A Cascading Failure Model for Command and Control Networks with Hierarchy Structure

Cascading failures in the command and control networks (C2 networks) could substantially affect the network invulnerability to some extent. In particular, without considering the characteristics of hierarchy structure, it is quite misleading to employ the existing cascading failure models and effectively analyze the invulnerability of C2 networks. Therefore, a novel cascading failure model for command and control networks with hierarchy structure is proposed in this paper. Firstly, amethod of defining the node’s initial load in C2 networks based on hierarchy-degree is proposed. By applying the method, the impact of organizational positions and the degree of the node on its initial load could be highlighted. Secondly, a nonuniform adjustable load redistribution strategy (NALR strategy) is put forward in this paper. More specifically, adjusting the redistribution coefficient could allocate the load from failure nodes to the higher and the same level neighboring nodes according to different proportions. It could be demonstrated by simulation results that the robustness of C2 networks against cascading failures could be dramatically improved by adjusting the initial load adjustment coefficient, the tolerance parameter, and the load redistribution coefficient. And finally, comparisons with other relational models are provided to verify the rationality and effectiveness of the model proposed in this paper. Subsequently, the invulnerability of C2 networks could be enhanced.


Introduction
With the constant evolution of information warfare, C2 networks have become the nerve center of the information warfare system in the confrontation environment.On the one hand, it is the key to the victory in the war; on the other hand, it is also the primary target during enemy attacks [1].To meet the needs of information warfare, C2 networks construct a complex network with the structure of vertical integrations and horizontal interconnections by connecting various command and control nodes [2].Moreover, it has been shown that C2 networks have the characteristics of scale-free properties, load distribution hierarchy, large gap of node importance [3], and so forth.However, the complexity of C2 networks has also increased the vulnerability of the network.In particular, if the local node has random failures or is under targeted attacks, it may significantly affect the entire network due to the cascade mechanism effect.As a result, the whole network would crash [4][5][6].Therefore, the cascading failure has become the focus of network research to improve the invulnerability for C2 networks.
The network cascading failure model with theoretical analysis was firstly proposed by Motter and Lai [7] in 2002.They focused on the cascading failures for scale-free networks and built the first cascading failure model.For concreteness, the initial load of the node is quantified according to its betweenness, and the relationship of load-capacity is linear.After that, many subsequent scholars named the cascading failure model built by Motter and Lai as the ML model.Moreover, they revealed that cascading failures are more likely to occur in the scale-free network under targeted attacks.Under this theoretical framework, scholars have carried out the research on cascading failures in the power transmission network [8][9][10], traffic network [11][12][13], Internet [14], military network [15], infectious diseases network [16][17][18], and so on.In addition, various methods of defining the initial load of the node and the load redistribution strategy are applied for different networks.Thus, the invulnerability and robustness of the network have been improved.
The major research on cascading failures includes the cascading failure model [19][20][21][22][23][24], cascade control and defense strategies [25][26][27][28][29][30], the different attack modes of cascading failures [31][32][33], and so forth.In particular, the cascading failure model is the most popular research for C2 networks cascading failures.It introduces the definition of initial load and capacity of the node, the load redistribution strategy for failure nodes, the effect of different attack strategies on network cascading failure, and invulnerability evaluation for network cascades.In most of the existing cascading failure models, the initial load of the node is defined according to its importance, compared to the previous initial load which is defined by degrees, betweenness, and its functions [30,[34][35][36].The current strategy of allocating load from the failure node is mainly based on local information, namely, allocating the load from the failure node to its neighboring nodes [6,12,20,30,33].And there are also some literature sources that allocate the load from the failure node according to global information, this is, recalculate the real-time load of each node based on the shortest path [7,37,38].Hu et al. [37] investigated model for cascading failures with adaptive defense in complex networks by considering interplay between the flow dynamic and the network topology and reallocated the load from overload nodes according the shortest-hop path, which is different form the reallocation strategy distributing the load from failure nodes to their neighbors.This research is of creativity and practical engineering value.
In the field of C2 network cascading failure research, Zhu et al. [38] constructed a C2 network cascading failure model by defining the node initial load based on betweenness.Subsequently, the load from the failed node could be redistributed according to the global routing rule.Zhang et al. [39] came up with a method to define the initial load by considering both the command level and the degree of the node, and they redistributed the load from the failure node to its neighboring nodes based on their spare capacity, which is the conventional load redistribution strategy adopted by most of the cascading models.Based on the analysis of the structure and characteristics of the campaign logistic network, an optimization model for node capacity is proposed by Li et al. [40].However, this optimization model is not applicable to C2 networks because of the campaign logistic network is random.Moreover, the cascading failure mode was established for military information grid (MIG) in [41], which introduced the cost punish function and the definition of mainstay nodes.Furthermore, the authors verified that the ability of MIG to resist cascade failure could be enhanced significantly by improving the capacity of a few mainstay nodes.Zhang et al. [42] designed the cascading failure model for C 4 ISR system structure and they proposed the method for calculating dynamic invulnerability, which focused on the description of attacking models and the calculation methods of the dynamic invulnerability.In addition, since hierarchy structure is quite common in real networks, Yuan [43] proposed a cascading failure model for the complex network with hierarchy structure.In particular, the selected hierarchy network model has a tree-shape backbone and various random hidden linkages.Thus, it is of great significance for researching the cascading failures of C2 networks.Moreover, in order to investigate the invulnerability of the interdependent network against cascading failures, an improved nonlinear load-capacity model was proposed in [35,36].Han et al. [44] constructed two-layer interdependent C2 networks by coupling two independent subnets randomly and studied its cascading failures.However, as a result of a typical WS small word and BA scale-free network, the subnet does not comply with the structural characteristics of C2 networks.Wang et al. [45] established a cascading model for the functionally identical coupled network.In addition, they studied the invulnerability of two coupled scale-free networks, two coupled random networks, and scale-free networks.However, these coupled networks are inconsistent with the characteristics of C2 networks.
Some achievements have been made in the research of cascading failures in complex networks and C2 networks.However, these cascading failure models do not consider the characteristics of strict command hierarchy in C2 networks.Therefore, there are two major limits in these models.On the one hand, there is no relationship between the command hierarchy and the degree; the top command nodes are in the most essential positions according to the hierarchical characteristic of C2 networks, but their degrees and betweenness are not as maximized as we expect.Furthermore, the betweenness of leaf nodes at the bottom is zero.Thus, it is inaccurate to indicate the initial load of the node in C2 networks by node importance, such as degree, betweenness, or simply its function.On the other hand, the C2 network studied in this paper is an abstract of the command relation network based on the military organizational system, rather than the communication infrastructure network.There are various command relationships in C2 networks, which include steplevel command, leapfrog command, and cooperative command.Each node in C2 networks has its own organizational position and engagement capability; this is, the capacity of each node matches its organizational position.Therefore, the low-level command nodes cannot bear the load or function from the high-level nodes.In that manner, it is quite difficult to apply the conventional load redistribution strategy to C2 networks.Inspired by the above discussion, in this paper, a cascading failure model for C2 networks with hierarchy structure is proposed.Compared with the existing results, the main contributions of this paper are concluded as follows: (i) a novel cascading failure model for C2 networks with hierarchy structure is proposed in this paper.(ii) Based on hierarchy-degree, a method of defining the initial load of the node in C2 networks is proposed.By changing the initial load adjustment coefficient, the impact of organizational positions and degree of the node on the initial load and the network invulnerability could be adjusted.(iii) A nonuniform adjustable load redistribution strategy (NALR strategy) is put forward in this paper.In particular, adjusting the redistribution coefficient could allocate the load from failure nodes to the higher and same level neighboring nodes based on different proportions.(iv) We investigated the influence of model parameters on the cascading failure in C2 networks, and the results show that optimal model parameters could enhance the invulnerability of C2 networks.Moreover, the comparisons with other relational models are provided to verify the rationality and effectiveness of the model proposed in this paper.(v) The cascading failure model proposed in this paper would better reflect the network invulnerability against both failure and attack, and it provides a theoretical basis for designing and optimizing the structure of C2 networks.
For the convenience of our narration in this paper, we built a C2 network with reference to [2,3,34,44], the process is epitomized as follows: The establishment of C2 networks must meet the operational needs and follow the objective laws of the military commanders.And the performance of this law on network model is that the C2 network has a reasonable span and hierarchical structure.The command hierarchy refers to the number of vertical hierarchical structures in C2 network, and the span refers to the number of subordinate command nodes subject to a superior command node.Following the above basic law, the command entities are abstracted into nodes, and the relationships between entities are abstracted as edges, so the command and control system is abstracted into a C2 network.For a given C2 network,  = (, ) described by the sets of nodes  and links .More specifically,  = {V 1 , V 2 , . . ., V  } describes the set of all levels of command entities, and the total number of nodes is n;  = { 1 ,  2 , . . .,   } describes the different organizational relationships, which include command relationships and cooperative relationships, and the total number of links is .Furthermore, the command relationship includes step-level command and leapfrog command.Meanwhile, the cooperative relationship contains internal and external collaboration.For those nodes at the same level, if there is a cooperative relationship between two nodes, then there is a link between them; otherwise, there is no link.For those command nodes at different levels, if there is a commanding relationship between two nodes, then there is a link between them; otherwise, there is no link.Obviously, there is at most one link between any two nodes.
The rest of the paper is organized as follows: Section 2 describes the cascading failure model and the dynamic process in detail.In Section 3, we investigate the effect of the model parameters on C2 networks invulnerability and compare this cascading failure model with other five models.Experimental validation and results are given.Finally, the conclusion of this paper is presented in Section 4.

Definition of Initial Load and Capacity of the Node.
Most of the existing cascading failure models directly quantify the initial load of the node according to its degree or betweenness; this quantification method is suitable for telecommunication network, power grid, or social network.However, the C2 network studied in this paper is an abstract of the organizational relationship network based on the military organizational system, rather than the communication infrastructure network.For example, five brigades were subject to a division, and four regiments were subject to a brigade.The load in the model represents the campaign assignment, rather than the information flow.Moreover, due to the obvious hierarchy structure in C2 networks, the nodes at different levels have distinguished importance.In addition, as a result of the leapfrog and collaboration command relationship, there is no obvious relationship between the command hierarchy and degree; the degree is not necessarily bigger when the command hierarchy of a node is higher.
Similarly, the degree of node in lower layer is not necessarily small.Therefore, the method of quantifying the initial load according to node's degree or betweenness is not suitable for the C2 networks.It is necessary to introduce the command hierarchy to define the initial load and capacity of the node.Therefore, a hierarchy-degree based method of defining the node's initial load in C2 networks is proposed in this paper.Moreover, this method considers the topology of the network and the organizational position of the node.The initial load   (0) of the node V  could be expressed as where   and   represent the degree and the command hierarchy of the node V  ,  represents the total command hierarchy of the C2 networks, , , and  denote the initial load adjustment coefficients, which control the effect of node degrees and organizational positions on the initial node load, ,  ∈ [0, ∞) and  ∈ [0,1].In addition, the hierarchy of initial load could be adjusted by 1 − .
In particular, a larger value of 1 −  would lead to a higher proportion of the network hierarchy in the load definition.Consequently, the hierarchy of the network load distribution would become more obvious.When  = 0, the initial load of the node could be defined according to the node's organizational position.However, when  = 1, it has been shown that the initial load of the node could only be affected by degrees, regardless of its organizational position.
The capacity of the node is determined based on the ML model.Assume that the capacity   of node V  is linearly proportional to its initial load   (0).Therefore, it could be expressed by where  ≥ 0 is the tolerance parameter, which measures the node capacity surplus and indicates the network cost.It could be observed that a larger value of  would indicate a bigger capacity surplus and a stronger ability to bear the load for the particular nodes.Therefore, a higher cost of the node and network implies stronger invulnerability of the C2 networks.

Normal node
Overload node Failure node

Leapfrog command
External collaboration

Internal collaboration
Step-level command Figure 1: The illustration of the load redistribution for the failure node.

Load
Redistribution for the Failure Node 2.2.1.Load Redistribution Process for the Failure Node.C2 networks have a strict hierarchical structure.In other words, in accordance with certain rules, the load from failure nodes could be distributed to the nodes at the same or upper level.On the contrary, the lower command node could not fully share the load from the upper node, which causes the failure node to reallocate the load to the entire network.Therefore, only the redistribution to the same or higher level is discussed in this paper and the redistribution process could be demonstrated in Figure 1.
If any command node V  failed, it shows that the current combat unit cannot complete the existing campaign assignment independently, or the combat unit no longer has the ability to accomplish the task.Thus, it needs to assign the current campaign assignment to other combat units.Each node in C2 networks has its own engagement capability, which matches its organizational position; lower-level command nodes may not be able to assume the load or function of higher-level nodes, and the low-level command nodes cannot bear the load or function from the high-level nodes.Thereofe, the load on the V  would only be transferred to the neighboring nodes at upper and same levels (red real arrows in Figure 1).In particular, the higher or the same level nodes V  ( = 1, 2, 3, . . .;  = , , , . ..) receive the incremental load Δ → from the failure node V  .For example, if the node V  fails, its immediate subordinate node V 3 ∼ V 3 would accept the leapfrog command from the upper-level node V 1 or accept the transfer command from the same level nodes V 2 and V 2 .However, the concrete application cases shall depend on the actual battlefield environment and the combat missions.
After the neighboring node V 2 bears the load from the failure node, its real-time load  2 ( + 1) could be expressed as where  2 () denotes the load of the node V 2 at the previous time.If the load of the node V 2 exceeds its capacity limit, that is, the node V 2 would also fail, which triggers the cascading failure process and causes a new round of load redistribution (red dashed line in Figure 1).Otherwise, if   <   , the node V  would not fail.To identify the failure nodes, comparisons between the real-time load and the capacity are carried out for each node, until there is no failure node in the network.

Nonuniform Adjustable Load Redistribution Strategy.
Based on the redistribution process for the failure node mentioned above, it could be observed that load from the failure node could not be efficiently allocated to its neighboring nodes due to the strict hierarchical characteristics of the C2 networks.Therefore, a nonuniform adjustable load redistribution strategy is proposed in this paper, which allocates load from the failure node to the neighboring nodes at the higher and the same level only.In other words, given any failure node V  , its load   would be allocated to the nonfailed nodes at the higher and same level.This process is based on the proportional coefficient (  , ,  , ), which could be expressed by where Γ  denotes a set of nodes connected to the failure node at the same level, Γ  denotes a set of nodes connected to the failure node at the upper level,   and   represent the capacities of the neighboring nodes at the corresponding level, and  ∈ (0, 1) is the load redistribution coefficient.In particular, a larger value of  would increase the possibility of allocating the load to higher-level nodes.When Γ  = ⌀ and Γ  ̸ = ⌀, the failure node has no neighboring node at the same level and the load could only be allocated to the neighboring nodes at the higher level.When Γ  ̸ = ⌀ and Γ  ̸ = ⌀, the failure node has neighboring nodes at both the same and higher level, and the load would be allocated based on the command ability of upper-level nodes and the cooperative strength of same level nodes.When Γ  ̸ = ⌀ and Γ  = ⌀, the failure node has no neighboring nodes at the upper level, and the load could only be allocated to the neighboring nodes at the same level.Therefore, the model above takes both the impact of the step-level command ability and the cooperative strength on the load distribution of the failure node into consideration.Furthermore, the weight of influencing factors could be adjusted based on the coefficient .
Based on the load distribution strategy for failure nodes mentioned above, any neighboring node V  at the same or upper level for the failure node V  would get the incremental load Δ → , which could be shown as Due to the load distribution of the failure node, the load of all nonfailed nodes in the network would be updated for one time.If the load and capacity of the node V  satisfy (4), it would indicate the failure of the neighboring node V  , which causes a cascade failure process as demonstrated in Figure 1.

Invulnerability Measures for Cascading Failures.
In this paper, the node survival rate is employed to measure the invulnerability of C2 networks.Moreover, the measure of node survival rate  is defined as follows [6][7][8]11]: where  denotes the number of nodes in the network at the initial time and   denotes the number of nodes working normally in the network after the termination of a cascade failure.With the consideration of cascading impacts, it could be observed that a larger  would imply less damage caused by the attack on the network.Therefore, the network would perform with better invulnerability.However, the above indicator evaluates the network ability of resisting cascade failures only in terms of the number of survived nodes in the network.Apparently, they do not consider the ability of bearing the load for each node after each cascade.To tackle this problem, the network bearing capacity  is presented in this paper, which measures the cascade invulnerability of C2 networks.Moreover, it could be calculated by where   and   represent the real-time load and initial capacity of the node V  ,  denotes the set of nonfailed nodes, and Con  denotes the sum of initial load for all nodes in C2 networks.It could be observed that a larger value of  would improve the efficiency of the load redistribution strategy.Meanwhile, the cascade effect caused by the failure nodes would become weaker and the invulnerability of C2 networks would be improved as well.

Experimental Results and Analyses
Figure 2 illustrates a typical C2 networks model, which is constructed to verify the validity and feasibility of the cascade failure model with the hierarchical structure.In this experiment, the network command level is  = 5, the span is  = 4, and the total number of nodes is  = 453, with 85 command nodes (red circles), 256 fire strike nodes (blue triangles), and 112 sensor nodes (green boxes).
It has been extensively verified that the C2 network is a scale-free network [46], in which the majority of nodes have smaller degrees compared to a few nodes with high degrees.Figure 3 demonstrates the degree distribution of the C2 networks constructed in this paper.It could be identified from the figure that the node degree has the scale-free characteristic in this model, which is consistent with the literature [46].Therefore, it implies that the C2 networks model established in this paper is appropriate.

Effect of Coefficient 𝛼 on the Network Invulnerability.
In the C2 networks with the initial load adjustment coefficient , parameters  and  are initialized as 1 in order to analyze the variation trend of the initial load of the node.When the coefficient  changes values from the set {0, 0.25, 0.5, 0.75, 1}, the distribution of initial load for node could be collected and shown in Figure 4.
It could be observed from Figure 4 that when  = 0, the initial load of each node is determined by its level.In other words, the initial load of each node is positively correlated with the node level.In addition, the load curve demonstrates a significant hierarchical characteristic for the C2 networks.When  = 1, the initial load of each node depends on the node degree only, which does not depend on its level anymore.In this case, the load distribution demonstrates no hierarchical characteristics for the C2 networks.When 0 <  < 1, the initial load of each node is determined by the node degree and its hierarchy.In particular, the smaller value of  would imply the more obvious hierarchy of the initial load.However, because of the differences in topology, the initial load of each note at the same level is different.Consequently, the value of  could never be set to 0. When  > 0.75, there is no obvious hierarchical characteristic for the initial load.When 0 <  < 0.75, the initial load of C2 networks demonstrates obvious hierarchical characteristics, which is consistent with the characteristics of C2 networks.
In order to analyze the impact of the coefficient  on network resistance-cascading failures, some analyses of C2 networks under attacks are carried out.In particular, the invulnerability is measured by both the node survival rate  and network bearing capacity , and the other coefficients are initialized as  =  = 1,  = 0.15,  = 0.5.Figure 5 shows the changing trend of cascading invulnerability in C2 networks along with attacking ratios for different values of , where 50 rounds of simulations and average calculations are carried out.
It could be observed from Figure 5 that the network performance declined gradually with the increase in the attack ratio .In particular, when  > 0.2, almost all nodes in the C2 networks failed as a result of the cascading effect.When the coefficient  is small, the initial load and capacity of the node are mainly determined by the hierarchy.Moreover, these nodes with big degree could not acquire large capacity, so they might fail as a result of receiving excessive load in the cascade process.When the coefficient  is large, the initial load and the capacity of the load are mainly determined by the degree.In that case, the high-level nodes with small degrees are more likely to fail because of overloading.Meanwhile, the cascade process would be transported to the high level, and the failure scale will increase.Therefore, when the coefficient  in (1) reaches the threshold value   , the C2 network has the strongest ability to resist cascade failures.It could be observed from Figure 6 that with the variation of the coefficients  and , there is no obvious monotony in the node survival rate and the node bearing capacity.Meanwhile, when both  and  are larger than 1, the robustness of C2 networks against cascading failures would be improved significantly.Tables 1 and 2 show the largest four sets of data.

Effect of Coefficients
It could be concluded that when the other parameters are constant, the optimal values of  and  would better reflect anti-cascade failure ability for C2 networks.In particular, under the current parameter setting, the corresponding optimal values of (, ) are (1.34,1.67) and (1.28, 1.56), which are calculated by the weighted average method when the indices  and  reach maximum.

Effect of Coefficient 𝜂 on Network Resistance-Cascading Failures.
To analyze the impact caused by the load redistribution coefficient  on C2 networks resistance-cascading failures,  and  are still employed to measure cascading invulnerability of C2 networks.The value of the coefficient  is chosen from the range [0, 1] and the other parameters are initialized as  = 0.25,  = 0.15,  = 1.3,  = 1.6,  = 0.15.According to the analysis of Figure 7(a), the network invulnerability improves gradually with the increase in the coefficient .It could be concluded that it is more likely to allocate the load to the higher node with a larger value    of .Furthermore, nodes at the higher level have a large overload capacity and they could carry more additional load.Subsequently, the destructiveness of cascading failures could be reduced and the "avalanche" phenomenon could be prevented.Moreover, even if the nodes at the upper level fail due to the excessive load, the failure node would continue to allocate the load to the nodes at the higher and same level based on the load redistribution strategy.In that manner, the cascade propagation could be suppressed by applying the load redistribution strategy proposed in this paper.Although the capacity of the high-level node is large, it also has an upper limit.In particular, when  is larger than the threshold Security and Communication Networks   = 0.75, the nodes at the higher level may easily fail because of the additional load from failure nodes at the low level.Thus, the network invulnerability would no longer change with the change of the coefficient  at the end.
A comparison analysis of Figure 7(b) is carried out, which shows that the network invulnerability would be improved gradually with the increase in .On the one hand, when the coefficient  is small, there is no significant change in the ability of C2 networks to resist cascade failure.It could be observed that the cures in Figure 7(b) almost coincide when  = 0.10 and  = 0.25.On the other hand, when  is too large, more load will be assigned to the nodes at the higher level.The excessive load would ultimately cause failures in upper node, which implies that it is not always better to increase the coefficient .

Effect of the Tolerance Parameter 𝛽 on Network Cascading Invulnerability.
To analyze the effect of the tolerance parameter  on network invulnerability, G and  are employed to measure the cascading invulnerability for C2 networks.Moreover, the value of the coefficient  is chosen from the range [0, 1], and the other parameters are initialized as  = 0.25,  = 1.3,  = 1.6,  = 0.80.It could be observed from Figure 8(a) that the overload capacity of each node would increase with the increase in tolerance parameter .Consequently, the damage caused by cascading failures could be gradually reduced.Moreover, by analyzing the invulnerability indices  and , it could be concluded that the C2 network has better anti-cascade failure abilities with  = 0.65 and 0.7.
A comparison analysis of Figure 8(b) is carried out, which implies two major conclusions.On the one hand, when the tolerance parameter  is constant, two different invulnerability measure curves demonstrate a decreasing trend with the increase in the attacking ratio .Therefore, the network performs with worse invulnerability.On the other hand, the network invulnerability increases with the increase in the coefficient  and decreases with the increase in the attack ratio  for the same measure.In addition, it could be observed that a larger value of coefficient  would enlarge the overload capacity of the node and enhance the ability of C2 networks to resist cascade failure.However, increasing the value of the tolerance parameter could increase the cost of nodes and network construction at the same.Therefore, the tolerance parameter should not be very large in practice.

The Comparisons with Other Relational Models.
After analyzing the effect of each parameter in the cascading failure model on the invulnerability of C2 networks, the optimal value of each parameter is fixed.And the simulations in Figure 9 show the effects of initial load quantification methods, load redistribution strategies for the failure nodes, and the cascading failure models on C2 networks.Firstly, the influence of initial load quantification methods for the cascading failure in C2 networks is compared and analyzed under the condition that the load from failure node is allocated according to NALR strategy proposed in this paper;  and  are employed to measure the cascading invulnerability for C2 networks.Figure 9 shows the trend of C2 networks cascading invulnerability with different initial load quantification methods, and many rounds of simulations and average calculations are carried out.
By comparing and analyzing the influence of three different load quantification methods on C2 networks invulnerability, the following main conclusions can be reached: (1) In the above three initial load quantization methods, with the increase in the number of important nodes removed, the scale of the failure nodes increases.(2) Compared with the load quantization method based on the degree, the hierarchy-degree method proposed in this paper can make the network better against cascading failure, while the initial load definition based on the level can make the C2 networks have the best ability to resist cascade failure.This is because the NALR strategy allocates load from the failure node to the neighboring nodes at the higher and same level only and thus prevents the cascade failure propagation from highlevel nodes to low-level nodes.Although the hierarchy based method of quantifying the node's initial load makes C2 networks better against cascading failure, it leads to the first failure of high-level important nodes, which is not what we expected in the actual network.And what is more, the hierarchy based method of quantifying the node's initial load makes all nodes at the same level have the same initial load, which is inconsistent with the actual situation.Therefore, it is not feasible to define the initial load of the nodes based entirely on hierarchy.
In order to verify the effectiveness and superiority of NALR strategy, which is compared with the conventional load redistribution strategy based on the spare capacity of neighboring nodes,  and  are still employed to measure cascading invulnerability of C2 networks.Figure 10 shows the trend of C2 networks cascading invulnerability with different load redistribution strategies.
Obviously, compared with the conventional strategy, the C2 network has better ability to resist cascade failure when adopting the NALR strategy proposed in this paper.The reason is that the load of high-level node is relatively large; conventional strategy allocates the load from high-level failure nodes to the lower-level neighboring nodes, which causes more nodes to fail at low layer, because there is a lack of enough spare capacity to absorb the extra load.However, NALR strategy redistributes the load from failure nodes to the higher or same level neighboring nodes, which have larger spare capacity than the lower-level nodes, and they can absorb the extra load, reducing the failure scale.Therefore, the NALR strategy proposed in this paper is more effective and advanced than the conventional strategy.
Furthermore, five kinds of cascading failure models in other literature sources, which adopted conventional load redistribution strategy, are compared with the cascading failure model proposed in this paper.The five relational models are as follows: (i) The cascading failure model is proposed in this paper; more details are available in Section 2.
(ii) The initial load of the node is quantified according to its degree, and the load-capacity is linear [6,12,20,30,31,44,45], which are expressed as follows: where  and  are tunable parameters,   is the degree of node V  ,  > 1 is the tolerance parameter (equivalent to (1 + ) in formula (2)).
(iii) The initial load of the node is quantified according to its degree, and the relationship of load-capacity is nonlinear [35,36,47].This model is expressed as follows: where  ≥ 0 and  ≥ 0 are tunable parameters.(iv) The initial load of the node is quantified according to the node's own degree and its neighboring nodes degree [30]; the relationship between the load and the capacity is nonlinear.This model is expressed as follows: (0) = (  ∑ ∈Γ    )    =   (0) , (11) where  is a tunable parameter.
(v) The initial load of the node is quantified according to its betweenness [7,38], and the relationship of load-capacity is linear.This model is expressed as follows: (0) =     =   (0) , (12) where   is the betweenness of node V  .
(vi) The initial load of the node takes a random number in the range [ min ,  max ]; the relationship between load and capacity is linear, which is common in epidemic spreading models [16,18].The initial load and capacity formulas are expressed as follows: (0) = rand ( min ,  max )   =   (0) , (13) where [ min ,  max ] is the range of random values.
Figure 11 shows the relationship between the network invulnerability and attacking ratio  in different cascading failure models, where many rounds of simulations and average calculations are carried out.
According to the comparison and analysis of Figure 11, the main conclusions are as follows: (1) No matter what kind of cascading failure model, the invulnerability of C2 networks decreases as the attacking ratio  increases.( 2) Model (v) has the worst ability to resist cascading failure.The main reason is the hierarchy structure of C2 networks; the high-level nodes are in the network center, and their betweenness are very large; while the low-level nodes are at the network edge, their betweenness is very small.In the whole C2 networks, the range of nodes betweenness is huge, which results in uneven distribution of initial load and capacity.Therefore, the network is extremely fragile to deliberate attacks, which can easily lead to the collapse of the whole network.(3) The cascading failure model proposed in this paper has the best ability to resist cascading failure among the other five models, which is due to the hierarchy-degree based method of defining the node's initial load and the NALR strategy.Compared with conventional load quantization methods, the hierarchy-degree based method proposed in this paper can more strictly distinguish and accurately define the node's initial load in C2 networks.In addition, the NALR strategy can suppress cascading failure propagation and reduce the failure scale.The above analysis also shows that the initial load quantization method and the load distribution strategy have a great influence on the invulnerability of C2 network.

Conclusions
In the research of invulnerability for cascading failures in C2 networks, it is necessary to define the reasonable initial load of the node and redistribute the load from failure node.Subsequently, the ability of C2 networks to resist cascading failures could be effectively enhanced, and the invulnerability of C2 networks could be improved too.In this paper, a novel cascading failure model for C2 networks with hierarchy structure is proposed.Moreover, a level-degree based method of defining the initial load and a nonuniform adjustable load redistribution strategy are introduced in

Figure 4 :
Figure 4: The initial load of the node varies with the coefficient .
and  on the Network Ability to Resist Cascade Failures.To analyze the impact of initial load adjustment coefficients  and  on the ability to resist cascading failures, the values of the coefficients  and  are chosen from the range [0, 2].And the other parameters are fixed with  = 0.25,  = 0.15,  = 0.5,  = 0.15.

Figure 6
demonstrates the trend of C2 networks cascading invulnerability with different coefficients  and , where 50 rounds of simulations and average calculations are carried out.

Figure 7 (
a) shows the trend of C2 networks cascading invulnerability with different coefficients , where 50 rounds of simulations and average calculations are carried out.Meanwhile, Figure7(b)shows the relationship between the network invulnerability and attacking ratio  with different coefficients .

Figure 5 :
Figure 5: The relationship between the invulnerability and the coefficient .

Figure 6 :
Figure 6: The relationship between the invulnerability and the coefficients  and .

Figure 7 :
Figure 7: The relationship between the invulnerability and the coefficient .

Figure 8 (
a) shows the trend of C2 networks cascading invulnerability with different coefficients , where 50 rounds of simulations and average calculations are carried out.Meanwhile, Figure 8(b) demonstrates the relationship between the network invulnerability and attacking ratio  with different coefficients .

Figure 8 :
Figure 8: Network invulnerability varies with the tolerance parameter .

Figure 10 :
Figure 10: The relationship between the invulnerability and the load redistribution strategies.

Table 1 :
The value of  and  when G is maximum.

Table 2 :
The value of  and  when  is maximum.