A multi-point crosstalk attack detection and localization scheme based on hierarchical PCE in multi-domain optical networks

With the limited number of detection devices and the uncertainty of crosstalk attack source localization, how to propose an effective detection and localization scheme for multipoint crosstalk attack problem in multi-domain optical networks is an important problem that needs to be solved. A new multipoint crosstalk attack detection and location scheme HP-CADL (Hierarchical PCE-Crosstalk Attack Detection and Location) for multi-domain optical networks based on hierarchical PCE is proposed by using the monitoring point selection strategy of local immune algorithm and distributed localization considering continuous parametric analysis. VPI simulation results show that the scheme not only achieves low-cost monitoring and detection and accurate localization of multiple crosstalk attack sources, but also achieves higher accuracy and better performance than other similar schemes in the same multi-domain environment.


Introduction
Optical networks are gradually occupying an important position in daily communications, but their transmission transparency also gives challenges to the transmission security belt of various services. How to effectively detect and locate the service disruption attacks by illegal users is an important challenge that needs to be thought and studied at present.
There are already studies on crosstalk attack detection and localization. The crosstalk attack detection and localization method based on gray theory (GT-CADL for short) proposed in literature [1] can achieve real-time detection in a multi-domain environment, but the method only uses a spectrum analyzer to discriminate, and the accuracy rate is not satisfactory. The multi-link attack fast localization method proposed in the literature [2] discusses both intra-domain and inter-domain cases separately, but does not consider the propagation of crosstalk attacks. The literature [3] uses a parameter comparison and optical device monitoring method (referred to as PC-CADL) for attack detection, but this method affects the signal power and has low detection efficiency. The literature [4] proposes a distributed attack detection scheme that can improve the detection rate and achieve effective detection, but it is not suitable for multi-domain environments. The literature [5] proposes a binary tree-based fault location algorithm for optical networks, which improves the location accuracy, but is only applicable to single-domain and has high complexity. Most of the above methods are only for single-domain environment or single-point attacks, so this paper proposes a HP-CADL scheme for detection and localization for multi-domain optical network architecture with hierarchical PCE, which can effectively detect and locate multi-point

Research Methodology
The idea of immunization strategy for complex networks is similar to the goal of monitoring and detecting crosstalk attacks in multi-domain optical networks. Therefore, this paper proposes a local immunization algorithm focusing on the comparison of node access and clustering coefficients, so that the set of nodes with high influence can be selected for the detection and localization of crosstalk attacks. The localization method of distributed control can locate the source of crosstalk attack by analyzing the information detected by a node and its upstream and downstream nodes, and has the feature of high timeliness, so it is widely used in the research of attack localization.

Crosstalk attack detection and localization scheme for multi-domain optical networks based on hierarchical PCE
The HP-CADL scheme designed in this paper combines the crosstalk attack propagation model to derive the set of monitoring nodes through a two-round selection mechanism, and selects nodes with high influence to place monitoring devices to achieve monitoring detection and accurate localization of the attack source with the least number of devices.

Monitoring selection module
A local immunization algorithm with a two-round selection system is used as follows： Step1: In a multi-domain optical network G=(V,L,W), pPCE uses Dijkstra's algorithm to calculate the set of paths for attack propagation U,U⊆(qi,pj),(i,j=1,2,…,n). V is the set of nodes, L is the set of links, W is the number of power accumulations between nodes,and q and p are the source and destination nodes for crosstalk.
Step2: The NAP values of the nodes in U are calculated using the formula(1) and the iterative process, numbered from highest to lowest and stored in Z1.
(1)  denotes the probability that node v is attacked by itself (0 1)    , N is the number of upstream neighbors of v, and P denotes the probability that v is attacked by neighboring nodes.
Step3: In the first round of selection, the top x proportion of nodes in Z1 are extracted and deposited in Z2, and the clustering coefficient of each node is calculated using Cv=2Ev/kv(kv-1). x is the density to be selected, Ev is the total number of edges present,and kv is the degree of node v.
Step4: For the second round of selection, the Cv values of Z2 nodes are numbered from highest to lowest with reference to step 3 and stored in Z3.
Step5: The nodes in the first y proportions of Z3 are extracted to obtain the set of monitoring nodes. y is the monitoring density.

Detection and analysis module
Comparing each monitoring device,it can be seen that Eye and BER monitor have better detection capability, so Eye and BER monitor are used for joint monitoring.

Attack localization
Locate the source node of the attack using a distributed localization method considering continuous upstream node covariance analysis.Set the monitoring node M state including normal and alarm,denoted by S = 0 and 1;non-monitoring node N state including attacked and not attacked, denoted by A = 1 and 0; A' and A'' are the upstream node N' of N and the attack covariates of the upstream node N'' of N'.The specific steps are as follows： Step1: The set of monitoring nodes is detected in real time,alerted when attacked and alarm messages Step2: Each cPCE is responsible for collecting alarm information in its domain,and the pPCE aggregates and processes the alarm information.
Step3: If S=1,upstream non-monitoring node N needs to be detected;if S=0, no detection is required.
Step4: When detecting N,if A=1,need to detect N';if A=0, no need to detect. Step5: When detecting N',if A'=1 and N'' exists, we need to detect N'';if A'=0 or there is no N'', we decide N is the source node of the attack.

Simulation
In order to verify the effectiveness of the HP-CADL scheme, this paper uses the VPI platform to build the model shown in Figure 1 for simulation experiments, and compares the designed HP-CADL scheme with the GT-CADL scheme proposed in the literature [1] and the PC-CADL scheme proposed in the literature [3]. Tx_OOK is used for the transmit module;FiberNLS is used for Fibers,SwitchDOS_Y_Two and SwitchMatrix4×4 for OXC, AmpSysOpt for EDFA, WDM_MUX_2_1/WDM_DEMUX_1_2 and WDM_MUX_4 for MUX/DMUX _1/WDM_DEMUX_1_4;crosstalk module injects attack signal with frequency f1 to Tx_OOK;detection module uses joint monitoring at M1,M2,M3,M4, CombinerPow_N_1 for combiner,SignalAnalyze and Rx_OOK_BER for monitor,Powermeter monitors statistical optical power,connect the output of Rx_OOK_BER and Powermeter to NumericalAnalyzer2D.    Figure 4, it can be seen that OXC 6 has the highest BER, indicating that it is the source node that causes the propagation of attacks within D 2 .   Figure 5 shows the trend of the accuracy rates of the three schemes over time. From the figure, it can be seen that the accuracy rate of GT-CADL is slightly higher than that of HP-CADL in the early stage, but in the middle and late stage, HP-CADL has the highest accuracy rate and obvious advantage.

Summary
In this paper, a new hierarchical PCE-based multi-domain optical network multi-point crosstalk attack detection and location scheme(HP-CADL)is proposed. This scheme can not only achieve low-cost monitoring and detection, but also can accurately locate multiple sources of crosstalk attacks