Security Situation Assessment of All-Optical Network Based on Evidential Reasoning Rule

It is important to determine the security situations of the all-optical network (AON), which is more vulnerable to hacker attacks and faults than other networks in some cases. A new approach of the security situation assessment to the all-optical network is developed in this paper. In the new assessment approach, the evidential reasoning (ER) rule is used to integrate various evidences of the security factors including the optical faults and the special attacks in the AON. Furthermore, a new quantification method of the security situation is also proposed. A case study of an all-optical network is conducted to demonstrate the effectiveness and the practicability of the new proposed approach.


Introduction
With the development of network demand, increasingly importance has been attached to optical fiber communication.Under such background, all-optical network (AON) in which all facilities of the communications are built on the optical fibers is developed, and it has become a trend for the future network systems [1][2][3].Some types of the all-optical network have already run in practice, such as WDM-AON [4].However, the security of the all-optical network should be paid more attention to, because the features of the optical components are very different from the electro-or electrooptical network systems.In some cases, the all-optical network is more vulnerable than other networks.Therefore, it is necessary to assess the security situations of the all-optical network.
The network security situation is a quantized value or interval which can reflect the security status [5][6][7] of the network platform.Currently, there are many approaches which can assess the network security situation, such as the hierarchical assessment model [8], multiperspective analysis model [9], and data fusion model [10].But the existing approaches still have some problems.
(1) The above assessment models lack the capacity to process the uncertain and fuzzy information.
(2) There is no security situation assessment approach for all-optical network.
In order to solve the above problems, a new approach of the security situation assessment to the all-optical network is developed in this paper.To solve the first problem, the evidential reasoning (ER) rule is used in the new approach.ER rule is proposed by Yang [11,12] in 2006, and it has been applied in many fields [13][14][15][16].The ER rule can describe the ignorance and the uncertain information in multiple attribute decision-making.
For the second problem, the assessment process of the alloptical network is very different from other network systems because of the optical components and the optical properties.Therefore, it is necessary to discuss the security assessment method for the all-optical network.In the new proposed approach, many special security factors including special attacks and optical faults are considered in order to obtain the security situations of the all-optical network.The main innovation of the presented work can be concluded as follows: (1) The security situation assessment for all-optical network is first considered in this paper.

Mathematical Problems in Engineering
(2) The proposed security situation assessment model which used ER rule can utilize the semiquantitative information and various types of uncertainty.
This paper is organized as follows.In Section 2, the problem for security situation assessment of the all-optical network is formulated.In Section 3, the assessment process based on ER rule is described, and the new quantification method of the security situation is proposed.In Section 4, a case study for assessing the security situations of the alloptical network is given, and the assessment results are analyzed.Finally, the paper is concluded in Section 5.

Problem Formulation
2.1.All-Optical Network.As mentioned above, the all-optical network is a special network where the communication nodes do not need optoelectronic conversion and switching.A simple structure of the all-optical network is described in Figure 1, where OXC denotes the optical cross-connect which is used to switch the high-speed optical signals and OADM denotes the optical add-drop multiplexer which is used to multiplex and route different optical channels in WDM systems.
OXC and OADM are significant nodes in all-optical network.They consist of optical multiplexer/demultiplexer, optical switching matrix, wavelength shifter, and node management systems.OLS in Figure 1 denotes the optical line system, which is responsible for the transmission of the optical signal.

The Security Problem of All-Optical
Network.The alloptical network is more vulnerable to hacker attacks and faults in some cases, because the features of the optical components are different from the electrical device.A concept which called survivability is proposed in [17] to describe the security ability of the all-optical network.The survivability includes two parts: fault survivability and attack survivability.The objective of the former refers to locating and restoring the faults.The objective of the latter refers to avoiding the network attacks.Based on the above concept, the security problem of the all-optical network can also be divided into two aspects: the optical faults and the optical attacks.
There are three faults which need to be considered in the all-optical network: OLT fault, OXC fault, and OADM fault, which occurred on the corresponding device.These faults can cause different effects for the all-optical network.Some faults may cause the paralysis of the network transmission.
The network attacks in the all-optical network can be divided into two types [18]: (1) eavesdrop attack which can obtain the optical signal through illegal access [19]; (2) service degradation attack which includes high-power jamming attack (include high-power jamming attack within band and out of band) [20,21], alien wavelength attack, and signal insertion attack [22].
The purpose of the proposed approach is to assess the security levels of the all-optical network through the above security factors and the ER rule.Furthermore, the quantitative security situation of the all-optical network can also be obtained.

Assess the Security Situation of the All-Optical Network by ER Rule
where    denotes the belief degree of the  basic attributes   which is assessed to the grade   , and The ER rule is used to calculate the belief degrees of all the basic attributes by aggregating the assessments.The reasoning process is described as follows [11].
(1) The Calculation of the Basic Probability Mass where the basic probability mass    refers to the degree of the basic attribute   which supports the hypothesis that the attribute is assessed to the grade   . (

2) The Calculation of the Remaining Basic Probability Mass
where the remaining basic probability mass    refers to the degree unassigned to any grade for the basic attribute   .It can be divided into two parts: where    denotes the unassigned basic probability mass which is generated because the sum of the weights is not equal to 1. m  denotes the unassigned basic probability mass which is generated because of the uncertainty of assessment.
(3) The Integration of the Evidences.Let   () be the integrate probability mass which refers to the degree of the first  basic attributes which supports the hypothesis that the attribute is assessed to the grade   .The integrate process can be described as (4) The Integration of the Belief Degree.According to the above process, the final belief degrees of the general attribute  can be obtained:

Security Situation Assessment of the All-Optical Network
with ER Rule.As mentioned above, the security situation of the all-optical network can be assessed by ER rule.The details of the process are shown as follows.
(1) The Setting of the Basic Attributes.The basic attributes of the assessment include the faults and the attacks, as shown in Figure 2.
(2) The Collection and Pretreatment of All-Optical Network Data.The data of the all-optical network should be pretreated after the collection in order to extract the assessment evidences.The pretreatment form of the input data is as follows according to Figure 2: (3) The Formulation of the Assessment Rules.In this paper, the evaluation grades are set to { 1 = excellent,  2 = good,  3 = general,  4 = bad}.Let  be the reference values of the input data, and its subscript has the same meaning as in .The assessment rules can be established through the evaluation grades, as shown in Table 1.
(4) The Feature Extraction.The features of the input data need to be extracted in order to get the belief degrees of the evaluation grades through the above assessment rules. 1 (excellent)  2 (good)  3 (general)  4 (bad) 13 = 0.9  2 13 = 0.1  3 13 = 0  4 13 = 0   13 = 0  13 = 1  1 13 = 0  2 13 = 0  3 13 = 0.1  4 13 = 0.9   13 = 0 The feature extraction can be realized through the following formula: where (  ) denotes value of the evidence   .The evidences with Boolean form cannot be used in the above equation.Therefore, the belief degrees of  11 ,  12 ,  13 should be given by experts directly, as shown in Table 2.
(5) The Assessment Process with ER Algorithm.When the belief degrees are obtained through (14), the general attribute  which denotes the security situation grades of the alloptical network can be calculated by ER rule, as described in the above section, where the weights can be given by the experts according to the experience.Note that the assessment process should be carried out layer by layer, which means that the evidences  221 ,  222 ,  223 in the bottom layer will be integrated first.(6) The Quantification of the Security Situation.The final belief degrees of the general attribute () = {(  ,   ),  = 1, . . ., } can be obtained through step (5).Let reference values of security situation be {

Case Study
In this section, the assessment of the security situation in an all-optical network platform is studied in order to demonstrate the effectiveness of the new proposed approach.An all-optical network platform as shown in Figure 1 is established, and the data as shown in ( 13) are collected within 24 hours.In order to get the assessment results of the security situations in the all-optical network, the procedure of the evidence integration should be carried out layer by layer.Take a data within 1 hour as an example; the form of the data is { 1 { 11 = 0,  12 = 0,  13 = 1},  2 { 21 = 5,  22 { 221 = 3,  222 = 1,  223 = 5}}} which means that OADM fault occurred, and there are 5 eavesdrop attacks, 3 high-power jamming attacks, 1 alien wavelength attack, and 5 signal insertion attacks within 1 hour.
Firstly, the bottom layer { 221 = 3,  222 = 1,  223 = 5} should be integrated by ER rule in order to get the assessment result of the service degradation  22 .The belief degrees of the bottom layer can be calculated by (14) according to the assessment rules, as shown in Table 3.
Let the weights of the evidences in the bottom layer be { 221 = 0.4,  222 = 0.3,  223 = 0.3}, which are given by experts.Then the basic probability mass can be calculated by (2), as shown in Table 4.
(1) Integrating Evidences in the Bottom Layer.The first step is integrating { 221 ,  222 } in the bottom layer and calculating  (222) by ( 9): And then the basic probability mass of the integrated evidences { 221 ,  222 } can be calculated by ( 5)-( 8 The above masses refer to the importance degree of the integrated evidences { 221 ,  222 } for the decision.The second step is integrating { 221 ,  222 } and { 223 } and calculating  (223) by ( 9): And then basic probability mass of integrated evidence { 221 ,  222 } and { 223 } can be calculated by ( 5)-( 8 The above masses refer to the importance degree of the integrated evidences in the bottom layer for the decision.Then the belief degrees of the evidence  22 can be obtained by (10) and (11), as shown in Table 5.
(2) Integrating Evidences  21 and  22 in the Third Layer.In this layer, the first step is calculating the belief degrees of the evidence  21 by ( 14), as shown in Table 6.
Let the weights of the evidences  21 and  22 be { 21 = 0.35,  22 = 0.65}, which mean that the service degradation attack has more threat than the eavesdrop attack.Then the basic probability mass can be calculated by (2), as shown in Table 7.
Thus, the integrating procedure of  21 and  22 can be described as follows: The above masses refer to the importance degree of the integrated evidences { 21 ,  22 } for the decision.Then the belief degrees of the evidence  2 can be obtained by (10) and (11), as shown in Table 8. the proportion of excellent level is 27.15%, the proportion of good level is 25.51%, the proportion of general level is 24.69%, the proportion of bad level is 22.64%, and the remaining belief degree is 0%, which means the that assessment is complete.It can be seen that the network managers are inconvenient to make decision by using the above assessment result.Therefore, it is necessary to calculate the quantization value of the all-optical network security situation.
(5) Calculating the Quantization Security Situation of the All-Optical Network.The quantization security situation of the all-optical network can be calculated by (15): This situation is only one of the values in 24 hours, and the complete situations are shown in Figure 3.

Conclusions
It is difficult to assess the all-optical network security situation because of the complex factors including the optical faults and the special attacks.In this paper, the ER rule which can integrate various evidences is first used to establish the assessment model of the all-optical network.The belief degrees of the security levels can be obtained by using the ER rule.But the results with belief degrees are inconvenient to make decision for network manager.Therefore, a new quantification method of all-optical network security situation is proposed.The uncertain information and the ignorance are well handled in the new proposed approach including the ER rule and the quantification method.The advantages and limitations of the proposed method in this paper can be concluded as follows: (1) The assessment method can integrate a variety of different types of characteristic factors which include quantitative data and qualitative knowledge.
(2) The assessment method is not suitable to solve the dynamic problems and need expert guidance to determine the weight of the factors.
The case study in Section 4 demonstrates the effectiveness and the practicability of the approach.

Figure 1 :
Figure 1: A simple structure of all-optical network.

Faults (e 1 )Attacks (e 2 )Figure 2 :
Figure 2: The basic attributes of the all-optical network security assessment.
a new method which can calculate the quantization value () of the security situation in all-optical network is proposed in this paper, as shown in  () =

Figure 3 :
Figure 3: The security situation of the all-optical network in 24 hours.

Table 1 :
The assessment rules of all-optical network.
12 ,  13 } ,  2 { 21 ,  22 { 221 ,  222 ,  223 }}} , (13) where  11 ,  12 ,  13 denote the three faults on the different optical components and they are Boolean forms, 0 denotes no fault, and 1 denotes fault within 1 hour. 221 ,  222 ,  223 denote the average frequency of the different attacks within 1 hour, and they are positive number.It is assumed that the maximum frequency of the service degradation is 6 times and the maximum frequency of the eavesdrop attacks is 10 times within 1 hour.

Table 4 :
The basic probability mass of the bottom layer.

Table 5 :
The belief degrees of the evidence  22 .

Table 6 :
The belief degrees of the evidence  21 .Integrating Evidences  11 ,  12 , and  13 in the Third Layer.In order to get the assessment results of  1 , the evidences  11 ,  12 , and  13 must be integrated first.As mentioned above, these evidences reflect the faults of all-optical network, and they are Boolean forms, which mean that the belief degrees are given by experts directly, as shown in Table2.The integration process of the evidences  11 ,  12 , and  13 is the same as other evidences.Let the weights be { 11 = 0.3,  12 = 0.3,  13 = 0.4}; here the assessment results are given directly, as shown in