意图驱动网络服务韧性机制研究

doi:10.19665/j.issn1001-2400.20230311

西安电子科技大学学报 ›› 2024, Vol. 51 ›› Issue (1): 60-71.doi: 10.19665/j.issn1001-2400.20230311

意图驱动网络服务韧性机制研究

李鹏程¹^,²(), 宋延博²(), 杨春刚¹^,²(), 李富强³()

1.西安电子科技大学杭州研究院,浙江杭州 311200
2.西安电子科技大学通信工程学院, 陕西西安 710071
3.中国电子科技集团公司第二十研究所中国电子科技集团公司数据链技术重点实验室,陕西西安 710068

收稿日期:2022-12-11 出版日期:2023-08-29 发布日期:2023-08-29
通讯作者: 李富强(1976—),男,研究员,E-mail:fqli202020@163.com.
作者简介:李鹏程(1999—),男,西安电子科技大学硕士研究生,E-mail:pcli2021@163.com;
宋延博(1994—),男,西安电子科技大学博士研究生,E-mail:songyanbo94@163.com;
杨春刚(1982—),男,教授,E-mail:cgyang@xidian.edu.cn
基金资助:
国家重点研发计划(2020YFB1807700);数据链技术重点实验室开放基金(CLDL-20202314)

Research on the intent-driven network service resilience mechanism

LI Pengcheng¹^,²(), SONG Yanbo²(), YANG Chungang¹^,²(), LI Fuqiang³()

1. Hangzhou Institute of Technology,Xidian University, Hangzhou 311200,China
2. School of Telecommunications Engineering,Xidian University, Xi’an 710071,China
3. Key Laboratory of Data Link Technology, The 20th Research Institute of China Electronics Technology Group Corporation, Xi’an 710068,China

Received:2022-12-11 Online:2023-08-29 Published:2023-08-29

摘要/Abstract

摘要：

软件定义网络、网络功能虚拟化和意图驱动网络等新技术的出现,促使网络朝着服务化、定制化和智能化等方向快速发展。然而,规模巨大且复杂的网络形态导致网络管理存在失效,同时网络攻击事件频繁发生。因此,提高网络服务韧性,确保网络服务能够持续保障,变得非常重要。意图驱动网络能实现从用户意图到网络韧性策略生成及其下发的全过程的自动部署,为网络有效应对各类挑战提供更加灵活的手段,极大地改善了网络管理效率,并提高了网络服务韧性。基于此,提出一种意图驱动网络服务韧性控制环路架构及其实现架构。首先,通过将信念-愿望-意图推理逻辑引入韧性推理机制,使网络具有预防功能、防御功能、恢复功能以及适应功能,能够在网络攻击发生前期及时地作出响应,并根据具体环境灵活调整韧性策略,以应对突发的网络攻击,持续保障网络服务。最后,以分布式拒绝服务攻击作为用例,验证所述的意图驱动网络服务韧性机制在保障网络服务韧性方面的有效性。

关键词: 意图驱动网络, 网络服务韧性, 信念-愿望-意图推理, 服务持续保障

Abstract:

The emergence of new technologies such as Software-Defined Network,Network Function Virtualization,and Intent-Driven Network have driven the development of networks towards service-oriented,customized,and intelligent directions.However,the large and complex network infrastructure has led to network management failures and frequent security attacks,making it crucial to improve network service resilience and achieve continuous network service assurance.The Intent-Driven Network can automate the entire process of generating and deploying network resilience strategies from user intent.This provides networks with more flexible means to effectively address a wide array of challenges,greatly improving the network management efficiency and enhancing network service resilience,on the basis of which the paper proposes an intent-driven network service resilience control loop architecture and its implementation architecture.By introducing the Belief-Desire-Intention(BDI) reasoning logic into the resilience reasoning mechanism,the network is endowed with preventive,defensive,restorative,and adaptive functionalities,enabling networks to respond promptly in the early stages of network attacks,adjusting resilience strategies flexibly based on specific contexts,countering sudden network assaults,and sustaining network service assurance.Finally,the proposed intent-driven network service resilience mechanism is validated for its effectiveness in ensuring network service resilience using Distributed Denial of Service(DDoS) attacks as a use case.

Key words: intent-driven network, network service resilience, Belief-Desire-Intention reasoning, network services continuity assurance

中图分类号:

TN919

李鹏程, 宋延博, 杨春刚, 李富强. 意图驱动网络服务韧性机制研究[J]. 西安电子科技大学学报, 2024, 51(1): 60-71.

LI Pengcheng, SONG Yanbo, YANG Chungang, LI Fuqiang. Research on the intent-driven network service resilience mechanism[J]. Journal of Xidian University, 2024, 51(1): 60-71.

图/表 12

图1

图2

图3

图4

图5

图6

图7

图8

表1

图9

图10

表2

参考文献 24

[1]	张露露, 杨春刚, 王栋, 等. 意图驱动的云网融合按需编排[J]. 电信科学, 2022, 38(10):107-119. doi: 10.11959/j.issn.1000-0801.2022272
	ZHANG Lulu, YANG Chungang, WANG Dong, et al. Intent-Driven Cloud-Network Convergence On-Demand Orchestration[J]. Telecommunications Science, 2022, 38(10):107-119. doi: 10.11959/j.issn.1000-0801.2022272
[2]	冷常发, 杨春刚, 彭瑶. 意图驱动的自动驾驶网络技术[J]. 西安电子科技大学学报, 2022, 49(4):60-70.
	LENG Changfa, YANG Chungang, PENG Yao. Intent-Driven Autonomous Driving Networking Technology[J]. Journal of Xidian University, 2022, 49(4):60-70.
[3]	刘益岑, 陈兴凯, 卢昱, 等. 一种软件定义网络的安全服务路径优化构建机制[J]. 西安电子科技大学学报, 2019, 46(1):158-165.
	LIU Yicen, CHEN Xingkai, LU Yu, et al. SDN-Based Optimal Security Service Path Construction Mechanism[J]. Journal of Xidian University, 2019, 46(1):158-165.
[4]	MI X R, YANG C G, SONG Y B, et al. Matching Game for Intelligent Resource Management in Integrated Satellite-Terrestrial Networks[J]. IEEE Wireless Communications, 2022, 29(6):88-94. doi: 10.1109/MWC.009.2100555
[5]	VISHNEVSKY V, KIRICHEK R, ELAGIN V, et al. SDN-Assisted Unmanned Aerial System for Monitoring Sensor Data[C]//Proceedings of the 12th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops(ICUMT 2020). Piscataway:IEEE, 2020:313-317.
[6]	SPADARO S, AGRAZ F, PAGES A, et al. Autonomic 5G and Beyond Network Management[C]//Proceedings of the 22th International Conference on Transparent Optical Networks(ICTON 2020). Piscataway:IEEE, 2020:1-4.
[7]	YIN K, DU Q, QIN J. Analyse Resilience Risks in Microservice Architecture Systems with Causality Search and Inference Algorithms[J]. International Journal of Web and Grid Services, 2020, 16(2):147-171. doi: 10.1504/IJWGS.2020.107921
[8]	PANG L, YANG C G, CHEN D Y, et al. A Survey on Intent-Driven Networks[J]. IEEE Access, 2020, 8:22862-22873. doi: 10.1109/Access.6287639
[9]	SONG Y B, YANG C G, ZHANG J M, et al. Full-Life Cycle Intent-Driven Network Verification:Challenges and Approaches[J/OL].[2022-01-08].https://ieeexplore.org/abstract/document/9970358.
[10]	OUYANG Y, YANG C G, SONG Y B, et al. A Brief Survey and Implementation on Refinement for Intent-Driven Networking[J]. IEEE Network, 2021, 35(6):75-83. doi: 10.1109/MNET.001.2100194
[11]	NAJJAR W, GAUDIOT J L. Network Resilience:A Measure of Network Fault Tolerance[J]. IEEE Transactions on Computers, 1990, 39(2):174-181. doi: 10.1109/12.45203
[12]	HENRY D, RAMIREZ-MARQUEZ J E. Generic Metrics and Quantitative Approaches for System Resilience as a Function of Time[J]. Reliability Engineering & System Safety, 2012, 99:114-122. doi: 10.1016/j.ress.2011.09.002
[13]	STERBENZ J P G, CETINKAYA E K, HAMEED M A, et al. Evaluation of Network Resilience, Survivability and Disruption Tolerance:Analysis, Topology Generation,Simulation,and Experimentation[J]. Telecommunication Systems, 2013, 52(2):705-736.
[14]	ROSS R, PILLITTERI V, GRAUBART R, et al.Developing Cyber Resilient Systems:A Systems Security Engineering Approach:800-160 Vol.2[R]. Gaithersburg: National Institute of Standards and Technology(NIST), 2019.
[15]	KILLI B P R, RAO S V. Towards Improving Resilience of Controller Placement with Minimum Backup Capacity in Software Defined Networks[J]. Computer Networks, 2019, 149:102-114. doi: 10.1016/j.comnet.2018.11.027
[16]	AZAB M, ERAGWY R R, GHOURAB E M, et al. Towards Blockchain-Based Multi-Controller Managed Switching for Trustworthy SDN Operation[C]// Proceedings of the 10th Annual Information Technology,Electronics and Mobile Communication Conference(IEMCON 2019). Piscataway:IEEE, 2019:991-998.
[17]	GU Z, ZHANG J, JI Y. Topology Optimizing in Fso-Based Uavs Relay Networks for Resilience Enhancement[J]. Mobile Networks and Applications, 2020, 25(1):350-362. doi: 10.1007/s11036-019-01290-y
[18]	BARBOSA F, DE SOUSA A, AGRA A. Topology Design of Transparent Optical Networks Resilient to Multiple Node Failures[C]// Proceedings of the 10th International Workshop on Resilient Networks Design and Modeling(RNDM 2018). Piscataway:IEEE, 2018:1-8.
[19]	TAPOLCAI J, CHOLDA P, CINKLER T, et al. Quality of Resilience(QoR):NOBEL Approach to The Multi-Service Resilience Characterization[C]// Proceedings of the 2th International Conference on Broadband Networks(BroadNets 2005). Piscataway:IEEE, 2005:1328-1337.
[20]	LI W G, LI Y, TAN Y, et al. Maximizing Network Resilience Against Malicious Attacks[J]. Scientific Reports, 2019, 9(1):2261. doi: 10.1038/s41598-019-38781-7 pmid: 30783193
[21]	SMITH P, HUTCHISON D, STERBENZ J P G, et al. Network Resilience:A Systematic Approach[J]. IEEE Communications Magazine, 2011, 49(7):88-97.
[22]	SCHAEFFER-FILHO A, SMITH P, MAUTHE A, et al. Network Resilience with Reusable Management Patterns[J]. IEEE Communications Magazine, 2014, 52(7):105-115. doi: 10.1109/MCOM.2014.6852091
[23]	NUNES I, SCHARDONG F, SCHAEFFER-FILHO A. BDI2DoS:An Application Using Collaborating BDI Agents to Combat DDoS Attacks[J]. Journal of Network and Computer Applications, 2017, 84:14-24. doi: 10.1016/j.jnca.2017.01.035
[24]	CHENR Z, RUAN F M, LI Y D, et al.A Simple DDoS Defense Method Based SDN[C]//Proceedings of the 15th International Conference on Anti-Counterfeiting,Security,and Identification(ASID 2021).Piscataway:IEEE, 2021:88-92.

正常状态 /(Gb·s^-1)	遭受攻击 /(Gb·s^-1)	下发韧性策略/(Gb·s^-1)			完成恢复 /(Gb·s^-1)	损失率/%
40.1	20.6	26.4	27.5	38.1	38.1	4.988
47.6	20.5	30.1	33.7	45.5	45.5	4.412
32.2	20.4	28.5	29.9	30.1	30.1	6.522
42.1	24.6	29.4	30.5	39.5	39.5	6.176
45.2	21.6	29.6	31.0	42.3	42.3	6.416

方法类型	遭受攻击	恢复过程			完成恢复
文中方法	0.29(↓)	0.51(↑)	0.64(↑)	0.71(↑)	0.71
一般方法	0.29(↓)	0.24(↓)	0.23(↓)	0.40(↑)	0.40

意图驱动网络服务韧性机制研究

Research on the intent-driven network service resilience mechanism

RichHTML

PDF (PC)

赞

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 24

相关文章 1

Metrics

本文评价

推荐阅读 0