| With the application of Internet in various fields, network security issue is attracting more and more attention in the world. A large number of network security incidents have caused great economic loss to well-known companies and even endanger the national and regional network security applications. So, how to control the occurrence and development of such attacks and to contain the further spread of network attacks promptly and effectively is very difficult for network security managers and researchers.This paper is focused on the quantification evaluation of network availability based on traffic characteristics. Under the condition of obtaining traffic information of router nodes,links and controllable network boundary nodes, this paper proposes and realizes the network security quantification evaluation based on traffic characteristics when security incidents happen. First, the correspondence between traffic characteristics change of controllable network boundary nodes and the network availability damage should be established, then we get security incidents availability quantification evaluation result based on the controllable network boundary nodes traffic characteristics change. To reduce the network availability damage caused by security incidents , this paper proposes a new method for selecting nodes named 0-1 linear programming selection based on each node traffic information, which aims to achieve lager flow coverage with fewer nodes. Compared with referred selection points and degree selection points, we compare the control results in the same selection number, which show the superiority of 0-1 linear programming selection.In addition, as the rapid application and development of overlay network (such as P2P), the availability evaluation of overlay network is becoming more and more important. However, overlay network's nodes are dynamic, it is difficult to obtain its traffic between nodes on the upper topology accurately and analyze its impact on the network availability of overlay network. Therefore, this paper modifies compressive sensing algorithm for overlay network traffic restoration on the basis of the low-level network traffic foregoing findings, which makes use of the conversion relationship between two networks. After the restoration of network applications upper topology's traffic and evaluation of this congestion situation based on low-level traffic, we analyze the corresponding relationship with the underlying topology and select the node set of the underlying communication routers and control it, which achieve the goal of easing the overlay network applications traffic pressure.Finally, the testing results show that the proposed way of network's availability quantification evaluation based on traffic characteristics can reflect the current network availability damage and the network availability damage is significantly reduced after controlling compared with the before experiments. The overlay network congestion evaluation results could reflect the congestion situation more accurately. After controlling the underlying routing node, overlay network applications congestion situation is significantly reduced before and after the controlling, which verifies the validity of algorithm. |
PDF Full Text Request