CN114401137A - Backup network shortest path blocking method and device based on dual algorithm - Google Patents

Backup network shortest path blocking method and device based on dual algorithm Download PDF

Info

Publication number
CN114401137A
CN114401137A CN202210043448.6A CN202210043448A CN114401137A CN 114401137 A CN114401137 A CN 114401137A CN 202210043448 A CN202210043448 A CN 202210043448A CN 114401137 A CN114401137 A CN 114401137A
Authority
CN
China
Prior art keywords
network
backup
node
blocking
model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210043448.6A
Other languages
Chinese (zh)
Other versions
CN114401137B (en
Inventor
朱先强
戴周璇
陆敏
朱承
周鋆
刘斌
张维明
丁兆云
黄松平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202210043448.6A priority Critical patent/CN114401137B/en
Publication of CN114401137A publication Critical patent/CN114401137A/en
Application granted granted Critical
Publication of CN114401137B publication Critical patent/CN114401137B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/20Design optimisation, verification or simulation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/02CAD in a network environment, e.g. collaborative CAD or distributed simulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/04Constraint-based CAD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Geometry (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to a backup network shortest path blocking method and device based on a dual algorithm. The method comprises the following steps: establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network to maximize the shortest path of a defense party when limited resources exist, and the defense party target is to search the shortest path from an initial node to a target node in the node network; establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker; constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target; and solving based on a dual algorithm. By adopting the method and the system, the defense party can perform link backup and activate the link backup in the attack so as to reduce the influence of the attack on the network.

Description

Backup network shortest path blocking method and device based on dual algorithm
Technical Field
The application relates to the technical field of computer processing, in particular to a backup network shortest path blocking method and device based on a dual algorithm.
Background
Network blocking (Network interaction) is an operation optimization problem closely related to Network structure and node attributes, the core of the Network blocking is to research targets and behaviors of both attacking and defending parties in a Network, and the Network blocking is widely applied to the fields of military affairs, transportation, economy and the like at present. Since the policies and actions of both the defending party and the blocking party of the network need to be considered at the same time, the network blocking problem also needs to be considered from the perspective of the master-slave gaming problem. The opposite of the network blocking problem is the network protection problem: for the possible blocking of the blocking party to the own network, how to use the limited protection resources to make a protection strategy of the node or the edge makes the influence of the blocking on the own network as small as possible. Therefore, in the field of network security, it is very important to study the network blocking problem from the perspective of network aggressors or network defenders.
The existing research is continuously developed in the aspects of modeling and solving the network blocking problem, but still has some challenges that restrict the practical application of the existing research, including:
the existing network blocking research mainly considers how to make the enemy network degrade with minimum cost and even paralyze the whole network from the perspective of an attacker. In the existing research, it is generally assumed that a defending party always passively deals with attacks and active defense in the attacking and defending process is rarely considered, so that the characteristics of actual attacking and defending decisions are difficult to effectively reflect.
However, in an actual process, the defense party not only optimizes a decision based on a self target, but also has certain defense resources for deploying an active defense strategy in an attack and defense process, so that in a blocking problem research, neglecting the active defense strategy of the defense party can cause that a model is difficult to accurately depict the actual attack and defense process and can not effectively reflect the characteristics of the actual attack and defense decision.
Disclosure of Invention
Therefore, it is necessary to provide a backup network shortest path blocking method and device based on a dual algorithm to solve the above technical problems, and consider that a defending party can perform link backup and can activate backup in case of an attack, so as to reduce the influence of the attack on the network.
The backup network shortest path blocking method based on the dual algorithm comprises the following steps:
establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
In one embodiment, establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model comprises:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
the backup network is defined as G (N, a), where N { (1, 2., } denotes a node set, a { (i, j) | i, j ∈ N } denotes a set of network links, B { (i, j) | i, j ∈ N } denotes a set of link backups, B is a proper subset of a, and i, j denotes a node number.
In one embodiment, constructing the backup activation shortest blocking model according to the constraint conditions and the optimization objectives in the backup network model includes:
Figure BDA0003471199760000021
Figure BDA0003471199760000022
yk≤zk
Figure BDA0003471199760000023
k∈Arkxk≤R
k∈Sqkzk≤Q
xk∈{0,,1},
Figure BDA0003471199760000031
xk=0,
Figure BDA00034711997600000311
yk∈{0,1},
Figure BDA0003471199760000032
zk=1,
Figure BDA0003471199760000033
zk∈{0,1},
Figure BDA00034711997600000312
in the formula: s represents a start node, and t represents a target node; c. CkRepresenting the length of the link k epsilon A; r iskRepresenting blocking resources required by an attack party for blocking a link k, and R representing the total amount of the blocking resources; q. q.skThe backup activation resources required by the defense side activation link k are represented, and Q represents the total quantity of the backup activation resources; FS (i) represents the outgoing edge set of the node i, and RS (i) represents the incoming edge set of the node i; x is the number ofkBlocking variables for aggressors, ykSelecting a variable, z, for the defensive side pathkThe activation variables are backed up for the defenders.
In one embodiment, before solving the backup activation shortest blocking model based on a dual algorithm, the method further includes:
and converting the backup activation shortest path blocking model to obtain a formalized expression:
Figure BDA0003471199760000034
Figure BDA0003471199760000035
yk≤zk
Figure BDA0003471199760000036
k∈Arkxk≤R
k∈Sqkzk≤Q
xk∈{0,1},
Figure BDA0003471199760000037
xk=0,
Figure BDA00034711997600000313
yk∈[0,1],
Figure BDA0003471199760000038
zk=1,
Figure BDA0003471199760000039
zk∈[0,1],
Figure BDA00034711997600000314
in one embodiment, the dual algorithm comprises:
converting the backup activation shortest blocking model into a minimization problem and normalizing in a vector form:
Figure BDA00034711997600000310
Figure BDA0003471199760000041
where y and z are vector forms of an inner layer path selection variable and a backup activation variable, ysIs a non-negative residual variable generated upon normalization;
Figure BDA0003471199760000042
T1and T2Respectively, is of the shape [ n m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i is1,I2,I3Is in the shape of [ m x m]The identity matrix of (1); a is1Is a coefficient vector, b is a constant vector;
the inner minimization problem is dual and converted into a single-layer optimization problem:
Figure BDA0003471199760000043
Figure BDA0003471199760000044
Figure BDA0003471199760000045
Figure BDA0003471199760000046
Figure BDA0003471199760000047
ω1,ω2,ω3,ω4≥0
xk∈{0,1},
Figure BDA0003471199760000048
xk=0,
Figure BDA0003471199760000049
where ω is a dual variable satisfying the relationship bTω=CTy。
In one embodiment, the network model and the backup network model each include a plurality of nodes, and network links or backup links are formed between the nodes, and each of the network links or the backup links has a link cost.
Backup network shortest path blocking device based on dual algorithm includes:
the network model establishing module is used for establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
the backup network model establishing module is used for establishing a backup network according to the node network and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
the backup activation shortest path blocking model establishing module is used for establishing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and the solving module is used for solving the backup activation shortest path blocking model based on a dual algorithm.
A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program implements the steps of:
establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of:
establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
The backup network shortest path blocking method and device based on the dual algorithm solve the problem of the expansion of the shortest path network blocking problem: the shortest path blocking problem of a backup network is that on the basis of the original shortest path blocking problem, a defense party is additionally considered to be capable of carrying out link backup and activating backup during attack so as to reduce the influence of the attack on the network, and a backup network model can accurately depict the actual attack and defense process and effectively reflect the characteristics of actual attack and defense decision; a planning model for the shortest path blocking problem of the backup network is provided, backup network scenes and specific settings are depicted, equivalent transformation is performed on the backup activation shortest path blocking model according to the characteristics of the proposed planning model, a dual algorithm framework is provided on the basis of the equivalent transformation for solving the problem, and defense resources are deployed to ensure that the efficiency of the network is reduced to the minimum when the network is in uninterrupted operation and attacked.
Drawings
FIG. 1 is a flow chart of a backup network shortest path blocking method based on a dual algorithm in one embodiment;
FIG. 2 is a diagram illustrating a first shortest blocking case of the backup network in one embodiment;
FIG. 3 is a diagram illustrating a second shortest blocking case of the backup network in one embodiment;
FIG. 4 is a diagram illustrating a third shortest blocking case of the backup network in one embodiment;
FIG. 5 is a graph of the shortest path after blocking for different backup link ratios for a network of 100 nodes in one embodiment;
FIG. 6 is a graph of the shortest path after blocking for different backup link ratios for a network of 200 nodes in an embodiment;
FIG. 7 is a block diagram of a backup network shortest path blocking apparatus based on a dual algorithm according to an embodiment;
FIG. 8 is a diagram illustrating an internal structure of a computer device in one embodiment;
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
As shown in fig. 1 to 6, the backup network shortest path blocking method based on the dual algorithm provided in the present application, in one embodiment, includes the following steps:
102, establishing a network model according to the shortest path blocking problem of the node network; the aggressor target in the network model is to block network links in the node network to maximize the shortest path of the defender when limited resources are available, and the defender target is to find the shortest path from the starting node to the target node in the node network.
104, establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables the backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker.
And 106, constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model.
And 108, solving the backup activation shortest path blocking model based on a dual algorithm.
Blocking means taking measures such as intrusion, interference on a network level or firepower attack and destruction on a physical level, so as to achieve the purpose of reducing certain performances or disabling functions of a target network.
Network blocking (Network interference): and (4) implementing blocking behaviors on the network with the specific function, and maximally reducing the function indexes of the network. The network blocking problem comprises two attacking and defending parties of the network: an attacker and a defender. The defender of the network maintains the functional network and optimizes the service thereof, and is responsible for realizing and maintaining a certain optimization index of the network, such as the shortest path or the maximum flow transmission of information flow from the starting node s to the target node t; and under the constraint of certain blocking resources, an attacker tries to block nodes or links in the network, so that the performance of the network is reduced or the function of the network is disabled, for example, the shortest path of the target network information flow from the starting node s to the target node t is maximized or the maximum flow of the target network information flow is minimized through blocking the edges or the nodes.
Shortest Path Network Interruption (SPNI): shortest-path network blocking is a special case of the network blocking problem, the defender aims to minimize the shortest path (shortest path length or shortest information transfer time) from the starting node to the target node, and the attacker aims to block nodes or links in the network by using limited resources, so that the shortest path of the defender is maximized.
From the viewpoint of the network itself coping with the failure, the operator of the network may generally prepare in advance to ensure the function and performance of the network, and take actions such as backup activation, succession, repair, etc. after the network is damaged. In the previous shortest-circuit blocking research, a defender selects a new shortest path after an aggressor blocks without other defense measures, so that the defender is always in a passive position. However, in a real situation, as an operator and a maintainer of a network, a defender can design and implement a backup mechanism according to actual requirements such as toughness, elasticity, security and the like.
Thus, considering the interference in the face of an attacker, the defender can backup some edges in advance and activate some backup edges when some edges of the network are blocked. In general, the backup links provided in a network system are determined by the physical conditions and budget of the system itself, and it is costly to activate the backup links. Based on the above considerations, the defender may pre-backup some links when constructing the network based on system conditions and budget, activate corresponding backup edges on the fly when the network is attacked, and select a path including the backup edges for information transfer, where the selected path including the backup edges is generally shorter than the path without the backup mechanism. That is, the backup mechanism may improve the network's resilience to malicious attacks.
The method provides a new blocking problem of a single-layer network, and in an attack and defense scene of the single-layer network, aiming at the situation that a defending party is passively attacked, from the perspective of the defending party, on the basis of an original shortest-path target, a network backup mechanism is considered to be added, namely, a defense strategy of link backup is considered, namely, the defending party backs up a part of links in the network in advance.
Since in practical situations, both network attacking and defending parties are not simple attack-the mode of selecting an escape path, the defending party also has resources available for deploying the defense. Therefore, in order to explore the influence of an active defense mechanism which is pre-backed up and activated by a machine in the process of network blocking attack and defense on an attack and defense decision, the active defense mechanism of a defense party in the network is considered, and a new network blocking problem is proposed and researched on the basis of the information flow shortest path network blocking problem: the shortest path blocking problem of the backup network is that under the blocking strategy of the attacker, the defender can activate the link which is backed up in advance and put into use, so as to reduce the influence of the attack on the network function and performance.
Taking the shortest-circuit model as an example, a backup network model is provided, a backup network shortest-circuit blocking model is established for the problem of the shortest-circuit blocking of the backup network, and basic description and a mathematical planning model of the problem are provided.
In order to eliminate the influence of integer constraint of a defensive party variable, the model is subjected to equivalent transformation by a method of relaxing the variable, finally, a dual algorithm is provided for the shortest path blocking problem of a backup network, the optimal blocking strategy of an attacking party and the optimal path selection strategy and the backup activation strategy of the defensive party are solved, and a model and algorithm verification experiment, an algorithm performance comparison experiment and a model effect analysis experiment under different backup link proportions are carried out by using simulation data.
The network backup proportion has a saturation characteristic on the model effect, and the research on the problem provides theoretical basis and decision support for the decision maker in the attack and defense decision and the attack and defense resource allocation in the backup network. The problem can be based on a backup network mechanism of a defending party, and a blocking strategy of an attacking party, a path selection strategy of the defending party and a backup activation strategy can be given.
In one embodiment, the network model and the backup network model each include a plurality of nodes, and network links or backup links are formed between the nodes, and each of the network links or the backup links has a link cost.
In a given network G, a defender of the network (i.e. a user of the network) attempts to pass on information or traffic flows from an originating node s to a target node t. Each link in the network has a certain experience cost (such as time delay, resource consumption and the like), so that the defender aims to realize the service flow from s to t with the minimum link experience cost; as a counterpoise of the network, an attacker may wish to paralyze its network or prevent the implementation of its traffic flow by attacking the links in network G. But in practical situations, the resources of the attacker are limited, and after the attack, the nodes and the links may be repaired, so that the reaction time of the network is increased. The model therefore takes into account that the attacker allocates limited attack resources in the network to increase the defensive party's experienced cost, such as increasing its time required to complete a business process or the resource consumption to complete a business process. In addition to the basic network setting and the targets of both attacking and defending parties, the model considers that the defending party can backup a part of the network when constructing the network, and can select a part of backup edges to be activated and used when the network is attacked, so that the influence of the network attack is ensured to be as small as possible.
The constructed network is shown in fig. 2, letters and numbers in the nodes represent numbers, solid lines represent normal network links, dotted lines represent backup links, and the backup links can be regarded as normal links after being activated, but cannot be attacked at any time. The number on the link represents the elapsed cost, here considered the time delay, representing the time required for the information to travel through the link.
Fig. 2 to 4 show examples of the shortest network blocking.
When the backup is not considered, the attacker is supposed to block only 3 links, and when the attacker is not attacked, the shortest path of the network is s-3-t in fig. 2, and the time delay is 8; when the attacker blocks the network, the shortest path of the network is s-1-3-t in fig. 3, the time delay is 12, s-3, s-4, 1-2 indicates blocking, and the number in parentheses on the blocked solid line indicates the time delay after the link is blocked.
When the backup activation is considered, the dotted lines in the graph can be used as normal links for information transmission; when the attack is not attacked, if the resources are consumed to activate the backup, the shortest path of the network is s-5-t in fig. 2, and the time delay is shortened from 8 to 6 compared with the time delay without considering the backup; when the attacker blocks the network, the shortest path of the network, s-4-t in fig. 4, is shortened from 12 to 10 compared to the time delay without taking the backup into account.
Therefore, the backup activation is considered in the network, the toughness of the network can be effectively improved, and when the network is not attacked, the network can temporarily improve the performance of the network by activating the backup, as shown in the case of fig. 2; when the network is attacked, the backup can be activated to ensure that the network functions operate effectively, as shown in the case of fig. 4. Meanwhile, the situation is that the attacker can only block 3 links, and when the attacker blocks more resources, the effect is more obvious. However, activating backup also requires consuming resources (such as power, etc.), so the present application selects a link for backup activation under the condition of limited resources to ensure normal use of network functions.
In one embodiment, the backup network model is subjected to planning processing, and the establishing of the backup activation shortest path blocking model includes:
problem description: in the backup network model, an initial node s and a target node t; the defender backs up a part of the link in advance, and the link cannot pass through when the backup link is not activated. The target of the defender is to search the shortest path from the starting node s to the target node t in the network, and the length of the path from the starting node s to the target node t is defined as the sum of the lengths of the links in the s-t path; the aggressor goal is to block certain links in the network with limited resources R to maximize the shortest path for the defender; after the network is blocked by the attacker, the defender activates and enables a small number of backup links according to the current network state so as to minimize the attack effect of the attacker;
symbol specification: a backup network is defined as G (N, a), where N { (1, 2., } denotes a set of nodes, a { (i, j) | i, j ∈ N } denotes a set of network links, B { (i, j) | i, j ∈ N } denotes a set of link backups, B is a proper subset of a, i, j denotes a node number, and nodes s and t denote an originating node and a target node, respectively; c. CkRepresents the length of link k ∈ A, which will increase by d when link k is blockedk(dk> 0) to ck+dk(when d iskWhen the size is large enough, the link k can be considered to be completely blocked and can not pass through); r isk(rk> 0) represents the blocking resource needed by the attack party to block the link k, and the total amount of the blocking resource is defined as R; q. q.sk(qk> 0) represents the backup activation resource needed by the defensive side activation link k, and the total amount of the backup activation resource is defined as Q; let fs (i) and rs (i) respectively represent an outgoing edge set and an incoming edge set of the node i, where fs (i) { (i ', j') ∈ ai ═ i }, and rs (i) { (j ', i') ∈ ai ═ i };
defining a binary variable xkFor the blocking variable of the attack party, 1 is taken to represent that the attack party blocks a link k, and 0 is taken to represent that the link k is not blocked; defining a binary variable ykSelecting variables for the defensive side path, taking 1 to indicate that the defensive side path passes through a link k, and taking 0 to indicate that the defensive side path does not pass through; defining a binary variable zkBackup of activation variables for defenders, when k ∈ B, zkTaking 1 to indicate that the defender activates the backup link k, taking 0 to indicate that the backup link is not activated, and when k belongs to A-B, z is equal tokTaking a fixed value of 1, and not considering as a backup edge; bold represents the vector form of the corresponding scalar.
Planning the model: according to the above problem description and related symbolic regulations, the Backup Network Shortest Path Interconnection (BNSPI) is a two-layer mixed integer programming problem, and based on the MXSP-P model for edge blocking, a programming model for the BNSPI problem can be obtained, that is, the Backup activation Shortest Path blocking model is expressed as follows:
Figure BDA0003471199760000111
Figure BDA0003471199760000112
Figure BDA0003471199760000113
k∈Arkxk≤R (4)
k∈Sqkzk≤Q (5)
Figure BDA0003471199760000114
Figure BDA0003471199760000115
Figure BDA0003471199760000116
wherein, the formula (2) is a flow conservation constraint, ensuring that the defensive party passes through a complete s-t path. Equation (3) indicates that the defender cannot pass through the inactive backup edge. Equation (4) and equation (5) represent the blocking resource constraint of the attacker and the backup activation resource constraint of the defender, respectively. Equation (6) is an aggressor blocking variable constraint and also indicates that the backup link cannot be blocked. (7) Is a defender path selection variable, (8) is a defender backup activation variable, which indicates that only the backup edge can be activated (1 is taken when activated, 0 is taken when not activated), and the non-backup edge takes a fixed value of 1.
The shortest-circuit blocking problem is a classic two-layer programming problem, which includes two parts: solving the shortest-path problem of the inner layer and blocking resource allocation problem of the outer layer, wherein the two problems respectively correspond to the minimization problem and the maximization problem in the two-layer planning model. The solution of the two-layer planning problem can be realized by linearly dualizing the minimization problem of the inner layer and converting the minimization problem into the maximization problem, so that maxmin conflict in the original problem is solved, and the original two-layer planning problem is converted into the single-layer planning problem. In the shortest blocking problem of the backup network, the inner variable ykAnd ZkAre all Integer variables that take values from 0 to 1, and thus the problem is a Mixed Integer programming problem (MILP). Since the linear dual theory can only be applied to linear programming models, consider by considering the variable ykAnd zkAnd (4) relaxing to a continuous space, and converting the problem into a linear programming problem from a mixed integer programming problem.
In BNSPI, when all y in the optimal solutionkWhen both 0 and 1 are taken, only one path from the starting node s to the target node t is formed in the graph G; when y is present in the optimal solutionkWhen the value is in the range (0, 1), it means that there are more than two paths from the start node s to the target node t, and two situations occur: (1) if the lengths of the paths are not equal, the optimal solution must fall on the shortest of the pathsThe current solution is not the optimal solution, so the situation is not established; (2) if the paths are equal in length, the defense passes through a complete s-t path due to the flow conservation constraint, so the final solution must fall on one of the s-t paths, and any y at this timekBoth take 0 or 1.
Therefore, in the backup network shortest path block problem BNSPI, when the problem takes the optimal solution, two discrete integer variables, the path selection variable ykAnd a backup activation variable zkEquivalent to two continuous variables
Figure BDA0003471199760000121
And
Figure BDA0003471199760000122
thus, the BNSPI problem can be formalized, which differs from the original model in that the values of the two variables of the defender are relaxed to the range of [0, 1 ].
In one embodiment, before solving the backup activation shortest blocking model based on a dual algorithm, the method further includes:
and converting the backup activation shortest path blocking model to obtain a formalized expression:
Figure BDA0003471199760000123
Figure BDA0003471199760000124
Figure BDA0003471199760000125
k∈Arkxk≤R (12)
k∈sqkzk≤Q (13)
Figure BDA0003471199760000131
Figure BDA0003471199760000132
Figure BDA0003471199760000133
although the backup network shortest blocking problem is more complex and contains more variables and constraints than the shortest blocking problem, both problems can be solved by a Dual-and-combination method due to the similarity of the objective functions and constraint structures of the two problems.
In one embodiment, a solution is performed using a dual algorithm:
firstly, fixing a blocking variable x of an outer layer, and regarding x as a constant; then, the maximization target of the outer layer can be temporarily ignored to obtain the minimization problem of the inner layer, and after the vector form of the minimization problem is normalized, the minimization problem is marked as BNSPI-S and expressed as follows:
Figure BDA0003471199760000134
Figure BDA0003471199760000135
wherein all vectors are column vectors. y and z are vector forms of an inner layer path selection variable and a backup activation variable, ysIs a non-negative residual variable generated upon normalization;
Figure BDA0003471199760000136
T1and T2Are each in the shape of [ n, m],[(m-l)*m]Wherein n is the number of nodes in the network, m is the number of links in the network, and l is the backup link in the networkThe number of the cells. I is1,I2,I3Is in the shape of [ m x m]The identity matrix of (2). a is1Is a coefficient vector, and b is a constant vector. In order to express the constraints more clearly, the variables and coefficients in the BNSPI-S constraints are separated and arranged as shown in formula (18), wherein the left matrix is the variable coefficients and the right matrix corresponds to the vector of the variables. (18) In the left matrix, the first row corresponds to a flow conservation constraint (2), the second row corresponds to a backup activation variable constraint (8), the third row corresponds to a constraint (3), and the fourth row corresponds to a backup activation resource constraint (5). When multiplication is carried out, the first column of the left block matrix is multiplied by y, the second column is multiplied by z, and the last two columns are multiplied by ysMultiplication.
Then, after the inner layer minimization problem is paired, a correspondingly maximized dual form is obtained, and the inner layer problem and the outer layer problem have the same optimization direction. Finally, by relaxing CTThe fixed x in the middle is a decision variable, so that the BNSPI is converted into a single-layer optimization problem, and the single-layer optimization problem can be solved through a standard optimization solver. The dual form of BNSPI is denoted as BNSPI-D, which is expressed as follows:
Figure BDA0003471199760000141
Figure BDA0003471199760000142
Figure BDA0003471199760000143
Figure BDA0003471199760000144
Figure BDA0003471199760000145
ω1,ω2,ω3,ω4≥0 (24)
Figure BDA0003471199760000146
where ω is a dual variable satisfying the relationship bTω=CTy。
The backup network shortest path blocking method and device based on the dual algorithm solve the problem of the expansion of the shortest path network blocking problem: the shortest path blocking problem of a backup network is that on the basis of the original shortest path blocking problem, a defense party is additionally considered to be capable of carrying out link backup and activating backup during attack so as to reduce the influence of the attack on the network, and a backup network model can accurately depict the actual attack and defense process and effectively reflect the characteristics of actual attack and defense decision; a planning model of the backup network shortest path blocking problem is provided, backup network scenes and specific settings are depicted, equivalent transformation is performed on the backup activation shortest path blocking model according to the characteristics of the proposed planning model, and a dual algorithm framework is provided for solving the problem on the basis.
It should be understood that, although the steps in the flowchart of fig. 1 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 1 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In one embodiment, a backup network shortest path blocking experiment is performed, the backup network shortest path blocking data adopts BA network data generated by simulation, and table 1 shows two solving methods of the BNSPI problem in the simulation network data: the performance of the dual algorithm and the performance of the Benders decomposition algorithm under different network scales are compared, and it can be seen that the solving efficiency difference of the two algorithms is small.
Table 1 backup network shortest path blocking algorithm comparison
Figure BDA0003471199760000151
Table 2 shows the shortest path lengths in the networks of different sizes under different conditions in the simulated network data, each network of size containing 100 simulation graphs. In all cases, the number of blocking links is given as 10; 15% of links are randomly backed up, and at most 2 backup links can be activated. Wherein ASP represents the average shortest length of the simulation graph under the unblocked-inactivated backup condition, ASP-B represents the average shortest length of the simulation graph under the unblocked-activated backup condition, ASP-I represents the average shortest length of the simulation graph under the blocked-activated backup condition, and ASP-I-B represents the average shortest length of the simulation graph under the blocked-activated backup condition.
Table 2 simulation network experiment result table
Figure BDA0003471199760000152
As can be seen from table 2, when not under attack, by activating the backup link, a path shorter than the original shortest path can be found in some cases, but since the experiment adopts a random backup strategy, the advantage of backup is not obvious from this point of view. Comparing the two columns of ASP-I and ASP-I-B data shows that after the network is blocked, the influence of the attack on the network can be effectively reduced by activating the backup link. In fact, the experimental data is an average value of the shortest path of a plurality of cases, and includes cases in which part of the backup strategy is not effective, and in the specific case in which the backup is effective, the effect of backup activation is more remarkable than the result in the table above.
The effect of the model when different numbers of nodes are backed up in each network is tested below. Experiments are respectively carried out in BA networks with 100 nodes and 200 nodes, and an attacker blocks at most 10% of links of the total number of links, wherein 100 blocking cases are generated in each scale of network, and ASP-I-B values are used as the effect evaluation indexes of the model, and the results are shown in fig. 5 and fig. 6.
From the above results, it can be seen that as the ratio of backup links increases, the average shortest path ASP-I-B after network blocking decreases. The ASP-I-B value is decreased rapidly at first, the decreasing rate is gradually reduced when the backup proportion reaches 15% -20%, and the decreasing trend of the ASP-I-B value is gradually gentle when the backup proportion reaches 25% -30%. This shows that with the increase of the proportion of the backup link, the toughness of the network can be effectively improved at first, and when the proportion of the backup link reaches about 15%, the backup link reaches the maximum efficiency, that is, the effect of good efficiency can be achieved by spending less resources for backup. When the proportion of the backup links is increased, the cost performance of the backup links is gradually reduced, namely the number of the backup links is increased without obvious effect. When the backup proportion reaches about 25%, the link backup effect is saturated, the income for continuously increasing the number of backup links is very low, and the waste of resources is caused.
By combining the above, the experimental results verify the correctness of the model and the algorithm, the proposed algorithm can correctly solve the blocking strategy of the attacker, the backup activation strategy and the path selection strategy of the defender are given based on the current blocking condition, and meanwhile, the effectiveness of the link backup mechanism in coping with network attacks is also verified. The follow-up experimental data show that the more links are not backed up, the better the links are, the backup proportion has certain saturation, the number of the backup links is increased after the saturation point is reached, and the income is greatly reduced.
This application is based on classic shortest network blocks the problem, has proposed the extension problem that the shortest network blocked the problem: the shortest path blocking problem of the backup network. On the basis of the original shortest path blocking problem, the defense party is additionally considered to be capable of carrying out link backup and activating the backup in the attack so as to reduce the influence of the attack on the network. And then, a planning model of the shortest path blocking problem of the backup network is given, and the backup network scene and the specific setting are depicted. According to the proposed planning model, the model is equivalently converted according to the characteristics of the planning model, and relevant proofs are given, on the basis, a dual algorithm framework is finally proposed for solving the problem, and the correctness of the algorithm is proved. Because the random backup strategy is adopted in the experiment, the backup activation does not take effect in many cases, and the average value of the path lengths of a plurality of cases is used as an evaluation index, so that the experimental result can not fully embody the advantages of the backup activation, but the effect of reducing the influence brought by the network attack is very obvious in the case that the backup activation takes effect.
As shown in fig. 7, in one embodiment, there is provided an apparatus comprising: a network model building module 702, a backup network model building module 704, a backup activation shortest path blocking model building module 706, and a solving module 708, wherein:
a network model establishing module 702, configured to establish a network model according to the shortest path blocking problem of the node network; the aggressor target in the network model is to block network links in the node network to maximize the shortest path of the defender when limited resources are available, and the defender target is to find the shortest path from the starting node to the target node in the node network.
A backup network model establishing module 704, configured to establish a backup network according to the node network, and obtain a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables the backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker.
And a backup activation shortest blocking model establishing module 706, configured to establish a backup activation shortest blocking model according to the constraint condition and the optimization objective in the backup network model.
A solving module 708, configured to solve the backup activation shortest blocking model based on a dual algorithm.
In an embodiment, the backup network model building module 704 is further configured to build a backup network according to the node network, and obtain a backup network model according to the backup network and the network model, including:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
the backup network is defined as G (N, a), where N { (1, 2., } denotes a node set, a { (i, j) | i, j ∈ N } denotes a set of network links, B { (i, j) | i, j ∈ N } denotes a set of link backups, B is a proper subset of a, and i, j denotes a node number.
In one embodiment, the backup activation shortest blocking model building module 706 is further configured to: according to the constraint conditions and the optimization target in the backup network model, constructing a backup activation shortest path blocking model:
Figure BDA0003471199760000181
Figure BDA0003471199760000182
Figure BDA0003471199760000183
k∈Arkxk≤R
k∈Sqkzk≤Q
Figure BDA0003471199760000184
Figure BDA0003471199760000185
Figure BDA0003471199760000186
in the formula: s represents a start node, and t represents a target node; c. CkRepresenting the length of the link k epsilon A; r iskRepresenting blocking resources required by an attack party for blocking a link k, and R representing the total amount of the blocking resources; q. q.skThe backup activation resources required by the defense side activation link k are represented, and Q represents the total quantity of the backup activation resources; FS (i) represents the outgoing edge set of the node i, and RS (i) represents the incoming edge set of the node i; x is the number ofkBlocking variables for aggressors, ykSelecting a variable, z, for the defensive side pathkThe activation variables are backed up for the defenders.
In one embodiment, the solving module 708 is further configured to, before solving the backup active shortest blocking model based on a dual algorithm, further include:
and converting the backup activation shortest path blocking model to obtain a formalized expression:
Figure BDA0003471199760000187
Figure BDA0003471199760000188
yk≤zk
Figure BDA0003471199760000189
k∈Arkxk≤R
k∈Sqkzk≤Q
xk∈{0,1},
Figure BDA00034711997600001913
xk=0,
Figure BDA00034711997600001914
yk∈[0,1],
Figure BDA0003471199760000192
zk=1,
Figure BDA00034711997600001915
zk∈[0,1],
Figure BDA00034711997600001916
in one embodiment, the solving module 708 is further configured for the dual algorithm to include:
converting the backup activation shortest blocking model into a minimization problem and normalizing in a vector form:
Figure BDA0003471199760000194
Figure BDA0003471199760000195
where y and z are vector forms of an inner layer path selection variable and a backup activation variable, ysIs a non-negative residual variable generated upon normalization;
Figure BDA0003471199760000196
T1and T2Respectively, is of the shape [ n m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i is1,I2,I3Is in the shape of [ m x m]The identity matrix of (1); a is1Is a coefficient vector, b is a constant vector;
the inner minimization problem is dual and converted into a single-layer optimization problem:
Figure BDA0003471199760000197
Figure BDA0003471199760000198
Figure BDA0003471199760000199
Figure BDA00034711997600001910
Figure BDA00034711997600001911
ω1,ω2,ω3,ω4≥0
xk∈{0,1},
Figure BDA00034711997600001917
xk=0,
Figure BDA00034711997600001918
where ω is a dual variable satisfying the relationship bTω=CTy。
In one embodiment, the backup network model building module 704 is further configured to: the network model and the backup network model both comprise a plurality of nodes, network links or backup links are formed between the nodes, and the network links or the link backups both have link costs.
For specific limitations of the backup network shortest path blocking device based on the dual algorithm, reference may be made to the above limitations of the backup network shortest path blocking method based on the dual algorithm, and details are not described here. The modules in the backup network shortest path blocking device based on the dual algorithm can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a backup network shortest path blocking method based on a dual algorithm. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like. The computer equipment can be simulation equipment, the input device inputs related information into the simulation equipment, the processor executes programs in the memory to carry out combined simulation, and the display screen displays related simulation results.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In an embodiment, a computer device is provided, comprising a memory storing a computer program and a processor implementing the steps of the method in the above embodiments when the processor executes the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method in the above-mentioned embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (9)

1. The backup network shortest path blocking method based on the dual algorithm is characterized by comprising the following steps:
establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
2. The method of claim 1, wherein establishing a backup network based on the network of nodes, and deriving a backup network model based on the backup network and the network model comprises:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
the backup network is defined as G (N, a), where N { (1, 2., } denotes a node set, a { (i, j) | i, j ∈ N } denotes a set of network links, B { (i, j) | i, j ∈ N } denotes a set of link backups, B is a proper subset of a, and i, j denotes a node number.
3. The method of claim 2, wherein constructing a backup activation shortest blocking model according to constraints and optimization objectives in the backup network model comprises:
Figure FDA0003471199750000011
Figure FDA0003471199750000012
Figure FDA0003471199750000013
k∈Arkxk≤R
Figure FDA0003471199750000021
Figure FDA0003471199750000022
Figure FDA0003471199750000023
Figure FDA0003471199750000024
in the formula: s represents a start node, and t represents a target node; c. CkRepresenting the length of the link k epsilon A; r iskRepresenting blocking resources required by an attack party for blocking a link k, and R representing the total amount of the blocking resources; q. q.skThe backup activation resources required by the defense side activation link k are represented, and Q represents the total quantity of the backup activation resources;FS (i) represents the outgoing edge set of the node i, and RS (i) represents the incoming edge set of the node i; x is the number ofkBlocking variables for aggressors, ykSelecting a variable, z, for the defensive side pathkThe activation variables are backed up for the defenders.
4. The method of claim 3, further comprising, prior to solving the backup active shortest blocking model based on a dual algorithm:
and converting the backup activation shortest path blocking model to obtain a formalized expression:
Figure FDA0003471199750000025
Figure FDA0003471199750000026
Figure FDA0003471199750000027
k∈Arkxk≤R
k∈Sqkzk≤Q
Figure FDA0003471199750000028
Figure FDA0003471199750000029
Figure FDA00034711997500000210
5. the method of any of claims 1 to 4, wherein the dual algorithm comprises:
converting the backup activation shortest blocking model into a minimization problem and normalizing in a vector form:
Figure FDA00034711997500000211
Figure FDA0003471199750000031
where y and z are vector forms of an inner layer path selection variable and a backup activation variable, ysIs a non-negative residual variable generated upon normalization;
Figure FDA0003471199750000032
T1and T2Respectively, is of the shape [ n m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i is1,I2,I3Is in the shape of [ m x m]The identity matrix of (1); a is1Is a coefficient vector, b is a constant vector;
the inner minimization problem is dual and converted into a single-layer optimization problem:
Figure FDA0003471199750000033
Figure FDA0003471199750000034
Figure FDA0003471199750000035
Figure FDA0003471199750000036
Figure FDA0003471199750000037
ω1,ω2,ω3,ω4≥0
Figure FDA0003471199750000038
where ω is a dual variable satisfying the relationship bTω=CTy。
6. The method according to any of claims 1 to 4, wherein the network model and the backup network model each comprise a plurality of nodes, and wherein network links or backup links are formed between the nodes, and wherein the network links or the backup links each have a link cost.
7. Backup network shortest path blocking device based on dual algorithm, its characterized in that includes:
the network model establishing module is used for establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
the backup network model establishing module is used for establishing a backup network according to the node network and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
the backup activation shortest path blocking model establishing module is used for establishing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and the solving module is used for solving the backup activation shortest path blocking model based on a dual algorithm.
8. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
CN202210043448.6A 2022-01-14 2022-01-14 Backup network shortest path blocking method and device based on dual algorithm Active CN114401137B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210043448.6A CN114401137B (en) 2022-01-14 2022-01-14 Backup network shortest path blocking method and device based on dual algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210043448.6A CN114401137B (en) 2022-01-14 2022-01-14 Backup network shortest path blocking method and device based on dual algorithm

Publications (2)

Publication Number Publication Date
CN114401137A true CN114401137A (en) 2022-04-26
CN114401137B CN114401137B (en) 2023-09-08

Family

ID=81231411

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210043448.6A Active CN114401137B (en) 2022-01-14 2022-01-14 Backup network shortest path blocking method and device based on dual algorithm

Country Status (1)

Country Link
CN (1) CN114401137B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080025209A1 (en) * 2006-07-31 2008-01-31 Technion Research And Development Foundation Ltd. Method and apparatus for protecting a communication network against failure
CN104380672A (en) * 2012-04-27 2015-02-25 瑞典爱立信有限公司 Three stage folded clos optimization for 802.1aq
CN105516184A (en) * 2015-12-31 2016-04-20 清华大学深圳研究生院 Increment deployment SDN network-based method for defending link flooding attack
CN111478811A (en) * 2020-04-07 2020-07-31 中国人民解放军国防科技大学 Network key point analysis method based on double-layer information flow transmission
CN111756687A (en) * 2020-05-15 2020-10-09 国电南瑞科技股份有限公司 Defense measure configuration method and system for coping with network attack
CN112436957A (en) * 2020-11-03 2021-03-02 深圳市永达电子信息股份有限公司 PDRR network security guarantee model parallel implementation system based on cloud computing
CN112565272A (en) * 2020-12-09 2021-03-26 中国人民解放军国防科技大学 Method and device for blocking minimum Steiner tree of double-layer network and computer equipment
CN112738125A (en) * 2021-01-07 2021-04-30 中国重型机械研究院股份公司 Network security collaborative defense system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080025209A1 (en) * 2006-07-31 2008-01-31 Technion Research And Development Foundation Ltd. Method and apparatus for protecting a communication network against failure
CN104380672A (en) * 2012-04-27 2015-02-25 瑞典爱立信有限公司 Three stage folded clos optimization for 802.1aq
CN105516184A (en) * 2015-12-31 2016-04-20 清华大学深圳研究生院 Increment deployment SDN network-based method for defending link flooding attack
CN111478811A (en) * 2020-04-07 2020-07-31 中国人民解放军国防科技大学 Network key point analysis method based on double-layer information flow transmission
CN111756687A (en) * 2020-05-15 2020-10-09 国电南瑞科技股份有限公司 Defense measure configuration method and system for coping with network attack
CN112436957A (en) * 2020-11-03 2021-03-02 深圳市永达电子信息股份有限公司 PDRR network security guarantee model parallel implementation system based on cloud computing
CN112565272A (en) * 2020-12-09 2021-03-26 中国人民解放军国防科技大学 Method and device for blocking minimum Steiner tree of double-layer network and computer equipment
CN112738125A (en) * 2021-01-07 2021-04-30 中国重型机械研究院股份公司 Network security collaborative defense system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
XIANGYU WEI等: ""Shortest Path Network Interdiction With Goal Threshold"", 《IEEE ACCESS》, vol. 6 *
朱承等: ""基于动态多重网络的目标体系建模与分析"", 《指挥与控制学报》, vol. 2, no. 4 *

Also Published As

Publication number Publication date
CN114401137B (en) 2023-09-08

Similar Documents

Publication Publication Date Title
Hasegawa et al. A novel chaotic search for quadratic assignment problems
CN110995520B (en) Network flow prediction method and device, computer equipment and readable storage medium
CN112565272B (en) Method and device for blocking minimum Steiner tree of double-layer network and computer equipment
Clempner et al. Convergence analysis for pure stationary strategies in repeated potential games: Nash, Lyapunov and correlated equilibria
Zhang et al. Non-cooperative inverse reinforcement learning
Wang et al. Network routing for insurgency: An adversarial risk analysis framework
Abdallah et al. The effect of behavioral probability weighting in a simultaneous multi-target attacker-defender game
Ravishankar et al. Time dependent network resource optimization in cyber–physical systems using game theory
Rana et al. Free2shard: Adversary-resistant distributed resource allocation for blockchains
Yadav et al. SmartPatch: A patch prioritization framework
Dann et al. Best of both worlds policy optimization
Wang et al. Consensus algorithm analysis in blockchain: PoW and Raft
CN114401137A (en) Backup network shortest path blocking method and device based on dual algorithm
Wang et al. Optimal voting strategy against rational attackers
CN114401200A (en) Backup network shortest path blocking method and device based on Bender decomposition algorithm
CN116684152A (en) Active defense method, device and system for multiple aggressors
Shao et al. Multistage attack–defense graph game analysis for protection resources allocation optimization against cyber attacks considering rationality evolution
CN114257507A (en) Method for improving network information sharing level based on evolutionary game theory
Zhang et al. Defending against stealthy attacks on multiple nodes with limited resources: A game-theoretic analysis
WO2022252039A1 (en) Method and apparatus for adversarial attacking in deep reinforcement learning
Emadi et al. On the characterization of saddle point equilibrium for security games with additive utility
CN112884361A (en) Multi-scenario equipment combination method, system, computer device and storage medium
Wu et al. Reward-based deception with cognitive bias
Diamah et al. Network security evaluation method via attack graphs and fuzzy cognitive maps
Tavori et al. Tornadoes in the cloud: Worst-case attacks on distributed resources systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant