RU2450338C1 - Method for comparative evaluation of communication network structures - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: method involves calculating a complex safety indicator for each communication network node, allocating memory arrays for storing user identifiers and alternative routes for message packets, allocating alternative routes for message packets for each pair of alternative connections to the network, comparing values of the complex safety indicator of a network node with a predetermined minimum allowable value, calculating the accessibility indicator for each "dangerous" communication network node, comparing the value of the accessibility indicator of the communication network node with the predetermined minimum allowable value, calculating time taken to meet conditions for each user connection version and ranking alternative user connection versions of the communication network according to the value and selecting the version with the maximum value.

EFFECT: high accuracy of results of comparative evaluation of communication network structures by taking into account the behaviour of random and deliberate interference on the communication network node.

2 cl, 6 dwg

Description

The invention relates to the field of information security of communication networks (SS) and can be used in a comparative assessment of SS structures for their resistance to failures caused by the effects of random and intentional interference.

There is a method of estimating SS in accordance with the conditions of employment of network resources, implemented in the "Method and system for promoting traffic flows with guaranteed quality of service (QoS) in a network operating with IP protocol" according to RF patent No. 2271614 IPC H06L 12/38, publ. 03/10/2006

The method consists in the fact that the choice of the route for delivering packets in communication networks is performed by the resource managers of the delivery network at the control level of the transmission channel, similarly to the functions for services that require guaranteed quality of QoS service. To pass traffic flows according to the path designated by the resource manager in the delivery network, the border routers are monitored in accordance with the busy conditions of network resources. At the same time, the paths of the flows are assigned using the technology of a multi-level label stack.

The disadvantage of this method is the high probability of choosing a route with a lower level of quality, due to the lack of adaptation to changes in the structure of the communication network.

There is also known a method of comparative assessment of the structures of the SS, described in the patent of the Russian Federation No. 2331158 IPC H04L 12/28, publ. 08/10/2008

The method consists in preliminarily setting the SS parameters and forming its topological scheme, calculating a comprehensive safety indicator for each SS node. Connect to SS subscribers, which form messages, including addresses of subscribers and their identifiers. Transmit formed messages, receive them. From the received messages, identifiers and addresses of subscribers are allocated and stored, as well as information about the existence of communication between subscribers and the nodes of the SS through which information is exchanged is stored. Using the results, they select the most secure routes in the SS from the totality of all possible communication routes between subscribers and bring safe routes to subscribers of the SS.

The disadvantage of this method is the relatively low reliability of the results of a comparative assessment of the structures of the SS with an increase in the number of communication nodes. Low reliability is due to: large time and resource costs necessary to obtain the source data for a large number of SS nodes; an increase in the combinatorial complexity of solving the problem of finding a safe route with a large number of SS nodes; a decrease in the sensitivity of the route safety indicator, caused by the fact that with an increase in the number of SS nodes, the number of routes with a close value of the route safety indicator will increase. In addition, this method has a narrow scope, since it does not provide for adaptation of the route to changes in the structure of the SS. The need for adaptation is due to the fact that under the influence of interference on the structure of the SS, the values of the complex safety indicators of nodes can change.

Closest in its technical essence to the claimed one is a method for a comparative assessment of SS structures described in RF patent No. 2408928 IPC G06F 21/20, H04L 12/28, publ. 01/10/2011

The prototype method consists in pre-setting the SS parameters and forming its topological scheme. Calculate the integrated security parameter _PK for each node SS. Connect to SS subscribers, which form messages, including addresses of subscribers and their identifiers. Transmit formed messages, receive them. From the received messages, identifiers and addresses of subscribers, as well as information on the existence of communication between subscribers and nodes of the SS through which information is exchanged, are allocated and stored. In the predefined initial data, the parameters of the SS are additionally set: the minimum acceptable value of the complex safety indicator P _Kmin for the nodes of the SS, alternative options for connecting subscribers to the SS. Arrays of memory are allocated for storing their identifiers and alternative routes for message packets. Alternative routes of message packets for each pair of alternative connections to the subscriber’s SS are extracted from the generated topological SS scheme and the alternative routes of message packets for each j-th connection option of subscribers are stored, where j = 1, 2, .... The value of the complex safety indicator P _{Ki of the} i-th node of the SS is _compared , where i = 1, 2, 3, ..., with a predetermined minimum acceptable value of P _Kmin . When П _Кi <П _{Кmin, the} i-th node is remembered as “dangerous”, and otherwise, when П _Кi ≥П _{Кmin, the} node is remembered as “safe”. After that, the critical ratio of “dangerous” and “safe” nodes p ^j _{k is} calculated for each j-th connection option for subscribers, in which adjacent “dangerous” nodes form chains that exclude exchange between subscribers. To do this, randomly select from each previously remembered connection option of the subscribers the p ^jth part of the nodes from their total number and store them as “dangerous”. Connected chains are formed from adjacent “dangerous” nodes and stored. Then successively increase the share of “dangerous” nodes by Δp and repeat the formation of a connected chain until the conditions p ^j = p ^j _k are satisfied. Alternate options for connecting SS subscribers are ranked by the value of p ^j _k and a variant with the maximum value of p ^j _{k is} selected from them.

The known prototype method eliminates some of the disadvantages of analogues by taking into account the prospective decrease in the values of complex indicators of the safety of communication nodes caused by exposure to communication channels and nodes of the SS random and deliberate interference, which increases the reliability of the results of a comparative assessment of the structures of the SS with an increase in the number of communication nodes and conditions of exposure to communication channels and nodes of the SS random and deliberate interference.

The disadvantage of this prototype method is the relatively low reliability of the results of a comparative assessment of the structures of the SS associated with the lack of consideration of the dynamics of the impact on the communication channels and nodes of the SS random and deliberate interference. Low reliability is due to the fact that the prototype method does not take into account the time to reach the critical ratio of “dangerous” and “safe” nodes p ^j _k for each j-th connection option of subscribers.

The purpose of the claimed technical solution is to develop a method for the comparative assessment of SS structures, providing increased reliability of the results of a comparative assessment of SS structures by taking into account the dynamics of the effect of random and intentional interference on communication channels and SS nodes.

The claimed technical solution expands the arsenal of funds for this purpose.

This goal is achieved by the fact that in the known method for a comparative assessment of SS structures, which consists in preliminarily setting the parameters of the communication network and forming its topological scheme, a comprehensive safety factor P _{K is} calculated for each node of the communication network. Set the minimum acceptable value of a comprehensive safety indicator P _Kmin for the nodes of the communication network and alternative options for connecting subscribers to it. Arrays of memory are allocated for storing subscriber identifiers and alternative routes of message packets. Alternative routes of message packets for each pair of alternative connections to the communication network of subscribers are extracted from the generated topological scheme of the communication network and the alternative routes of message packets for each j-th connection option of subscribers are stored, where j = 1, 2, .... The value of the complex safety indicator П _{Кi of the} i-th node of the communication network is _compared , where i = 1, 2, 3, ..., with a predetermined minimum acceptable value of П _Кmin . At П _Кi <П _{Кmin the} i-th node is remembered as “dangerous”, otherwise at П _Кi ≥П _{Кmin the} node is remembered as “safe”. After that, the critical ratio of “dangerous” and “safe” nodes p ^j _{k is} calculated for each j-th option of connecting subscribers. After calculating the critical ratio of “dangerous” and “safe” nodes p ^j _k, the availability index P _{D is} additionally calculated for each “dangerous” node in the communication network and the minimum acceptable value of the accessibility indicator of the communication network node P _{Dimin is set} . The value of the availability indicator P _{Di of the} i-th node of the communication network is _compared with a predetermined minimum acceptable value of P _Dimin . With П _Дi ≥П _{Dimin, the} i-th node is remembered as “available”, otherwise, with П _Дi <П _{Dimin, the} node is remembered as “inaccessible”. Then, the value of the accessibility index of the communication network node P _{Di is} successively reduced by Δd until the conditions P _Di <P _Dimin are _fulfilled and the duration of the time period T _Di during which the condition P _Di ≥ P _{Dimin is} satisfied is _calculated . In addition, the time t ^j _{k of} achieving the fulfillment of the conditions p ^j = p ^j _k for each j-th option of connecting subscribers is calculated. Then, alternative options for connecting subscribers of the communication network are ranked by the value of t ^j _k and a variant with the maximum value of t ^j _{k is} selected from them.

To calculate the critical ratio of “dangerous” and “safe” nodes p ^j _k for each j-th option of connecting subscribers, randomly choose from each previously remembered variant of connecting subscribers p ^j- th part of the total number of nodes and remember them as “dangerous” of adjacent "dangerous" nodes associated chain form and storing them, and then successively increases the proportion of "dangerous" nodes on the value Δp and repeating formation of chain coupled to the conditions p ^j = p ^j _k, where adjacent "dangerous" nodes form chains hibernation, excluding exchange between subscribers.

Thanks to the new set of essential features in the claimed method, it is possible to take into account the dynamics of the effect on the communication channels and nodes of the SS of random and deliberate interference, which ensures the achievement of the formulated technical result - increasing the reliability of the results of a comparative assessment of the structures of the SS by taking into account the time to reach the critical ratio of “dangerous” and “safe” nodes p ^j _k for each j-th option of connecting subscribers.

The claimed objects of the invention are illustrated by drawings, which show:

figure 1 is a flowchart illustrating a method;

figure 2 is an example of a fragment of a topological scheme SS;

figure 3 is an example of a set of alternative routes of message packets in the SS between the corresponding subscribers;

figure 4 is a variant of the regular structure of the SS with a different number of "dangerous" nodes;

5 is an illustration of alternative structures of dimension L = 1,000,000 communication nodes (1000 per 1000 communication nodes);

6 is a graph illustrating the dynamics of increasing the number of "inaccessible" nodes of the SS, in two alternative embodiments of the structure of the SS.

The implementation of the claimed method is explained as follows. Information exchange between subscribers of communication networks (SS) is carried out by routing message packets through a sequence of transit nodes of the network.

Route determination is complicated when there are many alternative routes between a pair of subscribers. In this case, the route selection is carried out in network nodes (routers) of telecom operators. At each of the network nodes, the route is determined independently. The criteria for selecting routes are, for example, the nominal bandwidth; congestion of communication channels; delays introduced by channels; number of intermediate transit network nodes; reliability of channels and transit network nodes.

The set of alternative routes of message packets between the corresponding subscribers is the structure of the SS. To make a reasonable choice of a variant of the SS structure, a comparative assessment of alternative SS structures is carried out for their resistance to failures caused by random influences (man-made phenomena, such as failures, failures and accidents of SS node support systems) and intentional (intentional use of software defects) interference. This assessment in the prototype method is carried out by taking into account the prospective decrease in the values of the complex safety indicators of communication nodes, without taking into account, however, the dynamics of the impact on the communication channels and SS nodes of random and intentional interference. The low reliability of known methods for evaluating alternative structures, including the prototype method, is due to the fact that there is no accounting for the time to reach the critical ratio of “dangerous” and “safe” nodes p ^j _k for each j-th connection option of subscribers. To eliminate this drawback, the claimed method is directed.

For this, in the claimed method, as well as in the prototype, the SS parameters are pre-set (bl. 1 in Fig. 1) and its topological scheme is formed (bl. 3 in Fig. 1). As the SS parameters, the identifiers of the network nodes, the presence of communication lines between them, the security parameters of the SS nodes (such as the type of its equipment, the version of the software installed on it, the ownership of the node of a state or private organization and others) are set. Additionally, set the minimum allowable value of the availability indicator of the communication network node P _Dmin . Under the SS node availability indicator, for example, it is understood as its serviceability coefficient, which is calculated by the formula P _D = ((TT _P ) / T) · 100%, where T _P is the length of time when the CC subscribers cannot access the services with the required quality (downtime); T is the total operating time of the SS unit. The impact on the SS node of random and deliberate interference creates an additional (abnormal) load on the communication processes and devices that implement them (SS nodes). As a result, T _P - the length of time when the services with the required quality (downtime) are unavailable to subscribers from the SS node - increases, and the SS node availability indicator decreases. Experimental studies and the operating experience of the SS showed that the value of P _D should be set in the range of 0.6 <P _D <1.

Figure 2 shows an example of a fragment of the topological scheme of the SS with the identifiers of the communication nodes (see, for example, the SS node with the IP address 85.235.192.121) and the corresponding subscribers (see, for example, the Subscriber No. 1 having the IP address 91.191.179.129) . Alternative routes of message packets between subscribers of the SS, the nodes of which are characterized by identifiers, are isolated (bl. 4 in FIG. 1) from the generated topological scheme SS. For each pair of alternative connections to the CC corresponding subscribers, there is a finite set of alternatives of message packet routes between them. The set of alternative routes of message packets in the SS between the corresponding subscribers is the structure of the SS (figure 3). Alternative routes of message packets for each j-th option of connecting subscribers, where j = 1, 2, ... and subscriber identifiers are stored in memory arrays allocated for this (bl. 2 in FIG. 1) (bl. 5 in FIG. 1).

Calculate a comprehensive safety score P _K for each node of the SS (bl. 6 in figure 1). Under the complex indicator of the i-th, where i = 1, 2, 3, ... of the SS node П _Кi , we mean the normalized numerical value of the convolution of security parameters characterizing the ability of the SS node to withstand security threats. The calculation procedure P _Ki is known and described, for example, in the patent of the Russian Federation No. 2331158. Calculation P _{Ki is} calculated by summing or multiplying, or as the arithmetic mean of its safety parameters. In addition, the predefined initial data as SS parameters additionally specify the minimum allowable value of a comprehensive safety indicator P _Kmin for SS nodes and alternative options for connecting subscribers to the SS. The value of П _{Кmin is} set by directive taking into account the implemented security functions, as it is regulated in GOST R ISO / IEC 15408-3 - 2002, “Information technology. Security methods and tools. Criteria for assessing the security of information technology. Part 3. Requirements of trust in security ”as the minimum level of trust in the equipment manufacturer. Experimental studies and the operating experience of the SS showed that the value of P _min should be set in the range of 0.5 <P _K <1.

Next, they compare (bl. 7 in FIG. 1) the value of the previously calculated complex safety indicator P _{Ki of the} i-th node of the SS, where i = 1, 2, 3, ..., with a predetermined minimum acceptable value of P _Kmin . When П _Кi <П _{Кmin, the} i-th node is remembered as “dangerous” (bl. 9 in Fig. 1), and otherwise, that is, when П _Кi ≥П _Кmin , the node is remembered as “safe” (bl. 8 on figure 1). With a large number of communication nodes in the SS structure, as a rule, there are alternative routing options for message packets. Reliability and survivability of communication systems provide both redundancy of communication channels and well-known adaptive routing methods implemented in the equipment of telecom operators.

Let, for example, a variant of the SS structure is a regular structure, in the nodes of which there are communication nodes (Fig. 4), and the p ^jth part of the total number of nodes is “dangerous” (black nodes in Fig. 4a), excluding the possibility of passing message packets between subscribers No. 1 and No. 2. The number p of the ^jth part of the nodes is equal to the total number of nodes remembered as “dangerous” at the stage of comparing the values of the calculated complex safety indicators of the i-th nodes of the SS with a predetermined minimum acceptable value of P _Kmin . Connected chains are formed from adjacent “dangerous” nodes (bl. 10 in FIG. 1) and stored (nodes and black connections between them in FIG. 4b). From the above example, where p ^j = 0.3, it can be seen that with the p ^j th part of the “dangerous” nodes presented in FIGS. 4a and 4b, there are a large number of alternative options for routing message packets between CC subscribers ( nodes of white color and the connections between them in fig.4b), three of which are shown in the figure by arrows.

In order to take into account the prospective decrease in the values of complex safety indicators of communication nodes caused by the effect of random and deliberate interference on communication channels and SS nodes, it is necessary to increase the share of “dangerous” nodes by Δp. The value Δp is set based on the required accuracy of the calculation results in the range Δp = 0.01 ÷ 0.2. From the figure presented in FIG. 4c, it can be seen that with the p ^j th part of the “dangerous” nodes shown in FIG. 4 c, where p ^j = 0.5, out of the total number of them, there are only 4 alternative options for routing message packets between subscribers SS (nodes and the connections between them in white in Fig. 4d), shown in the figure by arrows.

In order to calculate (bl. 11 in FIG. 1) the critical ratio of “dangerous” and “safe” nodes p ^j _k for each j-th connection option for subscribers, it is necessary to increase the share of “dangerous” nodes by Δp (where, for example , Δp = 0.01) until the conditions p ^j = p ^j _k are fulfilled, in which adjacent “dangerous” nodes form chains that exclude exchange between subscribers. The figures presented in Fig. 5 illustrate the formation of structures from interconnected “dangerous” nodes using an example of an SS structure implemented as a regular structure with dimension L = 1,000,000 communication nodes (1000 per 1000 communication nodes) and a connection of each node of four. Moreover, in Fig. 5, the conditions p _i = p ^j _k = 0.593 (Fig. 5a) and p ^j > p ^j _k = 0.594 (Fig. 5b) are satisfied.

After calculating the critical ratio of “dangerous” and “safe” nodes p ^j _k for each alternative SS structure, the availability index P _D (bl. 12 in FIG. 1) is additionally calculated for each “dangerous” SS node and the value of the accessibility index P _Di i is _compared -th node of the SS (bl. 13 in figure 1) with a predefined minimum permissible value of P _Dimin . At П _Дi ≥П _{Dimin, the} i-th node is remembered as “available” (bl. 14 in Fig. 1), otherwise, when П _Дi <П _Dimin , the node is remembered as “unavailable” (bl. 17 in Fig. 1 ) Then successively reduce the value of the accessibility indicator (bl. 15 in FIG. 1) of the SS node P _Di by Δd until the conditions P _Di <P _{Dimin are fulfilled} . The value of Δd is set based on the required accuracy of the calculation results in the interval Δd = 0.01 ÷ 0.1.

Calculate (bl. 16 in _figure 1) the duration of the time interval T _Di , during which the condition P _Di ≥P _Dimin .

Interference injected at one or more SS points reduces the availability of SS nodes. The graphs presented in Fig.6b and Fig.6d illustrate the change in the number of nodes of the SS in the front of the interference. For example, at point “D” in the graph of FIG. 6b, the number of SS nodes in the front of the interference is 35 at time t ¹ ≈90 sec. This means that at the ninetieth second from the beginning of the observation, interference _occurs simultaneously at 35 nodes of the SS, decreasing the value of accessibility indicators П _Дi by Δd. And during the time t ^j _k (bl. 18 in FIG. 1), the number p ^{j of} “inaccessible” nodes of the SS will reach the value p ^j _k (points “E ¹ ” and “E ² ” in FIG. 6a and 6b). The graphs presented in Fig.6 illustrate the dynamics of increasing the number of "inaccessible" nodes of the SS in two alternative variants of the structure of the SS.

Then rank (bl. 19 in figure 1) alternative connection options for subscribers of the communication network by the value of t ^j _k . For this, the values of t ^j _{k of} alternative (competing) SS structures are measured on a time scale. So, for example, from the graphs in Fig.6b and Fig.6d: t ¹ _k ≈260 sec, t ² _k = 225 sec.

Of the two alternative structures, choose (bl. 20 in FIG. 1) the option with a maximum value of t ^j _k : t ¹ _k ≈260 sec.

Thus, an increase in the reliability of the results of a comparative assessment of the SS structures is achieved by taking into account the dynamics of the impact on the SS nodes of random and deliberate interference, which ensures the achievement of the formulated technical result. Moreover, the comparison of the SS structures is carried out taking into account the time to reach the critical ratio of “dangerous” and “safe” nodes p ^j _k for each j-th option of connecting subscribers.

Claims (2)

1. A method for a comparative assessment of the structures of communication networks, which consists in preliminarily setting the parameters of the communication network and forming its topological scheme, calculating the complex safety factor P _k for each node of the communication network, setting the minimum acceptable value of the complex safety _factor P _kmin for nodes of the communication network and alternative options for connecting subscribers to it, allocate memory arrays for storing subscriber identifiers and alternative routes of message packets from the generated topological communication network hems allocate alternative message packet routes for each pair of alternative connections to the subscriber communication network and store alternative message packet routes for each j-th subscriber connection variant, where j = l, 2, ..., compare the value of the complex safety indicator П _к i i- th node of the communication network, where i = l, 2, 3, ..., with a predetermined minimum acceptable value of P _kmin and for P _ki <P _{kmin, the} i-th node is stored as “dangerous”, otherwise, with P _ki ≥P _cmin remembers the node as "safe", after which the calculation a critical ratio of “dangerous” and “safe” nodes

for each j-th option of connecting subscribers, characterized in that after calculating the critical ratio of “dangerous” and “safe” nodes

additionally calculate the availability indicator P _d for each “dangerous” node of the communication network, set the minimum acceptable value of the availability indicator of the communication network node P _dimin , compare the value of the availability indicator P _{di of the} i-th node of the communication network with the predetermined minimum acceptable value of P _dimin and with P _{di ≥} П _dimin remember the i-th node as “available”, otherwise, when П _di <П _dimin, remember the node as “unavailable”, then sequentially decrease the value of the availability indicator of the communication network node П _дi by Δd until conditions П _Дi <П _dimin and calculate the duration of the time interval Т _д during which the condition П _дi ≥ П _dimin is _fulfilled , and, in addition, calculate the time

achieving conditions

for each j-th option of connecting subscribers, then alternative options for connecting subscribers of a communication network are ranked by value

and choose from them the option with the maximum value

2. The method according to claim 1, characterized in that for calculating the critical ratio of "dangerous" and "safe" nodes

for each j-th option of connecting subscribers, randomly select from each previously stored option of connecting subscribers p ^j- th part of the nodes from the total number of nodes and store them as “dangerous”, form related chains from adjacent “dangerous” nodes and store them, then consistently increase the share of “dangerous” nodes by Δp and repeat the formation of a connected chain until the conditions are met

when adjacent “dangerous” nodes form chains that exclude the exchange between subscribers.

Images