CN117978623B - Method, device and equipment for constructing tough data sharing network for coping with network attack - Google Patents

Method, device and equipment for constructing tough data sharing network for coping with network attack Download PDF

Info

Publication number
CN117978623B
CN117978623B CN202410390822.9A CN202410390822A CN117978623B CN 117978623 B CN117978623 B CN 117978623B CN 202410390822 A CN202410390822 A CN 202410390822A CN 117978623 B CN117978623 B CN 117978623B
Authority
CN
China
Prior art keywords
network
link
logic
physical
data sharing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410390822.9A
Other languages
Chinese (zh)
Other versions
CN117978623A (en
Inventor
杨国利
刘艺
刘坤
李凡
王强
熊杏林
刁兴春
黄罡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Big Data Advanced Technology Research Institute
Original Assignee
Beijing Big Data Advanced Technology Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Big Data Advanced Technology Research Institute filed Critical Beijing Big Data Advanced Technology Research Institute
Priority to CN202410390822.9A priority Critical patent/CN117978623B/en
Publication of CN117978623A publication Critical patent/CN117978623A/en
Application granted granted Critical
Publication of CN117978623B publication Critical patent/CN117978623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a method, a device and equipment for constructing a tough data sharing network for coping with network attacks, which relate to the technical field of network data security and comprise the following steps: taking a service application program as a logic network node, and carrying out logic network interconnection to obtain a logic network; the communication equipment is used as a physical network node to carry out physical network interconnection to obtain a physical network; each logic network node is hung on a corresponding physical network node through a binding link, so that a data sharing network is obtained; the network repair program is deployed on a logic network node and is used for repairing a failed physical link; randomly selecting a plurality of physical links to perform network attack, and calculating network toughness under the deployment of the network repair program; repeating the random network attack for a plurality of times to obtain a network toughness average value; traversing the logic network nodes, determining the logic network node corresponding to the maximum network toughness mean value as an optimal deployment position, and deploying the network repair program at the optimal deployment position.

Description

Method, device and equipment for constructing tough data sharing network for coping with network attack
Technical Field
The application relates to the technical field of network data security, in particular to a method, a device and equipment for constructing a tough data sharing network for coping with network attacks.
Background
Network toughness refers to the ability of a network system to predict, respond, resist, repair and restore by means of a specific policy mechanism of the network system against internal and external disturbance such as complex interaction, soft and hard damage and the like, so that the original performance is maintained or active appearance is generated. When the network is attacked, the network toughness can enable the system to have the capability of preventing and adapting to changes, the capability of resisting network attacks and the capability of quickly recovering service links after the network attacks are suffered, and the capabilities can reduce losses to the greatest extent and keep network services to run normally.
For data sharing networks, it is critical for data sharing to enable users using different computers, different software, in different places to read other people's data and perform various operational operations and analysis applications. In order to realize reliable and stable data sharing, the method can quickly recover under various network attack conditions, and is an important content for constructing and optimizing a flexible data sharing network.
However, in the prior art, the network toughness of the data sharing network often cannot reach the expected ideal state, and quick and efficient network repair cannot be realized after the network attack. Therefore, there is a need to develop a method, an apparatus and a device for constructing a flexible data sharing network for coping with network attacks, and scientifically deploy a network repair program to improve the network flexibility of the data sharing network.
Disclosure of Invention
In view of the above, embodiments of the present application provide a method, apparatus, and device for constructing a flexible data sharing network that handles network attacks, so as to overcome or at least partially solve the above problems.
In a first aspect of the embodiment of the present application, there is provided a method for constructing a tough data sharing network for coping with a network attack, where the method includes:
Taking each service application program as a logic network node, and taking data sharing requirements existing among the service application programs as logic links, and performing logic network interconnection to obtain a logic network;
Taking each communication equipment as a physical network node, and carrying out physical network interconnection according to physical links existing among the communication equipment to obtain a physical network;
Each logic network node is hung on a corresponding physical network node through a binding link to obtain a data sharing network, wherein the data sharing network is a logic-physical double-layer network model facing data sharing; the physical links are used for providing load resources for one or more corresponding logic links, and the logic links utilize the provided load resources to realize data communication between two connected logic network nodes;
deploying a network repair program on one logical network node in the data sharing network, so that the network repair program can repair a failure physical link between the network repair program and a physical network node with reachability;
Randomly selecting a plurality of physical links from the data sharing network to perform network attack, and calculating network toughness deployed by the network repairing program, wherein the network toughness represents a difference value between an increase of a network load demand meeting rate after network repairing and a decrease of the network load demand meeting rate after network attack;
repeating the steps for randomly selecting a plurality of physical links for network attack to obtain a network toughness average value under the deployment of the network repair program;
Traversing all logic network nodes deployed by the network repair program, determining the logic network node corresponding to the maximum network toughness mean value as an optimal deployment position, and deploying the network repair program at the optimal deployment position.
The second aspect of the embodiment of the present application further provides a device for constructing a tough data sharing network for coping with network attacks, where the device includes:
The logic network construction module is used for carrying out logic network interconnection by taking each service application program as a logic network node and taking the data sharing requirement existing among the service application programs as a logic link to obtain a logic network;
the physical network construction module is used for carrying out physical network interconnection by taking each communication device as a physical network node according to physical links existing among the communication devices to obtain a physical network;
the data sharing network construction module is used for hanging each logic network node on a corresponding physical network node through a binding link to obtain a data sharing network, and the data sharing network is a logic-physical double-layer network model facing data sharing; the physical links are used for providing load resources for one or more corresponding logic links, and the logic links utilize the provided load resources to realize data communication between two connected logic network nodes;
A network repair program deployment module, configured to deploy a network repair program on a logical network node in the data sharing network, so that the network repair program can repair a failed physical link with a physical network node for which reachability exists;
The network toughness calculation module is used for randomly selecting a plurality of physical links from the data sharing network to carry out network attack, and calculating the network toughness deployed by the network repair program, wherein the network toughness represents the difference value between the rising of the network load demand meeting rate after network repair and the falling of the network load demand meeting rate after network attack;
the network toughness average value calculation module is used for repeatedly executing random selection of a plurality of physical links for network attack for a plurality of times to obtain a network toughness average value deployed by the network repair program;
The optimal deployment position determining module is used for traversing all the logic network nodes deployed by the network repair program, determining the logic network node corresponding to the maximum network toughness mean value as an optimal deployment position, and deploying the network repair program at the optimal deployment position.
The third aspect of the embodiment of the application also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory, wherein the processor executes the computer program to realize the steps in the method for constructing the tough data sharing network for coping with network attacks according to the first aspect of the embodiment of the application.
The fourth aspect of the embodiment of the present application further provides a computer readable storage medium, where a computer program/instruction is stored, where the computer program/instruction implements the steps in the method for constructing a tough data sharing network for coping with a network attack according to the first aspect of the embodiment of the present application when the computer program/instruction is executed by a processor.
A fifth aspect of the embodiments of the present application further provides a computer program product, which when run on an electronic device, causes a processor to implement the steps in the method for constructing a tough data sharing network for coping with network attacks according to the first aspect of the embodiments of the present application.
The embodiment of the application provides a method for constructing a tough data sharing network for coping with network attacks, which comprises the following steps: taking each service application program as a logic network node, and taking data sharing requirements existing among the service application programs as logic links, and performing logic network interconnection to obtain a logic network; taking each communication equipment as a physical network node, and carrying out physical network interconnection according to physical links existing among the communication equipment to obtain a physical network; each logic network node is hung on a corresponding physical network node through a binding link to obtain a data sharing network, wherein the data sharing network is a logic-physical double-layer network model facing data sharing; the physical links are used for providing load resources for one or more corresponding logic links, and the logic links utilize the provided load resources to realize data communication between two connected logic network nodes; deploying a network repair program on one logical network node in the data sharing network, so that the network repair program can repair a failure physical link between the network repair program and a physical network node with reachability; randomly selecting a plurality of physical links from the data sharing network to perform network attack, and calculating network toughness deployed by the network repairing program, wherein the network toughness represents a difference value between an increase of a network load demand meeting rate after network repairing and a decrease of the network load demand meeting rate after network attack; repeating the steps for randomly selecting a plurality of physical links for network attack to obtain a network toughness average value under the deployment of the network repair program; traversing all logic network nodes deployed by the network repair program, determining the logic network node corresponding to the maximum network toughness mean value as an optimal deployment position, and deploying the network repair program at the optimal deployment position.
The concrete beneficial effects are that:
The embodiment of the application constructs the data sharing network, carries out random network attack on the data sharing network, and calculates the network toughness (the difference between the rising of the network load demand meeting rate after network repair and the falling of the network load demand meeting rate after network attack) of the data sharing network when the network repair program is deployed on one of the logic network nodes. On one hand, the embodiment of the application realizes the accurate calculation of the network toughness of the data sharing network by calculating the change of the network load demand satisfaction rate before and after network repair, and is beneficial to determining the optimal deployment position according to the network toughness average value. On the other hand, as the repairing effect of the network repairing program on the network attack can be influenced by the position of the logic network node where the network repairing program is located (only the invalid physical link connected with the physical network node which can be reached by the network repairing program can be repaired), the embodiment of the application determines the optimal deployment position (the logic network node where the network repairing program is located when the network toughness average value is maximum) by traversing all the logic network nodes deployed by the network repairing program, and scientifically deploys the network repairing program, so that after network repairing, the network load requirement is met for as many logic network nodes as possible, reliable and stable data sharing is realized, and higher network toughness is achieved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of steps of a method for constructing a tough data sharing network for coping with network attacks according to an embodiment of the present application;
FIG. 2 is a diagram of a logical-physical dual-layer network topology according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a primary path and a backup path according to an embodiment of the present application;
fig. 4 is a schematic diagram of a network repair principle based on information reset according to an embodiment of the present application;
Fig. 5 is a schematic structural diagram of a device for constructing a flexible data sharing network according to an embodiment of the present application;
fig. 6 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Exemplary embodiments of the present application will be described in more detail below with reference to the accompanying drawings in the embodiments of the present application. While exemplary embodiments of the present application are shown in the drawings, it should be understood that the present application may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the application to those skilled in the art.
Network toughness refers to the ability of a network system to predict, respond, resist, repair and restore by means of a specific policy mechanism of the network system against internal and external disturbance such as complex interaction, soft and hard damage and the like, so that the original performance is maintained or active appearance is generated. When the network is attacked, the network toughness can enable the system to have the capability of preventing and adapting to changes, the capability of resisting network attacks and the capability of quickly recovering service links after the network attacks are suffered, and the capabilities can reduce losses to the greatest extent and keep network services to run normally.
With the continuous development of the information age, the information exchange between different departments and different areas is gradually increased, and the development of computer network technology provides guarantee for information transmission. When a large amount of space data appears on a network, the key of data sharing is that users using different computers and different software in different places can read other data and perform various operation calculation and analysis applications facing to various data. In order to realize reliable and stable data sharing, the method can quickly recover under various network attack conditions, and is an important content for constructing and optimizing a flexible data sharing network. However, in the prior art, the network toughness of the data sharing network often cannot reach the expected ideal state, and quick and efficient network repair cannot be realized after the network attack.
In view of the above problems, an embodiment of the present application proposes a method for constructing a tough data sharing network for coping with network attacks, so as to solve the problems of lower network toughness and the like. The following describes in detail the method for constructing the tough data sharing network for coping with network attacks according to the embodiment of the present application through some embodiments and application scenarios thereof with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a step flowchart of a method for constructing a tough data sharing network for coping with a network attack, as shown in fig. 1, where the method includes:
Step S101, using each service application program as a logic network node, using data sharing requirements existing among the service application programs as logic links, and performing logic network interconnection to obtain a logic network.
Step S102, each communication device is used as a physical network node, and physical network interconnection is performed according to physical links existing between the communication devices, so as to obtain a physical network.
Step S103, each logic network node is hung on a corresponding physical network node through a binding link to obtain a data sharing network, wherein the data sharing network is a logic-physical double-layer network model facing data sharing; the physical links are used for providing load resources for one or more corresponding logic links, and the logic links utilize the provided load resources to realize data communication between two connected logic network nodes.
In this embodiment, the implementation of data sharing needs to rely on logical network interconnection and physical network interconnection. Each logical network node in the logical network represents a kind of business application, also called application service, representing different business applications running within different organizations or the same organization, but within different authorization boundaries. In the process of constructing a logic network in a data sharing network, when a data sharing requirement exists between two business application programs, such as file sharing service or application, and data exchange, information service (such as identity verification and log record) providing and the like occur in a session layer, a presentation layer or an application layer, logic network interconnection is performed, and a logic link between two corresponding logic network nodes is generated.
Each physical network node in the physical network represents a physical communication node or communication device, e.g. a switching station. In the process of constructing a physical network in a data sharing network, when any one or more of optical fiber, microwave, wireless, bluetooth and other physical links are actually erected between two communication devices, physical network interconnection is performed, and a physical link between two physical network nodes is generated, wherein the physical link indicates the data accessibility between the two connected physical network nodes.
And hanging each logic network node in the logic network on a corresponding physical network node in the physical network through a binding link to obtain a data sharing network, so that the data sharing network is a logic-physical double-layer network model oriented to data sharing. Referring to fig. 2, fig. 2 shows a topology structure diagram of a logical-physical dual-layer network, as shown in fig. 2, the data sharing network in this embodiment is a logical-physical dual-layer network model facing data sharing, the upper layer in fig. 2 is a logical network, the lower layer in fig. 2 is a physical network, the logical network includes a plurality of logical network nodes, and the logical network nodes are connected with each other through logical links, which indicates that there is a data sharing requirement between two logical network nodes; the physical network comprises a plurality of physical network nodes, the physical network nodes are connected with each other through physical links, the physical links are used for realizing data communication for the two connected physical network nodes, and the transmitted data are sent to the corresponding logic network nodes through the physical network nodes, so that load resources are provided for one or more logic links corresponding to the physical links, and the logic links utilize the provided load resources to realize data communication between the two connected logic network nodes.
As shown in fig. 2, the logical network includes service applications (i.e., logical nodes a, b, c, d, e, f, g) and their logical links with each other, which characterize the data sharing requirements between the service applications. The physical network includes individual communication devices (i.e., physical nodes A, B, C, D, E, F, G, etc.) and their physical links to each other, which characterize the provision of load resources between the communication devices. The realization of data sharing also needs to rely on the interconnection between a logical network and a physical network, and each logical node is hung on a certain physical node through a binding link.
The physical network is a bearer of the logical network, the logical network is an application of the physical network, and the physical network and the logical network are mutually coupled and interleaved. If one physical link in the physical network fails, the logical link carried by the physical link also fails correspondingly, so that data sharing cannot be realized between two service applications corresponding to two logical network nodes connected by the logical link. As shown in fig. 2, a logical link exists between the logical network nodes b and d, which means that there is a data sharing requirement between two service applications corresponding to b and d, where b needs to obtain data of d, and/or d needs to obtain data of b. The logical network node B is suspended from the physical network node B and the logical network node D is suspended from the physical network node F via the data sharing network, so that data sharing between B and D can be achieved via the physical transmission paths B-D-F. If the physical link B-D or D-F fails, which would result in the failure of the logical link B-D, no data sharing between the logical network nodes B and D can be achieved.
In this embodiment, after the data sharing network is constructed, load resources of the corresponding physical link are also required to be allocated to the logical link therein. Because the load resources of the physical links are limited, one physical link may carry one or more logical links, and each logical link needs to be provided with load resources with a proper size, so that data sharing is realized between corresponding logical network nodes. Because of the different logical links, the corresponding service applications are different, and the required load resources are different in size. Further, in order to achieve load balancing and improve data sharing efficiency, an optimal load balancing optimization scheme can be determined through a genetic algorithm, so that a corresponding physical link and load resources of the physical link are configured for each logic link according to the optimization scheme.
Further, when the data sharing network is constructed, two physical links are selected for each logical link to serve as a main path and a backup path respectively. In this embodiment, for each logical link log i, the physical network nodes to which the two logical network nodes connected according to the log are respectively boundAnd/>. To enable data sharing of logical links, it is necessary to determine the physical network node/>To/>Is a physical link to the network. When the physical network G p has a complex structure and more nodes, two physical network nodes/>And/>There are multiple physical links between, and an reachable path set pi i is available, which can be expressed as pi i:
Wherein, Two physical network nodes/>, representing a physical networkAnd/>Extraction functions of all reachable path sets in between. Selecting two physical links from the set of reachable paths as the primary path for the logical linkAnd backup Path/>. Main Path/>And backup Path/>All belonging to the reachable path set. After determining the main path and the backup path, load resources/>, of the main path and the backup pathAssigned to the logical link log i, the primary path is the load resource size/>, of the corresponding logical link configurationLoad resource size/>, configured for the corresponding logical link with the backup pathEqual.
Referring to fig. 3, fig. 3 is a schematic diagram of a primary path and a backup path, where as shown in fig. 3, for a logical link log i between logical network nodes b and d, it indicates that there is a data sharing requirement between two service applications corresponding to b and d. The logical network node B is suspended from the physical network node B and the logical network node D is suspended from the physical network node F, so that data sharing between B and D can be achieved through the physical transmission path B-D-F or through the physical transmission path B-C-E-G-F. Taking B-D-F as a main path, load resources are provided for a logic link log i so as to realize data sharing between B and D. When the physical link B-D or D-F fails, the backup path B-C-E-G-F automatically changes to provide load resources for the logical link log i, so that the failure of the logical link log i caused by the problems of failure of the main path and the like is avoided, the load redundancy is realized, and the stability of data sharing is improved.
The load resource of the main path and the load resource of the backup path are configured to be the same in size, and the load resource of the main path or the backup path configured for each logic link is not smaller than the load requirement of the logic link, wherein the load requirement of the logic link represents the load size required for realizing data sharing between two service application programs corresponding to the logic link. The load requirement of each logical link is determined by the traffic carried, and remains relatively fixed. As shown in fig. 3, when 10Gbps of data is required to be normally transmitted between the logical network nodes B and D, the load requirement D b-d = 10Gbps of the corresponding logical link B-D, and the physical link D-E exists in the path b→d→e→g→f and the path b→c→e→d→f, and the upper load limit of the physical link D-E is 8Gbps, which is smaller than the load requirement D b-d (10 Gbps) of the logical link B-D, so that the path b→d→e→g→f and the path b→c→e→d→f do not satisfy the condition of the data sharing transmission path as the load bearing logical link B-D, and cannot serve as the primary path or the backup path of the logical link B-D.
Step S104, a network repair program is deployed on one logic network node in the data sharing network, so that the network repair program can repair a failure physical link between the network repair program and a physical network node with reachability.
In the practical application process, the data sharing network is often attacked by the external network aiming at the network configuration information, once the network attack is successful, the attacked physical link in the physical network is invalid, and the logical link relying on the physical link is also invalid successively (the physical link is invalid, data transmission cannot be carried out, that is, load resources cannot be continuously provided for the loaded logical link, so that data sharing cannot be realized among the logical network nodes connected by the logical link).
In order to restore the network function, a network repair program needs to be selected from the logical network nodes and deployed (as shown in fig. 2, a network repair program is deployed at the logical network node e), and the network repair program can remotely reset information on both ends of the physical link under attack, so that the physical link after information reset will restore the information transmission function. Referring to fig. 4, fig. 4 shows a schematic diagram of a network repair principle based on information reset, as shown in fig. 4, a network repair program is deployed on a logical network node E, where the logical network node E binds a physical network node G, and when a physical link D-E in a physical network fails, the network repair program can perform information reset on the physical network nodes D and E (i.e., a physical network node D, E having reachability with the physical network node G) through the physical links g→f→d, respectively through the physical links g→e, so that the physical links D-E resume data transmission.
Step S105, randomly selecting a plurality of physical links from the data sharing network to perform network attack, and calculating network toughness deployed by the network repair program, wherein the network toughness represents a difference value between an increased network load demand satisfaction rate after network repair and a decreased network load demand satisfaction rate after network attack;
According to the network restoration principle of information reset, deployment positions of the network restoration program are different, and network restoration effects which can be realized are different. Specifically, since the network repair procedure can only reset information of the physical network nodes reachable through the physical link, the physical network nodes where the current network repair procedure is located cannot be network repaired by the physical network nodes which cannot be connected through the effective physical link. After a logical network node is selected from a logical network to deploy a network repair program, m physical links are selected from the physical network in a random mode to carry out network attack, and the network repair program is utilized to carry out network repair, so that the network toughness of the network repair program deployed is calculated, and the network toughness is used for evaluating the current network repair effect of the network repair program.
In one possible implementation, the calculating the network toughness under the deployment of the network repair procedure includes:
Step S1051, after performing a network attack on the plurality of physical links selected at random, calculates a network load demand satisfaction rate drop value of the data sharing network.
Specifically, the network load demand satisfaction rate indicates the duty ratio at which the load demand of the logical link in the data sharing network is satisfied (i.e., data sharing can be realized). The network load demand satisfaction rate decrease value indicates the difference of the network load demand satisfaction rates before and after the data sharing network is attacked by the network.
In one possible implementation manner, the step S1051 calculates a network load demand satisfaction rate decrease value of the data sharing network, including:
step S1051-a is described, in which an initial network load demand satisfaction rate of the data sharing network before the network attack is obtained.
In the implementation, before a plurality of physical links are randomly selected to perform network attack, the data sharing network in the initial state can be analyzed and calculated to obtain the initial network load demand satisfaction rate.
In one possible implementation manner, the obtaining the initial network load requirement satisfaction rate of the data sharing network before the network attack includes:
in the data sharing network prior to the network attack, for each of the logical links:
when the physical link corresponding to the logic link is the load resource configured by the physical link and is smaller than the load demand of the logic link, the logic link is determined to be the first logic link which does not meet the network load demand.
When the physical link corresponding to the logic link is the load resource configured by the physical link and is not smaller than the load demand of the logic link, determining the logic link as a second logic link meeting the network load demand;
according to the load demands of the first logic link and the second logic link, determining the initial network load demand satisfaction rate according to the following formula:
Where Fr represents the initial network load demand satisfaction rate, Representing the load demand of the ith logical link,/>Indicating whether the ith logical link meets the network load requirement, and when the ith logical link is the first logical link,/>When the ith logical link is the second logical link,/> = 0=1。
In the present embodiment, in the data sharing network in the initial state, for each logical linkIf the load resources for which its corresponding physical link is configured are less than the logical link/>Load demand of itself, namely: /(I)Wherein/>Expressed as logical link/>Configured load resource,/>Representing logical Link/>Is not required for the load demand of the vehicle. In this case, then the logical link/>, is determinedThe network load requirement is not met, the data sharing between two logic network nodes cannot be realized, and the logic link/>Is determined to be a first logical link.
In the present embodiment, for each logical linkIf the load resources for which its corresponding physical link is configured are less than the logical link/>The load demand of the self can be expressed as that the load resources configured for the main path and the backup path corresponding to the logic link are smaller than the logic link/>When the load demand of the self is met, the logic link/> isdeterminedThe network load requirement is not met, the data sharing between two logic network nodes cannot be realized, and the logic link/>Is determined as a first logical link, corresponding/>=0。
In the data sharing network in the initial state, for each logical linkIf the load resource for which its corresponding physical link is configured is not less than the logical link/>Load demand of itself, namely: /(I)Wherein/>Expressed as logical link/>Configured load resource,/>Representing logical Link/>Is not required for the load demand of the vehicle. In this case, then the logical link/>, is determinedThe network load requirement is met, the data sharing between two logic network nodes can be realized, and the logic link/>And determining as a second logical link.
Wherein for each logical linkIf the load resource for which its corresponding physical link is configured is not less than the logical link/>The load demand of the self can be expressed as that the load resource configured for the main path and the backup path corresponding to the logic link is not less than the logic link/>Determining the logic link when the load demand of the self is metThe network load requirement is met, the data sharing between two logic network nodes can be realized, and the logic link/>Is determined as a second logical link, corresponding/>=1。
The step S1051-b calculates a first network load demand satisfaction rate after the network attack.
After network attack is carried out on a plurality of randomly selected physical links, the physical links are disabled, load resources cannot be provided for the loaded logical links, the corresponding logical links are disabled, the load demand satisfaction rate of the whole network is reduced, and the first network load demand satisfaction rate after the network attack is calculated.
In one possible implementation manner, the calculating the first network load demand satisfaction rate after the network attack includes:
in a data sharing network after network attack, a first invalid logical link set is determined, wherein the first invalid logical link set comprises a plurality of first invalid logical links, and the first invalid logical links represent logical links which cannot be used for data sharing due to the fact that physical links are subjected to network attack. Specifically, for each physical link If the physical link/>Carried logical link/>Transmitting data sharing information, i.e./>I=1, 2, … …, n, and the physical link/>When the link fails due to network attack, corresponding logic link/>I=1, 2, … …, n, the set of failed physical links under network attack is denoted/>Then the set of failed logical links is noted as a first set of failed logical links
In a data sharing network after a network attack, for each logical link:
And when the logic link does not belong to the first failure logic link set, and the configured load resource of the physical link corresponding to the logic link is not less than the load demand of the logic link, determining the logic link as a third logic link meeting the network load demand.
And when the logic link belongs to the first failure logic link set, or the load resource configured for the physical link corresponding to the logic link is smaller than the load demand of the logic link, determining the logic link as a fourth logic link which does not meet the network load demand.
According to the load demands of the third logic link and the fourth logic link, determining the first network load demand satisfaction rate according to the following formula:
Wherein, Representing the first network load demand satisfaction rate,/>Representing the load demand of the ith logical link,/>Indicating whether the ith logical link meets the network load requirement, and when the ith logical link is the fourth logical link,/>When the ith logical link is the third logical link,/> = 0=1。
In a data sharing network following a network attack, for each logical linkIf the logical link satisfies both of the following conditions: condition one, the logical link has not failed, belongs to the first failed logical link set,/>. And under the condition II, the load resource configured for the physical link corresponding to the logic link is not less than the logic link/>The load demand of the self (the load resource configured by any one path of the main path and the backup path corresponding to the logic link is not less than the logic link/>)Load demand of itself), namely: /(I). In case both conditions are fulfilled, the logical link/>, is determinedThe network load requirement is met, the data sharing between two logic network nodes can be realized, and the logic link/>Is determined as a third logical link, corresponding/>=1。
In a data sharing network following a network attack, for each logical linkIf the logical link satisfies either of the following two conditions: the first condition, the logical link failure, belongs to a first set of failed logical links,. Under the condition II, the load resource configured for the physical link corresponding to the logic link is smaller than the logic link/>The load demand of the self (the load resource configured by any one path of the main path and the backup path corresponding to the logic link is smaller than the logic link/>)Load demand of itself), namely: /(I). In the case that at least either of the above two conditions is satisfied, the logical link/>, is determinedThe network load requirement is not met, the data sharing between two logic network nodes cannot be realized, and the logic link/>Determined as a fourth logical link, corresponding/>=0。
The step S1051-c is to determine a difference between the initial network load demand satisfaction rate and the first network load demand satisfaction rate as the network load demand satisfaction rate decrease value.
Specifically, the initial network load demand satisfaction rate is obtained through calculation(Network load demand satisfaction rate of data sharing network before network attack) and first network load demand satisfaction rate/>(Network load demand satisfaction rate of the data sharing network after partial logic link failure after network attack), and determining the difference value of the two as the network load demand satisfaction rate decrease value/>The network load demand satisfaction rate decrease value indicates the affected extent of the load demand of the data sharing network due to the network attack.
Step S1052, performing network repair on the physical link under network attack by using the deployed network repair program.
In this embodiment, after the step S1021 is completed and the network attack is calculated, the network restoration is performed by using the network restoration program deployed on the logical network node after the network load demand satisfaction rate of the data sharing network decreases.
In a possible implementation manner, the step S1052 performs network repair on the physical link under network attack by using the deployed network repair procedure, including:
and locating a failed physical network node, wherein the failed physical network node represents a physical network node corresponding to a physical link s-t failed due to network attack.
And positioning a physical network node f bound by the network repair program.
And calculating the reachability between the physical network node f bound by the network repair program and the failed physical network nodes (s, t) to obtain an reachable path set. Specifically, the set of reachable paths represents, for each failed physical network node, the set of reachable paths between it and the physical network node f to which the network repair procedure is bound:
Wherein G p denotes a physical network, f denotes a physical network node to which the network repair procedure is bound, s denotes one failed physical network node to which the failed physical link is connected, t denotes another failed physical network node to which the failed physical link is connected, Is an extraction function of all reachable path sets between two points (s/t and f) of the network.
And using the network repair program to reset information of the failure physical network nodes reachable by the network repair program according to the reachable path set.
Specifically, for each physical link that fails due to network attack, the following conditions are satisfied simultaneouslyAnd/>The network repair program can transmit data from the node f to the failed physical network nodes s and t through the paths in the accessible path set, so that the information of the failed physical network nodes s and t is reset, and the failed physical link s-t resumes data transmission.
Step S1053, after the network repair, calculates a network load demand satisfaction rate increase value of the data sharing network.
Specifically, the network load demand satisfaction rate rising value indicates a difference between a network load demand satisfaction rate of the data sharing network after network repair by the network repair program and a network load demand satisfaction rate of the data sharing network after network attack.
In one possible implementation manner, the step S1053, after network repair, calculates a network load demand satisfaction rate increase value of the data sharing network, including:
step S1053-1, obtaining the first network load demand satisfaction rate after the network attack. Specifically, when step S1051-b is executed, the calculated first network load demand satisfaction rate is obtained.
Step S1053-2, calculate the second network load demand satisfaction rate after network repair.
Specifically, the network repairing program resets the information of the partial failure physical network nodes through the reachable paths, so that the partial failure physical links are recovered, the overall load demand satisfaction rate of the network is increased, and the second network load demand satisfaction rate after network repairing is obtained through calculation.
In a possible implementation manner, the step S1053-2 of calculating the second network load demand satisfaction rate after the network repair includes:
And determining a second invalid logic link set in the data sharing network after network repair, wherein the second invalid logic link set comprises a plurality of second invalid logic links, and the second invalid logic links represent logic links which cannot be repaired by the network repair program and cannot be used for data sharing because the physical links are subjected to network attack. Specifically, the set of failed physical links under network attack is recorded as The physical network after network attack is/>The physical network node bound by the network repair program is f, and for each physical link/>, in the failure physical link setThe two endpoints (physical network nodes) are s and t respectively, if f and the reachable path set of the two exist, namely the two paths simultaneously meet/>A kind of electronic devicePhysical Link/>Repaired, all repaired physical links constitute a set:
The set of physical links that remain inactive after network repair is represented as Obtaining a corresponding invalid logical link set as a second invalid logical link set:
in a data sharing network after network repair, for each logical link:
And when the logic link does not belong to the second failure logic link set, and the configured load resource of the physical link corresponding to the logic link is not less than the load demand of the logic link, determining the logic link as a fifth logic link meeting the network load demand.
And when the logic link belongs to the second failure logic link set, or the load resource configured for the physical link corresponding to the logic link is smaller than the load demand of the logic link, determining the logic link as a sixth logic link which does not meet the network load demand.
According to the load demands of the fifth logic link and the sixth logic link, determining the second network load demand satisfaction rate according to the following formula:
Wherein, Representing the second network load demand satisfaction rate,/>Representing the load demand of the ith logical link,/>Indicating whether the ith logical link meets the network load requirement, and when the ith logical link is the sixth logical link,/>=0; When the ith logical link is the fifth logical link,/>=1。
In a data sharing network after network repair, for each logical linkIf the logical link satisfies both of the following conditions: condition one, the logical link has not failed or has been repaired, does not belong to the second failed logical link set,/>. And under the condition II, the load resource configured for the physical link corresponding to the logic link is not less than the logic link/>The load demand of the self (the load resource configured by any one path of the main path and the backup path corresponding to the logic link is not less than the logic link/>)Load demand of itself), namely: /(I). In case both conditions are fulfilled, the logical link/>, is determinedThe network load requirement is met, the data sharing between two logic network nodes can be realized, and the logic link/>Determined as the fifth logical link, corresponding/>=1。
In a data sharing network after network repair, for each logical linkIf the logical link satisfies either of the following two conditions: the first condition, the logical link is still in failure state, and the network repair procedure cannot repair, i.e. the logical link belongs to the second failure logical link set,/>. Under the condition II, the load resource configured for the physical link corresponding to the logic link is smaller than the logic link/>The load demand of the self (the load resource configured by any one path of the main path and the backup path corresponding to the logic link is smaller than the logic link/>)Load demand of itself), namely: /(I). In the case that at least either of the above two conditions is satisfied, determining the logical linkThe network load requirement is not met, the data sharing between two logic network nodes cannot be realized, and the logic link/>Determined as a sixth logical link, corresponding/>=0。
Step S1053-3, determining a difference between the second network load demand satisfaction rate and the first network load demand satisfaction rate as the network load demand satisfaction rate rising value.
Specifically, the second network load demand satisfaction rate is obtained through calculation(Network load demand satisfaction rate of data sharing network after network repair) and first network load demand satisfaction rate/>(Network load demand satisfaction rate of the data sharing network after partial logic link failure after network attack), and determining the difference value of the two as the network load demand satisfaction rate rising value/>The network load demand satisfaction rate rise value represents a degree of restoration of the load demand of the data sharing network by the network restoration program.
Step S1054, determining the difference between the network load demand meeting rate rising value and the network load demand meeting rate falling value as the network toughness deployed by the network repair procedure.
Specifically, the following formula may be adopted:
dropping network load demand satisfaction rate And network load demand satisfaction rate rise value/>The difference value of the network is determined as the network toughness under the deployment of the network repair program, and the smaller the difference value is, the stronger the network toughness is (the closer the data sharing network is to the initial state after the network repair is), otherwise, the larger the difference value is, the weaker the network toughness is.
Optionally, according to the above formula, when calculating the network toughness under the deployment of the network repair program, the initial network load demand satisfaction rate may be calculated(Network load demand satisfaction rate of data sharing network before network attack) and second network load demand satisfaction rate/>After network repair, network load demand satisfaction rate of the data sharing network), omitting the first network load demand satisfaction rate/>Further improving the calculation efficiency.
And step S106, repeating the steps for executing the random selection of a plurality of physical links for network attack for a plurality of times, and obtaining the network toughness average value under the deployment of the network repair program. Specifically, in order to ensure the accuracy of the final result, step S105 needs to be repeatedly executed, after the network repair program is deployed on the logical network node, a plurality of physical links are randomly selected again, network attack is performed, new network toughness is obtained by calculation, and the network toughness average value of the network repair program deployed on the logical network node is obtained by calculation repeatedly for a plurality of times.
Step S107, traversing all the logic network nodes deployed by the network repair program, determining the logic network node corresponding to the maximum network toughness mean value as an optimal deployment position, and deploying the network repair program at the optimal deployment position.
Because the location of the network repair program node can influence the recovery degree of the failed physical link, the toughness network is required to have higher recovery capability when coping with network attacks, so that the network repair program node location needs to be optimized, so that the data sharing network has higher recovery capability when suffering from uncertain network attacks. Specifically, all logical network nodes deployed by the network repair program are traversed, namely, the network toughness average value of the network repair program deployed on each logical network node is calculated, and the logical network node corresponding to the maximum network toughness average value is determined to be the optimal deployment position according to the following formula:
Wherein, After a network repair program is deployed for the logic network node f, the logic network node with the f value of the maximum network toughness is obtained for the network toughness mean value of the physical links with different combinations at the optimal deployment position. /(I)
According to the embodiment of the application, the data sharing network is constructed, random network attack is carried out on the data sharing network, and when the network repair program is deployed on one of the logic network nodes, the network toughness (the difference between the network load demand meeting rate after network repair and the network load demand meeting rate after network attack is reduced) of the data sharing network is calculated. On one hand, the embodiment of the application realizes the accurate calculation of the network toughness of the data sharing network by calculating the change of the network load demand satisfaction rate before and after network repair, and is beneficial to determining the optimal deployment position according to the network toughness average value. On the other hand, as the repairing effect of the network repairing program on the network attack can be influenced by the position of the logic network node where the network repairing program is located (only the invalid physical link corresponding to the physical network node which can be reached by the network repairing program can be repaired), the embodiment of the application determines the optimal deployment position (the logic network node where the network repairing program is located when the network toughness average value is maximum) by traversing all the logic network nodes deployed by the network repairing program, so that the network load requirement is met after the network repairing of as many logic network nodes as possible, reliable and stable data sharing is realized, and higher network toughness is achieved.
The second aspect of the embodiment of the present application further provides a device for constructing a tough data sharing network for coping with network attacks, referring to fig. 5, fig. 5 shows a schematic structural diagram of the tough data sharing network construction device, as shown in fig. 5, where the device includes:
The logic network construction module is used for carrying out logic network interconnection by taking each service application program as a logic network node and taking the data sharing requirement existing among the service application programs as a logic link to obtain a logic network;
the physical network construction module is used for carrying out physical network interconnection by taking each communication device as a physical network node according to physical links existing among the communication devices to obtain a physical network;
the data sharing network construction module is used for hanging each logic network node on a corresponding physical network node through a binding link to obtain a data sharing network, and the data sharing network is a logic-physical double-layer network model facing data sharing; the physical links are used for providing load resources for one or more corresponding logic links, and the logic links utilize the provided load resources to realize data communication between two connected logic network nodes;
A network repair program deployment module, configured to deploy a network repair program on a logical network node in the data sharing network, so that the network repair program can repair a failed physical link with a physical network node for which reachability exists;
The network toughness calculation module is used for randomly selecting a plurality of physical links from the data sharing network to carry out network attack, and calculating the network toughness deployed by the network repair program, wherein the network toughness represents the difference value between the rising of the network load demand meeting rate after network repair and the falling of the network load demand meeting rate after network attack;
the network toughness average value calculation module is used for repeatedly executing random selection of a plurality of physical links for network attack for a plurality of times to obtain a network toughness average value deployed by the network repair program;
The optimal deployment position determining module is used for traversing all the logic network nodes deployed by the network repair program, determining the logic network node corresponding to the maximum network toughness mean value as an optimal deployment position, and deploying the network repair program at the optimal deployment position.
In one possible embodiment, the network toughness calculation module includes:
A satisfaction rate reduction value calculation sub-module, configured to calculate a network load demand satisfaction rate reduction value of the data sharing network after performing network attack on the plurality of randomly selected physical links;
The network repair sub-module is used for performing network repair on the physical link under network attack by using the deployed network repair program;
The satisfaction rate rising value calculation sub-module is used for calculating the network load demand satisfaction rate rising value of the data sharing network after the network is repaired;
And the network toughness calculation sub-module is used for determining the difference value between the network load demand meeting rate rising value and the network load demand meeting rate falling value as the network toughness under the deployment of the network repair program.
In one possible implementation, the satisfaction rate dip value calculation sub-module includes:
The initial network load demand satisfaction rate acquisition unit is used for acquiring the initial network load demand satisfaction rate of the data sharing network before network attack;
The first network load demand satisfaction rate calculation unit is used for calculating a first network load demand satisfaction rate after network attack;
and the satisfaction rate reduction value calculation unit is used for determining the difference value between the initial network load demand satisfaction rate and the first network load demand satisfaction rate as the network load demand satisfaction rate reduction value.
In one possible implementation manner, the initial network load demand satisfaction rate acquisition unit includes:
a first logical link determining subunit, configured to, in a data sharing network before a network attack, for each of the logical links:
When the physical link corresponding to the logic link is the load resource configured by the physical link and is smaller than the load demand of the logic link, determining the logic link as a first logic link which does not meet the network load demand;
when the physical link corresponding to the logic link is the load resource configured by the physical link and is not smaller than the load demand of the logic link, determining the logic link as a second logic link meeting the network load demand;
an initial network load demand satisfaction rate determining subunit, configured to determine, according to the load demands of the first logical link and the second logical link, the initial network load demand satisfaction rate according to the following formula:
Where Fr represents the initial network load demand satisfaction rate, Representing the load demand of the ith logical link,/>Indicating whether the ith logical link meets the network load requirement, and when the ith logical link is the first logical link,/>When the ith logical link is the second logical link,/> = 0=1。
In one possible implementation manner, the first network load demand satisfaction rate calculation unit includes:
A first invalid logical link set determining subunit, configured to determine a first invalid logical link set in a data sharing network after a network attack, where the first invalid logical link set includes a plurality of first invalid logical links, and the first invalid logical links represent logical links that cannot be used for data sharing due to a physical link being subject to the network attack;
a second logical link determination subunit configured to, for each logical link, in the data sharing network after the network attack:
when the logic link does not belong to the first failure logic link set, and the configured load resource of the physical link corresponding to the logic link is not less than the load demand of the logic link, determining the logic link as a third logic link meeting the network load demand;
When the logic link belongs to the first failure logic link set, or the load resource configured for the physical link corresponding to the logic link is smaller than the load demand of the logic link, determining the logic link as a fourth logic link which does not meet the network load demand;
A first network load demand satisfaction rate determining subunit, configured to determine, according to the load demands of the third logical link and the fourth logical link, the first network load demand satisfaction rate according to the following formula:
Wherein, Representing the first network load demand satisfaction rate,/>Representing the load demand of the ith logical link,/>Indicating whether the ith logical link meets the network load requirement, and when the ith logical link is the fourth logical link,/>When the ith logical link is the third logical link,/> = 0=1。
In one possible implementation, the satisfaction rate rise value calculation sub-module includes:
a first network load demand satisfaction rate acquiring unit, configured to acquire the first network load demand satisfaction rate after a network attack;
The second network load demand satisfaction rate calculation unit is used for calculating the second network load demand satisfaction rate after network repair;
And the satisfaction rate rising value calculation unit is used for determining the difference value between the second network load demand satisfaction rate and the first network load demand satisfaction rate as the network load demand satisfaction rate rising value.
In one possible implementation manner, the second network load demand satisfaction rate calculation unit includes:
A second failure logic link set determining subunit, configured to determine a second failure logic link set in the data sharing network after network repair, where the second failure logic link set includes a plurality of second failure logic links, and the second failure logic links represent logic links that cannot be repaired by the network repair program and cannot be subjected to data sharing after the physical links are subjected to network attack;
A third logical link determining subunit, configured to, for each logical link, in the data sharing network after network repair:
When the logic link does not belong to the second failure logic link set, and the configured load resource of the physical link corresponding to the logic link is not less than the load demand of the logic link, determining the logic link as a fifth logic link meeting the network load demand;
When the logic link belongs to the second failure logic link set, or the load resource configured for the physical link corresponding to the logic link is smaller than the load demand of the logic link, determining the logic link as a sixth logic link which does not meet the network load demand;
A second network load demand satisfaction rate determining subunit, configured to determine, according to the load demands of the fifth logical link and the sixth logical link, the second network load demand satisfaction rate according to the following formula:
Wherein, Representing the second network load demand satisfaction rate,/>Representing the load demand of the ith logical link,/>Indicating whether the ith logical link meets the network load requirement, and when the ith logical link is the sixth logical link,/>When the ith logical link is the fifth logical link,/> = 0=1。
In one possible implementation, the network repair sub-module includes:
The network attack system comprises a failure physical network node positioning unit, a network attack unit and a network attack unit, wherein the failure physical network node positioning unit is used for positioning a failure physical network node, and the failure physical network node represents a physical network node corresponding to a physical link which fails due to network attack;
a physical network node positioning unit, configured to position a physical network node to which the network repair program is bound;
An reachable path set obtaining unit, configured to calculate reachability between the physical network node bound by the network repair procedure and the failed physical network node, to obtain a reachable path set;
And the information resetting unit is used for resetting information of the failure physical network nodes reachable by the network repairing program according to the reachable path set by utilizing the network repairing program.
The embodiment of the application also provides an electronic device, and referring to fig. 6, fig. 5 is a schematic diagram of the electronic device according to the embodiment of the application. As shown in fig. 6, the electronic device 100 includes: the system comprises a memory 110 and a processor 120, wherein the memory 110 is in communication connection with the processor 120 through a bus, and a computer program is stored in the memory 110 and can run on the processor 120, so that the steps in the method for constructing the tough data sharing network for coping with network attacks disclosed by the embodiment of the application are realized.
The embodiment of the application also provides a computer readable storage medium, on which a computer program/instruction is stored, which when executed by a processor, implements the steps in the method for constructing a tough data sharing network for coping with network attacks as disclosed in the embodiment of the application.
The embodiment of the application also provides a computer program product, which when being run on electronic equipment, causes a processor to realize the steps of the method for constructing the tough data sharing network for coping with network attacks, which is disclosed by the embodiment of the application.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, electronic devices, and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the application.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or terminal device that comprises the element.
The above detailed description of the method, the device and the equipment for constructing the tough data sharing network for coping with network attacks provided by the application applies specific examples to illustrate the principle and the implementation of the application, and the description of the above examples is only used for helping to understand the method and the core idea of the application; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims (10)

1. A method for constructing a tough data sharing network for coping with network attacks, the method comprising:
Taking each service application program as a logic network node, and taking data sharing requirements existing among the service application programs as logic links, and performing logic network interconnection to obtain a logic network;
Taking each communication equipment as a physical network node, and carrying out physical network interconnection according to physical links existing among the communication equipment to obtain a physical network;
Each logic network node is hung on a corresponding physical network node through a binding link to obtain a data sharing network, wherein the data sharing network is a logic-physical double-layer network model facing data sharing; the physical links are used for providing load resources for one or more corresponding logic links, and the logic links utilize the provided load resources to realize data communication between two connected logic network nodes;
deploying a network repair program on one logical network node in the data sharing network, so that the network repair program can repair a failure physical link between the network repair program and a physical network node with reachability;
Randomly selecting a plurality of physical links from the data sharing network to perform network attack, and calculating network toughness deployed by the network repairing program, wherein the network toughness represents a difference value between an increase of a network load demand meeting rate after network repairing and a decrease of the network load demand meeting rate after network attack;
repeating the steps for randomly selecting a plurality of physical links for network attack to obtain a network toughness average value under the deployment of the network repair program;
Traversing all logic network nodes deployed by the network repair program, determining the logic network node corresponding to the maximum network toughness mean value as an optimal deployment position, and deploying the network repair program at the optimal deployment position.
2. The method for constructing a network for toughness data sharing against network attacks according to claim 1, wherein the calculating network toughness in the deployment of the network repair program comprises:
after network attack is carried out on the plurality of physical links selected randomly, calculating a network load demand satisfaction rate reduction value of the data sharing network;
performing network repair on the physical link under network attack by using the deployed network repair program;
after the network is repaired, calculating a network load demand satisfaction rate rising value of the data sharing network;
And determining the difference value between the network load demand meeting rate rising value and the network load demand meeting rate falling value as the network toughness under the deployment of the network repair program.
3. The method for constructing a tough data sharing network against network attacks according to claim 2, wherein the calculating a network load demand satisfaction rate decrease value of the data sharing network includes:
Acquiring an initial network load demand satisfaction rate of a data sharing network before network attack;
calculating a first network load demand satisfaction rate after network attack;
and determining a difference value between the initial network load demand satisfaction rate and the first network load demand satisfaction rate as the network load demand satisfaction rate reduction value.
4. The method for constructing a flexible data sharing network for coping with network attacks according to claim 3, wherein the obtaining an initial network load demand satisfaction rate of the data sharing network before the network attack comprises:
in the data sharing network prior to the network attack, for each of the logical links:
When the physical link corresponding to the logic link is the load resource configured by the physical link and is smaller than the load demand of the logic link, determining the logic link as a first logic link which does not meet the network load demand;
when the physical link corresponding to the logic link is the load resource configured by the physical link and is not smaller than the load demand of the logic link, determining the logic link as a second logic link meeting the network load demand;
according to the load demands of the first logic link and the second logic link, determining the initial network load demand satisfaction rate according to the following formula:
Where Fr represents the initial network load demand satisfaction rate, Representing the load demand of the ith logical link,/>Indicating whether the ith logical link meets the network load requirement, and when the ith logical link is the first logical link,/>When the ith logical link is the second logical link,/> = 0=1。
5. The method for constructing a flexible data sharing network for coping with a network attack according to claim 3, wherein calculating a first network load demand satisfaction rate after the network attack comprises:
in a data sharing network after network attack, determining a first invalid logic link set, wherein the first invalid logic link set comprises a plurality of first invalid logic links, and the first invalid logic links represent logic links which cannot be used for data sharing due to the fact that physical links are subjected to network attack;
in a data sharing network after a network attack, for each logical link:
when the logic link does not belong to the first failure logic link set, and the configured load resource of the physical link corresponding to the logic link is not less than the load demand of the logic link, determining the logic link as a third logic link meeting the network load demand;
When the logic link belongs to the first failure logic link set, or the load resource configured for the physical link corresponding to the logic link is smaller than the load demand of the logic link, determining the logic link as a fourth logic link which does not meet the network load demand;
According to the load demands of the third logic link and the fourth logic link, determining the first network load demand satisfaction rate according to the following formula:
Wherein, Representing the first network load demand satisfaction rate,/>Representing the load demand of the ith logical link,/>Indicating whether the ith logical link meets the network load requirement, and when the ith logical link is the fourth logical link,/>When the ith logical link is the third logical link,/> = 0=1。
6. The method for constructing a flexible data sharing network for coping with network attacks according to claim 4, wherein calculating a network load demand satisfaction rate increase value of the data sharing network after network repair comprises:
Acquiring the first network load demand satisfaction rate after network attack;
calculating a second network load demand satisfaction rate after network repair;
And determining a difference value between the second network load demand satisfaction rate and the first network load demand satisfaction rate as the network load demand satisfaction rate rising value.
7. The method for constructing a flexible data sharing network for coping with network attacks according to claim 6, wherein calculating the second network load demand satisfaction rate after network repair comprises:
Determining a second invalid logical link set in the data sharing network after network repair, wherein the second invalid logical link set comprises a plurality of second invalid logical links, and the second invalid logical links represent logical links which cannot be repaired by the network repair program and cannot be subjected to data sharing because the physical links are subjected to network attack;
in a data sharing network after network repair, for each logical link:
When the logic link does not belong to the second failure logic link set, and the configured load resource of the physical link corresponding to the logic link is not less than the load demand of the logic link, determining the logic link as a fifth logic link meeting the network load demand;
When the logic link belongs to the second failure logic link set, or the load resource configured for the physical link corresponding to the logic link is smaller than the load demand of the logic link, determining the logic link as a sixth logic link which does not meet the network load demand;
According to the load demands of the fifth logic link and the sixth logic link, determining the second network load demand satisfaction rate according to the following formula:
Wherein, Representing the second network load demand satisfaction rate,/>Representing the load demand of the ith logical link,Indicating whether the ith logical link meets the network load requirement, when the ith logical link is the sixth logical link,When the ith logical link is the fifth logical link,/> = 0=1。
8. The method for constructing a tough data sharing network for coping with network attacks according to claim 2, wherein the performing network repair on the physical link under the network attack by using the deployed network repair program comprises:
Positioning a failure physical network node, wherein the failure physical network node represents a physical network node corresponding to a physical link failure due to network attack;
Positioning a physical network node bound by the network repair program;
Calculating the reachability between the physical network node bound by the network repair program and the failure physical network node to obtain an reachable path set;
And using the network repair program to reset information of the failure physical network nodes reachable by the network repair program according to the reachable path set.
9. A ductile data sharing network construction apparatus for coping with network attacks, the apparatus comprising:
The logic network construction module is used for carrying out logic network interconnection by taking each service application program as a logic network node and taking the data sharing requirement existing among the service application programs as a logic link to obtain a logic network;
the physical network construction module is used for carrying out physical network interconnection by taking each communication device as a physical network node according to physical links existing among the communication devices to obtain a physical network;
the data sharing network construction module is used for hanging each logic network node on a corresponding physical network node through a binding link to obtain a data sharing network, and the data sharing network is a logic-physical double-layer network model facing data sharing; the physical links are used for providing load resources for one or more corresponding logic links, and the logic links utilize the provided load resources to realize data communication between two connected logic network nodes;
A network repair program deployment module, configured to deploy a network repair program on a logical network node in the data sharing network, so that the network repair program can repair a failed physical link with a physical network node for which reachability exists;
The network toughness calculation module is used for randomly selecting a plurality of physical links from the data sharing network to carry out network attack, and calculating the network toughness deployed by the network repair program, wherein the network toughness represents the difference value between the rising of the network load demand meeting rate after network repair and the falling of the network load demand meeting rate after network attack;
the network toughness average value calculation module is used for repeatedly executing random selection of a plurality of physical links for network attack for a plurality of times to obtain a network toughness average value deployed by the network repair program;
The optimal deployment position determining module is used for traversing all the logic network nodes deployed by the network repair program, determining the logic network node corresponding to the maximum network toughness mean value as an optimal deployment position, and deploying the network repair program at the optimal deployment position.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor when executed implementing the steps in the method of constructing a tough data sharing network for coping with network attacks according to any one of claims 1-8.
CN202410390822.9A 2024-04-02 2024-04-02 Method, device and equipment for constructing tough data sharing network for coping with network attack Active CN117978623B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410390822.9A CN117978623B (en) 2024-04-02 2024-04-02 Method, device and equipment for constructing tough data sharing network for coping with network attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410390822.9A CN117978623B (en) 2024-04-02 2024-04-02 Method, device and equipment for constructing tough data sharing network for coping with network attack

Publications (2)

Publication Number Publication Date
CN117978623A CN117978623A (en) 2024-05-03
CN117978623B true CN117978623B (en) 2024-06-11

Family

ID=90864835

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410390822.9A Active CN117978623B (en) 2024-04-02 2024-04-02 Method, device and equipment for constructing tough data sharing network for coping with network attack

Country Status (1)

Country Link
CN (1) CN117978623B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116015707A (en) * 2022-11-03 2023-04-25 国网河北省电力有限公司电力科学研究院 Network topology optimization method, device and terminal for power distribution network information physical system
CN116599835A (en) * 2023-05-12 2023-08-15 中国工商银行股份有限公司 Method, system and processor for determining node deployment position
CN117640379A (en) * 2023-12-01 2024-03-01 中国人民解放军国防科技大学 Network load configuration method and system based on network toughness

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108401492B (en) * 2017-09-28 2020-12-08 深圳前海达闼云端智能科技有限公司 Routing method, device and server based on mixed resources
WO2020044269A2 (en) * 2018-08-29 2020-03-05 Credit Suisse Securities (Usa) Llc Systems and methods for calculating consensus data on a decentralized peer-to-peer network using distributed ledger

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116015707A (en) * 2022-11-03 2023-04-25 国网河北省电力有限公司电力科学研究院 Network topology optimization method, device and terminal for power distribution network information physical system
CN116599835A (en) * 2023-05-12 2023-08-15 中国工商银行股份有限公司 Method, system and processor for determining node deployment position
CN117640379A (en) * 2023-12-01 2024-03-01 中国人民解放军国防科技大学 Network load configuration method and system based on network toughness

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
协同式网络攻击下抗毁性优化建模仿真;宗敏;杨杰;;计算机仿真;20171115(第11期);全文 *

Also Published As

Publication number Publication date
CN117978623A (en) 2024-05-03

Similar Documents

Publication Publication Date Title
CN111147307B (en) Service function chain reliable deployment method based on deep reinforcement learning
CN110199500B (en) Computer-implemented system and method for updating network knowledge of network topology
CN102112981B (en) Distribution of virtual machines in a communication network
CN108965014B (en) QoS-aware service chain backup method and system
CN109151045A (en) A kind of distribution cloud system and monitoring method
CN111770477B (en) Deployment method and related device for protection resources of MEC network
CN107682211B (en) Network topology structure determination method and device and computer readable storage medium
CN111831445B (en) Edge server optimal deployment method
Fu et al. Analysis on cascading reliability of edge-assisted Internet of Things
CN114244713B (en) Resource backup method and device for electric power 5G network slice
CN109560961B (en) Virtual network service chain deployment method for improving availability based on superposition
Guillen et al. On designing a resilient SDN C/M-plane for multi-controller failure in disaster situations
CN115189908A (en) Random attack survivability evaluation method based on network digital twin
CN112699136B (en) Cross-link certificate storage method and related device
CN117978623B (en) Method, device and equipment for constructing tough data sharing network for coping with network attack
Talpur et al. On attack-resilient service placement and availability in edge-enabled iov networks
CN106528324A (en) Fault recovery method and apparatus
Lei et al. A heuristic services binding algorithm to improve fault-tolerance in microservice based edge computing architecture
CN115189910A (en) Network digital twin-based deliberate attack survivability evaluation method
US9158871B2 (en) Graph modeling systems and methods
CN108337684B (en) Method for optimizing service life of wireless sensor network based on differential evolution algorithm
Soares et al. A multi-agent architecture for autonomic management of virtual networks
Liu et al. Situational awareness for improving network resilience management
Xu et al. An efficient self‐diagnosis protocol for hierarchical wireless mesh networks
Wang et al. Regenerating Codes Consider with Nodes Performances

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant