Research On Internet Vulnerability Based On Complex Networks Theory

Over the past forty years, computer networks, especially the Internet, have evolved from research curiosity to fundamental infrastructure in human society. The Internet has been a powerful engine for technological innovation and social evolution. However, societal reliance on the Internet is increasingly disproportionate to the ability of the internet to deliver high dependability and security. The network vulnerability prevents the Internet from advancing to become a truly dependable, reliable and predictable infrastructure.Our works related to complex networks theory and methodology as the guide. The complex networks, because of their remarkable theoretical significance, are widely used in the social, political, economic and many other fields. Especially in the field of computer networks, complex networks researches have made great achievements. Based on complex networks, a new interdisciplinary science named "Network Science" is emerging. Obviously, it is advanced for researches on the theory of networked computation; the behavior, computation and networks in human subject experimentation; the network design and the network engineering. Network vulnerability analysis is also a hot topic in Network Science.This thesis mainly concerns on the vulnerability in network structure, by means of analysis on dynamics characteristics of the network spread. The details are as follows:(1) The traditional research place more emphasis on static network structure to identify its vulnerable components (nodes or edges). For instance, many of them considered that the nodes with high degrees or betweenness should be paid more attention to protecting and controlling. Whether can these static characteristics really quantify network vulnerability accurately? In fact, the vulnerability of network nodes may not exist isolatedly or statically. It is associated with each other, assortatively or disassortatively. Therefore, an algorithm for vulnerability relevancy clustering is proposed to show that the vulnerability community effect is obviously existent in complex networks. On this basis, next, a new indicator called network "hyper-betweenness" is given for evaluating the vulnerability of network nodes. Network hyper-betweenness can reflect the importance of network nodes in hazard spread better.(2) Network vulnerability mining aims to develop immunization strategy. The effect of network immunization strategy relies on the result of network vulnerability mining. In order to prevent the hazard spread in a network more efficiently, we should deploy the limited security prevention resources to the most vulnerable nodes. There is not an absolutely effective strategy because the hazard in a network occurs ineluctably but we can't predict where network hazard spreads from. In fact, "beneficial to spread" and "impeditive to spread", as a typical pair of contradictory in hazard spread, often exist at the same time. Therefore, a equilibrium network immunization strategy should be studied in an oppositional and gamble environment. A two-player, non-cooperative, constant-sum game model is designed to obtain an equilibrium network immunization strategy. (3) A complete process of immunity resource deployment can be divided into four stages: information gathering, scanning, bug fixing and self-propulsion. Where, search for vulnerable hosts is essential to network immunity. A network immunity technology on the basis of dynamic preference scan is presented. The strategy can select vulnerable hosts efficiently to fix them on the basis that the distribution of network vulnerabilities is self-organized and network structure is unreachable. The analysis of modeling and simulation shows that the network immunity method proposed in this thesis can restrain hazard spread efficiently and improve network security.(4) Cascading failures occur in computer networks (such as the Internet) in which network traffic is severely impaired or halted to or between larger sections of the network, caused by failing or disconnected hardware or software. "Load-Capacity" models are usually used for solving network traffic problems and exploring the mechanisms of cascading failures. This thesis discusses the following questions:â‘ How to model the relationship between capacity and load of network nodes under the restriction of economic and technological conditions?â‘¡How to allocate the limited redundant resources to a network with a specific structure in order to improve the network robustness. We propose an evolutionary algorithm to search an optimized capacity allocation strategy, which could help the network achieving optimal robustness with the same resources.(5) It finds that the power-law exists in the distribution of network behaviors'activity according to our empirical study with large sample data. It is obvious that there is community effect in network communications. Based on this behavior's activity, this thesis studies the impact of different traffic load modes on network cascading failures. Results show that the influence on the network survivability brought by the traffic change of those original inactive nodes is much greater than that brought by those active ones. Besides, we design a distributed low-rate DoS attack model by making use of genetic algorithms. It shows that the network behavior's activity can be utilized by network attacks. It also needs to be concerned in network vulnerability researches.(6) Network simulation is one of the main means in network vulnerability research. Some classical network simulation tools, such as GTNetS, OPNET, NS-2, SSFNet, NETSim and so on, have made great achievements. But they seem to be lacking in concern on network structure and dynamics. Moreover, those widely used mathematical and graphical tools such as pajeck in traditional complex networks researches can not support Internet behaviors well. Therefore, this thesis implements an integrative simulation platform for network vulnerability research, taking advantages of both above two type tools. Besides, how to support customized algorithms and models in the platform is also our main motivation. Finally, the parallel simulation technology for complex network is implemented in our platform.This thesis conforms to the research method that from theory to practice. The contents in this thesis resolve some basic academic problems for network vulnerability researches. The conclusions and results may contribute to information security in our country.