基于复杂网络的全球海运网络脆弱性分析

全球海运网络在世界进出口贸易中具有重要的作用,其脆弱性直接影响到各国间航运贸易,对海运网络和港口的脆弱度进行研究具有重要的意义。首先,运用复杂网络的理论和方法探究了全球海运网络的拓扑结构特征;然后,结合全球海运网络的结构特性从关键节点识别和全局脆弱性两个方面分析了海运网络的脆弱性。利用MATLAB编程分析、计算了各港口脆弱度和在两种不同攻击模式下的全球海运网络脆弱度变化。结果表明,蓄意攻击的网络效率下降速度更快,即全球集装箱海运网络在面对蓄意攻击时表现出的脆弱性较大,对脆弱度较高的港口应加强预防。     

几种网络脆弱性分析方法探析

网络脆弱性分析方法总的目标是为了阐明全局度量结构的理论基础,而这种度量能被用来分析、管理和控制复杂网络系统。本文浅析了几种网络脆弱性分析方法的特点。准确的脆弱性分析要求对攻击模型以及它们对网络的影响要有很深的理解。     

网络脆弱性分析方法的研究

网络脆弱性分析是网络安全分析和风险评估的重要组成部分。网络脆弱性分析方法的发展经历了从人工分析到自动分析的阶段,在自动化分析阶段,基于网络扫描的脆弱性分析发展得到了很大的进步。为了方便网络脆弱性的分析,提出了基于模型的分析方法,提出的各种基于模型的脆弱性分析方法从不同的角度入手,具有各自的优势。为了全面、准确地分析目标网络,必须考虑整个系统作为一个动态和分布式的特点,基于模型的分析方法可以分析整个网络,并可以利用强大的数学工具。     

基于复杂网络的网络系统脆弱点发现方法研究

利用复杂网络寻找网络系统中的脆弱点可以从网络拓扑结构的角度出发,利用节点的拓扑性质研究其脆弱性,这可以有效的解决攻击图等脆弱性评估手段无法处理规模过大的网络的问题。通过对李鹏翔等的节点删除方法进行改进,计算动态删除节点后网络平均最短路径变化,模拟网络中节点在受到攻击后无法使用,从而导致的网络整体性能的变化。使得评估时不仅考虑删除节点对网络破坏程度,同时兼顾了对网络的效率的影响,从而可以更有效的针对脆弱点布置防御措施。     

基于随机博弈模型的网络攻防量化分析方法

针对日益普遍和多样的网络攻击和破坏行为,如何利用模拟真实网络的虚拟环境,实现对网络各种攻防过程的实验推演,并分析评价网络系统安全性,已逐渐成为热点研究方向.对此文中提出了采用随机博弈模型的网络攻防实验整体架构,提出了由网络连接关系、脆弱性信息等输入数据到网络攻防博弈模型的快速建模方法,基于最终生成的攻防模型可以对目标网络的攻击成功率、平均攻击时间、脆弱节点以及潜在攻击路径等方面进行安全分析与评价. 最后,应用研究所得的网络攻防模型与分析方法对一个典型的企业网络攻防过程进行分析和推演. 结果表明了模型和分析方法的有效性.     

移动无线传感器网络连通性自主恢复算法

无线传感器网络(WSNs)中关键节点故障会将网络分割成多个不连通的分区,给网络性能带来严重影响.而无线传感器网络往往布置在人工难以干预的偏僻恶劣环境中,网络连通性的自主恢复尤其重要.提出一种自主网络分区检测和连通性恢复(APDCR)策略,容忍无线传感器网络中关键节点的故障.APDCR首先基于1跳邻居和部分2跳邻居信息提出一种新的关键节点识别算法,然后给出关键节点的备用节点的选取算法和网络连通性恢复算法,最后扩展算法处理两个节点同时故障时网络不连通问题(2-APDCR).模拟实验结果表明了算法APDCR的有效性.     

基于复杂网络理论的电力基础设施网络关键组件辨识

电力网络作为典型的关键基础设施网络,其组件的关键性辨识对于分析、理解、识别电力网络的脆弱性,进而提出相应的保护措施和改进策略有着重要的意义。基于此,利用复杂网络理论和方法,从复杂网络统计指标、扰动下电力网络性能变化两个不同角度探讨了电力网络的关键组件辨识方法,获取了电力网络的关键节点与关键边。通过识别网络的关键组件可以控制级联故障,指出哪些组件需要重点保护,并采取缓解策略来降低其在扰动下的脆弱性。     

基于贝叶斯网络的航班串运行脆弱性研究

为研究航班串中某一关键航班发生进离港延误对该航班串中其它航班进离港准点率造成的影响,采用贝叶斯网络对航班串运行进行建模,识别并评价关键航班的脆弱性,并提出降低航班串运行脆弱性的建议。在受到管制、天气、军事活动、航班在机场异常过站以及其它异常情况等不确定因素影响下,研究航班串进离港准点率关系,并找出航班串运行时的脆弱节点以及评价关键航班的延误状态。通过对比分析增加关键航班过站时间航班串运行前后的进离港准点率,结果表明,增加关键航班过站时间可以降低航空公司航班串运行脆弱性。     

基于累积效应的网络脆弱性扩散分析方法

网络脆弱性评估是一种主动防范技术,意在攻击发生之前对安全态势进行分析进而制定防御措施,但传统的定量分析模型不能对实体间动态交互关系有很好的展现,而且大都不能得出风险扩散的全局化结果。将脆弱性扩散过程类比于社会网络中影响力传播过程,提出了基于累积效应的网络脆弱性扩散分析方法,定义的脆弱性扩散分析模型给出了细粒度级的主体关系结构,利用攻击效果累积特性提出的分析算法可以更准确地刻画脆弱性扩散规则,保证更好的影响范围。最后对该模型和算法进行了实例验证,在模型描述简洁性、分析结果准确性、安全建议合理性等方面的横向比较分析,验证了模型在评估结果直观性和制定成本最小安全措施等方面的优势。     

基于攻击图的网络安全评估方法研究*

为了提高网络的整体安全性,提出了基于攻击图的网络安全评估方法。首先,在攻击图的基础上提出了脆弱点依赖图的定义;其次,将影响评估的因素分为脆弱性自身特点、网络环境因素和脆弱性关联关系三部分;最后,按照网络拓扑的规模,采用自下向上、先局部后整体的思想,直观地给出了漏洞、主机和整个网络系统三个层次的脆弱性指数评估值。通过大量反复的实验测试,该方法可以对网络系统存在的脆弱性进行定期的、全面的量化评估,及时发现并弥补网络系统中存在的安全隐患,有效地提升网络系统的生存能力,从而提高网络系统应对各种突发攻击事件的能力,具有重大的理论价值、经济效益和社会意义。     

The Architecture of Connectivity: A Key to Network Vulnerability,Complexity and Resilience

This paper highlights the relevance of connectivity and its architecture as a general conceptual framework which underlies and integrates the concepts of network vulnerability, complexity, and resilience. In particular, it will be pointed out that connectivity architecture can be considered an explicit key element for network vulnerability and shock propagation. While the relevance of the various connectivity configurations is not clearly emphasised in the dynamic complexity models of the space-economy, it appears to play a primary role in network analysis. In this regard, the emerging recognition of connectivity architecture in relation to hubs ? and hierarchies of hubs ? in a complex network will help the enhancement of network resilience. The paper develops as follows. First, the notion of network vulnerability, which refers not only to the phenomenon of shocks, but also to the propagation of shocks in a network, will be examined. Here it appears that modelling vulnerability and shock propagation, also jointly with cascading disaster models, is strongly based on connectivity issues. The question is: How can conventional (complex) system dynamic modelling, as well as network modelling, take into account these shocks and connectivity dynamics from the methodological viewpoint? A review in this respect shows how connectivity is a ‘hidden’ element in these complexity models, for example, in chaos or (dynamic) competition models, where interaction parameter values might lead to vulnerable domains and chaotic behaviour. On the contrary, connectivity and its various topologies have a distinct, primary role in network analysis. The issue of network resilience appears therefore to be the ‘response’ to vulnerability and chaos, calling for robustness and stability of the network in the presence of shocks and disruptions. Resilience analysis refers to the speed at which a network returns to its equilibrium after a shock, as well as to the perturbations/shocks that can be absorbed before the network is induced into some other equilibrium (adaptivity). Connectivity is relevant here, but not often considered in spatial economics. In order to reach a unified methodological framework, attention will finally be paid to a complementary analysis of the (dynamic) concepts of vulnerability and resilience. In this light, chaos models/properties might be seen in a positive perspective, since small changes can lead to uncertain and unstable effects, but also, thanks to connectivity, to new equilibria which are not necessarily negative. Thus, the architecture of connectivity, in its interdisciplinary insights, can be considered as a fundamental (and analytical) approach for identifying vulnerability and resilience patterns in complex networks.

     

Vulnerability of Regional Aviation Networks Based on DBSCAN and Complex Networks

To enhance the accuracy of performance analysis of regional airline network, this study applies complex network theory and Density-Based Spatial Clustering of Applications with Noise (DBSCAN) algorithm to investigate the topology of regional airline network, constructs node importance index system, and clusters 161 airport nodes of regional airline network. Besides, entropy power method and approximating ideal solution method (TOPSIS) is applied to comprehensively evaluate the importance of airport nodes and complete the classification of nodes and identification of key points; adopt network efficiency, maximum connectivity subgraph and network connectivity as vulnerability measurement indexes, and observe the changes of vulnerability indexes of key nodes under deliberate attacks and 137 nodes under random attacks. The results demonstrate that the decreasing trend of the maximum connectivity subgraph indicator is slower and the decreasing trend of the network efficiency and connectivity indicators is faster when the critical nodes of the regional airline network are deliberately attacked. Besides, the decreasing trend of the network efficiency indicator is faster and the decreasing trend of the maximum connectivity subgraph indicator is slower when the nodes of four different categories are randomly attacked. Finally, it is proposed to identify and focus on protecting critical nodes in order to better improve the security level of regional airline system.     

物流服务供应链复杂网络脆弱性测度研究

合理评价物流服务供应链脆弱性是实现网络高效率的重要前提。分析物流服务供应链网络节点作用规律,引入聚集系数、最大连通度及连通效率作为网络脆弱性测度指标,基于所构建攻击策略对二级物流服务供应链网络进行实例研究。研究结果表明：所构建指标可较好描述物流服务供应链网络脆弱性能变化;相较于功能型物流服务供应商与物流客户,物流服务集成商对网络脆弱性影响程度最大。最后提出了物流服务供应链网络脆弱性的有效防范对策。     

一种基于动态偏好扫描的网络免疫策略

复杂网络中各种自组织现象的涌现给网络脆弱性挖掘和网络免疫自推进带来了启示.一个完整的免疫资源配置过程可以分为4个阶段:信息收集、扫描、漏洞修复和自我推进.网络主机脆弱性分布的实证分析表明,脆弱主机在网络中呈现明显的幂律分布特性,这就意味着盲目扫描将耗费大量资源在非脆弱或不存在的主机上,而一个有效的网络免疫策略应该利用这种非均匀的网络脆弱性分布特性.静态偏好性的扫描方法在初期能取得良好的推进效果,但并不能将这种有效性贯穿整个免疫过程.为此,提出了一种新的基于扫描方式的网络免疫自推进策略.该策略能够在不知道网络结构的条件下,通过一种动态适应的偏好扫描方法,高效命中脆弱主机实施免疫修复.经过传播模型推导及计算机仿真分析,设计的网络免疫策略能够很好地抑制危害传播,提高网络的安全性.     

Developing a distributed system for infrastructure protection

Your business increasingly relies on computer-controlled systems vulnerable to intrusion and destruction. The recent distributed denial of service attacks against e-commerce companies showed that this vulnerability extends beyond your own corporate networks: the very infrastructure of the Internet is at risk. When infoterrorists use the networks' high connectivity and low security to launch attacks against critical information infrastructure systems, they can not only disrupt global e-commerce and communications, but can also adversely affect other critical infrastructure services such as energy, transportation, health care, finance, and water supply. How can organizations protect these systems from infoterrorism? They must leverage modern information technologies to create an infrastructure protection process that can operate quickly and seamlessly. We propose a six-stage protection process that involves intelligence gathering, analysis, interdiction, detection, response, and recovery. To implement this process, we've designed an underlying Web-like architecture that will serve as a platform for the decentralized monitoring and management of critical infrastructures     

The Revenge of Distance: Vulnerability Analysis of Critical Information Infrastructure

The events of 11 September 2001 brought an increased focus on security in the United States and specifically the protection of critical infrastructure. Critical infrastructure encompasses a wide array of physical assets such as the electric power grid, telecommunications, oil and gas pipelines, transportation networks and computer data networks. This paper will focus on computer data networks and the spatial implications of their susceptibility to targeted attacks. Utilising a database of national data carriers, simulations will be run to determine the repercussions of targeted attacks and what the relative merits of different methods of identifying critical nodes are. This analysis will include comparison of current methods employed in vulnerability analysis with spatially constructed methods incorporating regional and distance variables. In addition to vulnerability analysis a method will be proposed to analyse the fusion of physical and logical networks, and will discuss what new avenues this approach reveals. The analysis concludes that spatial information networks are vulnerable to targeted attacks and algorithms based on distance metrics do a better job of identifying critical nodes than classic accessibility indexes. The results of the analysis are placed in the context of public policy posing the question do private infrastructure owners have sufficient incentives to remedy vulnerabilities in critical networks.     

面向服务传输的SDN移动网络脆弱性评估模型

针对现有的脆弱性评估算法无法直接应用于软件定义网络（Software Defined Network, SDN）,以及评估技术普遍偏向于网络连通,无法针对服务与传输性能对SDN进行脆弱性分析等问题,提出一种面向服务传输的SDN移动网络脆弱性评估模型与算法,设计基于SDN的移动网络脆弱性评估框架。提出一种对基于SDN的移动网络服务器节点与网络设备进行安全脆弱性分析的方法,将静态配置信息和动态运行信息融合评估节点设备的脆弱性,使评估更加全面准确;针对SDN移动网络的服务与传输特性,从传输拓扑和SDN节点活跃度2个方面,计算面向服务与传输的基于SDN的移动网络节点重要度;最后融合节点设备的安全脆弱性和重要度来对基于SDN的移动网络进行脆弱性评估,得到评估结果。通过实例和仿真实验验证了所提算法的有效性,相比同类算法可达到更高的评估准确性。     

An integrated physical-social analysis of disrupted access to critical facilities and community service-loss tolerance in urban flooding

This paper presents an integrated framework that combines a community's physical vulnerability to access disruption to critical facilities and their tolerance for such access disruption to services in order to inform the targeted communities protection and build an equitable resilience enhancement plan. The first component of the proposed framework includes a percolation simulation model capable of integrating the road network disruption probability into the flood propagation and encapsulates the road network's access to critical facilities (i.e., healthcare facilities). The discovered spatial reach of an areas' physical vulnerability dependence is 9 miles. Besides, physical disruptions in road networks and loss of access to emergency services (such as healthcare) have varying impacts on different sub-populations. To consider this aspect, the second component of the proposed framework involves a disruption tolerance index (DTI) to examine communities' tolerance towards access disruption to healthcare facilities in the face of the flooding. The proposed framework recognizes the importance of both infrastructure and human perspective of the vulnerability assessment and is tested using empirical data from Harris County, Texas, in the case of road network disruptions due to fluvial flooding. Houston, the fourth-largest city in the United States, is within Harris County. Integrated spatial analysis result reveals different spatial clusters of vulnerability across the study region and provides important insights regarding the critical infrastructure protection prioritization and hazard mitigation planning. The spatial clusters also unveil the existence of a homogeneous spatial pattern where similar vulnerable areas stay together. The proposed framework could be adopted by other cities and different critical facilities to enable decision-makers, infrastructure managers, and city planners to better evaluate their community vulnerability.     

Detecting topic-based communities in social networks: A study in a real software development network

In social network analysis, a key issue is the detection of meaningful communities. This problem consists of finding groups of people who are both connected and semantically aligned. In the software development context, identifying communities considering both collaborations between developers and their skills can help to address critical elements or issues in a project. However, a large amount of data and the lack of data structure make it difficult to analyze these networks’ content. In this paper, we propose a framework for detecting overlapping semantic communities and their influential members. We also propose an ontology to extract topics of interest through tag enrichment in a Q&A forum. An evaluation was conducted in a large network of software developers built with Stack Overflow’s data, showing that the proposed framework and ontology can find real communities of developers. The evaluation indicates that their members are semantic aligned and still active in the detected topics of interest, and the quantitative analysis showed that the detected communities have high internal connectivity.