediate node v itself being attacked, 0-1, N represents the total number of nodes in the upstream neighbor node set of the intermediate node v, v i Represents the ith node in the upstream neighbor node set of the intermediate node v, and P represents the attack propagation probability of the downstream neighbor node of the intermediate node v.
3. The method for selecting, monitoring and positioning the monitoring nodes of the multi-point crosstalk attack of the multi-domain optical network is characterized by comprising the following steps:
step a: the method for selecting the monitoring node of the multi-point crosstalk attack of the multi-domain optical network according to any one of claims 1 to 2 is adopted to obtain a monitoring node set, each node in the monitoring node set is provided with a monitoring device, the multi-domain optical network is subjected to crosstalk attack detection, and a crosstalk attack detection result of the node output by each monitoring device is obtained, wherein the crosstalk attack detection result comprises an alarm state and a safety state;
step b: if the alarm state of any node is alarm, taking the node with the alarm state as an alarm node to execute the step c; otherwise, the current network does not receive the crosstalk attack;
step c: if the alarm node has no upstream node, the alarm node is an attack source node; otherwise, detecting the safety state of the upstream node of the alarm node;
step d: if the security state of the upstream node is attacked by crosstalk, taking the upstream node as an alarm node, and returning to the step d;
and if the security state of the upstream node is not attacked by crosstalk, the alarm node is an attack source node.
4. The method according to claim 3, wherein the monitoring devices are an eye monitor and a BER monitor.
CN202011055805.8A 2020-09-30 2020-09-30 Monitoring node selection and monitoring positioning method for multi-point crosstalk attack of multi-domain optical network Active CN112351354B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011055805.8A CN112351354B (en) 2020-09-30 2020-09-30 Monitoring node selection and monitoring positioning method for multi-point crosstalk attack of multi-domain optical network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011055805.8A CN112351354B (en) 2020-09-30 2020-09-30 Monitoring node selection and monitoring positioning method for multi-point crosstalk attack of multi-domain optical network

Publications (2)

Publication Number Publication Date
CN112351354A CN112351354A (en) 2021-02-09
CN112351354B true CN112351354B (en) 2022-09-06

Family

ID=74361406

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011055805.8A Active CN112351354B (en) 2020-09-30 2020-09-30 Monitoring node selection and monitoring positioning method for multi-point crosstalk attack of multi-domain optical network

Country Status (1)

Country Link
CN (1) CN112351354B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6128769A (en) * 1997-12-31 2000-10-03 Intel Corporation Method for analyzing and efficiently reducing signal cross-talk noise
CN110120836A (en) * 2019-03-26 2019-08-13 中国人民武装警察部队工程大学 A kind of multi-area optical network crosstalk attack detecting node is determining and localization method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020186428A1 (en) * 2001-06-08 2002-12-12 Saleheen Hasan I. Crosstalk path enumeration in optical networks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6128769A (en) * 1997-12-31 2000-10-03 Intel Corporation Method for analyzing and efficiently reducing signal cross-talk noise
CN110120836A (en) * 2019-03-26 2019-08-13 中国人民武装警察部队工程大学 A kind of multi-area optical network crosstalk attack detecting node is determining and localization method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Attack monitoring and localization in an all-optical network";Tao Wu;《IEEE/ACM Transactions on Networking ( Volume: 13, Issue: 6, Dec. 2005)》;20051219;全文 *
"全光网络的攻击与检测方法研究";周辉,等;《军事通信技术》;20021231;全文 *
"基于传染病动力学的多域光网络串扰攻击传播模型";李芳,等;《电子技术应用》;20181130;全文 *

Also Published As

Publication number Publication date
CN112351354A (en) 2021-02-09

Similar Documents

Publication Publication Date Title
WO2020034900A1 (en) Method and apparatus for obtaining logical topology information of odn, device, and storage medium
US6075766A (en) Method and apparatus for identifying restoral routes in a network
Chen et al. Assessing and safeguarding network resilience to nodal attacks
CN110120836B (en) Method for determining and positioning crosstalk attack detection node of multi-domain optical network
CN111970050B (en) System for jointly monitoring modulation format and optical signal-to-noise ratio based on anomaly detection
Yang et al. Heavy hitter detection and identification in software defined networking
CN111600805A (en) Bayes-based power data network congestion link inference algorithm
CN112351354B (en) Monitoring node selection and monitoring positioning method for multi-point crosstalk attack of multi-domain optical network
Devigili et al. Dual time and frequency domain optical layer digital twin
Shin et al. Channel modeling for indoor broadband power-line communications networks with arbitrary topologies by taking adjacent nodes into account
Kashi et al. Artificial neural networks for fiber nonlinear noise estimation
CN117155629A (en) Electric power information system network active defense method and system based on artificial intelligence
Qu et al. Enabling a resilient and self-healing PMU infrastructure using centralized network control
CN104537238A (en) Networked relay protection reliability evaluating system
Wu et al. Necessary and sufficient condition for k crosstalk attacks localization in all-optical networks
Shin et al. Early anomaly detection in an interconnected power grid and communication network: Exploiting interdependent structure of failures
CN112351353B (en) Multi-domain optical network multi-point crosstalk attack detection and positioning method based on distributed PCE
Skorin-Kapov et al. Self-organization in transparent optical networks: A new approach to security
Date et al. Silent failure localization on optical transport system
CN111654327A (en) Service feature extraction method for optical cable fiber core remote management control
Sun et al. Autonomous and generalized soft failure detection based on digital residual spectrum in optical networks
Sun et al. A novel hypergraph structured optical network model
Li et al. Characterizing and modelling clustering features in AS-level Internet topology
Wu et al. A crosstalk attack detection and location method based on distributed PCE in multi-domain optical networks
Simic et al. Physical Layer Communication Security in Smart Cities: Challenges and Threats Identification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant