Evaluating Geographic Vulnerabilities in Networks M. Todd Gardner
Cory Beard
Federal Aviation Administration 901 Locust St., Kansas City, Missouri 64106 Ph 816-329-3478, Fax 816-329-3657
[email protected]
Comp. Sci. Elec. Engr. Dept. University of Missouri-Kansas City Kansas City, Missouri 64110-2499
[email protected]
Abstract—In wireless ad-hoc and wireline networks used for search and rescue, military operations, and emergency communications; many failure modes are geographic in nature. They include jammers, explosions, enemy attacks, terrain issues, and natural causes like floods, storms, and fires. This paper proposes two methods to gain valuable insights into the physical topography and geographic vulnerabilities of networks. The 2Terminal method and All-Terminal method find areas that given a threat of a certain radius can disconnect either the source and destination pair or any component of the network respectively. We believe that these methods could be used to optimize network node selection, placement and design. To be tractable, both methods incorporate innovative search techniques to use the size of the threat to reduce the complexity of the search. Keywords- Disruption-tolerant networks, Robustness and vulnerability, Algorithms, Disaster response, Network structure and dynamics, Network planning and topology
I. INTRODUCTION Extensive research has been conducted to understand network vulnerabilities for different types of network failures like attacks on critical nodes, denial of service attacks, and statistical component failure modes. However, the research on geographic vulnerabilities has been scarce. We define a geographic vulnerability as one where a network becomes disconnected if all nodes and associated links within a certain geographic region fail, which can occur for both wireless and wireline networks. Many vulnerabilities in networks are geographic in nature and the topic deserves more attention. In wireless ad-hoc networks used for search and rescue, military operations, and emergency communications, the following failure modes are prevalent and geographic in nature: jammers, explosions, enemy attacks, terrain issues, and natural causes like floods, storms, and fires. Even in wide area wireline networks, many vulnerabilities exist that are geographic in nature. In [15], the authors examine several actual geographic events and the significant disruptions caused by those events. For ad-hoc networks, In [2] and [3], the authors point out that connectivity problems due to debris and terrain are significant in disaster scenarios. Since the nodes are mobile, movement can change the topology. If a fire occurs or a building collapses a group of nodes may be disconnected. Malicious attacks can target a localized area. The attack can be electronic as well as physical. For example a jammer could
render a group of nodes useless inside a geographic area [4]. In Wide Area Networks, the main types of events that can affect multiple nodes in a geographic area include natural disasters, terrorism, war, certain types of construction, and even certain network configuration issues. Some examples of events that have had a major geographic impact are earthquakes and hurricanes that can have from a 0 to 500 mile impact zone, and cable cuts in areas that affect large geographic areas [15]. Figure 1 shows a highly connected network that clearly has geographic vulnerabilities that could isolate groups of nodes. Traditional approaches do not identify geographic areas of the network that are the most vulnerable, instead they focus on particular nodes and links. This paper provides methods to quickly evaluate network topology for potential geographic vulnerabilities. Equally important are the insights gained from using the proposed methods on different topologies. In this paper, we show that changing the link density (nodal degree) or maximum link distance between nodes can dramatically affect the locations and sizes of vulnerable areas in networks. The 2-Terminal method and All-Terminal method find areas that given a threat of a certain radius can disconnect either the source and destination pair or any component of the network respectively. Dotson’s Method [12] is modified to create the 2-terminal method. Algebraic connectivity [9] is used in the All-Terminal method to identify feasible node failure modes that disconnect any component of the network. It is important to note that these methods are optimal in the sense that they find all geographic vulnerabilities.
Figure 1. 25 Node Network with Geographic Vulnerabilities.
The next section presents the current research related to evaluating network survivability. We then review Dotson’s method [12] to determine reliability and the concept of algebraic connectivity [9]. Section IV presents our methods of determining 2-Terminal and All-Terminal geographic vulnerabilities. We then present the results and conclusions of testing both methods on topologies of different sizes and average nodal degrees. II. SURVIVABILITY EVALUATION Although the ideas presented in these works do not identify vulnerable geographic areas in a network as we have done in this work, they do present a diverse range of relevant techniques to analyze networks resilience and vulnerabilities. In 2009, Kim, et al. promoted the idea that algebraic connectivity can be used to identify “critical” nodes in a network with respect to network connectivity [5]. In [6], the authors used algebraic connectivity was used to identify important nodes and links. The idea of algebraic network connectivity was first proposed by Fiedler [9]. Tizghadam and Leon-Garcia [8] proposed network criticality as a metric that utilizes the betweenness of a given node in the network as calculated by using a random walk between every combination of source-destination pairs. The betweenness matrix is then scaled with a weight that can be used to optimize the design of the network. In 2009, Bigdeli, et al. [10] compare network criticality, algebraic connectivity, and other metrics like nodal degree. It illustrates some of the weaknesses of some of those network metrics. In 1991, Newport and Varshney [7] enumerated vertex cutsets and their probability of occurring to create an approximation of the network resiliency called the Network Connectivity Factor (NCF). This is valuable because it looks at failure modes that are beyond a single node or link failure. Smith, et. al. [11] looked at network design to protect against more targeted attacks based on network information like the location of high capacity links or highly utilized links. Much of the work in this area identifies network characteristics like critical nodes and links, nodal connectivity and degree, network connectivity metrics like NCF and betweeness. However, we have not found work that addresses vulnerabilities that have a geographic component as we have done in this work. III. DOTSON’S METHOD AND ALGEBRAIC CONNECTIVITY Some background on Dotson’s method to calculate two terminal reliability and on algebraic connectivity is necessary prior to presenting the 2-Terminal and All-Terminal methods of finding geographic vulnerabilities. Dotson’s method to calculate 2-terminal reliability begins by finding the shortest path from source s to destination t [12]. If the path P is found, it is added to a list of successful combinations. The complement of P is added to a list of combinations to try, which represents all possible combinations of node failures on P that might cause s and t to be disconnected if no alternate path exists. De Morgon’s law
shown in (1) provides the complement combinations. If a combination is tried and no alternate path can be found, that combination is added to a list of failures that would disconnect s and t and the next combination on the list is tried. When the list to try is exhausted, a complete list of disjoint successes and failures exist [12][14]. Each success or failure can be analyzed for its likelihood of occurrence and the 2-terminal reliability of the network is found. This approach significantly reduces the search space and thus computation time over an exhaustive search approach, making Dotson’s method a considerably more efficient method [14]. If P = {1,2,3,…} then P ={ 1 }+{1 2 }+{1 2 3 }+…
(1)
Algebraic Connectivity is a concept developed by Fiedler in [9]. From spectral graph theory [14], the Laplacian matrix L(G) of a graph G is determined as shown in Equation 2. L(G) = D(G) – A(G)
(2)
D(G) is a diagonal matrix with the nodal degree of each node as the diagonal. A(G) is the adjacency matrix of G, where if nodes i and j are directly connected then position i,j and j,i is ‘1’, else it is ‘0’. The spectrum of a graph is defined as the eigenvalues (λ1, λ2, λ3, ... λn) of L(G) where n is the number of nodes in G and λ1 is the smallest eigenvalue, λ2 is the next smallest eigenvalue, and λn is the largest eigenvailue of the Laplacian matrix of the graph G. So that: 0 = λ1
