[go: up one dir, main page]

CN117938543B - A network dynamic defense method and system based on topology difference measurement - Google Patents

A network dynamic defense method and system based on topology difference measurement Download PDF

Info

Publication number
CN117938543B
CN117938543B CN202410316289.1A CN202410316289A CN117938543B CN 117938543 B CN117938543 B CN 117938543B CN 202410316289 A CN202410316289 A CN 202410316289A CN 117938543 B CN117938543 B CN 117938543B
Authority
CN
China
Prior art keywords
network topology
network
topology
new
initial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410316289.1A
Other languages
Chinese (zh)
Other versions
CN117938543A (en
Inventor
杨浩
曾晓宇
徐健
丁旭阳
郎蕊霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Jiangxi Electric Power Co ltd
State Grid Corp of China SGCC
University of Electronic Science and Technology of China
Electric Power Research Institute of State Grid Jiangxi Electric Power Co Ltd
Original Assignee
State Grid Jiangxi Electric Power Co ltd
State Grid Corp of China SGCC
University of Electronic Science and Technology of China
Electric Power Research Institute of State Grid Jiangxi Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Jiangxi Electric Power Co ltd, State Grid Corp of China SGCC, University of Electronic Science and Technology of China, Electric Power Research Institute of State Grid Jiangxi Electric Power Co Ltd filed Critical State Grid Jiangxi Electric Power Co ltd
Priority to CN202410316289.1A priority Critical patent/CN117938543B/en
Publication of CN117938543A publication Critical patent/CN117938543A/en
Application granted granted Critical
Publication of CN117938543B publication Critical patent/CN117938543B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of industrial control safety, and discloses a network dynamic defense method and system based on topology difference measurement, wherein the method is characterized in that an initial network topology is drawn, the initial network topology is abstract modeled into an undirected and unauthorized connected graph, and the characteristic value of the connected graph is calculated; adjusting connection relations among network nodes based on the initial network topology, and generating a variant of the initial network topology as a new network topology; calculating a difference value between the new network topology and the initial network topology by using the characteristic value sequence of the connected graph; selecting a new network topology with a great difference value from the initial network topology in a fixed hopping period as a hopping target network topology; and restoring the jump target network topology into a flow table, pushing the flow table to each switch, and finishing network topology jump, thereby realizing network dynamic defense. The invention can maximize the topology difference before and after the jump, reduce the number of invalid jump, reduce the jump expenditure and improve the efficiency of network topology protection.

Description

一种基于拓扑差异性度量的网络动态防御方法及系统A network dynamic defense method and system based on topology difference measurement

技术领域Technical Field

本发明属于工控安全技术领域,具体涉及一种基于拓扑差异性度量的网络动态防御方法及系统。The present invention belongs to the technical field of industrial control security, and in particular relates to a network dynamic defense method and system based on topology difference measurement.

背景技术Background technique

传统的静态网络安全防御由于漏洞存在的普遍性和攻防信息不对称处于“易攻难守”的局面。防御者面对未知的安全漏洞和层出不穷的攻击手段,往往处于被动防守的局面,且静态防御手段普遍具有滞后性和盲目性。动态网络防御的出现改变了传统被动、静态的防御思路。网络动态防御技术通过不断地改变网络的状态,使攻击者试图获取的攻击面处于动态变化之中,增大了攻击者探测攻击面、获取攻击链、实施攻击的难度和开销。相比于传统静态网络防御方法,网络动态防御逆转了攻防不对称的局面,具有动态、及时、高效等优势。Traditional static network security defense is in a situation of "easy to attack but difficult to defend" due to the prevalence of vulnerabilities and asymmetric information between attack and defense. Faced with unknown security vulnerabilities and endless attack methods, defenders are often in a passive defense situation, and static defense methods are generally lagging and blind. The emergence of dynamic network defense has changed the traditional passive and static defense ideas. Network dynamic defense technology constantly changes the state of the network, so that the attack surface that attackers try to obtain is in dynamic change, which increases the difficulty and cost of attackers to detect the attack surface, obtain the attack chain, and implement the attack. Compared with traditional static network defense methods, network dynamic defense reverses the asymmetric situation of attack and defense, and has the advantages of being dynamic, timely, and efficient.

对于网络攻击而言,探测、扫描跳变目标网络拓扑并选取合适的目标和攻击方案是重要的前置步骤,因此网络拓扑的保护是网络动态防御的重要内容。但是,当前的动态拓扑保护方法尚存在拓扑变化前后可能具有较大相似性以及高额开销的问题。For network attacks, detecting and scanning the target network topology and selecting the appropriate target and attack plan are important pre-steps, so the protection of network topology is an important part of network dynamic defense. However, the current dynamic topology protection method still has the problem that the topology before and after the change may have a large similarity and high overhead.

发明内容Summary of the invention

本发明的目的在于提出一种基于拓扑差异性度量的网络动态防御方法及系统,本发明基于拓扑差异性度量进行跳变,在保持网络正常通信业务不中断的前提下极大化跳变前后拓扑差异性,同时减少无效跳变次数降低跳变开销,进而抵御攻击者对于网络拓扑的扫描和测绘,提高网络拓扑保护的效能。The purpose of the present invention is to propose a network dynamic defense method and system based on topology difference measurement. The present invention performs jumps based on topology difference measurement, maximizes the topology difference before and after the jump while maintaining normal network communication services, and reduces the number of invalid jumps to reduce the jump overhead, thereby resisting attackers' scanning and mapping of the network topology and improving the effectiveness of network topology protection.

为了达成上述目的,本发明主要通过定义跳变前后网络拓扑差异值,量化求解具有极大拓扑差异值的新拓扑来对网络系统实施动态保护。本发明的技术方案如下:一种基于拓扑差异性度量的网络动态防御方法,包括:In order to achieve the above purpose, the present invention mainly implements dynamic protection for the network system by defining the network topology difference value before and after the jump, and quantitatively solving the new topology with a large topology difference value. The technical solution of the present invention is as follows: A network dynamic defense method based on topology difference measurement, comprising:

绘制初始网络拓扑,将初始网络拓扑抽象建模为无向无权的连通图,并计算连通图的特征值;Draw the initial network topology, abstractly model the initial network topology as an undirected and unweighted connected graph, and calculate the eigenvalues of the connected graph;

基于初始网络拓扑调整网络节点间连接关系,生成初始网络拓扑的变体,所述变体作为新网络拓扑;Adjusting the connection relationship between network nodes based on the initial network topology to generate a variant of the initial network topology, wherein the variant serves as a new network topology;

利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值;在固定跳变周期内选择和初始网络拓扑具有极大差异值的新网络拓扑作为跳变目标网络拓扑;The difference between the new network topology and the initial network topology is calculated using the eigenvalue sequence of the connected graph; the new network topology with the largest difference from the initial network topology is selected as the jump target network topology within a fixed jump period;

将跳变目标网络拓扑还原为流表,并推送至各交换机,完成网络拓扑跳变,从而实现网络动态防御。The target network topology is restored to a flow table and pushed to each switch to complete the network topology jump, thereby achieving dynamic network defense.

进一步优选,将初始网络拓扑抽象建模为无向无权的连通图,具体为:将初始网络拓扑G1抽象建模为无自环和重边的连通图G1(V,E),其中,V={v1,v2,…,vi,…,vn}表示各网络节点集合,vi表示第i个网络节点,i∈1~n,n为网络节点数量; E={e1,e2,…,ek,…,em }表示网络节点间的链路集合,其中ek表示第k条链路ek,代表通过链路ek连接的两个网络节点的直接连接关系,k∈1~m,m为链路数量。Further preferably, the initial network topology is abstractly modeled as an undirected and unweighted connected graph, specifically: the initial network topology G1 is abstractly modeled as a connected graph G1 (V,E) without self-loops and multiple edges, wherein V={ v1 , v2 ,…, vi ,…, vn } represents the set of network nodes, vi represents the i-th network node, i∈1~n, n is the number of network nodes; E={ e1 , e2 ,…,e k ,…,e m } represents the set of links between network nodes, wherein e k represents the k-th link e k , representing the direct connection relationship between two network nodes connected by link e k , k∈1~m, m is the number of links.

进一步优选,连通图的特征值的计算过程为:Further preferably, the calculation process of the eigenvalue of the connected graph is:

获取连通图的度序列,将度序列转化为对角矩阵可得连通图的度对角矩阵,获取连通图的邻接矩阵;Obtain the degree sequence of the connected graph, convert the degree sequence into a diagonal matrix to obtain the degree diagonal matrix of the connected graph, and obtain the adjacency matrix of the connected graph;

将度对角矩阵与邻接矩阵相减得到差矩阵,获取差矩阵的特征值序列,即为连通图的特征值序列。Subtract the degree diagonal matrix from the adjacency matrix to get the difference matrix, and obtain the eigenvalue sequence of the difference matrix, which is the eigenvalue sequence of the connected graph.

进一步优选,基于初始网络拓扑调整网络节点间连接关系,生成初始网络拓扑的变体,包含下述子过程:Further preferably, adjusting the connection relationship between network nodes based on the initial network topology to generate a variant of the initial network topology includes the following sub-processes:

输入初始网络拓扑的连通图;Input the connectivity graph of the initial network topology;

网络节点连接切换:从任意网络节点出发,断开与该网络节点邻接的其他网络节点,并随机选择异于该网络节点及其邻接网络节点的其他网络节点进行连接;Network node connection switching: Starting from any network node, disconnect other network nodes adjacent to the network node, and randomly select other network nodes different from the network node and its adjacent network nodes for connection;

重复网络节点连接切换,直至所有网络节点全部完成断开原连接并生成新连接;Repeat the network node connection switching until all network nodes have disconnected their original connections and generated new connections;

若存在孤立网络节点,则将孤立网络节点与网络拓扑中其他任一连通网络节点连接,直至拓扑成为连通图,并返回新网络拓扑的连通图。If there are isolated network nodes, the isolated network nodes are connected to any other connected network nodes in the network topology until the topology becomes a connected graph, and the connected graph of the new network topology is returned.

进一步优选,所述利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值;在固定跳变周期内选择和初始网络拓扑具有极大差异值的新网络拓扑作为跳变目标网络拓扑,具体过程如下:Further preferably, the difference between the new network topology and the initial network topology is calculated by using the characteristic value sequence of the connectivity graph; and the new network topology having a large difference value with the initial network topology is selected as the jump target network topology within a fixed jump period. The specific process is as follows:

调用生成的新网络拓扑;Call the generated new network topology;

利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值δ(G1,Gnew),δcrit是显著性水平下两个网络拓扑差异值的临界值,当δ(G1,Gnew)≥δcrit时,认为在置信水平下,两个网络拓扑之间存在显著性差异;反之则没有显著性差异;The difference value δ(G 1 ,G new ) between the new network topology and the initial network topology is calculated using the eigenvalue sequence of the connectivity graph. δ crit is the critical value of the difference value between the two network topologies at the significance level. When δ(G 1 ,G new )≥δ crit , it is considered that there is a significant difference between the two network topologies at the confidence level; otherwise, there is no significant difference.

在跳变周期之内,若新生成具有显著性差异新网络拓扑与初始网络拓扑的差异值比之前循环中的差异值大则更新跳变目标网络拓扑,否则进入重新生成新网络拓扑并计算差异值;在跳变周期结束时,得到最终的跳变目标网络拓扑。Within the jump cycle, if the difference between the newly generated network topology with significant differences and the initial network topology is greater than the difference in the previous cycle, the jump target network topology is updated, otherwise the new network topology is regenerated and the difference value is calculated; at the end of the jump cycle, the final jump target network topology is obtained.

进一步地,所述利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值,具体公式如下:Furthermore, the difference between the new network topology and the initial network topology is calculated by using the eigenvalue sequence of the connectivity graph. The specific formula is as follows:

;

其中,μi(G1)表示初始网络拓扑G1的连通图的第i个特征值,μi(Gnew)表示新网络拓扑Gnew的连通图的第i个特征值,θi表示为第i个特征值的权值。Wherein, μ i (G 1 ) represents the i-th eigenvalue of the connected graph of the initial network topology G 1 , μ i (G new ) represents the i-th eigenvalue of the connected graph of the new network topology G new , and θ i represents the weight of the i-th eigenvalue.

本发明还提供一种基于拓扑差异性度量的网络动态防御系统,包括:The present invention also provides a network dynamic defense system based on topology difference measurement, comprising:

网络拓扑初始化模块,用于绘制初始网络拓扑,将初始网络拓扑抽象建模为无向无权的连通图,并计算连通图的特征值;The network topology initialization module is used to draw the initial network topology, abstractly model the initial network topology as an undirected and unweighted connected graph, and calculate the eigenvalues of the connected graph;

新网络拓扑生成模块,用于基于初始网络拓扑调整网络节点间连接关系,生成初始网络拓扑的变体,所述变体作为新网络拓扑;A new network topology generation module, used for adjusting the connection relationship between network nodes based on the initial network topology, and generating a variant of the initial network topology, wherein the variant serves as the new network topology;

跳变目标网络拓扑筛选模块,用于利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值;在固定跳变周期内选择和初始网络拓扑具有极大差异值的新网络拓扑作为跳变目标网络拓扑;The jump target network topology screening module is used to calculate the difference between the new network topology and the initial network topology by using the characteristic value sequence of the connected graph; and select the new network topology with a large difference value from the initial network topology as the jump target network topology within a fixed jump period;

跳变控制模块,用于将跳变目标网络拓扑还原为流表,并推送至各交换机;The jump control module is used to restore the jump target network topology into a flow table and push it to each switch;

交换机负责部署接收到的流表,调整路由信息,进而改变网络拓扑,从而实现网络动态防御。The switch is responsible for deploying the received flow table, adjusting the routing information, and then changing the network topology to achieve dynamic network defense.

进一步优选,所述新网络拓扑生成模块的执行过程如下:Further preferably, the execution process of the new network topology generation module is as follows:

输入初始网络拓扑的连通图;Input the connectivity graph of the initial network topology;

网络节点连接切换:从任意网络节点出发,断开与该网络节点邻接的其他网络节点,并随机选择异于该网络节点及其邻接网络节点的其他网络节点进行连接;Network node connection switching: Starting from any network node, disconnect other network nodes adjacent to the network node, and randomly select other network nodes different from the network node and its adjacent network nodes for connection;

重复网络节点连接切换,直至所有网络节点全部完成断开原连接并生成新连接;Repeat the network node connection switching until all network nodes have disconnected their original connections and generated new connections;

若存在孤立网络节点,则将孤立网络节点与网络拓扑中其他任一连通网络节点连接,直至拓扑成为连通图,并返回新网络拓扑的连通图。If there are isolated network nodes, the isolated network nodes are connected to any other connected network nodes in the network topology until the topology becomes a connected graph, and the connected graph of the new network topology is returned.

进一步优选,所述变目标网络拓扑筛选模块的执行过程如下:Further preferably, the execution process of the target network topology screening module is as follows:

调用生成的新网络拓扑;Call the generated new network topology;

利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值δ(G1,Gnew),δcrit是显著性水平下两个网络拓扑差异值的临界值,当δ(G1,Gnew)≥δcrit时,认为在置信水平下,两个网络拓扑之间存在显著性差异;反之则没有显著性差异;The difference value δ(G 1 ,G new ) between the new network topology and the initial network topology is calculated using the eigenvalue sequence of the connectivity graph. δ crit is the critical value of the difference value between the two network topologies at the significance level. When δ(G 1 ,G new )≥δ crit , it is considered that there is a significant difference between the two network topologies at the confidence level; otherwise, there is no significant difference.

在跳变周期之内,若新生成具有显著性差异新网络拓扑与初始网络拓扑的差异值比之前循环中的差异值大则更新跳变目标网络拓扑,否则进入重新生成新网络拓扑并计算差异值;在跳变周期结束时,得到最终的跳变目标网络拓扑。Within the jump cycle, if the difference between the newly generated network topology with significant differences and the initial network topology is greater than the difference in the previous cycle, the jump target network topology is updated, otherwise the new network topology is regenerated and the difference value is calculated; at the end of the jump cycle, the final jump target network topology is obtained.

本发明还提供一种计算机可读存储介质,其上存有计算机程序,所述计算机程序被执行时,实现上述的基于拓扑差异性度量的网络动态防御方法。The present invention also provides a computer-readable storage medium having a computer program stored thereon, and when the computer program is executed, the above-mentioned network dynamic defense method based on topology difference measurement is implemented.

本发明具有以下优点:在规模有限的网络中,实施网络拓扑跳变的过程包含对新旧网络拓扑的差异值量化,得到具有极大拓扑差异值的新拓扑,进而避免了因为网络拓扑相似性而导致的网络拓扑跳变防御失效。通过设置固定跳变周期和排除无效跳变的方式降低网络拓扑跳变的频率,进而降低了网络拓扑跳变的开销。The present invention has the following advantages: in a network of limited size, the process of implementing network topology jump includes quantifying the difference value of the new and old network topologies, obtaining a new topology with a large topology difference value, thereby avoiding the failure of network topology jump defense caused by network topology similarity. The frequency of network topology jump is reduced by setting a fixed jump period and excluding invalid jumps, thereby reducing the overhead of network topology jump.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明实施例的初始网络拓扑的连通图;FIG1 is a connectivity diagram of an initial network topology according to an embodiment of the present invention;

图2为本发明实施例的第一次生成的新网络拓扑的连通图;FIG2 is a connectivity diagram of a new network topology generated for the first time according to an embodiment of the present invention;

图3为本发明实施例的第二次生成的新网络拓扑的连通图;FIG3 is a connectivity diagram of a new network topology generated for the second time according to an embodiment of the present invention;

图4为本发明的方法流程图;FIG4 is a flow chart of the method of the present invention;

图5为本发明的新网络拓扑生成流程图。FIG5 is a flow chart of generating a new network topology according to the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案及优点更加清楚、明确,以下将参照附图和具体实施方式对本发明的技术方案进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本发明,并不用于限定本发明。In order to make the purpose, technical solution and advantages of the present invention clearer and more specific, the technical solution of the present invention will be further described in detail with reference to the accompanying drawings and specific implementation methods. It should be understood that the specific embodiments described herein are only used to explain the present invention and are not used to limit the present invention.

下面将结合附图1-图4,对本发明的流程和方法作进一步说明。一种基于拓扑差异性度量的网络动态防御方法,包括:The process and method of the present invention will be further described below in conjunction with Figures 1 to 4. A network dynamic defense method based on topology difference measurement includes:

S1:绘制初始网络拓扑,将初始网络拓扑抽象建模为无向无权的连通图,并计算连通图的特征值。为了方便计算和抽象,对初始网络拓扑进行简化处理,忽略节点间连通关系的权值,忽略源、目的节点对之间的通信时延,将初始网络拓扑抽象为无向无权的连通图。具体地,本实施例以图1对应的网络拓扑进行说明。S1: Draw the initial network topology, abstractly model the initial network topology as an undirected and unweighted connected graph, and calculate the eigenvalues of the connected graph. In order to facilitate calculation and abstraction, the initial network topology is simplified, the weights of the connectivity relationships between nodes are ignored, the communication delay between source and destination node pairs is ignored, and the initial network topology is abstracted as an undirected and unweighted connected graph. Specifically, this embodiment is described with the network topology corresponding to FIG1.

S101:将初始网络拓扑G1抽象建模为无自环和重边的连通图G1(V,E),其中,V={v1,v2,…,vi,…,vn}表示各网络节点集合,vi表示第i个网络节点,i∈1~n,n为网络节点数量;E={e1,e2,…,ek,…,em }表示网络节点间的链路集合,其中ek表示第k条链路ek,代表通过链路ek连接的两个网络节点的直接连接关系,k∈1~m,m为链路数量。如图1所示,建立的连通图G1(V,E),其中网络节点集合为V={v1,v2,v3,v4,v5,v6,v7,v8},网络节点间的链路集合为:E={e1,e2,e3 ,e4,e5,e6 ,e7 }。S101: Abstractly model the initial network topology G 1 as a connected graph G 1 (V,E) without self-loops and multiple edges, where V = {v 1 ,v 2 ,…, vi ,…,v n } represents the set of network nodes, vi represents the i-th network node, i∈1~n, n is the number of network nodes; E = {e 1 ,e 2 ,…,e k ,…,e m } represents the set of links between network nodes, where e k represents the k-th link e k , representing the direct connection relationship between two network nodes connected by link e k , k∈1~m, m is the number of links. As shown in Figure 1, a connected graph G 1 (V, E) is established, where the network node set is V = {v 1 ,v 2 ,v 3 ,v 4 ,v 5 ,v 6 ,v 7 ,v 8 }, and the link set between network nodes is: E = {e 1 ,e 2 ,e 3 ,e 4 ,e 5 ,e 6 ,e 7 }.

S102:获取连通图G1(V,E)的度序列{d1,d2,…,dn},d1,d2,…,dn分别表示连通图G1 (V,E)的第1,2,…,n个度,将度序列转化为对角矩阵可得连通图G1(V,E)的度对角矩阵D(G1) =diag(d1,d2,…,dn),获取连通图G1(V,E)的邻接矩阵A(G1) ,邻接矩阵A(G1)的元素为Aij,若 第i个网络节点vi与第j个网络节点vj邻接,则Aij=1,否则Aij=0。本实施例对应的度序列为 {1,1,1,1,1,1,4,4},对应的度对角矩阵为diag(1,1,1,1,1,1,4,4),对应的邻接矩阵为A()中的元素满足A17=A27=A37=A48=A58=A68=A71=A72=A73=A78=A84=A85=A86=A87=1,其他元素全为 0。 S102: Obtain the degree sequence {d 1 , d 2 , …, d n } of the connected graph G 1 (V, E), where d 1 , d 2 , …, d n represent the 1st, 2nd, …, nth degrees of the connected graph G 1 (V, E) respectively. Convert the degree sequence into a diagonal matrix to obtain the degree diagonal matrix D(G 1 ) =diag(d 1 , d 2 , …, d n ) of the connected graph G 1 (V, E). Obtain the adjacency matrix A(G 1 ) of the connected graph G 1 (V, E). The elements of the adjacency matrix A(G 1 ) are A ij . If the i-th network node vi is adjacent to the j-th network node v j , then A ij =1, otherwise A ij =0. The corresponding degree sequence of this embodiment is {1,1,1,1,1,1,4,4}, the corresponding degree diagonal matrix is diag(1,1,1,1,1,1,4,4), and the corresponding adjacency matrix is A( ) satisfies A 17 =A 27 =A 37 =A 48 =A 58 =A 68 =A 71 =A 72 =A 73 =A 78 =A 84 =A 85 =A 86 =A 87 =1, and the other elements are all 0.

S103:将度对角矩阵D(G1) 与邻接矩阵A(G1)相减得到矩阵{D(G1)-A(G1)}。获取矩阵{D(G1)-A(G1)}的特征值序列{μ1(G1),μ2(G1),…,μn(G1)}, μ1(G1),μ2(G1),…,μn(G1)分别表示矩阵{D(G1)-A(G1)}的第1,2,…,n个特征值,矩阵{D(G1)-A(G1)}的特征值序列即为初始网络拓扑G1的连通图的特征值序列,μ1(G1),μ2(G1),…,μn(G1)即表示初始网络拓扑G1的连通图第1,2,…,n个特征值。本实施例所得特征值序列为{0,0.3542,1,1,1,1,4,5.6458}。S103: Subtract the degree diagonal matrix D(G 1 ) from the adjacency matrix A(G 1 ) to obtain the matrix {D(G 1 )-A(G 1 )}. Obtain the eigenvalue sequence {μ 1 (G 1 ), μ 2 (G 1 ), …, μ n (G 1 )} of the matrix {D(G 1 )-A(G 1 ) }, μ 1 (G 1 ), μ 2 (G 1 ), …, μ n (G 1 ) respectively represent the 1st, 2nd, …, nth eigenvalues of the matrix {D(G 1 )-A(G 1 )}, the eigenvalue sequence of the matrix {D(G 1 )-A(G 1 )} is the eigenvalue sequence of the connected graph of the initial network topology G 1, μ 1 (G 1 ), μ 2 (G 1 ), …, μ n (G 1 ) represent the 1st, 2nd, …, nth eigenvalues of the connected graph of the initial network topology G 1. The eigenvalue sequence obtained in this embodiment is {0, 0.3542, 1, 1 , 1, 1, 4, 5.6458}.

S2:基于初始网络拓扑调整网络节点间连接关系,生成初始网络拓扑的变体,所述变体作为新网络拓扑。为保证网络的通信业务不会因为网络拓扑变化而中断,新网络拓扑生成方法需要满足连通约束性条件,即在初始网络拓扑中任意连通的源、目的网络节点对,在新网络拓扑中也必须连通。参照图5,新网络拓扑生成包含下述子过程:S2: Based on the initial network topology, adjust the connection relationship between network nodes and generate a variant of the initial network topology, which is used as the new network topology. In order to ensure that the communication service of the network will not be interrupted due to the change of network topology, the new network topology generation method needs to meet the connectivity constraint conditions, that is, any source and destination network node pairs that are connected in the initial network topology must also be connected in the new network topology. Referring to Figure 5, the new network topology generation includes the following sub-processes:

S201:输入初始网络拓扑的连通图G1(V,E);S201: Input the connected graph G 1 (V, E) of the initial network topology;

S202:从任意网络节点出发,断开与该网络节点邻接的其他网络节点,并随机选择异于该网络节点及其邻接网络节点的其他网络节点进行连接;S202: Starting from any network node, disconnect other network nodes adjacent to the network node, and randomly select other network nodes different from the network node and its adjacent network nodes for connection;

S203:重复步骤S202,直至所有网络节点全部完成断开原连接并生成新连接;S203: Repeat step S202 until all network nodes have disconnected their original connections and generated new connections;

S204:若存在孤立网络节点,则将孤立网络节点与网络拓扑中其他任一连通网络节点连接,直至拓扑成为连通图,并返回新网络拓扑Gnew的连通图Gnew(V,E)。本实施例按照上述步骤生成一个新网络拓扑Gnew的连通图Gnew(V,E),如图2所示。S204: If there is an isolated network node, connect the isolated network node to any other connected network node in the network topology until the topology becomes a connected graph, and return the connected graph G new (V, E) of the new network topology G new . This embodiment generates a connected graph G new (V, E) of the new network topology G new according to the above steps, as shown in FIG2 .

S3:利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值;在固定跳变周期内选择和初始网络拓扑具有极大差异值的新网络拓扑作为跳变目标网络拓扑。具体过程如下:S3: Calculate the difference between the new network topology and the initial network topology using the eigenvalue sequence of the connectivity graph; select the new network topology with the largest difference from the initial network topology as the target network topology within a fixed jump period. The specific process is as follows:

S301:调用步骤S2生成的新网络拓扑GnewS301: calling the new network topology G new generated in step S2;

S302:利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值δ(G1,Gnew),δcrit是显著性水平下两个网络拓扑差异值的临界值,当δ(G1,Gnew)≥δcrit时,认为在置信水平下,两个网络拓扑之间存在显著性差异;反之则没有显著性差异;S302: Calculate the difference value δ(G 1 ,G new ) between the new network topology and the initial network topology using the eigenvalue sequence of the connectivity graph, where δ crit is the critical value of the difference value between the two network topologies at the significance level. When δ(G 1 ,G new )≥δ crit , it is considered that there is a significant difference between the two network topologies at the confidence level; otherwise, there is no significant difference.

;

其中,μi(G1)表示初始网络拓扑G1的连通图的第i个特征值,μi(Gnew)表示新网络拓扑Gnew的连通图的第i个特征值,θi表示为第i个特征值的权值;Wherein, μ i (G 1 ) represents the i-th eigenvalue of the connected graph of the initial network topology G 1 , μ i (G new ) represents the i-th eigenvalue of the connected graph of the new network topology G new , and θ i represents the weight of the i-th eigenvalue;

S303:在跳变周期之内,循环重复步骤S301和步骤S302;若新生成具有显著性差异新网络拓扑Gnew与初始网络拓扑G1的差异值比之前循环中的差异值大则更新跳变目标网络拓扑,否则进入下一个循环;在跳变周期结束时,得到最终的跳变目标网络拓扑。S303: Within the jump cycle, repeat steps S301 and S302 in a loop; if the difference between the newly generated new network topology G new with significant difference and the initial network topology G 1 is greater than the difference in the previous cycle, update the jump target network topology, otherwise enter the next cycle; at the end of the jump cycle, obtain the final jump target network topology.

每一次跳变周期开始时的跳变目标网络拓扑为空,本实施例调用S2第一次生成的新网络拓扑Gnew1的连通图Gnew1(V,E),如图2所示,计算可得对应的特征值序列为{0,0.1892,0.8207,1.2558,2.2216,3.3354,3.7575,4.4198},为特征值的权值序列为{0,1,1,1,1,1,1,2},设置δcrit=2。则第一次生成的新网络拓扑Gnew1与初始网络拓扑间的差异值δ(G1,Gnew1)=5.6255>2,认为具有显著性差异,跳变周期没有结束,进入下一个循环。The jump target network topology at the beginning of each jump cycle is empty. This embodiment calls the connected graph G new1 (V, E) of the new network topology G new1 generated for the first time by S2, as shown in FIG2 . The corresponding eigenvalue sequence obtained by calculation is {0, 0.1892, 0.8207, 1.2558, 2.2216, 3.3354, 3.7575, 4.4198}, and the weight sequence of the eigenvalues is {0, 1, 1, 1, 1, 1, 2}, and δ crit is set to 2. Then, the difference value δ(G 1 , G new1 ) between the new network topology G new1 generated for the first time and the initial network topology is 5.6255>2, which is considered to have a significant difference. The jump cycle has not ended, and the next cycle is entered.

本实施例调用第二次生成的新网络拓扑Gnew2的连通图如图3所示,计算可得对应的特征值序列为{0,0.5188,0.6571,1,2.3111,2.5293,4.1701,4.8136},计算第一次生成的新网络拓扑Gnew1与初始网络拓扑间的差异值δ(G1,Gnew2)=5.1822>2,则认为具有显著性差异;将该差异值与前一次差异值对比5.1822<5.6255,即第二次生成的新网络拓扑的差异值比第一次更小,则放弃更新跳变目标网络拓扑,并进入下一循环。此处第t+1次生成的新网络拓扑的差异值大于第t次所生成新网络拓扑的差异值,则更新跳变目标网络拓扑。以此类推,在跳变周期结束时得到具有极大差异值的跳变目标网络拓扑。In this embodiment, the connectivity graph of the new network topology G new2 generated for the second time is called as shown in FIG3 . The corresponding eigenvalue sequence obtained by calculation is {0, 0.5188, 0.6571, 1, 2.3111, 2.5293, 4.1701, 4.8136}. The difference value δ(G 1 , G new2 )=5.1822>2 between the new network topology G new1 generated for the first time and the initial network topology is calculated, which is considered to have a significant difference. The difference value is compared with the previous difference value, 5.1822<5.6255, that is, the difference value of the new network topology generated for the second time is smaller than that of the first time, so the update of the jump target network topology is abandoned and the next cycle is entered. Here, the difference value of the new network topology generated for the t+1th time is greater than the difference value of the new network topology generated for the tth time, so the jump target network topology is updated. By analogy, a jump target network topology with a large difference value is obtained at the end of the jump cycle.

S4:将跳变目标网络拓扑还原为流表,并推送至各交换机,完成网络拓扑跳变,从而实现网络动态防御。跳变周期结束时,由控制器将跳变目标网络拓扑转换为流表,并推送至各交换机,交换机根据新流表进行数据转发,实现网络拓扑的跳变。S4: Restore the jump target network topology to a flow table and push it to each switch to complete the network topology jump, thereby realizing dynamic network defense. At the end of the jump cycle, the controller converts the jump target network topology into a flow table and pushes it to each switch. The switch forwards data according to the new flow table to realize the jump of the network topology.

本发明的另一个实施例提供一种基于拓扑差异性度量的网络动态防御系统,由控制器和若干交换机组成,控制器包括网络拓扑初始化模块、新网络拓扑生成模块、跳变目标网络拓扑筛选模块和跳变控制模块;Another embodiment of the present invention provides a network dynamic defense system based on topology difference measurement, which is composed of a controller and a plurality of switches, wherein the controller includes a network topology initialization module, a new network topology generation module, a jump target network topology screening module, and a jump control module;

网络拓扑初始化模块,用于绘制初始网络拓扑,将初始网络拓扑抽象建模为无向无权的连通图,并计算连通图的特征值;The network topology initialization module is used to draw the initial network topology, abstractly model the initial network topology as an undirected and unweighted connected graph, and calculate the eigenvalues of the connected graph;

新网络拓扑生成模块,用于基于初始网络拓扑调整网络节点间连接关系,生成初始网络拓扑的变体,所述变体作为新网络拓扑;A new network topology generation module, used for adjusting the connection relationship between network nodes based on the initial network topology, and generating a variant of the initial network topology, wherein the variant serves as the new network topology;

跳变目标网络拓扑筛选模块,用于利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值;在固定跳变周期内选择和初始网络拓扑具有极大差异值的新网络拓扑作为跳变目标网络拓扑;The jump target network topology screening module is used to calculate the difference between the new network topology and the initial network topology by using the characteristic value sequence of the connected graph; and select the new network topology with a large difference value from the initial network topology as the jump target network topology within a fixed jump period;

跳变控制模块,用于将跳变目标网络拓扑还原为流表,并推送至各交换机;The jump control module is used to restore the jump target network topology into a flow table and push it to each switch;

交换机负责部署接收到的流表,调整路由信息,进而改变网络拓扑,从而实现网络动态防御。The switch is responsible for deploying the received flow table, adjusting the routing information, and then changing the network topology to achieve dynamic network defense.

其中,新网络拓扑生成模块的执行过程如下:Among them, the execution process of the new network topology generation module is as follows:

输入初始网络拓扑的连通图;Input the connectivity graph of the initial network topology;

网络节点连接切换:从任意网络节点出发,断开与该网络节点邻接的其他网络节点,并随机选择异于该网络节点及其邻接网络节点的其他网络节点进行连接;Network node connection switching: Starting from any network node, disconnect other network nodes adjacent to the network node, and randomly select other network nodes different from the network node and its adjacent network nodes for connection;

重复网络节点连接切换,直至所有网络节点全部完成断开原连接并生成新连接;Repeat the network node connection switching until all network nodes have disconnected their original connections and generated new connections;

若存在孤立网络节点,则将孤立网络节点与网络拓扑中其他任一连通网络节点连接,直至拓扑成为连通图,并返回新网络拓扑的连通图。If there are isolated network nodes, the isolated network nodes are connected to any other connected network nodes in the network topology until the topology becomes a connected graph, and the connected graph of the new network topology is returned.

其中,跳变目标网络拓扑筛选模块的执行过程如下:Among them, the execution process of the jump target network topology screening module is as follows:

调用生成的新网络拓扑;Call the generated new network topology;

利用连通图的特征值序列计算新网络拓扑与初始网络拓扑间的差异值δ(G1,Gnew),δcrit是显著性水平下两个网络拓扑差异值的临界值,当δ(G1,Gnew)≥δcrit时,认为在置信水平下,两个网络拓扑之间存在显著性差异;反之则没有显著性差异;The difference value δ(G 1 ,G new ) between the new network topology and the initial network topology is calculated using the eigenvalue sequence of the connectivity graph. δ crit is the critical value of the difference value between the two network topologies at the significance level. When δ(G 1 ,G new )≥δ crit , it is considered that there is a significant difference between the two network topologies at the confidence level; otherwise, there is no significant difference.

在跳变周期之内,若新生成具有显著性差异新网络拓扑与初始网络拓扑的差异值比之前循环中的差异值大则更新跳变目标网络拓扑,否则进入重新生成新网络拓扑并计算差异值;在跳变周期结束时,得到最终的跳变目标网络拓扑。Within the jump cycle, if the difference between the newly generated network topology with significant differences and the initial network topology is greater than the difference in the previous cycle, the jump target network topology is updated, otherwise the new network topology is regenerated and the difference value is calculated; at the end of the jump cycle, the final jump target network topology is obtained.

本发明的另一个实施例提供一种计算机可读存储介质,其上存有计算机程序,所述计算机程序被执行时,实现上述的基于拓扑差异性度量的网络动态防御方法。Another embodiment of the present invention provides a computer-readable storage medium having a computer program stored thereon, and when the computer program is executed, the above-mentioned network dynamic defense method based on topology difference measurement is implemented.

显然,上述实施例仅仅是为清楚地说明所作的举例,而并非对实施方式的限定。对于所属领域的普通技术人员来说,在上述说明的基础上还可以做出其它不同形式的变化或变动。这里无需也无法对所有的实施方式予以穷举。而由此所引伸出的显而易见的变化或变动仍处于本发明创造的保护范围之中。Obviously, the above embodiments are merely examples for the purpose of clear explanation, and are not intended to limit the implementation methods. For those skilled in the art, other different forms of changes or modifications can be made based on the above description. It is not necessary and impossible to list all the implementation methods here. The obvious changes or modifications derived therefrom are still within the scope of protection of the present invention.

Claims (6)

1. A network dynamic defense method based on topology difference measurement, comprising:
drawing an initial network topology, abstractly modeling the initial network topology into an undirected and unauthorized connected graph, and calculating the characteristic value of the connected graph; the calculation process of the eigenvalue of the connected graph is as follows: acquiring a degree sequence of the communication graph, converting the degree sequence into a diagonal matrix to obtain a degree diagonal matrix of the communication graph, and acquiring an adjacent matrix of the communication graph; subtracting the degree diagonal matrix from the adjacent matrix to obtain a difference matrix, and obtaining a characteristic value sequence of the difference matrix, namely a characteristic value sequence of the connected graph;
Adjusting connection relations among network nodes based on the initial network topology, and generating a variant of the initial network topology, wherein the variant is used as a new network topology;
Calculating a difference value between the new network topology and the initial network topology by using the characteristic value sequence of the connected graph; selecting a new network topology with a great difference value from the initial network topology in a fixed hopping period as a hopping target network topology; the specific process is as follows:
Calling the generated new network topology;
Calculating a difference value delta between the new network topology and the initial network topology by using the characteristic value sequence of the connected graph (G 1,Gnew),
Wherein μ i(G1) represents the i-th eigenvalue of the connected graph of the initial network topology G 1, μ i(Gnew) represents the i-th eigenvalue of the connected graph of the new network topology G new, and θ i represents the weight of the i-th eigenvalue;
Delta crit is a critical value of the difference value of two network topologies at the significance level, when delta (G 1,Gnew)≥δcrit, it is considered that there is a significant difference between the two network topologies at the confidence level;
If the difference value between the newly generated new network topology with the significant difference and the initial network topology is larger than the difference value in the previous cycle within the jump period, updating the jump target network topology, otherwise, entering to newly generate the new network topology and calculating the difference value; when the jump period is over, obtaining the final jump target network topology;
and restoring the jump target network topology into a flow table, pushing the flow table to each switch, and finishing network topology jump, thereby realizing network dynamic defense.
2. The network dynamic defense method based on topology difference measurement according to claim 1, wherein the initial network topology abstract modeling is an undirected and unowned connected graph, specifically: abstract modeling an initial network topology G 1 into a connected graph G 1 (V, E) without self loops and heavy edges, wherein V= { V 1,v2,…,vi,…,vn } represents each network node set, V i represents the ith network node, i epsilon 1-n, and n is the number of network nodes; e= { E 1,e2,…,ek,…,em } represents a link set between network nodes, where E k represents a kth link E k, represents a direct connection relationship between two network nodes connected by a link E k, and k E1-m, m is the number of links.
3. The method for dynamically defending a network based on a metric of topology difference according to claim 1, wherein adjusting the connection relationship between network nodes based on the initial network topology generates a variant of the initial network topology, comprising the following sub-processes:
inputting a connectivity graph of an initial network topology;
Network node connection switching: starting from any network node, disconnecting other network nodes adjacent to the network node, and randomly selecting other network nodes different from the network node and the adjacent network nodes to connect;
repeating the network node connection switching until all network nodes complete the disconnection of the original connection and generate new connection;
If the isolated network node exists, connecting the isolated network node with any other communication network node in the network topology until the topology becomes a communication graph, and returning the communication graph of the new network topology.
4. A network dynamic defense system based on topology difference metrics, comprising:
The network topology initialization module is used for drawing an initial network topology, abstractly modeling the initial network topology into an undirected and unauthorized connected graph, and calculating the characteristic value of the connected graph; the calculation process of the eigenvalue of the connected graph is as follows: acquiring a degree sequence of the communication graph, converting the degree sequence into a diagonal matrix to obtain a degree diagonal matrix of the communication graph, and acquiring an adjacent matrix of the communication graph; subtracting the degree diagonal matrix from the adjacent matrix to obtain a difference matrix, and obtaining a characteristic value sequence of the difference matrix, namely a characteristic value sequence of the connected graph;
The new network topology generation module is used for adjusting the connection relation among the network nodes based on the initial network topology to generate a variant of the initial network topology, wherein the variant is used as the new network topology;
The jump target network topology screening module is used for calculating a difference value between the new network topology and the initial network topology by utilizing the characteristic value sequence of the connected graph; selecting a new network topology with a great difference value from the initial network topology in a fixed hopping period as a hopping target network topology; the execution process of the jump target network topology screening module is as follows: calling the generated new network topology;
Calculating a difference value delta between the new network topology and the initial network topology by using the characteristic value sequence of the connected graph (G 1,Gnew),
Wherein μ i(G1) represents the i-th eigenvalue of the connected graph of the initial network topology G 1, μ i(Gnew) represents the i-th eigenvalue of the connected graph of the new network topology G new, and θ i represents the weight of the i-th eigenvalue;
Delta crit is a critical value of the difference value of two network topologies at the significance level, when delta (G 1,Gnew)≥δcrit, it is considered that there is a significant difference between the two network topologies at the confidence level;
If the difference value between the newly generated new network topology with the significant difference and the initial network topology is larger than the difference value in the previous cycle within the jump period, updating the jump target network topology, otherwise, entering to newly generate the new network topology and calculating the difference value; when the jump period is over, obtaining the final jump target network topology;
the jump control module is used for restoring the jump target network topology into a flow table and pushing the flow table to each switch;
The switch is responsible for deploying the received flow table, adjusting the routing information and further changing the network topology so as to realize the dynamic defense of the network.
5. The topology difference metric-based network dynamic defense system of claim 4, wherein the new network topology generation module is executed as follows:
inputting a connectivity graph of an initial network topology;
Network node connection switching: starting from any network node, disconnecting other network nodes adjacent to the network node, and randomly selecting other network nodes different from the network node and the adjacent network nodes to connect;
repeating the network node connection switching until all network nodes complete the disconnection of the original connection and generate new connection;
If the isolated network node exists, connecting the isolated network node with any other communication network node in the network topology until the topology becomes a communication graph, and returning the communication graph of the new network topology.
6. A computer readable storage medium, having stored thereon a computer program which, when executed, implements a topology difference metric based network dynamic defense method as claimed in any one of claims 1 to 3.
CN202410316289.1A 2024-03-20 2024-03-20 A network dynamic defense method and system based on topology difference measurement Active CN117938543B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410316289.1A CN117938543B (en) 2024-03-20 2024-03-20 A network dynamic defense method and system based on topology difference measurement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410316289.1A CN117938543B (en) 2024-03-20 2024-03-20 A network dynamic defense method and system based on topology difference measurement

Publications (2)

Publication Number Publication Date
CN117938543A CN117938543A (en) 2024-04-26
CN117938543B true CN117938543B (en) 2024-07-05

Family

ID=90766683

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410316289.1A Active CN117938543B (en) 2024-03-20 2024-03-20 A network dynamic defense method and system based on topology difference measurement

Country Status (1)

Country Link
CN (1) CN117938543B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020093291A1 (en) * 2018-11-08 2020-05-14 深圳大学 Network topology reconstruction method and apparatus, and terminal device
CN116683459A (en) * 2023-05-19 2023-09-01 国网内蒙古东部电力有限公司供电服务监管与支持中心 A distribution station control method and system based on digital load forecasting

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8948053B2 (en) * 2011-09-12 2015-02-03 Honeywell International Inc. Apparatus and method for detecting critical nodes and critical links in a multi-hop network
CN108769042B (en) * 2018-06-06 2020-07-10 北京理工大学 Network security risk assessment method based on differential manifold
CN110601748B (en) * 2019-10-11 2021-04-27 大连大学 A Multi-State Space Information Network Topology Generation Optimization Algorithm
CN112907985A (en) * 2019-11-19 2021-06-04 杭州海康威视数字技术股份有限公司 Method and device for dividing traffic control area
CN112054557B (en) * 2020-09-07 2021-12-28 上海交通大学 A Method for Identifying Types of Topological Changes in Distribution Networks Based on Random Matrix Theory
CN115118610B (en) * 2022-07-18 2023-10-13 电子科技大学 Dynamic topology estimation method based on network tomography
CN115623512A (en) * 2022-08-23 2023-01-17 中国电子科技集团公司第三十研究所 Self-adaptive dynamic topology survivability optimization method of wireless self-organizing network
CN116761190A (en) * 2023-06-05 2023-09-15 武汉理工大学 Accurate reconstruction method and system of random network topology based on network embedding
CN116722589A (en) * 2023-07-13 2023-09-08 南方电网科学研究院有限责任公司 Distributed energy power distribution network topological structure selection method and related device
CN117014318B (en) * 2023-10-07 2023-12-08 中国电子信息产业集团有限公司第六研究所 Method, device, equipment and medium for adding links between multi-scale network nodes

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020093291A1 (en) * 2018-11-08 2020-05-14 深圳大学 Network topology reconstruction method and apparatus, and terminal device
CN116683459A (en) * 2023-05-19 2023-09-01 国网内蒙古东部电力有限公司供电服务监管与支持中心 A distribution station control method and system based on digital load forecasting

Also Published As

Publication number Publication date
CN117938543A (en) 2024-04-26

Similar Documents

Publication Publication Date Title
Cheng Topological optimization of a reliable communication network
Cai et al. Average consensus on arbitrary strongly connected digraphs with time-varying topologies
Cai et al. Distributionally robust microgrid formation approach for service restoration under random contingency
Hu et al. TMSE: A topology modification strategy to enhance the robustness of scale-free wireless sensor networks
Cárcamo-Gallardo et al. Greedy reconfiguration algorithms for medium-voltage distribution networks
CN110278571B (en) A Distributed Signal Tracking Method Based on Simple Prediction-Correction Link
Chen et al. Repair strategy of military communication network based on discrete artificial bee colony algorithm
Li et al. Distributed Nash equilibrium searching via fixed-time consensus-based algorithms
CN115314391A (en) Block chain network topology dynamic establishment and data transmission optimization method
CN111191955A (en) Power CPS risk area prediction method based on dependent Markov chain
Arockia Samy et al. Globally asymptotic stability and synchronization analysis of uncertain multi‐agent systems with multiple time‐varying delays and impulses
CN113224767A (en) Method for improving communication delay in distributed secondary control of direct current microgrid
CN117938543B (en) A network dynamic defense method and system based on topology difference measurement
Flôr et al. Strategic observation of power grids for reliable monitoring
CN110649588B (en) A Quantitative Evaluation Method for Attacks in Flexible HVDC Control System
CN115276757B (en) Low-orbit satellite constellation survivability optimization method based on link establishment probability
Shrivastava et al. Distributed, fixed‐time, and bounded control for secondary voltage and frequency restoration in islanded microgrids
Jain et al. A distributed self-stabilizing algorithm for finding a connected dominating set in a graph
CN113918369A (en) Distributed multi-agent fault tolerance method and system based on self-adaptive consistency algorithm
CN116862021B (en) Anti-Bayesian-busy attack decentralization learning method and system based on reputation evaluation
CN107094099B (en) High-reliability service function chain and construction method thereof
CN112543048B (en) Incremental compensation robust topology control method, system, medium, device, terminal
CN110851177B (en) A Method for Mining Key Entities of Software Systems Based on Software Fault Propagation
Jin et al. Cyber-physical risk driven routing planning with deep reinforcement-learning in smart grid communication networks
Asensio-Marco et al. A greedy perturbation approach to accelerating consensus algorithms and reducing its power consumption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant