CN114401200B - Backup network shortest path blocking method and device based on Bende decomposition algorithm - Google Patents
Backup network shortest path blocking method and device based on Bende decomposition algorithm Download PDFInfo
- Publication number
- CN114401200B CN114401200B CN202210043440.XA CN202210043440A CN114401200B CN 114401200 B CN114401200 B CN 114401200B CN 202210043440 A CN202210043440 A CN 202210043440A CN 114401200 B CN114401200 B CN 114401200B
- Authority
- CN
- China
- Prior art keywords
- network
- backup
- node
- link
- blocking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000000903 blocking effect Effects 0.000 title claims abstract description 143
- 238000000354 decomposition reaction Methods 0.000 title claims abstract description 47
- 238000000034 method Methods 0.000 title claims abstract description 38
- 230000004913 activation Effects 0.000 claims abstract description 62
- 230000000694 effects Effects 0.000 claims abstract description 20
- 238000005457 optimization Methods 0.000 claims abstract description 15
- 238000004590 computer program Methods 0.000 claims description 15
- 230000009977 dual effect Effects 0.000 abstract description 3
- 230000007123 defense Effects 0.000 description 22
- 230000006870 function Effects 0.000 description 11
- 239000010410 layer Substances 0.000 description 10
- 238000002474 experimental method Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 230000003213 activating effect Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000004088 simulation Methods 0.000 description 7
- 230000007246 mechanism Effects 0.000 description 6
- 238000011160 research Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 239000002356 single layer Substances 0.000 description 3
- 101000923234 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) L-asparaginase 1 Proteins 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000010485 coping Effects 0.000 description 2
- 230000008260 defense mechanism Effects 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000013468 resource allocation Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000000593 degrading effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/22—Arrangements for detecting or preventing errors in the information received using redundant apparatus to increase reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/22—Alternate routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2111/00—Details relating to CAD techniques
- G06F2111/02—CAD in a network environment, e.g. collaborative CAD or distributed simulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2111/00—Details relating to CAD techniques
- G06F2111/04—Constraint-based CAD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Evolutionary Computation (AREA)
- Geometry (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a backup network shortest path blocking method and device based on a Des decomposition algorithm. The method comprises the following steps: establishing a network model according to the shortest blocking problem of the node network; the target of an attacker in the network model is to block network links in the node network to maximize the shortest path of a defender when the resources are limited, and the target of the defender is to search the shortest path from a starting node to a target node in the node network; establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending party activates and enables the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack party; constructing a backup activation shortest path blocking model according to constraint conditions and an optimization target; and solving based on a dual algorithm. By adopting the method and the device, the defender can carry out link backup and activate when in attack, so as to reduce the influence of the attack on the network.
Description
Technical Field
The application relates to the technical field of computer processing, in particular to a backup network shortest path blocking method and device based on a Booth decomposition algorithm.
Background
The network blocking (Network Interdiction) is an operation optimization problem closely related to network structure and node attribute, and has the core of researching targets and behaviors of both attack and defense parties in the network, and has wide application in the fields of military, transportation, economy and the like at present. Since both the policies and actions of the defender and the blocker of the network need to be considered, the network blocking problem also generally needs to be considered from the perspective of the master-slave gaming problem. Contrary to the network blocking problem is the network protection problem: how to formulate a protection strategy of nodes or edges by using limited protection resources aiming at possible blocking of the own network by blocking parties so that the influence of blocking of the own network is as small as possible. Therefore, in the field of network security, it is very important to study the problem of network blocking, both from the point of view of the network attack or the network defender.
The existing research is continuously developed in the aspects of modeling, solving and the like of the network blocking problem, but some challenges restricting the practical application of the existing research still exist, including:
The existing network blocking research mainly considers how to make the hostile network inefficient at the minimum cost and even paralysis the whole network from the point of view of an attacker. The existing research generally assumes that the defender always passively responds to attacks and seldom considers active defense in the attack and defense process, so that the actual attack and defense decision characteristics are difficult to effectively reflect.
However, in the actual process, the defender has a certain defending resource for deploying the active defending strategy in the attack and defense process besides optimizing the decision based on the self target, so that in the blocking problem research, the model is difficult to accurately describe the actual attack and defense process and the actual attack and defense decision characteristics cannot be effectively reflected due to the fact that the active defending strategy of the defender is ignored.
Disclosure of Invention
Based on this, it is necessary to provide a backup network shortest path blocking method and device based on the bendsia decomposition algorithm, which consider that a defender can perform link backup and activate backup during attack, so as to reduce the influence of the attack on the network.
The backup network shortest path blocking method based on the Bendset decomposition algorithm comprises the following steps:
establishing a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
Establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
and solving the backup activation shortest blocking model based on the Bendset decomposition algorithm.
In one embodiment, establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model includes:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
where the backup network is defined as G (N, a), n= {1,2,..the } represents a set of nodes, a= { (i, j) |i, j e N } represents a set of network links, b= { (i, j) |i, j e N } represents a set of link backups, B is a proper subset of a, i, j represents a node number.
In one embodiment, constructing the backup activation shortest blocking model according to the constraint conditions and the optimization targets in the backup network model includes:
∑ k∈A r k x k ≤R
∑ k∈S q k z k ≤Q
wherein: s represents a starting node, t represents a target node; c k Representing the length of link k e A; r is (r) k Representing blocking resources required by an attacker to block a link k, wherein R represents the total amount of the blocking resources; q k The backup activation resource required by the defensive side to activate the link k is represented, and Q represents the total amount of the backup activation resource; FS (i) represents the outgoing edge set of node i, and RS (i) represents the incoming edge set of node i; x is x k To block variables for aggressors, y k Selecting variables for defensive path, z k Activating variables for defenses is backed up.
In one embodiment, before solving the backup activation shortest path blocking model based on the bendsia decomposition algorithm, the method further comprises:
converting the backup activation shortest blocking model to obtain formal expression:
∑ k∈A r k x k ≤R
∑ k∈S q k z k ≤Q
in one embodiment, the bendsia decomposition algorithm includes:
∑ k∈A r k x k ≤R
∑ k∈S q k z k ≤Q
where d=diag ({ D) k :k∈A}),[Master(y^)]Where y is a fixed vector, [ Sub (x)]X in (a) is also a fixed vector; y represents an s-t path selected by a defender; set Y consists of the generated Y, which is a subset of all s-t paths in G. Set Y is the set of all s-t paths in graph G.
In one embodiment, the network model and the backup network model each include a plurality of nodes, between which a network link or a backup link is formed, the network link or the link backup each having a link cost.
Backup network shortest path blocking device based on bendsia decomposition algorithm includes:
the network model building module is used for building a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
the backup network model building module is used for building a backup network according to the node network and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
the backup activation shortest blocking model building module is used for building a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
And the solving module is used for solving the backup activation shortest blocking model based on the Bender decomposition algorithm.
A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor when executing the computer program performs the steps of:
establishing a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
and solving the backup activation shortest blocking model based on the Bendset decomposition algorithm.
A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor realizes the steps of:
establishing a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
and solving the backup activation shortest blocking model based on the Bendset decomposition algorithm.
The backup network shortest blocking method and device based on the Des decomposition algorithm provide an expansion problem of the shortest network blocking problem: the backup network shortest blocking problem additionally considers that a defender can carry out link backup on the basis of the original shortest blocking problem and can activate backup during attack so as to reduce the influence of the attack on the network, and the backup network model can accurately describe the actual attack and defense process and effectively reflect the actual attack and defense decision characteristics; a planning model of a backup network shortest blocking problem is provided, a backup network scene and specific settings are described, the backup activation shortest blocking model is equivalently converted according to the characteristics of the proposed planning model, and a Bender decomposition algorithm framework is provided on the basis of the equivalent conversion for solving the problem, deploying defense resources and guaranteeing that the uninterrupted operation of the network and the reduced efficiency when the network is attacked are minimum.
Drawings
FIG. 1 is a flow diagram of a backup network shortest path blocking method based on a Booth decomposition algorithm in one embodiment;
FIG. 2 is a schematic diagram of a backup network shortest path blocking case one in one embodiment;
FIG. 3 is a schematic diagram of a backup network shortest path blocking case two in one embodiment;
FIG. 4 is a schematic diagram of backup network shortest path blocking case three in one embodiment;
FIG. 5 is a graph of shortest paths after blocking for different backup link ratios for a 100 node network in one embodiment;
FIG. 6 is a graph of a shortest path after blocking for different backup link ratios for a 200 node network in one embodiment;
FIG. 7 is a block diagram of a backup network shortest path blocking device based on the Booth decomposition algorithm in one embodiment;
FIG. 8 is an internal block diagram of a computer device in one embodiment;
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
As shown in fig. 1 to 6, the backup network shortest path blocking method based on the bendsia decomposition algorithm provided in the present application includes, in one embodiment, the following steps:
102, establishing a network model according to the shortest blocking problem of a node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the starting node to the target node in the node network.
Step 104, establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending party activates and enables the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack party.
And step 106, constructing a backup activation shortest path blocking model according to constraint conditions and optimization targets in the backup network model.
And step 108, solving the backup activation shortest blocking model based on the Bender decomposition algorithm.
Blocking refers to the purpose of degrading certain performance or disabling functions of a target network by taking measures such as intrusion, interference on the network level or thermal attack, destruction on the physical level.
Network blocking (Network Interdiction): and the blocking action is implemented on the network with the specific function, so that the function index of the network is reduced to the maximum extent. The network blocking problem includes both attack and defense of the network: aggressors and defenders. Wherein, the defender of the network maintains the functional network and optimizes the service thereof, and is responsible for realizing and maintaining certain optimization indexes of the network, such as the shortest or maximum flow transmission of the information flow from the initial node s to the target node t; under a certain blocking resource constraint, an attacker tries to block nodes or links in the network, so that the performance of the network is reduced or the function is disabled, for example, the shortest path from the initial node s to the target node t of the target network information flow is maximized or the maximum flow is minimized through blocking the edges or the nodes.
Shortest network blocking (Shortest Path Network Interdiction, SPNI): shortest network blocking is a particular example of a network blocking problem, where the defender goal is to minimize the shortest path (shortest path length or shortest information transfer time) from the originating node to the target node, and the aggressor goal is to block nodes or links in the network using limited resources so that the defender's shortest path is maximized.
From the perspective of the network itself coping with faults, the operators of the network can usually prepare in advance to ensure the functions and performances of the network, and take actions such as backup activation, succession, repair and the like after the network is damaged. In the previous shortest path blocking study, the defender selects a new shortest path after the aggressor blocks without other defensive measures, so the defender is always in a passive position. However, in a real situation, as an operator and a maintainer of the network, a defensive party can design and implement a backup mechanism according to actual requirements of toughness, elasticity, safety and the like.
Thus, considering the interference facing the aggressor, the defender can backup some edges in advance and activate some backup edges when some edges of the network are blocked. Typically, the backup links set up in a network system are determined by the physical conditions and budget of the system itself, and it is costly to activate the backup links. Based on the above consideration, the defender can backup some links in advance when constructing the network based on the system condition and budget, activate corresponding backup edges temporarily when the network is attacked, select paths containing backup edges for information transfer, and the selected paths containing backup edges are generally shorter than those without backup mechanism. That is, the backup mechanism may improve the toughness of the network against malicious attacks.
The method and the device provide a new blocking problem of a single-layer network, in an attack and defense scene of the single-layer network, aiming at the situation that a defending party is under passive attack, from the perspective of the defending party, on the basis of the original shortest path target, a network backup mechanism is considered, namely a defending strategy of link backup is considered, namely the defending party backs up a part of links in the network in advance, when the network is attacked, the defending party activates a part of backup links for service circulation, avoids the attacked links, minimizes the influence of network attack on the network, and accordingly improves the toughness of the network when the network is attacked.
Since in practical situations, the network attacks and defenders are not simple attacks-modes of selecting escape paths, the defenders can also have resources for deploying the defenses. Therefore, in order to explore the influence of the active defense mechanism of pre-backup and temporary activation on the attack and defense decision in the network blocking attack and defense process, a new network blocking problem is proposed and researched on the basis of the information flow shortest network blocking problem by taking the active defense mechanism of a defender in the network into consideration: the backup network shortest blocking problem is that under the blocking strategy of an attacker, the defensive party can activate the pre-backed-up link and put into use so as to reduce the influence of the attack on the network functions and performances.
Taking the shortest path model as an example, a backup network model is provided, a backup network shortest path blocking model is established for the backup network shortest path blocking problem, and a basic description and a mathematical planning model of the problem are provided.
In order to eliminate the influence of the defending Fang Bianliang integer constraint, the model is equivalently converted by a variable relaxation method, finally, a Bender decomposition algorithm is provided for the backup network shortest path blocking problem, an optimal blocking strategy of an attacker and an optimal path selection strategy and a backup activation strategy of the defender are solved, and model and algorithm verification experiments, algorithm performance comparison experiments and model effect analysis experiments under different backup link ratios are carried out by using simulation data.
The network backup proportion has saturation characteristic to the model effect, and the research on the problem provides theoretical basis and decision support for attack and defense decisions and attack and defense resource allocation of a decision maker in the backup network. The problem can give out blocking strategies of an attacker, path selection strategies and backup activation strategies of the defender based on a backup network mechanism of the defender.
In one embodiment, the network model and the backup network model each include a plurality of nodes, between which a network link or a backup link is formed, the network link or the link backup each having a link cost.
In a given network G, the defender of the network (i.e., the user of the network) attempts to pass information or traffic flows from the originating node s to the target node t. Each link in the network has a certain passing cost (such as time delay, resource consumption, etc.), so the goal of the defender is to realize the business flow from s to t with the minimum passing cost of the link; as a counterparty of the network, an attacker wishes to break down its network or prevent its implementation of the traffic flow by attacking the links in the network G. However, in practical situations, the resources of the attacker are limited, and the node and the link may be repaired after the attack, which only increases the response time of the network. The model thus considers that an attacker allocates limited attack resources in the network to increase the defensive party's experience costs, such as increasing its need to complete the business process or the resource consumption to complete the business process. Besides the basic network setting and the targets of both the attack and the defense, the model considers that the defender can backup a part of the network when constructing the network, and can select a part of backup edges from the backup edges to activate for use when the network is attacked, thereby ensuring that the influence of the network is as small as possible.
The constructed network is shown in fig. 2, the letters and numbers in the nodes represent their numbers, the solid lines represent normal network links, the broken lines represent backup links, and after being activated, they can be considered normal links, but cannot be attacked at any time. The number on a link represents the cost of going through, considered here as a time delay, representing the time required for information to travel through this link.
Fig. 2 to 4 show examples of shortest network blocking.
When the backup is not considered, assuming that an attacker can only block 3 links, and when the attacker is not attacked, the shortest circuit of the network is s-3-t in fig. 2, and the time delay is 8; when an attacker blocks the network, the shortest path of the network is shown as s-1-3-t in fig. 3, the time delay is 12, s-3, s-4,1-2, the number in brackets on the blocked solid line indicates the time delay after the link is blocked.
When backup activation is considered, the broken lines in the graph can be used as normal links for information transmission; if the consumed resource activates the backup when not attacked, the shortest path of the network is s-5-t in figure 2, and the time delay is shortened from 8 to 6 compared with the time delay without considering the backup; when an attacker blocks the network, the shortest path of the network is s-4-t in fig. 4, and the time delay is shortened from 12 to 10 compared with the case when backup is not considered.
Therefore, the backup activation is considered in the network, so that the toughness of the network can be effectively improved, and when the network is not attacked, the network can temporarily improve the performance of the network by activating the backup, as shown in the case of fig. 2; when the network is attacked, the network function can be ensured to operate effectively by activating the backup, as shown in the case of fig. 4. Meanwhile, the situation is that an attacker can only block 3 links, and the effect is more obvious when the attacker blocks more resources. However, when the backup is activated, resources (such as power) are consumed, so that the backup activation is performed by selecting a link under the condition of limited resources, and normal use of network functions is ensured.
In one embodiment, according to the backup network model, planning the backup network model, and establishing a backup activation shortest blocking model includes:
description of the problem: in the backup network model, a starting node s and a target node t; the defender pre-backs up a part of the link, and the link cannot pass when the backup link is not activated. The defender aims at searching the shortest path from the starting node s to the target node t in the network, and the length of the path from the starting node s to the target node t is defined as the sum of the lengths of the links passing through the s-t path; the attacker goal is to block some links in the network with limited resources R to maximize the shortest path of the defender; after the network is blocked by the attack party, the defending party activates and starts a small number of backup links according to the current network state so as to minimize the attack effect of the attack party;
Symbol prescribes: the backup network is defined as G (N, a), where n= {1,2,.+ -. Is a set of nodes, a= { (i, j) |i, j e N } is a set of network links, b= { (i, j) |i, j e N } is a set of link backups, B is a proper subset of a, i, j is a node number, and nodes s and t are the starting and destination nodes, respectively; c k Representing the length of link k e A, which will increase by d when link k is blocked k (d k > 0) to c k +d k (when d k When large enough, then link k can be considered to be completely blocked from passing); r is (r) k (r k > 0) represents blocking resources required by an attacker to block a link k, and the total blocking resources are defined as R; q k (q k > 0) indicates that the defender needs to activate link kBackup active resources, wherein the total amount of the backup active resources is defined as Q; let FS (i) and RS (i) represent an outgoing edge set and an incoming edge set of node i, respectively, where FS (i) = { (i ', j')ea|i '=i } and RS (i) = { (j', i ')ea|i' =i };
definition of binary variable x k As an aggressor blocking variable, 1 is taken to represent an aggressor blocking link k, and 0 is taken to represent unblocked; definition of the binary variable y k For the defender path selection variable, 1 is taken to represent that the defender path passes through the link k, and 0 is taken to represent that the undefined binary variable z k For defensive side to backup the activation variable, when k is E B, z k Taking 1 to represent the defensive side activating backup link k, taking 0 to represent not activating, when k is E A-B, z k Taking a fixed value of 1, and not considering the fixed value as a backup side; bold represents the vector form of the corresponding scalar.
Planning model: according to the above description of the problem and the related symbol specification, the backup network shortest blocking problem (Backup Network Shortest Path Interdiction, BNSPI) is a two-layer mixed integer programming problem, and based on the MXSP-P model for edge blocking, a programming model of the BNSPI problem can be obtained, that is, the backup activation shortest blocking model is expressed as follows:
∑ k∈A r k x k ≤R (4)
∑ k∈S q k z k ≤Q (5)
wherein, formula (2) is a flow conservation constraint, ensuring that the defender experiences a complete s-t path. Equation (3) indicates that the defender cannot pass through the inactive backup edge. Equation (4) and equation (5) represent blocking resource constraints of the aggressor and backup activation resource constraints of the defender, respectively. Equation (6) is an aggressor block variable constraint and indicates that the backup link cannot be blocked. (7) The defensive path selection variable and the defensive backup activation variable (8) indicate that only the backup side can be activated (1 is taken when activated, 0 is not taken when not activated), and the non-backup side takes a fixed value of 1.
The shortest blocking problem is a classical two-layer planning problem, comprising two parts: solving the shortest problem and the blocking resource allocation problem of the outer layer by the inner layer correspond to the minimization and maximization problems in the two-layer planning model respectively. The two-layer planning problem can be solved by linearly coupling the inner-layer minimization problem, so that the minimization problem is converted into the maximized problem, and the maxmin conflict in the original problem is solved, so that the original two-layer planning problem is converted into a single-layer planning problem. In the backup network shortest path blocking problem, the inner layer variable y k And z k Are integer variables that take values 0-1, so the problem is a mixed integer programming problem (Mixed Integer Linear Programme, MILP). Since the linear dual theory can only be applied to the linear programming model, consider the variable y k And z k Relaxation to continuous space converts the problem from a mixed integer programming problem to a linear programming problem.
In BNCI, when all y in the optimal solution k When 0 or 1 is taken, only one path from the starting node s to the target node t is taken in the graph G; when most at the maximumY is present in the optimal solution k When the value is within the range (0, 1), it means that there are more than two paths from the start node s to the target node t, and two cases occur at this time: (1) If the lengths of the paths are not equal, then the optimal solution must fall on the shortest one of the paths, indicating that the current solution is not the optimal solution, so this is not the case; (2) If the paths are equal in length, the final solution must fall on one of the s-t paths, any y at this time, since the flow conservation constraints ensure that the defender experiences a complete s-t path k Either 0 or 1.
Thus, in the backup network shortest blocking problem BNCI, when the problem gets the optimal solution, two discrete integer variables, path selection variable y k And backup activation variable z k Equivalent to two continuous variables And
therefore, the BNCI problem can be expressed in a reformation mode, and the BNCI problem is different from the original model in that the values of two variables of a defender are relaxed to the range of [0,1 ].
In one embodiment, before solving the backup activation shortest path blocking model based on the bendsia decomposition algorithm, the method further comprises:
converting the backup activation shortest blocking model to obtain formal expression:
∑ k∈A r k x k ≤R (12)
∑ k∈S q k z k ≤Q (13)
based on the Des decomposition algorithm, a basic decomposition method aiming at BNSI problem is provided, the basic idea of the Des decomposition method is to separate variables, and the separated variables and corresponding objective functions form two new independent problems. These two problems are defined as a main problem and a sub-problem, each with its objective functions and variables, while being easily solved. And solving the two problems to respectively obtain an upper bound and a lower bound of the objective function value of the original problem. By solving the two problems alternately until the upper and lower bounds are equal, a solution to the original problem can be obtained.
According to the characteristics of BNCIS, the BNCIS problem can be naturally decomposed into two problems, corresponding to the two parts of the Bende decomposition algorithm, so as to give the mathematical expression BNCIS-B of the main problem and the sub-problem after BNCIS decomposition.
In one embodiment, the bendsia decomposition algorithm includes:
[BNSPI-B]
∑ k∈A r k x k ≤R (19)
∑ k∈S q k z k ≤Q (24)
where d=diag ({ D) k :k∈A})。Is->Is a fixed vector, by->Solving to get, the same theory->Is->Is also a fixed vector, consisting of +.>Solving to obtain the final product. />Representing an s-t path selected by a defender; set->Is generated by +.>The constituent is a subset of all s-t paths in G. Set Y is the set of all s-t paths in graph G.
BNSI problem solving algorithm based on Bendset decomposition:
algorithm BNCPI-B: backup network blocking decomposition algorithm
During each iteration of the BNSPI-B algorithm,blocking strategy according to the current aggressor->Solving a shorter s-t path +.>And add to the Path set->In, then->According to updated->Generating a corresponding new blocking strategy->As the algorithm iterates, if the maximized shortest in Y is already contained in +.>In (b), thenThe solution of the problem (aggressor block policy) is equal to that of BNSI problem, accordingly, ++ >The solution of the problem (defender backup strategy and shortest path) is also equal to the solution of BNSI problem, now there is +.>Otherwise there isThe algorithm does not reach the termination condition, the algorithm continues to iterate until the largest shortest in Y is added to +.>Is a kind of medium. Thus, the solution of the algorithm BNCPI-B is a solution to the BNCPI problem.
The backup network shortest blocking method and device based on the Des decomposition algorithm provide an expansion problem of the shortest network blocking problem: the backup network shortest blocking problem additionally considers that a defender can carry out link backup on the basis of the original shortest blocking problem and can activate backup during attack so as to reduce the influence of the attack on the network, and the backup network model can accurately describe the actual attack and defense process and effectively reflect the actual attack and defense decision characteristics; a planning model of a backup network shortest blocking problem is provided, a backup network scene and specific settings are described, the backup activation shortest blocking model is equivalently converted according to the characteristics of the proposed planning model, and a Bender decomposition algorithm framework is provided on the basis of the equivalent conversion for solving the problem.
It should be understood that, although the steps in the flowchart of fig. 1 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 1 may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of other steps or sub-steps of other steps.
In one embodiment, backup network shortest blocking experiments are performed, backup network shortest blocking data adopts BA network data generated by simulation, and table 1 shows two solutions of BNSPI problems in the simulated network data: the performance comparison of the dual algorithm and the Bende decomposition algorithm under different network scales shows that the solving efficiency of the two algorithms is not greatly different.
Table 1 comparison of backup network shortest path blocking algorithm
Table 2 shows the shortest path lengths in different scale networks under different conditions in the simulated network data, each scale network containing 100 simulated graphs. In all cases, the number of given blocked links is 10; 15% of the links are randomly backed up, and up to 2 backup links may be activated. Wherein ASP represents the average shortest path length of the simulated graph under the non-blocking-non-active backup condition, ASP-B represents the average shortest path length of the simulated graph under the non-blocking-active backup condition, ASP-I represents the average shortest path length of the simulated graph under the blocking-active backup condition, and ASP-I-B represents the average shortest path length of the simulated graph under the blocking-active backup condition.
Table 2 simulation network experimental results table
/>
It can be seen from table 2 that by activating the backup link when not under attack, a path shorter than the original shortest path can be found in some cases, but the backup advantage is not obvious from this point of view because the experiment adopts a random backup strategy. As can be seen by comparing the data of the two columns of ASP-I and ASP-I-B, the influence of the attack on the network can be effectively reduced by activating the backup link after the network is blocked. In fact, since the experimental data takes the average value of the shortest of the plurality of cases, which includes the case where part of the backup strategy is not effective, in the specific case where the backup is effective, the effect of the backup activation is more remarkable than the result in the above table.
The effect of the model when a different number of nodes are backed up in each network is tested below. Experiments were performed in BA networks of 100 nodes and 200 nodes, respectively, and an attacker blocked at most 10% of the total number of links, wherein each scale of network generated 100 blocking cases, and the ASP-I-B values were used as the effect evaluation index of the model, and the results are shown in fig. 5 and 6.
From the above results, as the proportion of backup links increases, the average shortest path ASP-I-B after network outage decreases. The ASP-I-B value is fast to fall initially, the falling rate is gradually slowed down when the backup proportion reaches 15% -20%, and the falling trend of the ASP-I-B value is gradually gentle when the backup proportion reaches 25% -30%. This shows that with the increase of the proportion of the backup links, the toughness of the network can be effectively improved at first, and when the proportion of the backup links reaches about 15%, the backup links reach maximum efficiency, i.e. the backup can achieve good effect with less resource consumption. When the proportion of the backup links is increased, the cost performance of the backup links is gradually reduced, namely the number of the backup links is increased but no obvious effect exists. When the backup proportion reaches about 25%, the link backup effect reaches saturation, the income of continuously increasing the number of backup links is low, and the resource waste can be caused.
In summary, the experimental result verifies the correctness of the model and the algorithm, the proposed algorithm can accurately solve the blocking strategy of the attacker, the backup activation strategy and the path selection strategy of the defender are given based on the current blocking condition, and meanwhile, the validity of the link backup mechanism in coping with the network attack is also verified. The data for the subsequent experiments show that the more links are not backed up, the better the backup proportion is, the saturation exists to a certain extent, the number of the backup links is increased after the saturation point is reached, and the income is greatly reduced.
The application is based on the classical shortest network blocking problem, and provides an expansion problem of the shortest network blocking problem: backup network shortest blocking problem. Based on the original shortest path blocking problem, the fact that a defender can carry out link backup is additionally considered, and backup can be activated when the defender attacks, so that the influence of the attacks on the network is reduced. And then a planning model of the backup network shortest blocking problem is provided, and the backup network scene and specific settings are described. According to the proposed planning model, the model is subjected to equivalent conversion aiming at the characteristics of the model, and related evidence is provided, on the basis, a frame of the Des decomposition algorithm is finally provided for solving the problem, and the correctness of the algorithm is proved. Because the experiment adopts a random backup strategy, the backup activation is not effective in many cases, and the path length of the cases is averaged to serve as an evaluation index, so that the experiment result can not fully embody the advantage of the backup activation, but in the case that the backup activation is effective, the influence effect on reducing the network attack is quite remarkable.
As shown in fig. 7, in one embodiment, an apparatus is provided comprising: a network model creation module 702, a backup network model creation module 704, a backup activation shortest path blocking model creation module 706, and a solution module 708, wherein:
a network model building module 702, configured to build a network model according to a shortest blocking problem of a node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
a backup network model building module 704, configured to build a backup network according to the node network, and obtain a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
a backup activation shortest blocking model establishing module 706, configured to construct a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
A solving module 708, configured to solve the backup activation shortest blocking model based on the bendsia decomposition algorithm.
In one embodiment, the backup network model building module 704 is further configured to build a backup network according to the node network, and obtain a backup network model according to the backup network and the network model, where the backup network model includes
The network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
where the backup network is defined as G (N, a), n= {1,2,..the } represents a set of nodes, a= { (i, j) |i, j e N } represents a set of network links, b= { (i, j) |i, j e N } represents a set of link backups, B is a proper subset of a, i, j represents a node number.
In one embodiment, the backup activation shortest path blocking model creation module 706 is further configured to: constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model:
∑ k∈A r k x k ≤R
∑ k∈S q k z k ≤Q
wherein: s represents a starting node, t represents a target node; c k Representing the length of link k e A; r is (r) k Representing blocking resources required by an attacker to block a link k, wherein R represents the total amount of the blocking resources; q k Representing backup active resources required by defensive party to activate link k, and Q represents backupThe total amount of activated resources; FS (i) represents the outgoing edge set of node i, and RS (i) represents the incoming edge set of node i; x is x k To block variables for aggressors, y k Selecting variables for defensive path, z k Activating variables for defenses is backed up.
In one embodiment, the solving module 708 is further configured to, before solving the backup activation shortest path blocking model based on the bendsia decomposition algorithm, further include:
converting the backup activation shortest blocking model to obtain formal expression:
∑ k∈A r k x k ≤R
∑ k∈S q k z k ≤Q
in one embodiment, the solution module 708 is further configured to apply the Booth decomposition algorithm to:
∑ k∈A r k x k ≤R
∑ k∈S q k z k ≤Q
where d=diag ({ D) k :k∈A}),[Master(y^)]Where y is a fixed vector, [ Sub (x)]X in (a) is also a fixed vector; y represents an s-t path selected by a defender; set Y consists of the generated Y, which is a subset of all s-t paths in G. Set Y is the set of all s-t paths in graph G.
In one embodiment, the backup network model building module 704 is further configured to: the network model and the backup network model each comprise a plurality of nodes, network links or backup links are formed between the nodes, and the network links or the link backups have link costs.
For specific limitation of the backup network shortest blocking device based on the bendsia decomposition algorithm, reference may be made to the limitation of the backup network shortest blocking method based on the bendsia decomposition algorithm hereinabove, and the description thereof will not be repeated here. The modules in the backup network shortest path blocking device based on the bendsia decomposition algorithm can be all or partially realized by software, hardware and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure thereof may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a backup network shortest path blocking method based on a Booth decomposition algorithm. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like. The computer device may be a simulation device, the input means inputs relevant information to the simulation device, the processor executes the programs in the memory for combined simulation, and the display screen displays the relevant simulation results.
It will be appreciated by those skilled in the art that the structure shown in fig. 8 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In an embodiment a computer device is provided comprising a memory storing a computer program and a processor implementing the steps of the method of the above embodiments when the computer program is executed.
In one embodiment, a computer readable storage medium is provided, on which a computer program is stored which, when executed by a processor, implements the steps of the method of the above embodiments.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.
Claims (6)
1. The backup network shortest path blocking method based on the Bendset decomposition algorithm is characterized by comprising the following steps:
establishing a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
Establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square;
constructing a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model;
solving the backup activation shortest blocking model based on a Bendset decomposition algorithm;
establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model comprises:
the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network;
wherein the backup network is defined as G (N, a), n= {1,2,.+ -. Represents a set of nodes, a= { (i, j) |i, j e N } represents a set of network links, b= { (i, j) |i, j e N } represents a set of link backups, B is a proper subset of a, i, j represents a node number;
According to constraint conditions and optimization targets in the backup network model, constructing a backup activation shortest blocking model comprises the following steps:
∑ k∈A r k x k ≤R
∑ k∈B q k z k ≤Q
wherein: s represents a starting node, t represents a target node; c k Representing the length of link k e A; r is (r) k Representing blocking resources required by an attacker to block a link k, wherein R represents the total amount of the blocking resources; q k The backup activation resource required by the defensive side to activate the link k is represented, and Q represents the total amount of the backup activation resource; FS (i) represents the outgoing edge set of node i, and RS (i) represents the incoming edge set of node i; x is x k To block variables for aggressors, y k Selecting variables for defensive path, z k Backup activation variable for defender, d k Indicating the length of link k that increases when it is blocked;
variable y k And z k Relaxation to a continuous space, the bendsia decomposition algorithm comprising:
∑ k∈B q k z k ≤Q
where d=diag ({ D) k :k∈A}),Is->Is a fixed vector, ++>Is->Is also a fixed vector; />Representing an s-t path selected by a defender; set->By (I) produced>The composition is a subset of all s-t paths in G.
2. The method of claim 1, further comprising, prior to solving the backup activation shortest blocking model based on a bendsia decomposition algorithm:
Converting the backup activation shortest blocking model to obtain formal expression:
Σ k∈A r k x k ≤R
Σ k∈B q k z k ≤Q
3. the method according to claim 1 or 2, wherein the network model and the backup network model each comprise a plurality of nodes, between which a network link or a backup link is formed, the network link or the backup link each having a link cost.
4. The backup network shortest path blocking device based on the Bende decomposition algorithm is characterized by comprising:
the network model building module is used for building a network model according to the shortest blocking problem of the node network; the target of the attacker in the network model is to block the network link in the node network to maximize the shortest path of the defender when the resource is limited, and the target of the defender is to find the shortest path from the initial node to the target node in the node network;
the backup network model building module is used for building a backup network according to the node network and obtaining a backup network model according to the backup network and the network model; after the node network in the backup network model is blocked by the attack square, the defending square activates and starts the backup link in the backup network according to the current network state so as to minimize the attack effect of the attack square; establishing a backup network according to the node network, and obtaining a backup network model according to the backup network and the network model comprises: the network model comprises a plurality of nodes, network links are formed among the nodes, link backups are extracted from the network model to form the backup network, and a backup network model is obtained according to the network model and the backup network; wherein the backup network is defined as G (N, a), n= {1,2,.+ -. Represents a set of nodes, a= { (i, j) |i, j e N } represents a set of network links, b= { (i, j) |i, j e N } represents a set of link backups, B is a proper subset of a, i, j represents a node number;
The backup activation shortest blocking model building module is used for building a backup activation shortest blocking model according to constraint conditions and optimization targets in the backup network model; according to constraint conditions and optimization targets in the backup network model, constructing a backup activation shortest blocking model comprises the following steps:
Σ k∈A r k x k ≤R
Σ k∈B q k z k ≤Q
wherein: s represents a starting node, t represents a target node; c k Representing the length of link k e A; r is (r) k Representing blocking resources required by an attacker to block a link k, wherein R represents the total amount of the blocking resources; q k The backup activation resource required by the defensive side to activate the link k is represented, and Q represents the total amount of the backup activation resource; RS (i) represents the outgoing edge set of node i, and RS (i) represents the incoming edge set of node i; x is x k To block variables for aggressors, y k Selecting variables for defensive path, z k Backup activation variable for defender, d k Indicating the length of link k that increases when it is blocked;
the solving module is used for solving the backup activation shortest blocking model based on the Bender decomposition algorithm; variable y k And z k Relaxation to a continuous space, the bendsia decomposition algorithm comprising:
Σ k∈A r k x k ≤R
Σ k∈B q k z k ≤Q
where d=diag ({ D) k :k∈A}),Is->Is a fixed vector, ++>Is->Is also a fixed vector; / >Representing an s-t path selected by a defender; set->By (I) produced>The composition is a subset of all s-t paths in G.
5. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 3 when the computer program is executed.
6. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210043440.XA CN114401200B (en) | 2022-01-14 | 2022-01-14 | Backup network shortest path blocking method and device based on Bende decomposition algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210043440.XA CN114401200B (en) | 2022-01-14 | 2022-01-14 | Backup network shortest path blocking method and device based on Bende decomposition algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114401200A CN114401200A (en) | 2022-04-26 |
| CN114401200B true CN114401200B (en) | 2024-02-09 |
Family
ID=81230703
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210043440.XA Active CN114401200B (en) | 2022-01-14 | 2022-01-14 | Backup network shortest path blocking method and device based on Bende decomposition algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114401200B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111478811A (en) * | 2020-04-07 | 2020-07-31 | 中国人民解放军国防科技大学 | Network key point analysis method based on double-layer information flow transmission |
| CN112565272A (en) * | 2020-12-09 | 2021-03-26 | 中国人民解放军国防科技大学 | Method and device for blocking minimum Steiner tree of double-layer network and computer equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140258356A1 (en) * | 2012-12-13 | 2014-09-11 | University Of South Florida | Column and constraint generation method for optimal strategies |
-
2022
- 2022-01-14 CN CN202210043440.XA patent/CN114401200B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111478811A (en) * | 2020-04-07 | 2020-07-31 | 中国人民解放军国防科技大学 | Network key point analysis method based on double-layer information flow transmission |
| CN112565272A (en) * | 2020-12-09 | 2021-03-26 | 中国人民解放军国防科技大学 | Method and device for blocking minimum Steiner tree of double-layer network and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114401200A (en) | 2022-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Huang et al. | A large-scale markov game approach to dynamic protection of interdependent infrastructure networks | |
| Wu et al. | Policy iteration algorithm for optimal control of stochastic logical dynamical systems | |
| CN112565272B (en) | Method and device for blocking minimum Steiner tree of double-layer network and computer equipment | |
| Liu et al. | A stochastic evolutionary coalition game model of secure and dependable virtual service in sensor-cloud | |
| Casorrán et al. | A study of general and security Stackelberg game formulations | |
| Lou et al. | A framework of hierarchical attacks to network controllability | |
| Lai et al. | Simplified swarm optimization with initialization scheme for dynamic weapon–target assignment problem | |
| CN111400890A (en) | Attack-defense structure-based power grid upgrading method for resisting malicious data attack | |
| Wu et al. | Allocation of defensive and restorative resources in electric power system against consecutive multi-target attacks | |
| Huang et al. | Factored markov game theory for secure interdependent infrastructure networks | |
| Chen et al. | Repair strategy of military communication network based on discrete artificial bee colony algorithm | |
| CN113537400A (en) | Branch neural network-based edge computing node allocation and exit method | |
| Davarikia et al. | A novel approach in strategic planning of power networks against physical attacks | |
| Karyotis | A Markov random field framework for modeling malware propagation in complex communications networks | |
| Yadav et al. | SmartPatch: A patch prioritization framework | |
| CN114401200B (en) | Backup network shortest path blocking method and device based on Bende decomposition algorithm | |
| Ravishankar et al. | Time dependent network resource optimization in cyber–physical systems using game theory | |
| Vasal | Stochastic stackelberg games | |
| CN114401137B (en) | Backup network shortest path blocking method and device based on dual algorithm | |
| Chaoqi et al. | Camouflage strategy of a Stackelberg game based on evolution rules | |
| Ciftcioglu et al. | Topology design games and dynamics in adversarial environments | |
| Shao et al. | Multistage attack–defense graph game analysis for protection resources allocation optimization against cyber attacks considering rationality evolution | |
| CN116684152A (en) | Active defense method, device and system for multiple aggressors | |
| Halabi | Adaptive security risk mitigation in edge computing: Randomized defense meets prospect theory | |
| Osliak et al. | Towards Collaborative Cyber Threat Intelligence for Security Management. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |