CN114401137A - Backup network shortest path blocking method and device based on dual algorithm - Google Patents
Backup network shortest path blocking method and device based on dual algorithm Download PDFInfo
- Publication number
- CN114401137A CN114401137A CN202210043448.6A CN202210043448A CN114401137A CN 114401137 A CN114401137 A CN 114401137A CN 202210043448 A CN202210043448 A CN 202210043448A CN 114401137 A CN114401137 A CN 114401137A
- Authority
- CN
- China
- Prior art keywords
- network
- backup
- node
- blocking
- model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2111/00—Details relating to CAD techniques
- G06F2111/02—CAD in a network environment, e.g. collaborative CAD or distributed simulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2111/00—Details relating to CAD techniques
- G06F2111/04—Constraint-based CAD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Geometry (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a backup network shortest path blocking method and device based on a dual algorithm. The method comprises the following steps: establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network to maximize the shortest path of a defense party when limited resources exist, and the defense party target is to search the shortest path from an initial node to a target node in the node network; establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker; constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target; and solving based on a dual algorithm. By adopting the method and the system, the defense party can perform link backup and activate the link backup in the attack so as to reduce the influence of the attack on the network.
Description
Technical Field
The application relates to the technical field of computer processing, in particular to a backup network shortest path blocking method and device based on a dual algorithm.
Background
Network blocking (Network interaction) is an operation optimization problem closely related to Network structure and node attributes, the core of the Network blocking is to research targets and behaviors of both attacking and defending parties in a Network, and the Network blocking is widely applied to the fields of military affairs, transportation, economy and the like at present. Since the policies and actions of both the defending party and the blocking party of the network need to be considered at the same time, the network blocking problem also needs to be considered from the perspective of the master-slave gaming problem. The opposite of the network blocking problem is the network protection problem: for the possible blocking of the blocking party to the own network, how to use the limited protection resources to make a protection strategy of the node or the edge makes the influence of the blocking on the own network as small as possible. Therefore, in the field of network security, it is very important to study the network blocking problem from the perspective of network aggressors or network defenders.
The existing research is continuously developed in the aspects of modeling and solving the network blocking problem, but still has some challenges that restrict the practical application of the existing research, including:
the existing network blocking research mainly considers how to make the enemy network degrade with minimum cost and even paralyze the whole network from the perspective of an attacker. In the existing research, it is generally assumed that a defending party always passively deals with attacks and active defense in the attacking and defending process is rarely considered, so that the characteristics of actual attacking and defending decisions are difficult to effectively reflect.
However, in an actual process, the defense party not only optimizes a decision based on a self target, but also has certain defense resources for deploying an active defense strategy in an attack and defense process, so that in a blocking problem research, neglecting the active defense strategy of the defense party can cause that a model is difficult to accurately depict the actual attack and defense process and can not effectively reflect the characteristics of the actual attack and defense decision.
Disclosure of Invention
Therefore, it is necessary to provide a backup network shortest path blocking method and device based on a dual algorithm to solve the above technical problems, and consider that a defending party can perform link backup and can activate backup in case of an attack, so as to reduce the influence of the attack on the network.
The backup network shortest path blocking method based on the dual algorithm comprises the following steps:
establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
In one embodiment, establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model comprises:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
the backup network is defined as G (N, a), where N { (1, 2., } denotes a node set, a { (i, j) | i, j ∈ N } denotes a set of network links, B { (i, j) | i, j ∈ N } denotes a set of link backups, B is a proper subset of a, and i, j denotes a node number.
In one embodiment, constructing the backup activation shortest blocking model according to the constraint conditions and the optimization objectives in the backup network model includes:
∑k∈Arkxk≤R
∑k∈Sqkzk≤Q
in the formula: s represents a start node, and t represents a target node; c. CkRepresenting the length of the link k epsilon A; r iskRepresenting blocking resources required by an attack party for blocking a link k, and R representing the total amount of the blocking resources; q. q.skThe backup activation resources required by the defense side activation link k are represented, and Q represents the total quantity of the backup activation resources; FS (i) represents the outgoing edge set of the node i, and RS (i) represents the incoming edge set of the node i; x is the number ofkBlocking variables for aggressors, ykSelecting a variable, z, for the defensive side pathkThe activation variables are backed up for the defenders.
In one embodiment, before solving the backup activation shortest blocking model based on a dual algorithm, the method further includes:
and converting the backup activation shortest path blocking model to obtain a formalized expression:
∑k∈Arkxk≤R
∑k∈Sqkzk≤Q
in one embodiment, the dual algorithm comprises:
converting the backup activation shortest blocking model into a minimization problem and normalizing in a vector form:
where y and z are vector forms of an inner layer path selection variable and a backup activation variable, ysIs a non-negative residual variable generated upon normalization;T1and T2Respectively, is of the shape [ n m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i is1,I2,I3Is in the shape of [ m x m]The identity matrix of (1); a is1Is a coefficient vector, b is a constant vector;
the inner minimization problem is dual and converted into a single-layer optimization problem:
ω1,ω2,ω3,ω4≥0
where ω is a dual variable satisfying the relationship bTω=CTy。
In one embodiment, the network model and the backup network model each include a plurality of nodes, and network links or backup links are formed between the nodes, and each of the network links or the backup links has a link cost.
Backup network shortest path blocking device based on dual algorithm includes:
the network model establishing module is used for establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
the backup network model establishing module is used for establishing a backup network according to the node network and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
the backup activation shortest path blocking model establishing module is used for establishing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and the solving module is used for solving the backup activation shortest path blocking model based on a dual algorithm.
A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program implements the steps of:
establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of:
establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
The backup network shortest path blocking method and device based on the dual algorithm solve the problem of the expansion of the shortest path network blocking problem: the shortest path blocking problem of a backup network is that on the basis of the original shortest path blocking problem, a defense party is additionally considered to be capable of carrying out link backup and activating backup during attack so as to reduce the influence of the attack on the network, and a backup network model can accurately depict the actual attack and defense process and effectively reflect the characteristics of actual attack and defense decision; a planning model for the shortest path blocking problem of the backup network is provided, backup network scenes and specific settings are depicted, equivalent transformation is performed on the backup activation shortest path blocking model according to the characteristics of the proposed planning model, a dual algorithm framework is provided on the basis of the equivalent transformation for solving the problem, and defense resources are deployed to ensure that the efficiency of the network is reduced to the minimum when the network is in uninterrupted operation and attacked.
Drawings
FIG. 1 is a flow chart of a backup network shortest path blocking method based on a dual algorithm in one embodiment;
FIG. 2 is a diagram illustrating a first shortest blocking case of the backup network in one embodiment;
FIG. 3 is a diagram illustrating a second shortest blocking case of the backup network in one embodiment;
FIG. 4 is a diagram illustrating a third shortest blocking case of the backup network in one embodiment;
FIG. 5 is a graph of the shortest path after blocking for different backup link ratios for a network of 100 nodes in one embodiment;
FIG. 6 is a graph of the shortest path after blocking for different backup link ratios for a network of 200 nodes in an embodiment;
FIG. 7 is a block diagram of a backup network shortest path blocking apparatus based on a dual algorithm according to an embodiment;
FIG. 8 is a diagram illustrating an internal structure of a computer device in one embodiment;
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
As shown in fig. 1 to 6, the backup network shortest path blocking method based on the dual algorithm provided in the present application, in one embodiment, includes the following steps:
102, establishing a network model according to the shortest path blocking problem of the node network; the aggressor target in the network model is to block network links in the node network to maximize the shortest path of the defender when limited resources are available, and the defender target is to find the shortest path from the starting node to the target node in the node network.
104, establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables the backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker.
And 106, constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model.
And 108, solving the backup activation shortest path blocking model based on a dual algorithm.
Blocking means taking measures such as intrusion, interference on a network level or firepower attack and destruction on a physical level, so as to achieve the purpose of reducing certain performances or disabling functions of a target network.
Network blocking (Network interference): and (4) implementing blocking behaviors on the network with the specific function, and maximally reducing the function indexes of the network. The network blocking problem comprises two attacking and defending parties of the network: an attacker and a defender. The defender of the network maintains the functional network and optimizes the service thereof, and is responsible for realizing and maintaining a certain optimization index of the network, such as the shortest path or the maximum flow transmission of information flow from the starting node s to the target node t; and under the constraint of certain blocking resources, an attacker tries to block nodes or links in the network, so that the performance of the network is reduced or the function of the network is disabled, for example, the shortest path of the target network information flow from the starting node s to the target node t is maximized or the maximum flow of the target network information flow is minimized through blocking the edges or the nodes.
Shortest Path Network Interruption (SPNI): shortest-path network blocking is a special case of the network blocking problem, the defender aims to minimize the shortest path (shortest path length or shortest information transfer time) from the starting node to the target node, and the attacker aims to block nodes or links in the network by using limited resources, so that the shortest path of the defender is maximized.
From the viewpoint of the network itself coping with the failure, the operator of the network may generally prepare in advance to ensure the function and performance of the network, and take actions such as backup activation, succession, repair, etc. after the network is damaged. In the previous shortest-circuit blocking research, a defender selects a new shortest path after an aggressor blocks without other defense measures, so that the defender is always in a passive position. However, in a real situation, as an operator and a maintainer of a network, a defender can design and implement a backup mechanism according to actual requirements such as toughness, elasticity, security and the like.
Thus, considering the interference in the face of an attacker, the defender can backup some edges in advance and activate some backup edges when some edges of the network are blocked. In general, the backup links provided in a network system are determined by the physical conditions and budget of the system itself, and it is costly to activate the backup links. Based on the above considerations, the defender may pre-backup some links when constructing the network based on system conditions and budget, activate corresponding backup edges on the fly when the network is attacked, and select a path including the backup edges for information transfer, where the selected path including the backup edges is generally shorter than the path without the backup mechanism. That is, the backup mechanism may improve the network's resilience to malicious attacks.
The method provides a new blocking problem of a single-layer network, and in an attack and defense scene of the single-layer network, aiming at the situation that a defending party is passively attacked, from the perspective of the defending party, on the basis of an original shortest-path target, a network backup mechanism is considered to be added, namely, a defense strategy of link backup is considered, namely, the defending party backs up a part of links in the network in advance.
Since in practical situations, both network attacking and defending parties are not simple attack-the mode of selecting an escape path, the defending party also has resources available for deploying the defense. Therefore, in order to explore the influence of an active defense mechanism which is pre-backed up and activated by a machine in the process of network blocking attack and defense on an attack and defense decision, the active defense mechanism of a defense party in the network is considered, and a new network blocking problem is proposed and researched on the basis of the information flow shortest path network blocking problem: the shortest path blocking problem of the backup network is that under the blocking strategy of the attacker, the defender can activate the link which is backed up in advance and put into use, so as to reduce the influence of the attack on the network function and performance.
Taking the shortest-circuit model as an example, a backup network model is provided, a backup network shortest-circuit blocking model is established for the problem of the shortest-circuit blocking of the backup network, and basic description and a mathematical planning model of the problem are provided.
In order to eliminate the influence of integer constraint of a defensive party variable, the model is subjected to equivalent transformation by a method of relaxing the variable, finally, a dual algorithm is provided for the shortest path blocking problem of a backup network, the optimal blocking strategy of an attacking party and the optimal path selection strategy and the backup activation strategy of the defensive party are solved, and a model and algorithm verification experiment, an algorithm performance comparison experiment and a model effect analysis experiment under different backup link proportions are carried out by using simulation data.
The network backup proportion has a saturation characteristic on the model effect, and the research on the problem provides theoretical basis and decision support for the decision maker in the attack and defense decision and the attack and defense resource allocation in the backup network. The problem can be based on a backup network mechanism of a defending party, and a blocking strategy of an attacking party, a path selection strategy of the defending party and a backup activation strategy can be given.
In one embodiment, the network model and the backup network model each include a plurality of nodes, and network links or backup links are formed between the nodes, and each of the network links or the backup links has a link cost.
In a given network G, a defender of the network (i.e. a user of the network) attempts to pass on information or traffic flows from an originating node s to a target node t. Each link in the network has a certain experience cost (such as time delay, resource consumption and the like), so that the defender aims to realize the service flow from s to t with the minimum link experience cost; as a counterpoise of the network, an attacker may wish to paralyze its network or prevent the implementation of its traffic flow by attacking the links in network G. But in practical situations, the resources of the attacker are limited, and after the attack, the nodes and the links may be repaired, so that the reaction time of the network is increased. The model therefore takes into account that the attacker allocates limited attack resources in the network to increase the defensive party's experienced cost, such as increasing its time required to complete a business process or the resource consumption to complete a business process. In addition to the basic network setting and the targets of both attacking and defending parties, the model considers that the defending party can backup a part of the network when constructing the network, and can select a part of backup edges to be activated and used when the network is attacked, so that the influence of the network attack is ensured to be as small as possible.
The constructed network is shown in fig. 2, letters and numbers in the nodes represent numbers, solid lines represent normal network links, dotted lines represent backup links, and the backup links can be regarded as normal links after being activated, but cannot be attacked at any time. The number on the link represents the elapsed cost, here considered the time delay, representing the time required for the information to travel through the link.
Fig. 2 to 4 show examples of the shortest network blocking.
When the backup is not considered, the attacker is supposed to block only 3 links, and when the attacker is not attacked, the shortest path of the network is s-3-t in fig. 2, and the time delay is 8; when the attacker blocks the network, the shortest path of the network is s-1-3-t in fig. 3, the time delay is 12, s-3, s-4, 1-2 indicates blocking, and the number in parentheses on the blocked solid line indicates the time delay after the link is blocked.
When the backup activation is considered, the dotted lines in the graph can be used as normal links for information transmission; when the attack is not attacked, if the resources are consumed to activate the backup, the shortest path of the network is s-5-t in fig. 2, and the time delay is shortened from 8 to 6 compared with the time delay without considering the backup; when the attacker blocks the network, the shortest path of the network, s-4-t in fig. 4, is shortened from 12 to 10 compared to the time delay without taking the backup into account.
Therefore, the backup activation is considered in the network, the toughness of the network can be effectively improved, and when the network is not attacked, the network can temporarily improve the performance of the network by activating the backup, as shown in the case of fig. 2; when the network is attacked, the backup can be activated to ensure that the network functions operate effectively, as shown in the case of fig. 4. Meanwhile, the situation is that the attacker can only block 3 links, and when the attacker blocks more resources, the effect is more obvious. However, activating backup also requires consuming resources (such as power, etc.), so the present application selects a link for backup activation under the condition of limited resources to ensure normal use of network functions.
In one embodiment, the backup network model is subjected to planning processing, and the establishing of the backup activation shortest path blocking model includes:
problem description: in the backup network model, an initial node s and a target node t; the defender backs up a part of the link in advance, and the link cannot pass through when the backup link is not activated. The target of the defender is to search the shortest path from the starting node s to the target node t in the network, and the length of the path from the starting node s to the target node t is defined as the sum of the lengths of the links in the s-t path; the aggressor goal is to block certain links in the network with limited resources R to maximize the shortest path for the defender; after the network is blocked by the attacker, the defender activates and enables a small number of backup links according to the current network state so as to minimize the attack effect of the attacker;
symbol specification: a backup network is defined as G (N, a), where N { (1, 2., } denotes a set of nodes, a { (i, j) | i, j ∈ N } denotes a set of network links, B { (i, j) | i, j ∈ N } denotes a set of link backups, B is a proper subset of a, i, j denotes a node number, and nodes s and t denote an originating node and a target node, respectively; c. CkRepresents the length of link k ∈ A, which will increase by d when link k is blockedk(dk> 0) to ck+dk(when d iskWhen the size is large enough, the link k can be considered to be completely blocked and can not pass through); r isk(rk> 0) represents the blocking resource needed by the attack party to block the link k, and the total amount of the blocking resource is defined as R; q. q.sk(qk> 0) represents the backup activation resource needed by the defensive side activation link k, and the total amount of the backup activation resource is defined as Q; let fs (i) and rs (i) respectively represent an outgoing edge set and an incoming edge set of the node i, where fs (i) { (i ', j') ∈ ai ═ i }, and rs (i) { (j ', i') ∈ ai ═ i };
defining a binary variable xkFor the blocking variable of the attack party, 1 is taken to represent that the attack party blocks a link k, and 0 is taken to represent that the link k is not blocked; defining a binary variable ykSelecting variables for the defensive side path, taking 1 to indicate that the defensive side path passes through a link k, and taking 0 to indicate that the defensive side path does not pass through; defining a binary variable zkBackup of activation variables for defenders, when k ∈ B, zkTaking 1 to indicate that the defender activates the backup link k, taking 0 to indicate that the backup link is not activated, and when k belongs to A-B, z is equal tokTaking a fixed value of 1, and not considering as a backup edge; bold represents the vector form of the corresponding scalar.
Planning the model: according to the above problem description and related symbolic regulations, the Backup Network Shortest Path Interconnection (BNSPI) is a two-layer mixed integer programming problem, and based on the MXSP-P model for edge blocking, a programming model for the BNSPI problem can be obtained, that is, the Backup activation Shortest Path blocking model is expressed as follows:
∑k∈Arkxk≤R (4)
∑k∈Sqkzk≤Q (5)
wherein, the formula (2) is a flow conservation constraint, ensuring that the defensive party passes through a complete s-t path. Equation (3) indicates that the defender cannot pass through the inactive backup edge. Equation (4) and equation (5) represent the blocking resource constraint of the attacker and the backup activation resource constraint of the defender, respectively. Equation (6) is an aggressor blocking variable constraint and also indicates that the backup link cannot be blocked. (7) Is a defender path selection variable, (8) is a defender backup activation variable, which indicates that only the backup edge can be activated (1 is taken when activated, 0 is taken when not activated), and the non-backup edge takes a fixed value of 1.
The shortest-circuit blocking problem is a classic two-layer programming problem, which includes two parts: solving the shortest-path problem of the inner layer and blocking resource allocation problem of the outer layer, wherein the two problems respectively correspond to the minimization problem and the maximization problem in the two-layer planning model. The solution of the two-layer planning problem can be realized by linearly dualizing the minimization problem of the inner layer and converting the minimization problem into the maximization problem, so that maxmin conflict in the original problem is solved, and the original two-layer planning problem is converted into the single-layer planning problem. In the shortest blocking problem of the backup network, the inner variable ykAnd ZkAre all Integer variables that take values from 0 to 1, and thus the problem is a Mixed Integer programming problem (MILP). Since the linear dual theory can only be applied to linear programming models, consider by considering the variable ykAnd zkAnd (4) relaxing to a continuous space, and converting the problem into a linear programming problem from a mixed integer programming problem.
In BNSPI, when all y in the optimal solutionkWhen both 0 and 1 are taken, only one path from the starting node s to the target node t is formed in the graph G; when y is present in the optimal solutionkWhen the value is in the range (0, 1), it means that there are more than two paths from the start node s to the target node t, and two situations occur: (1) if the lengths of the paths are not equal, the optimal solution must fall on the shortest of the pathsThe current solution is not the optimal solution, so the situation is not established; (2) if the paths are equal in length, the defense passes through a complete s-t path due to the flow conservation constraint, so the final solution must fall on one of the s-t paths, and any y at this timekBoth take 0 or 1.
Therefore, in the backup network shortest path block problem BNSPI, when the problem takes the optimal solution, two discrete integer variables, the path selection variable ykAnd a backup activation variable zkEquivalent to two continuous variablesAnd
thus, the BNSPI problem can be formalized, which differs from the original model in that the values of the two variables of the defender are relaxed to the range of [0, 1 ].
In one embodiment, before solving the backup activation shortest blocking model based on a dual algorithm, the method further includes:
and converting the backup activation shortest path blocking model to obtain a formalized expression:
∑k∈Arkxk≤R (12)
∑k∈sqkzk≤Q (13)
although the backup network shortest blocking problem is more complex and contains more variables and constraints than the shortest blocking problem, both problems can be solved by a Dual-and-combination method due to the similarity of the objective functions and constraint structures of the two problems.
In one embodiment, a solution is performed using a dual algorithm:
firstly, fixing a blocking variable x of an outer layer, and regarding x as a constant; then, the maximization target of the outer layer can be temporarily ignored to obtain the minimization problem of the inner layer, and after the vector form of the minimization problem is normalized, the minimization problem is marked as BNSPI-S and expressed as follows:
wherein all vectors are column vectors. y and z are vector forms of an inner layer path selection variable and a backup activation variable, ysIs a non-negative residual variable generated upon normalization;T1and T2Are each in the shape of [ n, m],[(m-l)*m]Wherein n is the number of nodes in the network, m is the number of links in the network, and l is the backup link in the networkThe number of the cells. I is1,I2,I3Is in the shape of [ m x m]The identity matrix of (2). a is1Is a coefficient vector, and b is a constant vector. In order to express the constraints more clearly, the variables and coefficients in the BNSPI-S constraints are separated and arranged as shown in formula (18), wherein the left matrix is the variable coefficients and the right matrix corresponds to the vector of the variables. (18) In the left matrix, the first row corresponds to a flow conservation constraint (2), the second row corresponds to a backup activation variable constraint (8), the third row corresponds to a constraint (3), and the fourth row corresponds to a backup activation resource constraint (5). When multiplication is carried out, the first column of the left block matrix is multiplied by y, the second column is multiplied by z, and the last two columns are multiplied by ysMultiplication.
Then, after the inner layer minimization problem is paired, a correspondingly maximized dual form is obtained, and the inner layer problem and the outer layer problem have the same optimization direction. Finally, by relaxing CTThe fixed x in the middle is a decision variable, so that the BNSPI is converted into a single-layer optimization problem, and the single-layer optimization problem can be solved through a standard optimization solver. The dual form of BNSPI is denoted as BNSPI-D, which is expressed as follows:
ω1,ω2,ω3,ω4≥0 (24)
where ω is a dual variable satisfying the relationship bTω=CTy。
The backup network shortest path blocking method and device based on the dual algorithm solve the problem of the expansion of the shortest path network blocking problem: the shortest path blocking problem of a backup network is that on the basis of the original shortest path blocking problem, a defense party is additionally considered to be capable of carrying out link backup and activating backup during attack so as to reduce the influence of the attack on the network, and a backup network model can accurately depict the actual attack and defense process and effectively reflect the characteristics of actual attack and defense decision; a planning model of the backup network shortest path blocking problem is provided, backup network scenes and specific settings are depicted, equivalent transformation is performed on the backup activation shortest path blocking model according to the characteristics of the proposed planning model, and a dual algorithm framework is provided for solving the problem on the basis.
It should be understood that, although the steps in the flowchart of fig. 1 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 1 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In one embodiment, a backup network shortest path blocking experiment is performed, the backup network shortest path blocking data adopts BA network data generated by simulation, and table 1 shows two solving methods of the BNSPI problem in the simulation network data: the performance of the dual algorithm and the performance of the Benders decomposition algorithm under different network scales are compared, and it can be seen that the solving efficiency difference of the two algorithms is small.
Table 1 backup network shortest path blocking algorithm comparison
Table 2 shows the shortest path lengths in the networks of different sizes under different conditions in the simulated network data, each network of size containing 100 simulation graphs. In all cases, the number of blocking links is given as 10; 15% of links are randomly backed up, and at most 2 backup links can be activated. Wherein ASP represents the average shortest length of the simulation graph under the unblocked-inactivated backup condition, ASP-B represents the average shortest length of the simulation graph under the unblocked-activated backup condition, ASP-I represents the average shortest length of the simulation graph under the blocked-activated backup condition, and ASP-I-B represents the average shortest length of the simulation graph under the blocked-activated backup condition.
Table 2 simulation network experiment result table
As can be seen from table 2, when not under attack, by activating the backup link, a path shorter than the original shortest path can be found in some cases, but since the experiment adopts a random backup strategy, the advantage of backup is not obvious from this point of view. Comparing the two columns of ASP-I and ASP-I-B data shows that after the network is blocked, the influence of the attack on the network can be effectively reduced by activating the backup link. In fact, the experimental data is an average value of the shortest path of a plurality of cases, and includes cases in which part of the backup strategy is not effective, and in the specific case in which the backup is effective, the effect of backup activation is more remarkable than the result in the table above.
The effect of the model when different numbers of nodes are backed up in each network is tested below. Experiments are respectively carried out in BA networks with 100 nodes and 200 nodes, and an attacker blocks at most 10% of links of the total number of links, wherein 100 blocking cases are generated in each scale of network, and ASP-I-B values are used as the effect evaluation indexes of the model, and the results are shown in fig. 5 and fig. 6.
From the above results, it can be seen that as the ratio of backup links increases, the average shortest path ASP-I-B after network blocking decreases. The ASP-I-B value is decreased rapidly at first, the decreasing rate is gradually reduced when the backup proportion reaches 15% -20%, and the decreasing trend of the ASP-I-B value is gradually gentle when the backup proportion reaches 25% -30%. This shows that with the increase of the proportion of the backup link, the toughness of the network can be effectively improved at first, and when the proportion of the backup link reaches about 15%, the backup link reaches the maximum efficiency, that is, the effect of good efficiency can be achieved by spending less resources for backup. When the proportion of the backup links is increased, the cost performance of the backup links is gradually reduced, namely the number of the backup links is increased without obvious effect. When the backup proportion reaches about 25%, the link backup effect is saturated, the income for continuously increasing the number of backup links is very low, and the waste of resources is caused.
By combining the above, the experimental results verify the correctness of the model and the algorithm, the proposed algorithm can correctly solve the blocking strategy of the attacker, the backup activation strategy and the path selection strategy of the defender are given based on the current blocking condition, and meanwhile, the effectiveness of the link backup mechanism in coping with network attacks is also verified. The follow-up experimental data show that the more links are not backed up, the better the links are, the backup proportion has certain saturation, the number of the backup links is increased after the saturation point is reached, and the income is greatly reduced.
This application is based on classic shortest network blocks the problem, has proposed the extension problem that the shortest network blocked the problem: the shortest path blocking problem of the backup network. On the basis of the original shortest path blocking problem, the defense party is additionally considered to be capable of carrying out link backup and activating the backup in the attack so as to reduce the influence of the attack on the network. And then, a planning model of the shortest path blocking problem of the backup network is given, and the backup network scene and the specific setting are depicted. According to the proposed planning model, the model is equivalently converted according to the characteristics of the planning model, and relevant proofs are given, on the basis, a dual algorithm framework is finally proposed for solving the problem, and the correctness of the algorithm is proved. Because the random backup strategy is adopted in the experiment, the backup activation does not take effect in many cases, and the average value of the path lengths of a plurality of cases is used as an evaluation index, so that the experimental result can not fully embody the advantages of the backup activation, but the effect of reducing the influence brought by the network attack is very obvious in the case that the backup activation takes effect.
As shown in fig. 7, in one embodiment, there is provided an apparatus comprising: a network model building module 702, a backup network model building module 704, a backup activation shortest path blocking model building module 706, and a solving module 708, wherein:
a network model establishing module 702, configured to establish a network model according to the shortest path blocking problem of the node network; the aggressor target in the network model is to block network links in the node network to maximize the shortest path of the defender when limited resources are available, and the defender target is to find the shortest path from the starting node to the target node in the node network.
A backup network model establishing module 704, configured to establish a backup network according to the node network, and obtain a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables the backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker.
And a backup activation shortest blocking model establishing module 706, configured to establish a backup activation shortest blocking model according to the constraint condition and the optimization objective in the backup network model.
A solving module 708, configured to solve the backup activation shortest blocking model based on a dual algorithm.
In an embodiment, the backup network model building module 704 is further configured to build a backup network according to the node network, and obtain a backup network model according to the backup network and the network model, including:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
the backup network is defined as G (N, a), where N { (1, 2., } denotes a node set, a { (i, j) | i, j ∈ N } denotes a set of network links, B { (i, j) | i, j ∈ N } denotes a set of link backups, B is a proper subset of a, and i, j denotes a node number.
In one embodiment, the backup activation shortest blocking model building module 706 is further configured to: according to the constraint conditions and the optimization target in the backup network model, constructing a backup activation shortest path blocking model:
∑k∈Arkxk≤R
∑k∈Sqkzk≤Q
in the formula: s represents a start node, and t represents a target node; c. CkRepresenting the length of the link k epsilon A; r iskRepresenting blocking resources required by an attack party for blocking a link k, and R representing the total amount of the blocking resources; q. q.skThe backup activation resources required by the defense side activation link k are represented, and Q represents the total quantity of the backup activation resources; FS (i) represents the outgoing edge set of the node i, and RS (i) represents the incoming edge set of the node i; x is the number ofkBlocking variables for aggressors, ykSelecting a variable, z, for the defensive side pathkThe activation variables are backed up for the defenders.
In one embodiment, the solving module 708 is further configured to, before solving the backup active shortest blocking model based on a dual algorithm, further include:
and converting the backup activation shortest path blocking model to obtain a formalized expression:
∑k∈Arkxk≤R
∑k∈Sqkzk≤Q
in one embodiment, the solving module 708 is further configured for the dual algorithm to include:
converting the backup activation shortest blocking model into a minimization problem and normalizing in a vector form:
where y and z are vector forms of an inner layer path selection variable and a backup activation variable, ysIs a non-negative residual variable generated upon normalization;T1and T2Respectively, is of the shape [ n m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i is1,I2,I3Is in the shape of [ m x m]The identity matrix of (1); a is1Is a coefficient vector, b is a constant vector;
the inner minimization problem is dual and converted into a single-layer optimization problem:
ω1,ω2,ω3,ω4≥0
where ω is a dual variable satisfying the relationship bTω=CTy。
In one embodiment, the backup network model building module 704 is further configured to: the network model and the backup network model both comprise a plurality of nodes, network links or backup links are formed between the nodes, and the network links or the link backups both have link costs.
For specific limitations of the backup network shortest path blocking device based on the dual algorithm, reference may be made to the above limitations of the backup network shortest path blocking method based on the dual algorithm, and details are not described here. The modules in the backup network shortest path blocking device based on the dual algorithm can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a backup network shortest path blocking method based on a dual algorithm. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like. The computer equipment can be simulation equipment, the input device inputs related information into the simulation equipment, the processor executes programs in the memory to carry out combined simulation, and the display screen displays related simulation results.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In an embodiment, a computer device is provided, comprising a memory storing a computer program and a processor implementing the steps of the method in the above embodiments when the processor executes the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method in the above-mentioned embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (9)
1. The backup network shortest path blocking method based on the dual algorithm is characterized by comprising the following steps:
establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
constructing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and solving the backup activation shortest blocking model based on a dual algorithm.
2. The method of claim 1, wherein establishing a backup network based on the network of nodes, and deriving a backup network model based on the backup network and the network model comprises:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
the backup network is defined as G (N, a), where N { (1, 2., } denotes a node set, a { (i, j) | i, j ∈ N } denotes a set of network links, B { (i, j) | i, j ∈ N } denotes a set of link backups, B is a proper subset of a, and i, j denotes a node number.
3. The method of claim 2, wherein constructing a backup activation shortest blocking model according to constraints and optimization objectives in the backup network model comprises:
∑k∈Arkxk≤R
in the formula: s represents a start node, and t represents a target node; c. CkRepresenting the length of the link k epsilon A; r iskRepresenting blocking resources required by an attack party for blocking a link k, and R representing the total amount of the blocking resources; q. q.skThe backup activation resources required by the defense side activation link k are represented, and Q represents the total quantity of the backup activation resources;FS (i) represents the outgoing edge set of the node i, and RS (i) represents the incoming edge set of the node i; x is the number ofkBlocking variables for aggressors, ykSelecting a variable, z, for the defensive side pathkThe activation variables are backed up for the defenders.
5. the method of any of claims 1 to 4, wherein the dual algorithm comprises:
converting the backup activation shortest blocking model into a minimization problem and normalizing in a vector form:
where y and z are vector forms of an inner layer path selection variable and a backup activation variable, ysIs a non-negative residual variable generated upon normalization;T1and T2Respectively, is of the shape [ n m],[(m-l)*m]N is the number of nodes in the network, m is the number of links in the network, and l is the number of backup links in the network; i is1,I2,I3Is in the shape of [ m x m]The identity matrix of (1); a is1Is a coefficient vector, b is a constant vector;
the inner minimization problem is dual and converted into a single-layer optimization problem:
ω1,ω2,ω3,ω4≥0
where ω is a dual variable satisfying the relationship bTω=CTy。
6. The method according to any of claims 1 to 4, wherein the network model and the backup network model each comprise a plurality of nodes, and wherein network links or backup links are formed between the nodes, and wherein the network links or the backup links each have a link cost.
7. Backup network shortest path blocking device based on dual algorithm, its characterized in that includes:
the network model establishing module is used for establishing a network model according to the shortest path blocking problem of the node network; the attack party target in the network model is to block a network link in the node network when limited resources exist so as to maximize the shortest path of a defense party, and the defense party target is to search the shortest path from an initial node to a target node in the node network;
the backup network model establishing module is used for establishing a backup network according to the node network and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attacker, the defender activates and enables a backup link in the backup network according to the current network state so as to minimize the attack effect of the attacker;
the backup activation shortest path blocking model establishing module is used for establishing a backup activation shortest path blocking model according to the constraint conditions and the optimization target in the backup network model;
and the solving module is used for solving the backup activation shortest path blocking model based on a dual algorithm.
8. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210043448.6A CN114401137B (en) | 2022-01-14 | 2022-01-14 | Backup network shortest path blocking method and device based on dual algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210043448.6A CN114401137B (en) | 2022-01-14 | 2022-01-14 | Backup network shortest path blocking method and device based on dual algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114401137A true CN114401137A (en) | 2022-04-26 |
CN114401137B CN114401137B (en) | 2023-09-08 |
Family
ID=81231411
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210043448.6A Active CN114401137B (en) | 2022-01-14 | 2022-01-14 | Backup network shortest path blocking method and device based on dual algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114401137B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080025209A1 (en) * | 2006-07-31 | 2008-01-31 | Technion Research And Development Foundation Ltd. | Method and apparatus for protecting a communication network against failure |
CN104380672A (en) * | 2012-04-27 | 2015-02-25 | 瑞典爱立信有限公司 | Three stage folded clos optimization for 802.1aq |
CN105516184A (en) * | 2015-12-31 | 2016-04-20 | 清华大学深圳研究生院 | Increment deployment SDN network-based method for defending link flooding attack |
CN111478811A (en) * | 2020-04-07 | 2020-07-31 | 中国人民解放军国防科技大学 | Network key point analysis method based on double-layer information flow transmission |
CN111756687A (en) * | 2020-05-15 | 2020-10-09 | 国电南瑞科技股份有限公司 | Defense measure configuration method and system for coping with network attack |
CN112436957A (en) * | 2020-11-03 | 2021-03-02 | 深圳市永达电子信息股份有限公司 | PDRR network security guarantee model parallel implementation system based on cloud computing |
CN112565272A (en) * | 2020-12-09 | 2021-03-26 | 中国人民解放军国防科技大学 | Method and device for blocking minimum Steiner tree of double-layer network and computer equipment |
CN112738125A (en) * | 2021-01-07 | 2021-04-30 | 中国重型机械研究院股份公司 | Network security collaborative defense system |
-
2022
- 2022-01-14 CN CN202210043448.6A patent/CN114401137B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080025209A1 (en) * | 2006-07-31 | 2008-01-31 | Technion Research And Development Foundation Ltd. | Method and apparatus for protecting a communication network against failure |
CN104380672A (en) * | 2012-04-27 | 2015-02-25 | 瑞典爱立信有限公司 | Three stage folded clos optimization for 802.1aq |
CN105516184A (en) * | 2015-12-31 | 2016-04-20 | 清华大学深圳研究生院 | Increment deployment SDN network-based method for defending link flooding attack |
CN111478811A (en) * | 2020-04-07 | 2020-07-31 | 中国人民解放军国防科技大学 | Network key point analysis method based on double-layer information flow transmission |
CN111756687A (en) * | 2020-05-15 | 2020-10-09 | 国电南瑞科技股份有限公司 | Defense measure configuration method and system for coping with network attack |
CN112436957A (en) * | 2020-11-03 | 2021-03-02 | 深圳市永达电子信息股份有限公司 | PDRR network security guarantee model parallel implementation system based on cloud computing |
CN112565272A (en) * | 2020-12-09 | 2021-03-26 | 中国人民解放军国防科技大学 | Method and device for blocking minimum Steiner tree of double-layer network and computer equipment |
CN112738125A (en) * | 2021-01-07 | 2021-04-30 | 中国重型机械研究院股份公司 | Network security collaborative defense system |
Non-Patent Citations (2)
Title |
---|
XIANGYU WEI等: ""Shortest Path Network Interdiction With Goal Threshold"", 《IEEE ACCESS》, vol. 6 * |
朱承等: ""基于动态多重网络的目标体系建模与分析"", 《指挥与控制学报》, vol. 2, no. 4 * |
Also Published As
Publication number | Publication date |
---|---|
CN114401137B (en) | 2023-09-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Hasegawa et al. | A novel chaotic search for quadratic assignment problems | |
CN110995520B (en) | Network flow prediction method and device, computer equipment and readable storage medium | |
CN112565272B (en) | Method and device for blocking minimum Steiner tree of double-layer network and computer equipment | |
Clempner et al. | Convergence analysis for pure stationary strategies in repeated potential games: Nash, Lyapunov and correlated equilibria | |
Zhang et al. | Non-cooperative inverse reinforcement learning | |
Wang et al. | Network routing for insurgency: An adversarial risk analysis framework | |
Abdallah et al. | The effect of behavioral probability weighting in a simultaneous multi-target attacker-defender game | |
Ravishankar et al. | Time dependent network resource optimization in cyber–physical systems using game theory | |
Rana et al. | Free2shard: Adversary-resistant distributed resource allocation for blockchains | |
Yadav et al. | SmartPatch: A patch prioritization framework | |
Dann et al. | Best of both worlds policy optimization | |
Wang et al. | Consensus algorithm analysis in blockchain: PoW and Raft | |
CN114401137A (en) | Backup network shortest path blocking method and device based on dual algorithm | |
Wang et al. | Optimal voting strategy against rational attackers | |
CN114401200A (en) | Backup network shortest path blocking method and device based on Bender decomposition algorithm | |
CN116684152A (en) | Active defense method, device and system for multiple aggressors | |
Shao et al. | Multistage attack–defense graph game analysis for protection resources allocation optimization against cyber attacks considering rationality evolution | |
CN114257507A (en) | Method for improving network information sharing level based on evolutionary game theory | |
Zhang et al. | Defending against stealthy attacks on multiple nodes with limited resources: A game-theoretic analysis | |
WO2022252039A1 (en) | Method and apparatus for adversarial attacking in deep reinforcement learning | |
Emadi et al. | On the characterization of saddle point equilibrium for security games with additive utility | |
CN112884361A (en) | Multi-scenario equipment combination method, system, computer device and storage medium | |
Wu et al. | Reward-based deception with cognitive bias | |
Diamah et al. | Network security evaluation method via attack graphs and fuzzy cognitive maps | |
Tavori et al. | Tornadoes in the cloud: Worst-case attacks on distributed resources systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |