Endurance: A new robustness measure for complex networks under multiple failure scenarios

Endurance: A new robustness measure for complex networks under multiple failure scenarios

Accepted Manuscript Endurance: a New Robustness Measure for Complex Networks Under Multiple Failure Scenarios M. Manzano, E. Calle, V. Torres-Padrosa,...
Download PDF
999KB Sizes 0 Downloads 29 Views
Report

Accepted Manuscript Endurance: a New Robustness Measure for Complex Networks Under Multiple Failure Scenarios M. Manzano, E. Calle, V. Torres-Padrosa, J. Segovia, D. Harle PII: DOI: Reference:

S1389-1286(13)00274-0 http://dx.doi.org/10.1016/j.comnet.2013.08.011 COMPNW 5079

To appear in:

Computer Networks

Received Date: Revised Date: Accepted Date:

6 July 2012 19 July 2013 17 August 2013

Please cite this article as: M. Manzano, E. Calle, V. Torres-Padrosa, J. Segovia, D. Harle, Endurance: a New Robustness Measure for Complex Networks Under Multiple Failure Scenarios, Computer Networks (2013), doi: http://dx.doi.org/10.1016/j.comnet.2013.08.011

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

Endurance: a New Robustness Measure for Complex Networks Under Multiple Failure Scenarios M. Manzanoa,1 , E. Callea , V. Torres-Padrosaa , J. Segoviaa , D. Harleb a University

b University

of Girona, Girona, Spain of Strathclyde, Glasgow, U.K.

Abstract Society is now, more than ever, highly dependent on the large-scale networks that underpin its functions. In relatively recent times, significant failures have occurred on large-scale networks that have a considerable impact upon sizable proportions of the world’s inhabitants. The failure of infrastructure has, in turn, begot a subsequent loss of services supported by that network. Consequently, it is now vitally important to evaluate the robustness of such networks in terms of the services supported by the network in question. Evaluating network robustness is integral to service provisioning and thus any network should include explicit indication of the impact upon service performance. Traditionally, network robustness metrics focused solely on topological characteristics, although some new approaches have considered, to a degree, the services supported by such networks. Several shortcomings of these new metrics have been identified. With the purpose of solving the drawbacks of these metrics, this paper presents a new measure called endurance, which quantifies the level of robustness supported by a specific topology under different types of multiple failure scenarios, giving higher importance to perturbations affecting low percentages of elements of a network. In this paper, endurance of six synthetic complex networks is computed for a range of defined multiple failure scenarios, taking into account the connection requests that cannot be satisfied. It is demonstrated that our proposal is able to quantify the robustness of a network under given multiple failure scenarios. Finally, results show that different types of networks react differently depending on the type of multiple failure. Keywords: Robustness, Complex networks, Multiple failures

1. Introduction Large-scale networks supporting the provision of telecommunication, electrical power, rail and fuel distribution services are now crucial structures within society. These critical infrastructures, which underpin and fulfill key aspects of modern day living, can be formally defined as a set of three components {N, L, DP } Email addresses: [email protected] (M. Manzano), [email protected] (E. Calle), [email protected] (V. Torres-Padrosa), [email protected] (J. Segovia), [email protected] (D. Harle) 1 Phone number: (0034) 972 41 84 96. Fax number: (0034) 972 418 098 Preprint submitted to Computer Networks

August 20, 2013

where N is the number of nodes (railway stations, transformers, routers, etc.), L is the number of links (tracks, pipes, cables, etc.) and DP are the dynamic processes that run over a network (trains, oil or gas, electrical power, connections, etc.). A network may support the provision of one or more dynamic processes (|DP | ≥ 1), e.g. a telecommunication network now offers multiple services to its corporate and domestic customers. In this paper, the focus is on complex networks, which according to [1] can be formally defined as “large collections of interconnected nodes”, and three different kinds of topologies are considered: random, generated using the Erd˝ os-R´enyi model [2], small-world, generated using the Watts and Strogatz model [3], and scale-free, generated with the Barab´ asi-Albert model [4]. Random networks are a primitive and crude representation of such complex networks whereby nodes are randomly connected such that the variance in nodal degree is relatively small. In small-world networks, while the majority of nodes have only a limited number of direct neighbours, most nodes can be reached via only a small number of hops. In scale-free networks, the topology is such that some vertices, known as hubs, have degrees that are orders of magnitude larger than the average degree. Recently, network failures of significance have occurred, reinforcing the need to take the possibility of such large and potentially catastrophic failures into consideration in the underlying network design. For example, the Great East Japan Earthquake in March of 2011 caused power, gas, and water supplies disruption in many areas, mostly in the Tohoku region. The blackout lasted about 96 hours in Sendai [5]. It is clear that significant percentages of population could be seriously affected if a large network experienced critical or multiple failures. Such multiple failures, by contrast with single failures, can not be solved using protection and restoration techniques and minimization of the consequences thus becomes an aim. To achieve such an aim, it is crucial to be able to quantify the network robustness, while taking into account the dynamic processes supported, in a reliable manner. A commonly-held definition for robustness is: a network is robust if disconnecting components is difficult [6]. An alternative definition of robustness is also given by Sydney et al [6]: is the ability of a network to maintain its total throughput under node and link removal. The former definition derives from the classical approach underpinned by graph theory while the latter derives from a more contemporary approach that considers services running over the network in quantifying its robustness. In this paper, the latter definition is adopted. Between the classical and the contemporary, a wide range of approaches have been used to quantify network robustness. These have evolved from the earlier approaches that focus mainly on the connectivity of a graph to more recent concepts that consider the spectrum of a graph. Generally, those network robustness metrics based on graph topological features do not take into account the functioning of a service. However, some metrics that do consider the services have been recently presented but which focus solely on a single specific parameter of Quality of Service (QoS) such as: traffic loss (in terms of blocked connections) [7] or throughput [6]. In this paper we consider connections as the dynamic process that runs over a network.

Other more complex scenarios may emerge where one or more QoS parameter should be used as a tool to characterise network robustness under multiple failures. The aim of this paper is to provide the networks scientific community with endurance, a novel robustness measure able to evaluate network robustness when considering dynamic processes, under multiple failure scenarios, given a network topology and one or more QoS parameters or graph metrics. A set of case studies considering six different complex networks for which robustness is quantified under several multiple failure scenarios is presented. A key differentiation with previous proposals is that endurance places higher importance to perturbations affecting low percentages of network elements simply because such perturbations are more likely to occur [8], [9]. Our criterion is based on the observation that some failures that initially can be classified as small-scale failures may become a serious threat to network services. Such failures surpass the well-studied cases of single-digit node/link failures, but clearly are not classified as catastrophic failures. Therefore, we consider the concurrent emergence of many “common‘” small-scale failures (whether intentional or not), each one of them being much more frequent than large-scale failures. Furthermore, since any network should tolerate such small-scale failures, we take this criterion in order to help network designers to detect potential design flaws against these failures. The paper is structured as follows. Section 2 defines the kind of impairments considered in this work. In addition, it also presents a review of several QoS frameworks as well as several well-known robustness metrics. Section 3 introduces our new robustness measure (endurance). Section 4 characterises the set of networks that are evaluated. Section 5 describes the case study considered in this work. Results are discussed in Section 6. Finally, conclusions are provided and issues that could be considered as future work are outlined in Section 7.

2. State of the art In this section a brief taxonomy of multiple failure scenarios is defined. In addition, several well-known QoS frameworks are reviewed and some common robustness metrics are described. 2.1. Multiple failure scenarios According to Shang et al [10], when an object that causes an attack knows precise information related to the network topological structure, it is called an attack with white-information (i.e. a targeted attack). However, when the attacker has little or no information, it is considered a black-information attack (i.e. a random attack). The former would be more related with intentional failures while the latter would be associated with component failures or natural disasters. Consequently, multiple failure scenarios proposed in the literature can be broadly classified as either random or targeted scenarios. The following text presents a simple taxonomy of such attacks:

• Random: In a random multiple failure case, node and link failures occur as a result of random actions on network elements. Natural disasters are an example of such attacks which may have catastrophic consequences on the services supported by the network under stress. • Targeted : Elements in a targeted multiple failure are chosen in order to maximise the impact of such failures and there is an element of discrimination. The choice of the targeted element/s may be a function of network-defined features such as node degree or clustering, as well as other “realworld” features, such as the number of users potentially affected and socio-political and economic considerations. For instance, in telecommunication networks, a Denial-of-service (DoS) attack is a suitable example of a targeted attack. In this case, the targeted element would be a server or a group of servers. Recently, in March 2013, a Distributed DoS (DDoS) attack against Spamhaus was launched and as a consequence the whole Internet suffered an enormous congestion for over a week [11]. Additionally, both types of attacks can be either static or dynamic. Static multiple failures are essentially one-off failures that affect one or more elements (nodes or links) simultaneously at any given point. Dynamic failures have a temporal dimension. Four main types of multiple failures arise from this taxonomy: Random Static (RS), Random Dynamic (RD), Targeted Static (TS) and Targeted Dynamic (TD). In this paper, the focus is on RS and TS attacks In this work, nodes are considered as the unique element susceptible to failures or attacks. With respect to RS attacks, nodes are selected randomly. For TS type attacks, the following elements of discrimination are considered: i) Node degree: nodes are selected by their node degree (highest degree first). ii) Betweenness centrality (BC): nodes are selected by their BC. Nodes with high BC are chosen first because a high number of shortest paths (from all vertices to all others) pass through them [12]. iii) Clustering coefficient (CC): nodes are selected by their CC. Nodes with high CC are selected first because they are more interconnected with their neighbors [2] [13]. iv) Spreaders: nodes are selected by their k-shell index (highest index first), which measures the ability to maintain an epidemic [14]. Thus, it would be a key feature regarding a robustness analysis involving epidemic scenarios. Hence, in this paper, such an attack type is interesting because it behaves as a random attack when a network has a low number of k-shells, but becomes like a targeted attack when the number of k-shell increases. 2.2. Quality of Service frameworks Historically, a key motivation for the research on QoS has been the convergence of traditional, voiceoriented services and data networks over a unified communications infrastructure. Another motivation is the need for efficient support of a variety of services (voice, video streaming, web traffic, etc.), some of which

have very specific quality requirements which can often lead to conflicting objectives from network design or operation perspectives. A number of organizations and researchers present slightly differing views on the concept of QoS; either how to assess or to realize it [15]. Typically, QoS is defined in terms of either transmission-related metrics (e.g. bit error rate, packet delay and jitter, for which measurements are almost always available solely to the network operator), or user perceived quality parameters (e.g. availability, failure tolerance and recovery time). Many QoS frameworks with the aim of defining the application level QoS requirements and the mechanisms that operators can use to attain a target performance have been proposed. Examples of such frameworks are reliability of service [16], resilience classes [17], differentiated reliability [18], quality of service protection [19], quality of resilience [20], quality of recovery [21], continuity-based resilient communication [22], service availability [23] and time-differentiated resilience [24]. QoS frameworks differ in the level of detail with respect to the mechanisms to be employed and in how many and which parameters they use in the QoS definition, among others. Nevertheless, the majority recognise that the ability of a network to tolerate failures or to recover promptly is of paramount importance. However, as many frameworks rely on classical recovery techniques (such as dedicated or shared path protection in GMPLS networks), the failure scenarios they are prepared for are those in which failure simultaneity is disregarded (the single failure assumption) or is assumed to be low (double failures, for example). That is, large-scale network failures are not usually taken into account. In contrast to the network operator’s perspective where the QoS frameworks serve as a basis for offering differentiated services, this paper proposes using the QoS metrics (i.e. delay or ratio of blocked connections) as a tool to characterise network robustness in multiple failure scenarios. 2.3. Robustness metrics This section presents a brief background of several well-known robustness metrics. As previously mentioned, the available literature offers up a wide range of robustness metrics. Some focus mainly on graph theory concepts while others take into consideration the services supported by networks. Table 1 shows a list of robustness metrics separated in two main groups: classical and contemporary. These two groups are not ordered chronologically by the time of publication of the metrics, but arranged around what underpins each of the robustness definitions. It is important to note that some of the metrics classified as classical could also equally be considered as contemporary (largest eigenvalue or second smallest laplacian eigenvalue). The thirteen classical metrics rely on basic graph theory concepts and none of them match completely with the advanced concept of robustness considered in this work. On the contrary, the four contemporary ones consider the dynamic services that run over a network. Elasticity, QNRM and QLRM measure the

Table 1: Classical and contemporary robustness metrics Approach

Classical

Characteristic Average node degree

[13]

Node connectivity

[25]

Heterogeneity

[26]

Symmetry ratio

[27]

Diameter

[28]

Average shortest-path length

[29]

Assortativity coefficient

[13]

Average neighbor connectivity

[13]

Clustering coefficient Betweenness centrality (BC) Largest eigenvalue

Contemporary

Reference

[13][2] [12] [13][30]

Second smallest Laplacian eigenvalue

[31]

Average two-terminal reliability (A2TR)

[32]

Elasticity

[6]

Quantitative Robustness Metric (QNRM)

[7]

Qualitative Robustness Metric (QLRM)

[7]

R-value

[33]

throughput, the number of blocked connections and the delay in terms of the variation of the average path length, respectively. Such metrics are useful in quantifying the variation of the performance of a network in response to multiple failures but they focus solely on a single QoS parameter. The R-value is a generic robustness metric that quantifies robustness taking into consideration one or more QoS parameters and graph metrics (i.e. hop-count, minimum degree or second smallest Laplacian eigenvalue). It specifically considers the impact on such parameter values under particular perturbations within a graph. However, the R-value considers equally all degrees of perturbation; a failure affecting 1% of nodes of a network weights identically to a failure that affects 50% of nodes. Addressing this shortcoming, endurance, a robustness measure that gives higher importance to perturbations affecting low percentages of elements of a network is proposed.

3. Endurance This section proposes a novel robustness measure called endurance (ξ). According to [34] and [35], endurance has been used to describe the ability of an organism to withstand an adverse situation in order to remain active for a long period of time. In this work, we apply the meaning of endurance in the context of a complex network with connections running over it. Nevertheless, one could conceive the use of the endurance metric in other network scenarios as long as there existed a quantitative service parameter that was adversely affected by failure conditions (e.g. connectionless networks or software-defined networks); however, this is out of the scope of this paper. In any case, our goal is to measure the ability of the network to maintain its initial characteristics in the case of an adverse situation, which might be a multiple failure scenario. The fact that endurance is a property related with a period of time makes it suitable as a robustness metric, because such a metric must evaluate network robustness not only considering a specific instant of time, but a period. In general terms, endurance computes the robustness of a network under multiple failure scenarios given one or more QoS parameters (e.g. delay) or graph metrics (e.g. size of the largest connected component). The endurance value is normalised over the interval [0, 1], where ξ = 1 would denote the non-existence of robustness, whereas ξ = 0 would be correlated to the maximum possible degree of robustness. This implies that the values taken by a given QoS parameter or graph metric must yield a monotonically increasing function as illustrated in Fig. 1. Otherwise, the inverse normalised value corresponding to the QoS parameter or graph metric should be used instead. In this section, in order to simplify the definition, endurance is considered with regards to a single QoS parameter. Endurance can be obtained as the cumulative and overlapping area under the curve of values given by a specific QoS parameter in response to different percentages of failing elements (nodes or links) corresponding to different attack intensities. Endurance gives higher importance to perturbations affecting low percentages

of elements of a network. This feature is key when assessing the robustness of networks because such scenarios are more likely to occur. Therefore, as reported in [8] and [9] single failures are much more common than double failures, which in turn are more likely to occur than triple failures, and so on. Moreover, its computation can be part of periodic or event-triggered network management/maintenance operations. Alternative approaches to calculate network robustness metrics according to a given or assumed failure probability have been proposed in the literature. In [36], the authors derive statistical results for network unavailability and link overload from a probabilistic description of network failures, local hot spots and interdomain rerouting. Scenarios under a threshold probability are discarded to improve the computation speed. A tool considering this proposal was presented in [37]. Moreover, while in [36] network robustness is measured according to network failures and congestion, our approach is more general and can be used considering any QoS or network metrics. In contrast, in [36] a gravity model is used for the generation of traffic matrices, whereas our case study assumes a uniformly distributed random traffic among any nonadjacent node. In practice, as in this paper, it is possible to calculate endurance discretely so that, for each percentage of failing elements within the network, a value of the QoS parameter is obtained. ξ(a, b) in Equation 1 denotes the endurance value for the interval [a, b] of the QoS curve, where b > a. ξ(a, b) can be approximated by Equation 1, where A(a, n) is the area under the curve C joining the set of discrete QoS values obtained for each attack intensity. This area is approximated by making trapeziums between all the consecutive discrete values, as computed in Equation 2. The possibility to compute endurance for a specific interval provides more insightful analysis of the behaviour of the network under different failure scenarios. b ξ(a, b) =

n=a+1 A(a, n) b−a n=1 n

A(p, q) =

where b > a

q−1  C(n) + C(n + 1) 2 n=p

(1)

(2)

Equation 1 calculates endurance as an overlapping area where, in each iteration, the area for the former parts of the interval is cumulated again. In this manner, the obtained result gives more relevance to low percentages of elements removed, which are more likely to occur. Moreover, endurance is normalised by the maximum overlapping area of the same interval, which is computed assuming that C is normalised and ranges between 0 and 1. Fig. 1 depicts an example used to show how endurance is calculated. In this example, the following considerations need to be taken into account: • As defined previously, endurance may take any QoS parameter as input as, for example, the ratio of blocked connections. In Fig. 1 such QoS parameter is represented by the curve C. While the Y axis

Figure 1: Endurance illustration, where vertical dotted lines display three different types of attack intensities (weak, moderate and severe). denotes the parameter value, the X axis represents the percentage of elements (nodes or links) removed (i.e. affected by a multiple failure) or, in other words, the different attack intensities. • According to Equation 1, endurance is calculated for a specific interval. Hence, endurance can be more insightful than simply computing a single value for the whole range of possible attack intensities. In fact, the values can be computed on an interval-by-interval basis. Fig. 1 identifies three interest areas corresponding to three different attack intensities: weak, moderate and severe. In this example, endurance could be computed for the three interest intervals; facilitating the evaluation of robustness for these specific attack intensities. Graphically, the color of the area under curve C clearly expresses its relative importance within the computation of endurance; lower percentages of removed elements being darker than those with higher percentages. • Curve C in Fig. 1 is related to a specific multiple failure, i.e. a particular kind of attack: random, by node degree, etc. Thus, different attacks may result in different curves. It is assumed that C is normalised and ranges from 0 to 1. 3.1. Example of computation of endurance Here we detail a simple example on how endurance can be computed. We assume an arbitrary network and an arbitrary QoS parameter or graph metric that has been measured as depicted in Fig. 2 from 1 to 5% of nodes removed in the network. The endurance (ξ) in the interval [0, 5] is calculated as depicted from

Equation 3 to Equation 9. Therefore, as it can be observed, ξ(0, 5) is the result of adding and overlapping the areas compressed in the interval [0,5]. Finally, the robustness of this network is of ξ = 0.54. If the area had been calculated without overlapping the areas, the robustness of the network would have been characterised by

A(0,5) 5

= 0.66. This value results to be worse than the one provided by endurance

because the latter gives a better value of robustness than the former, which is related to the fact that the network tolerates better those failures which have a higher probability of occurring. Consequently, our proposal of adding and overlapping the areas is very interesting to take into account scenarios like the one analysed in this example, among others.

Figure 2: Example on how to compute endurance.

ξ(0, 5) =

5

n=1 A(0, n) 5 n=1 n

A(0, 1) + A(0, 2) + A(0, 3) + A(0, 4) + A(0, 5) 1+2+3+4+5

(4)

1  0 + 0.5 0.5 + 0.5 C(n) + C(n + 1) = + = 0.75 2 2 2 n=0

(5)

2  0 + 0.5 0.5 + 0.5 0.5 + 0.9 C(n) + C(n + 1) A(0, 3) = = + + = 1.45 2 2 2 2 n=0

A(0, 4) =

(3)

0  0 + 0.5 C(n) + C(n + 1) = = 0.25 2 2 n=0

A(0, 1) = A(0, 2) =

=

2  0 + 0.5 0.5 + 0.5 0.5 + 0.9 0.9 + 0.9 C(n) + C(n + 1) = + + + = 2.35 2 2 2 2 2 n=0

(6)

(7)

2  0 + 0.5 0.5 + 0.5 0.5 + 0.9 0.9 + 0.9 0.9 + 1 C(n) + C(n + 1) = + + + + = 3.3 2 2 2 2 2 2 n=0

(8)

A(0, 1) + A(0, 2) + A(0, 3) + A(0, 4) + A(0, 5) 0.25 + 0.75 + 1.45 + 2.35 + 3.3 = = 0.54 15 15

(9)

A(0, 5) = ξ(0, 3) =

4. Network Topologies In this section, the six topologies investigated in this paper, all exemplar complex networks, are now presented. Two networks have been created using the Erd˝ os-R´enyi model [2], two created following the Watts and Strogatz model [3] and two with the Barab´ asi-Albert (BA) model [4]. Layouts can be observed in Fig. 3, where the two Erd˝ os-R´enyi generated networks are prefixed with er- (erd2 and erd4 ), while the Watts and Strogatz and BA generated networks are indicated by the ws- (wsd2 and wsd4 ) and ba- (bad2 and bad4 ) prefixes respectively. The key characteristics of the six networks are listed in Table 2. Additionally, some characteristics are presented with their standard deviation. First, all networks are equal in nodal dimensions. Secondly, three networks have an average node degree of 2 (erd2 , wsd2 and bad2 ) while the three remaining have an average node degree value close to 4 (erd4 , wsd4 and bad4 ). These six topologies have been selected to quantify the network robustness according to diameter and average node degree. Finally, all networks have negative or near-zero value of assortativity coefficient (r ), which means that they have an excess of radial links, i.e. links connecting nodes of dissimilar degrees. Such a property has been observed to be typical on technological networks [38]. Next, some relevant features are discussed. wsd4 is the network with the highest largest eigenvalue. Given that most networks with high values for the largest eigenvalue have a small diameter, wsd4 is likely to be the most robust of the six networks. Moreover, the second smallest laplacian eigenvalue measures how difficult it is to break a network into islands or individual components (the larger the value, the lower the topology’s vulnerability to both node and link removal) [31]. Therefore, wsd4 is again likely to be the most robust of the six as it exhibits higher connectivity than the other networks. Node connectivity represents the smallest number of nodes whose removal results in a disconnected or single-node graph: all networks have the same unity value (1). Regarding the symmetry ratio, it can be observed that wsd2 is the most robust network because it has the lowest value. On high-symmetric networks, with low symmetry values, the impact of losing a node does not generally depend on which specific node is lost. Clustering coefficient shows that bad2 is the most robust, since its nodes are more interconnected with their neighbors. Betweenness centrality (BC) depicts that erd4 , bad2 and bad4 are better than the other three due to their lower BC value, which denotes that connection paths will be less centralized and less dependent on central nodes. This means that erd2 , wsd2 and wsd4 have an excess of centrality of some

(a) erd2

(b) erd4

(c) bad2

(d) bad4

(e) wsd2

(f) wsd4

Figure 3: Layout of the six networks considered in this work.

Table 2: Characteristics of the network topologies Characteristic

erd2

erd4

wsd2

wsd4

bad2

bad4

Number of nodes

400

400

400

400

400

400

Number of links

420

797

400

799

399

789

Average node degree

2.1

3.99

2

4

2

3.95

Node connectivity

1

1

1

1

1

1

Heterogeneity

0.51

0.47

0.17

0.16

0.91

0.93

Betweenness centrality

0.03

0.01

0.15

0.02

0.01

0.01

Standard deviation

0.04

0.008

0.16

0.01

0.05

0.02

Symmetry ratio

12.37

36.36

2.32

28.57

24.87

50

Average shortest path length

11.63

4.52

61.88

7.06

6.89

3.95

Standard deviation

4.36

1.21

38.32

2.06

2.06

0.94

Largest eigenvalue

2.98

5.22

4.35

8.34

2.31

4.28

Second smallest Laplacian eigenvalue

0.007

0.15

0.005

0.52

0.0001

0.09

Clustering coefficient

0.36

0.06

0.06

0.36

0.61

0.03

Standard deviation

0.48

0.23

0.23

0.17

0.48

0.15

Assortativity coefficient

0.1

0.09

-0.06

0.047

-0.09

-0.03

elements that increases their vulnerability in targeted multiple failures. It is important to note that wsd2 has a particularly high average shortest path length, which has a significant impact on performance under different attack types. Finally, Fig. 4 shows the average two-terminal reliability (A2TR) [32] of the five networks. This metric is the probability that a randomly chosen pair of nodes is connected (if the network is fully connected the value of 2TR is 1). Therefore, the higher the value, the better the robustness. As can be observed, wsd2 is the network whose connectivity decreases the most for lower percentages of removed nodes. In contrast, erd4 , wsd4 and bad4 offer the highest connectivity when removing nodes. It is interesting to observe that wsd4 is slightly more robust than erd4 and bad4 for ratios lower than 0.3, but its robustness decreases rapidly for values over 0.3. 5. Case Study In this section, the simulation scenario used to calculate endurance for the exemplar topologies is defined. All simulations run over 10 000 time steps supporting a total traffic load of 80 000 connections. Connection source and destination nodes are selected randomly with only one restriction; they cannot be adjacent so that nodes are separated by a minimum of two hops. Since no link capacity constraint is applied, if there were no failures, all connections would be accepted. The generation of the connections and their duration follow a negative exponential distribution with an average inter-arrival and holding times of 0.12 and 100 time steps respectively.

      



 







 

















Figure 4: Average two-terminal reliability of the set of six network topologies

The simulator handles the reception of connection requests between node pairs, triggers and coordinates the proper routing based on the demand, releases connections when their holding time has expired, and collects the required statistical data. In this case, the simulator keeps count of the number of connection requests that can not be satisfied. A connection that cannot be established because there is not a path between source and destination nodes, is called a blocked connection. The different attacks are caused at time = 1 of the simulation and the affected nodes remain in such failure state for the whole simulation. In this paper the topologies described in the previous section are considered. Although we carry out this analysis without taking into account any network technology (optical, IP, etc.), this study could be applied, for instance, to MPLS-based networks, where the physical and the logical layers were coincident with respect to their structure, and where the connections were established on the logical layer. In this case, connections would represent label-switched paths (LSPs) between MPLS PoPs (point-of-presence). Further, in this work we assume that only nodes are susceptible to failures or attacks, this being a worst-case scenario because a node failure implies the unavailability of its links. According to [25], in order to disconnect a network, the number of links to be removed is greater or equal than the number of nodes; which implies that by taking into account node failure the worst-case scenario is guaranteed. In addition, node failures have been broadly considered in the robustness literature [39–41]. Likewise, a thorough study considering the failure of links or the combination of links and nodes would provide a different evaluation of the robustness of a network. In any case, the method (and the metric) to evaluate the robustness would be almost the same. The investigation focuses on the scenario shown in Fig. 5 which is defined below:

Figure 5: Case study scenario. Curves prefixed with A- represent different kind of multiple failures. Vertical dotted lines display the three different types of attack intensities (weak, moderate and severe). • The ratio of blocked connections associated with a failure event has been chosen to be the QoS parameter of interest considered by endurance in this case study, and is calculated in response to different attack types. Notice that in this case this measure may be related to the number of sub-partitions the network is split in, because we consider a uniformly distributed random traffic pattern. • As stated in Section 2.1 the focus is on Random Static (RD) and Targeted Static (TS) multiple failures. Four different TS scenarios are considered; each one related to a different element of discrimination: node degree, betweenness centrality (BC), clustering coefficient (CC) and spreaders. When several nodes present equal values their selection is carried out randomly (i.e. if the number of nodes to be selected is smaller than the number of nodes presenting equal value). Therefore, a set of five different multiple failures are imposed on each network at simulation time t = 1 (one random and four targeted ). Once a node is affected by a multiple failure (i.e. it is removed) it does not recover. There are three attacks depicted as A1, A2 and A3 in Fig. 5. • The interval of the attacks caused are divided into three groups of intensities: weak (from 1% to 5% of elements affected), moderate (from 5% to 10%) and severe (from 10% to 20%). These values have been chosen with the purpose of considering a scenario enough heterogeneous in terms of connectivity (i.e. Fig. 4 shows that the A2TR of networks for 0.2 of removed nodes presents different values: wsd2 ≈ 0, erd2 and bad2 ≈ 0.3 and erd4 , bad4 and wsd4 ≈ 0.9). The presented results are the average of 200 differently seeded simulation runs. This means that for each topology, for each type of attack and for each percentage 200 simulations of 10 000 time steps have been

conducted. The primary objective of the investigation is to demonstrate that endurance is able to quantify the robustness of a network under a multiple failure scenarios. Moreover, a secondary objective is to determine the relative robustness of the different network types in response to specific attacks (the random and the four targeted ones) at each the three levels of intensities (weak, moderate and severe). Finally, a third objective is to investigate the impact upon network robustness when the average node degree is doubled by adding links for a constant nodal dimension. A number of previous studies suggest that adding links improves network robustness [42] and it is appropriate to consider the aptness of endurance in this respect.

6. Results This section presents the performance metrics obtained from the simulations, the computation of endurance derived from these results and then concludes with a brief discussion about the relative merits of the proposal. 6.1. Simulation results In Fig. 6 the simulation results for the full set of networks are presented. The left-hand column of graphs pertain to the three networks of an average node degree of 2, while the right-hand column of graphs illustrates network behaviour when degree is ≈ 4. These second set of networks have been considered because previous studies suggest that adding links has merit and improves network robustness [42]. As depicted in Fig. 6 (a) and (c), erd2 and bad2 are significantly impacted by node degree (ND) and betweenness centrality (BC) attacks because, in both cases, these two attacks block the highest number of connections. erd2 is more robust because it provides a smaller ratio of blocked connections than bad2 for weak (from 1 to 5%) and moderate (from 5 to 10%) attack intensities. Conversely, erd2 is more affected by an attack considering spreaders than bad2 . This is due to the fact that bad2 has only one k-shell while erd2 has two and consequently, the spreaders-based attack for bad2 becomes random (i.e. when several nodes present equal values, target selection occurs at random). Results regarding wsd2 (Fig. 6 (e)) are worth further consideration. For weak intensities (1 to 5%), where wsd2 is highly affected by the attacks considering ND, BC and random, it can be observed that the network is very robust in the case of spreaders and CC. The results obtained by the spreaders-based attack were expected because wsd2 has two k-shell indexes: 4% of nodes have a k-shell index of 2 while the remaining have an index of 1. Therefore, it can be observed that, as the percentage of removed nodes increases, the spreaders-based attack becomes more random because nodes are selected randomly. Consequently, this means that wsd2 is very robust when nodes with high k-shell index are removed. The same “bimodal” effect can be applied to explain the results obtained from the attack by CC.

For severe intensities (from 10% to 20% of removed nodes) all attacks highly affect the ratio of blocked connections. The reason being that, after a 10% of elements is affected by an attack, wsd2 collapses and forms into a high number of non-connected partitions as can be observed in Fig. 4, where wsd2 has a nearzero value of A2TR from 0.1 to 0.2 ratio of removed nodes. This effect derives from the fact that wsd2 has a very high average shortest path length (ASPL) and consequently the probability of a connection being impacted by an attack (even a random one) is high. Further, this event reinforces the need to consider network operation under different multiple failure scenarios. Different to erd2 , erd4 (Fig. 6 (b)) has approximately the same robustness for all the attacks. While erd2 with 20% of elements affected by a BC or a ND attack blocks around 95% of connections, for the same intensity and the same attacks erd4 blocks approximately 45%. Therefore, for Erd˝ os-R´enyi generated networks, doubling the nodal degree halves the percentage of blocked connections in the worst-case scenario considered in this work (20% of removed nodes). Comparing bad2 with bad4 (Fig. 6 (d)), it can be observed that the latter outperforms the robustness of the former for all kind of attacks but one: CC. bad4 approaches percentages of blocked connections near 95% only when more than 15% of nodes are removed (in the case of ND and BC); in contrast with the dramatic effects that these attacks have in bad2 , for weak and moderate attack intensities. Nevertheless, bad2 is more robust than bad4 in the case of an attack by CC because for 20% of removed nodes, bad4 blocks around 5% more connections than bad2 . Finally, it is also interesting to note that wsd4 presents a higher robustness than wsd2 . For instance, in the case of a ND attack, around 60% of connections are blocked when 20% of nodes are removed while wsd2 blocks around 95%. Table 3: Endurance of erd2 and erd4 Intensity Weak

Moderate

Severe

Type of attack

erd2

erd4

erd2

erd4

erd2

erd4

Nodal degree (ND)

0.232

0.038

0.821

0.146

0.938

0.281

Betweenness centrality (BC)

0.261

0.038

0.724

0.141

0.925

0.273

Clustering coefficient (CC)

0.036

0.036

0.132

0.134

0.251

0.255

Spreaders

0.145

0.036

0.619

0.135

0.901

0.262

Random

0.086

0.035

0.325

0.138

0.596

0.259

6.2. Computation of Endurance From the simulation results obtained from Fig. 6 we have computed endurance for all networks. Table 3 shows endurance for erd2 and erd4 according to Equation 1. endurance has been computed by intervals according to three different attack intensities (weak, moderate and severe) and for each kind of attack, as



    !"  #$  



    

 













      !  "#  









 













 

(a) erd2













(b) erd4







 

    !"  #$  



 

     

  

    !"  #$  









 

 













 

  

(c) bad2

(d) bad4



    !"  #$  

 

 

 





    !"  #$  



    



 











 

(e) wsd2



  

(f) wsd4

Figure 6: Simulation results: Ratio of blocked connections of the six networks in the case of five different multiple failures (random, node degree, betweenness centrality, spreaders and clustering coefficient) of intensities ranging from 1 to 20% of removed nodes. Networks with average node degree (AND) of 2 are shown on the left while networks with AN D ≈ 4 are depicted on the right.

shown in Fig. 5. As can be observed, endurance values of erd4 are nearly 6 times lower than erd2 in the case of attacks considering ND, BC and spreaders. For random attacks, the improvement is around 50%. However, for CC erd4 achieves an almost identical value of endurance as erd2 , as expected from the ratio of blocked connections shown in the previous section.

Table 4: Endurance of bad2 and bad4 Intensity Weak Type of attack

bad2

bad4

Moderate bad2

bad4

Severe bad2

bad4

Nodal degree (ND)

0.754

0.047

0.944

0.221

0.951

0.588

Betweenness centrality (BC)

0.763

0.041

0.945

0.215

0.951

0.506

Clustering coefficient (CC)

0.036

0.036

0.132

0.135

0.252

0.301

Spreaders

0.136

0.035

0.387

0.129

0.642

0.253

Random

0.131

0.034

0.383

0.129

0.657

0.253

Table 4 presents the computed endurance for bad2 and bad4 . It is worth to note that bad4 is more robust than bad2 in the case of ND, BC, spreaders and random attacks. The improvement in terms of robustness of bad4 with respect to bad2 varies depending on the type of attack. For instance, in the case of a ND attack, endurance decreases from ξ = 0.754 (for bad2 ) to ξ = 0.047 (for bad4 ). However, when a multiple failure considering CC occurs bad4 is slightly worse than bad2 . This may be caused by the underlying generative process of the Barab´asi-Albert model: both BA networks have the same number of nodes and as a result bad4 has nodes that are more clustered than bad2 . Table 5: Endurance of wsd2 and wsd4 Intensity Weak

Moderate

Severe

Type of attack

wsd2

wsd4

wsd2

wsd4

wsd2

wsd4

Nodal degree (ND)

0.642

0.036

0.917

0.136

0.935

0.324

Betweenness centrality (BC)

0.612

0.034

0.737

0.134

0.806

0.301

Clustering coefficient (CC)

0.036

0.036

0.397

0.132

0.921

0.253

Spreaders

0.244

0.034

0.668

0.125

0.899

0.244

Random

0.465

0.034

0.868

0.125

0.919

0.249

Finally, the computed endurance for wsd2 and wsd4 is provided in Table 5. As can be observed, not unexpectedly, the network with higher average node degree is the most robust for all types of attacks. To conclude this section derived from Table 6 to Table 8 three classifications of the networks with respect to their endurance are presented, where each relates to a specific attack intensity: weak, moderate and severe. In these classifications, 1 represents the most robust with increasing rank representing successively reduced

robustness. Table 6 shows that in the case of weak attacks wsd4 is the most robust network of the set considered in this work. This ensues consequences regarding the robustness of such network due to the fact that endurance places higher importance to low percentages of attacks. It is interesting to note that all networks obtain the same value of endurance in the case of a CC-based attack. A similar classification is obtained when focusing on moderate intensity (Table 7). However, in the case of severe attacks (as shown in Table 8) erd4 is the most robust network in the case of ND and BC attacks, erd2 and bad2 the most robust ones for a CC attack, and wsd4 for random and spreader-based attacks.

Table 6: Intensity: Weak. Classification based on the endurance of the networks for each type of attack. Networks

Type of attack

Erd˝ os-R´ enyi

Watts-Strogatz

Barab´ asi-Albert

erd2

wsd2

bad2

erd4

wsd4

bad4

Nodal degree (ND)

4

2

4

1

6

3

Betweenness centrality (BC)

4

2

5

1

6

3

Clustering coefficient (CC)

1

1

1

1

1

1

Spreaders

5

3

6

1

4

2

Random

3

2

5

1

4

1

Table 7: Intensity: Moderate. Classification based on the endurance of the networks for each type of attack. Networks

Type of attack Nodal degree (ND)

Erd˝ os-R´ enyi

Watts-Strogatz

Barab´ asi-Albert

erd2

erd4

wsd2

wsd4

bad2

bad4

4

2

5

1

6

3

Betweenness centrality (BC)

4

2

5

1

6

3

Clustering coefficient (CC)

1

2

4

1

1

3

Spreaders

5

3

6

1

4

2

Random

4

3

6

1

5

2

6.3. Discussion Unlike traditional robustness metrics (see Section 2.3), our proposal describes how robust is a network in the case of specific multiple failure scenarios. In addition, the characterisation might be focused on different attack intensities, such as the three ones considered in this work. Consequently, endurance is a measure that can evaluate in more detail the level of robustness of a network, given a specific multiple failure scenario, and one or more QoS parameters or graph metrics. As a result, endurance is able to denote significant differences between the six topologies considered in this work. For instance, according to the second smallest Laplacian eigenvalue or the largest eigenvalue, the wsd4 is the most robust network.

Table 8: Intensity: Severe. Classification based on the endurance of the networks for each type of attack. Networks

Type of attack Nodal degree (ND)

Erd˝ os-R´ enyi

Watts-Strogatz

Barab´ asi-Albert

erd2

erd4

wsd2

wsd4

bad2

bad4

5

1

4

2

6

3

Betweenness centrality (BC)

5

1

4

2

6

3

Clustering coefficient (CC)

1

4

6

3

1

5

Spreaders

6

3

5

1

4

2

Random

4

3

6

1

5

2

However, endurance demonstrates that, although the wsd4 is the most robust when considering weak and moderate attack intensities (see Table 6 and Table 7), it does not perform similarly in the case of severe intensities (see Table 8). In conclusion, endurance provides further insight on the robustness of complex networks, this being highly beneficial for the networks research community. There are, however, some limitations that are mentioned below: • Although it would be ideal to calculate endurance continuously, it is not possible due to the manner by which such multiple attacks occur, where discrete proportions of elements of the network are affected. Thus, the cumulative and overlapping area that represents endurance is always going to be an approximation of the curve of values given by a specific QoS parameter, joining the set of values obtained for each attack intensity. • Endurance is a robustness measure calculated in the case of multiple failures. Therefore, endurance can only be applied to assess network robustness in a set of multiple failure scenarios and it would not be applicable to the case of a single multiple failure (e.g. a failure affecting only a specific % of elements of the network). • Endurance, as well as other robustness generic measures (such as the R-value [33]), depends on QoS parameters or graph metrics in order to be calculated. Somehow, this would represent a limitation as it not an “autonomous” metric.

7. Conclusions In this paper, endurance, a new robustness measure able to evaluate network robustness when considering dynamic processes that run over such networks has been presented. Network robustness under multiple failure scenarios, given a topology and one or more QoS parameters or graph metrics has been computed and discussed.

A brief taxonomy of multiple failures has been defined and some QoS frameworks have been reviewed along with some well-known robustness metrics. A key differentiation with previous proposals is that endurance places higher store to perturbations affecting lower percentages of elements of a network because such attacks are more likely to occur. A case study has been defined in order to carry out a robustness analysis of a set of six generated topologies: two Erd˝ os-R´enyi, two Watts and Strogatz and two Barab´ asi-Albert. Then, endurance has been evaluated for the set of topologies when considering the ratio of blocked connections as a parameter, in the case of five different attacks (random, node degree (ND), betweenness centrality (BC), clustering coefficient (CC) and spreaders) and for three levels of intensities (weak, moderate and severe). Results have shown that the proposed measure is able to describe the robustness of a network under different multiple failure scenarios. Results have highlighted that some networks are more robust (compared to others) in response to specific attacks when considering different attack intensities. Furthermore, the impact on robustness when the average node degree is doubled has been investigated and some particularities have been observed. In general, the three networks with a higher average node degree are more robust than the others. However, given the large number of links, network cost should also be considered if such a network was chosen as the most robust. Therefore, the choice should be made complementing the information provided by endurance with other topological features such as the number of links and their related cost. When taking into account graph-based metrics such as the largest eigenvalue, the second smallest laplacian eigenvalue or the average two-terminal reliability, some networks appear to be very robust (i.e. wsd4 or erd4 ). However, robustness analysis like the one presented in this work provide further insight about the robustness of such networks; subtle differences between them arise. For instance, for severe attack intensities (from 10 to 20% of affected nodes) erd4 is more robust than wsd4 only in the case of multiple failures based on ND or BC. This information is particularly useful for both network providers or network researchers equally. As further work, we plan to carry out further investigations considering different QoS parameters and graph metrics, which choice would depend on the specific type of networks taken into account (i.e., IP or over-the-top networks). In addition, it would be interesting to carry out a robustness analysis of real networks such as the ones provided in [43]. It would also be interesting to consider representing more than a single QoS parameter or graph metric simultaneously using endurance. Therefore, it would be possible to assign weights to each one of the parameters and the results would reflect more precisely the robustness of a network.

Acknowledgements This work is partly supported by the Spanish Ministerio de Ciencia e Innovacion through project RoGeR (TEC 2012-32336) and Juan de la Cierva subprogram grant JCI-2010-08322 and by the Generalitat de Catalunya through the research support program project SGR-1202 and AGAUR FI-DGR 2012 grant.

References [1] M. van Steen, Graph Theory and Complex Networks, 2010. [2] B. Bollob´ as, Random graphs, Vol. 73, Cambridge University Press, 2001. [3] D. J. Watts, S. H. Strogatz, Collective dynamics of ’small-world’ networks, Nature 393 (6684) (1998) 440–442. [4] A. L. Barabasi, R. Albert, Emergence of scaling in random networks, Science 286 (5439) (1999) 509–512. [5] S. Urushidani, M. Aoki, Design and implementation of reliable multi-layer service network, in Proceedings of the 3rd IEEE/IFIP International Workshop on Reliable Networks Design and Modeling (RNDM), 2011, pp. 1–6. [6] A. Sydney, C. Scoglio, P. Schumm, R. E. Kooij, Elasticity: topological characterization of robustness in complex networks, in Proceedings of the 3rd International Conference on Bio-Inspired Models of Network, Information and Computing Sytems (BIONETICS), 2008, pp. 19:1–19:8. [7] M. Manzano, E. Calle, D. Harle, Quantitative and qualitative network robustness analysis under different multiple failure scenarios, in Proceedings of the 3rd IEEE/IFIP International Workshop on Reliable Networks Design and Modeling (RNDM), 2011 pp. 1–7. [8] D. R. Khuhn, Sources of Failure in the Public Switched Telephone Network, IEEE Computer 30 (4) (1997) 31–36. [9] H. A. Rahman, K. Beznosov and J. R. Marti, Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports, International Journal of Critical Infrastructures 5 (3) (2009) 220–244. [10] Y. Shang, Robustness of scale-free networks under attack with tunable grey information, EPL (Europhysics Letters) 95 (2) (2011) 28005. [11] BBC, http://www.bbc.co.uk/news/technology-21954636 [Online; accessed 16-Jul-2013] [12] L. C. Freeman, A set of measures of centrality based upon betweenness, Sociometry 40 (1) (1977) 35–41. [13] P. Mahadevan, D. Krioukov, M. Fomenkov, X. Dimitropoulos, K. C. Claffy, A. Vahdat, The internet AS-level topology: three data sources and one definitive metric, in Proceedings of the ACM conference on Applications, technologies, architectures, and protocols for computer communications (SIGCOMM), 2006, pp. 17–26. [14] M. Kitsak, L. Gallos, S. Havlin, F. Liljeros, L. Muchnik, H. Stanley, H. Makse, Identification of influential spreaders in complex networks, Nature Physics 6 (11) (2010) 888–893. [15] R. Stankiewicz, P. Cholda, A. Jajszczyk, QoX: What is it really?, Communications Magazine, IEEE 49 (4) (2011) 148–158. [16] M. Durvy, C. Diot, N. Taft, P. Thiran, Network availability based service differentiation, in: K. Jeffay, I. Stoica, K. Wehrle (Eds.), Quality of Service (IWQoS), Vol. 2707 of Lecture Notes in Computer Science, 2003, pp. 305–325. [17] A. Autenrieth, Recovery time analysis of differentiated resilience in MPLS, in Proceedings of the Fourth International Workshop on Design of Reliable Communication Networks (DRCN), 2003, pp. 333–340. [18] M. Tacca, A. Fumagalli, A. Paradisi, F. Unghv´ ary, K. Gadhiraju, S. Lakshmanan, S. M. Rossi, A. de Campos Sachs, D. S. Shah, Differentiated reliability in optical networks: Theoretical and practical results, J. Lightwave Technol. 21 (11) (2003) 2576. [19] J. Marzo, E. Calle, C. Scoglio, T. Anjali, Adding QoS protection in order to enhance MPLS QoS routing, in: Communications, 2003. ICC ’03. IEEE International Conference on, Vol. 3, 2003, pp. 1973–1977.

[20] P. Cholda, J. Tapolcai, T. Cinkler, K. Wajda, A. Jajszczyk, Quality of resilience as a network reliability characterization tool, IEEE Network, 23 (2) (2009) 11–19. [21] P. Cholda, The reliability analysis of recovery procedures in GMPLS-based optical IP networks, Ph.D. thesis, AGH University of Science and Technology, Krak´ ow, Poland, Dec. 2005 (2005). [22] P. Cholda, A. Mykkeltveit, B. Helvik, A. Jajszczyk, Continuity-based resilient communication, in Proc. of the 7th International Workshop on Design of Reliable Communication Networks (DRCN), 2009, pp. 335–342. [23] O. Gerstel, G. Sasaki, A general framework for service availability for bandwidth-efficient connection-oriented networks, Networking, IEEE/ACM Transactions on 18 (3) (2010) 985–995. [24] M. Xia, M. Tornatore, S. Sevilla, L. Shi, C. U. Martel, B. Mukherjee, A novel SLA framework for time-differentiated resilience in optical mesh networks, J. Opt. Commun. Netw. 3 (4) (2011) 312–322. [25] A. H. Dekker, B. D. Colbert, Network robustness and graph topology, in Proceedings of the 27th Australasian conference on Computer science (ACSC), 2004, pp. 359–368. [26] J. Dong, S. Horvath, Understanding network concepts in modules, BMC Systems Biology 1 (1) (2007) 1–24. [27] A. H. Dekker, B. Colbert, The symmetry ratio of a network, in Proceedings of the 2005 Australasian symposium on Theory of computing (CATS), 2005, pp. 13–20. [28] Weisstein, Eric W, Graph Diameter. URL http://mathworld.wolfram.com/GraphDiameter.html [29] C. Shannon, D. Moore, The Spread of the Witty Worm, IEEE Security and Privacy 2 (2004) 46–50. [30] D. Chakrabarti, Y. Wang, C. Wang, J. Leskovec, C. Faloutsos, Epidemic thresholds in real networks, ACM Transactions on Information and System Security 10 (4) (2008) 1–26. [31] A. Jamakovic, S. Uhlig, Influence of the network structure on robustness, in Proceedings of the 15th IEEE International Conference on Networks (ICON), 2007, pp. 278–283. [32] S. Neumayer, E. Modiano, Network reliability with geographically correlated failures, in Proceedings of the 29th conference on Information communications (INFOCOM), 2010, pp. 1658–1666. [33] P. V. Mieghem, C. Doerr, H. Wang, J. M. Hernandez, D. Hutchison, M. Karaliopoulos, R. E. Kooij, A framework for computing topological network robustness, Delft University of Technology, Report20101218 (2010). [34] Oxford dictionary, URL oxforddictionaries.com [35] Merriam-Webster, URL www.merriam-webster.com [36] M. Menth, M. Duelli, R. Martin, J. Milbrandt, Resilience Analysis of Packet-Switched Communication Networks, IEEE/ACM Transactions on Networking 17 (6) (2010) 1950–1963. [37] D. Hock, M. Menth, M. Hartmann, C. Schwartz, D. Stezenbach, ResiLyzer: A Tool for Resilience Analysis in PacketSwitched Communication Networks , in Proceedings of the 15th International GI/ITG Conference on Measurement, Modelling and Evaluation of Computing Systems and Dependability and Fault Tolerance (MMB & DFT 2010), 2010, pp. 302–306 [38] M. E. J. Newman, The structure and function of complex networks, SIAM Review 45 (2) (2003) 167–256. [39] R. Cohen, K. Erez, D. Ben-Avraham, S. Havlin, Resilience of the Internet to random breakdowns, Physical review letters 85 (21) (2000) 4626. [40] R. Cohen, K. Erez, D. Ben-Avraham, S. Havlin, Breakdown of the Internet under intentional attack, Physical review letters 86 (16) (2001) 3682. [41] C. M. Schneider, N. Araujo, S. Havlin, and H. J. Herrman, Towards designing robust coupled networks, Scientific reports 3 (2013) 1969. [42] A Beygelzimer, G Grinstein, R Linsker, I Rish, Improving Network Robustness, in Proceedings of the first International Conference on Autonomic Computing (ICAC), 2004, pp. 322–323.

[43] N. Spring, R. Mahajan, D. Wetherall, Measuring ISP Topologies with Rocketfuel, in Proceedings of the ACM conference on Applications, technologies, architectures, and protocols for computer communications (SIGCOMM), 2002, pp. 133–145.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

1

Marc Manzano received the five-year degree in Computer Science in 2011 and the M.Sc. degree in Computer Engineering in 2012, both at University of Girona. He is currently a Ph.D. student within the BCDS (Broadband Communications and Distributed Systems) research grup of the University of Girona. His main research interests include the modeling and analysis of complex networks, the robustness of such networks under multiple failure scenarios and protection and restoration of GMPLS-based optical networks.

Eusebi Calle is an associated professor in the Department of Computer Architecture and Technology at Universitat de Girona and member of the Broadband Communications and Distributed Systems group (BCDS). His research is focused on optical networks, GMPLS, quality of service routing, protection and restoration, and large-scale failures. He has participated in several Spanish and European projects and he has published more than 80 research papers in international congresses and journals. He is also TPC member of different congresses, such as IEEE Networking, ICETE Optics, IEEE DRCN.

V´ıctor Torres-Padrosa is a postdoctoral (Juan de la Cierva) researcher and lecturer at the Department of Computer Architecture and Technology at Universitat de Girona and member of the Broadband Communications and Distributed Systems group (BCDS). He holds a PhD in Telecommunication Engineering from Universitat Pompeu Fabra in 2008. Former assistant professor at Universitat Politecnica de Catalunya and Universitat Pompeu Fabra. He has co-authored several papers published in international journals and conferences. He has acted as a reviewer for IEEE Multimedia, Computer and ETRI journal. His research interests include community analysis and reliability and robustness against large-scale failures in complex networks.

Juan Segovia received his bachelor’s degree in Computer Science from the National University of Asunci´on in 1994, and a PhD in Information Technology from the University of Girona in 2011. He is currently with the Institute of Informatics and Applications at the University of Girona, and is a member of the Broadband Communications and Distributed Systems group. His research interests include protection and restoration of GMPLS-based optical networks, and reliability against large-scale failures in complex networks.

David Harle (BSc Hons, PhD, MIET, MIEEE, CEng) is a senior lecturer within the Broadband Research Group within CIDCOM. His current research interests within the Broadband & Optical Networks group concerned with performance evaluation, design and management issues associated with current and future wireless, broadband and optical communication systems. Of particular interest are network survivability and the operation of routing protocols in multi-service environments. Dr Harle is the author of over 100 international conference and journal publications, 1 technical text book and 3 patents and undergraduate texts. He has supervised to completion of over 25 research thesis students including 3 EngD and 18 PhD students.