Calculation of the Behavior Utility of a Network System: Conception and Principle

Abstract

The service and application of a network is a behavioral process that is oriented toward its operations and tasks, whose metrics and evaluation are still somewhat of a rough comparison. This paper describes scenes of network behavior as differential manifolds. Using the homeomorphic transformation of smooth differential manifolds, we provide a mathematical definition of network behavior and propose a mathematical description of the network behavior path and behavior utility. Based on the principle of differential geometry, this paper puts forward the function of network behavior and a calculation method to determine behavior utility, and establishes the calculation principle of network behavior utility. We also provide a calculation framework for assessment of the network’s attack-defense confrontation on the strength of behavior utility. Therefore, this paper establishes a mathematical foundation for the objective measurement and precise evaluation of network behavior.

Content

《1. Introduction》

1. Introduction

To achieve precise evaluation of a system or project, it is vitally important to establish a quantitative evaluation index system and a corresponding accurate metric value. Utility is a fundamental metric indicator for characterizing the performance of systems or projects, and is widely used in various kinds of assessment for systems or projects at different levels. In normal physical systems, utility is an "energy” characteristic, which can be computed comprehensively by applying physical principles and parameters. However, it is difficult to characterize the utility of systems that are established on logical association, behavioral evolution, and reasoning [1]. In general, the assessment of such systems is currently limited to rough comparative calculations [2].

《1.1. Behavior utility is a descriptive form of system functions》

1.1. Behavior utility is a descriptive form of system functions

Behaviors [3] are usually interpreted as mannerisms that are manifested and controlled by thoughts, whose existence relies on specific scenarios. Behavior [4] is a kind of action that causes an object to change its present state under rational drives. Locomotory movements of the components of the scenery from one state to another result from the behavioral action. The action of compound behaviors and the resulting locomotory movements comprise behavior utility.

A system [5] is a combination of three elements interacting with each other: environment, structure, and function. There is a close relationship between system behaviors and the elements in a system. A behavioral scene is made up of the connection between the system and its environment, and the structure of the connections of the components of the system. System behavior produces interaction between structures, and integrates the environment with the structure. A system function is property and ability that is exhibited by the interaction between the system and the external environment, and can be described by system behavior utility.

《1.2. Using network behavior utility to describe network services and applications》

1.2. Using network behavior utility to describe network services and applications

A network is a virtual space that performs all kinds of operations and tasks. In a network system, the network objects consist of various hardware and software equipment, along with information processes that support the operations and tasks. The acquisition, transmission, processing, storage, and sharing of network information comprise network behavior, and the performance of the operations and tasks of network behavior comprises the network behavior process. Any network behavior occurring in a network scenario consists of all the components and systems that are providing digitized information (including various hardware and software devices, sessions of information processes, and so on).

Various features of network services and applications are manifested by the evolution of various network behaviors that are oriented toward the objectives of the tasks. In essence, a network application system is intended to implement network behavior organization and control. Thus, the characteristics of network services and applications [6] can be described in terms of behavior utility.

With the aim of calculating the behavior utility of a network system, this paper uses the concept of the differential manifold [7] and tensor analysis [8], to provide mathematic definitions and descriptions of network behavior, behavior path, and behavior utility. The calculating method and the principle of network behavior utility proposed here are based on differential geometry [9–12]. We also provide a calculation framework to measure the network attackdefense confrontation, thus, we offer a mathematical foundation for the quantitative measurement and evaluation of network behavior.

《2. Concepts of network behavior utility》

2. Concepts of network behavior utility

Suppose that various types of objects in a network form a nonempty set A, and that A satisfies the following constraints:

• A contains at least two different elements; and

• The elements in A are interrelated in a certain way.

Then A is called a network system, and the elements of A are the components of the network system.

A network scenario is described as a network logical topology with nodes and connections that can be represented as a multidimensional weighted graph in mathematics. For the special multidimensional weighted graph of a network scenario, the network behavior can be described as a transformation connecting points, lines, surfaces, bodies, and other information. The conducting of network service and tasks can be described as a process that compounds the above transformation processes.

2.1. Differential manifolds of network scenarios

An affine space can be established based on the network logic topology. The mapping between different elements in set A can be established as follows:

where is the m-dimensional vector space. The mapping maps any pair of ordered points p, q in A to a vector , which satisfies the following conditions:

Hence, a network scenario based on the network logic topology can be described as an m-dimensional affine space, and the scenario of a particular network behavior is a subspace of an m-dimensional affine space. Thus, a network scenario can be described as a differential manifold. In other words, the network logic topology corresponding to the network scenario and its added attributes can be described as m-dimensional differential manifolds.

Suppose a network scenario is an m-dimensional smooth differential manifold M; we can then build a differential geometry description for scenarios, states, and utilities in the network space, as shown in Fig. 1.

《Fig.1》

Fig. 1. Scenario, behavior, state, and utility of the differential geometry description.

Thus, we can give a basic definition and a mathematical description of network behavior, behavior path, and behavior utility based on the differential manifold.

《2.2. Network behavior and behavior path》

2.2. Network behavior and behavior path

Definition 2.1: Behavior refers to a homeomorphic transformation from one covering to another in the differentiable manifold of the scenario.

Suppose φ: M→M is a smooth homeomorphic mapping of smooth manifold M to itself; then φ is called a behavior of M. A behavior from a ∈ M to b∈M establishes a path space ΩM(a,b):

The self-homeomorphic mapping of each point on the path space ΩM(a,b) can be described as a transformation. Transformations of all points on ΩM(a,b) can be combined into a transformation group called a behavior transformation group.

The homeomorphic transformation from a∈M to b∈M forms a segmented smooth directional curve connecting a; b∈M in the path space ΩM(a,b), as shown in Fig. 2.

《Fig.2》

Fig. 2. Behavior, behavior path, and displacement.

Definition 2.2: A behavior path is a directed segmented smooth curve that connects the starting point and the ending point of the behavior transformation.

For a behavior path connecting a; b∈M

where ρ is referred as the behavior path curve. Any point on the path curve is called a point position, and t∈[0,1] is called the point position parameter.

For any point position on the behavior path, the transformation will cause the point to make an instantaneous movement along the behavior curve path. A behavior path has the following properties:

(1) Parallel movement of the point position. The movement of any point position on the behavior path occurs simultaneously with a parallel movement on the tangential field of the path curve ρ.

For each point position of the path curve, the instantaneous velocity is the tangent of the path curve at that point, and the direction of the instantaneous movement is the instantaneous velocity direction of the point position. Thus, in the tangent space of the differential manifold M, there exists a vector field paralleling the tangent of the path curve. Furthermore, the movement along the path curve can be described as a parallel movement on the vector field.

The parallel movement of the point position establishes the linear isomorphism of the tangent space T_ρ(0)M and the tangent space T_ρ(t)M along the path curve ρ.

(2) Uniqueness of the parallel vector field. There exists a unique vector field, which parallels the tangent of the behavior path curve on the differential manifold.

For path curve described in Eq. (3), we define v₀ as the velocity (i.e., tangent vector) of the path curve ρ at point a (t = 0). Thus, on the manifold M, we can determine the only tangent vector field v(t) parallel to the tangent vector along the path curve based on the starting point moving velocity v₀ of the behavior path. As a component of v(t), vⁱ(t) is the unique solution to the following homogeneous linear ordinary differential equations:

where ; X is the tangent vector field; i, j, and k are the indexes of coordinate component; and is the Christoffel symbol of the point ρ(t).

《2.3. The action and utility of network behavior》

2.3. The action and utility of network behavior

The instantaneous movement of the point changes with the homeomorphic transformation at any point in the behavior path, thus allowing the action of the behavior to be defined.

Definition 2.3: The action of a certain point on the behavior path is the transformation changing the movement state of the point.

An infinitesimal neighborhood is chosen at any point on the differential manifold M. Then the change of the instantaneous velocity at this point position can be described as the total derivative of the instantaneous velocity to the point position parameter. When the point position is limited to the behavior path, the change of the movement state is reflected as the change of the instantaneous movement velocity of the point position in the parallel vector field. Therefore, the action of a certain point position on the behavior path can be described as follows: the total derivative of the instantaneous velocity of the point position to the point position parameter on the behavior path—that is, the covariance derivative of the tangent vector of the parallel tangent vector field at the point position of the path curve.

At any point position of the differential manifold, the covariance derivative is a smooth vector on the manifold M. Thus, the point position on the behavior path is called the point of action, the direction of the covariance derivative is called the direction of action, and the length of the covariance derivative vector is called the action magnitude.

Each point of action on the differential manifold behavior path produces an instantaneous velocity value based on the instantaneous movement speed, thus forming the differential element of utility at that point.

Definition 2.4: The differential element of utility at a certain point on the behavior path is the dot product of the action vector and the infinitesimal motion vector at that point.

The cutting line vector between two mobile points is formed by any action of the point along the path of action, which is called the movement vector of the action. If we denote the action of the behavior (described in Eq. (4)) of the path at ρ(t) point as D[v, ρ'(t)] and the infinitesimal movement vector under the action of the point ρ(t) as ds_ρ(t), then the action utility of point position ρ(t) is:

Therefore, dE_ρ(t) is a scalar that is independent of the selection of the localized coordinate system of the manifold because the m-dimensional smooth manifolds M, D[v, ρ'(t)], and ds_ρ(t) are both m-dimensional vectors.

Definition 2.5: The behavior utility is the sum of the action utility of all points on a behavioral path.

Because the action utility at any point is a scalar, the behavior utility on a continuous behavior path is the normal integration of the action utility in the range of parameters.

《3. Calculation principles of network behavior utility》

3. Calculation principles of network behavior utility

The fixed reference coordinate system (O; χ^₁; χ²; ..., χ^m) is chosen on a differential manifold M. For any point position ρ(t) on it, the vector r of the coordinate value xⁱis a function of the point parameter t:

The derivative of t is calculated and expressed with the Einstein summation convention as follows:

where g_i is the instantaneous covariant basic vector at the point position at time t, and can be expressed as follows:

Thus, when the point position parameter changes from t to (t + dt),

where describes the movement vector of the point position ρ(t) on the differential manifold M (Fig. 3).

《Fig.3》

Fig. 3. The motion vector of the point ρ(t)

Thus, v(t) determines the tangent vector field on a differential manifold-that is, the movement vector field M over the point position ρ(t)

《3.1. Calculation of the action of network system behavior》

3.1. Calculation of the action of network system behavior

The tangent vector of the path curve ρ at point position ρ(t) is denoted by ρ(t), which satisfies

Suppose u(0)=v(0) is the tangent of path curve denoted by Eq.(3) at the point position p (t = 0). v(t) is the tangent vector field that is determined by Eq. (4) and parallel to the tangent of the path curve on M. Then, at the point position ρ(t), u(t) and v(t) have the same instantaneous covariant vector,

Derive the derivative of t

where l is an coordinate component; is the Christoffel symbol, which satisfies

Thus, the total derivative of the vector component uⁱ for the parameter t is:

where the first term reflects the variation of the component uⁱ with the parameter t, and the second term reflects the change in the instantaneous basic vector due to the change in the point caused by the point position movement.

In Eq. (13), is the covariance derivative of g_i(t) on ρ'(t). Since g_i（t）is the parallel movement of g_i along ρ, we have

According to Eqs. (13) and (15), the action of point position ρ(t) on the behavior path is

where u(t) is the tangent vector of the behavior path curve ρ at the point ρ(t), and g_i is the instantaneous covariant vector of the point position at time t.

Therefore, for any point position ρ(t) on the behavior path curve ρ, Eq. (16) gives the calculation of the action D[v,ρ'(t)] at the point position.

《3.2. Calculation method for network system behavior utility》

3.2. Calculation method for network system behavior utility

The tangent vector of the path curve ρ is

When ρ'(t), the corresponding point is the critical point; when ρ'(t)≠0, the corresponding point is a regular point on the curve. If all points on the curve are regular points, the curve becomes a regular curve.

The critical point is the cutoff point of the path space ΩM(a,b) described by Eq. (2). The critical point ρ'(t_c)=0 (t_c is the critical value) has the following features:

• The differential element of utility at the critical point is 0; that is, E_ρ(tc)=0 , because D[v,ρ'(t)]=0.

• Different calculation forms for the differential element of utility are applied around the critical point. We have an infinitesimal positive number ε at t_c to make ΩM^tc-ε different from ΩM^tc+ε , thus, the calculation forms of vector field ρ'(t) are different. Suppose path curve ρ contains d critical points, denoted by

where c_i is the ith critical value and these critical points divide the behavior interval [a,b] into the following d+1 regular segments:

Thus, the behavior utility calculation on the behavior path can be transformed into a behavior utility problem on a regular segment.

3.2.1. Behavioral computation of regular segments

From Eq. (10), the movement of the p point position occurs on the behavior path ρ; then the movement vector dρ in interval dt is

In fact, dq is the arc length element of the path curve at the point p, and the differential element of utility is

Using Eq. (15) and considering g_{ij =}g_i·g_j, we have

where u(t) is the tangent vector of the behavior path curve ρ at the point ρ(t).

Thus, in a regular segment [p,q], the behavior utility based on the covariant vector is calculated as follows:

where u(t) is the tangent vector of the behavior path curve ρ at the point position ρ(t), and g_ij=g_i·g_j

Therefore, for the path curve described in Eq. (3), Eq. (23) gives the calculation of the behavior utility in the regular segment [p,q].

3.2.2. Calculation of Duⁱ(t) in the utility formula

The calculation of Duⁱ(t) involves the covariance derivative of the smooth vector field. The smooth structure of the manifold M is insufficient; it is necessary to add another structure onto the smooth manifold M. We add the Riemann structure to the smooth manifold M. From Eq. (3), we know that a and b are the critical points of the path curve ρ:

According to Morse theory (II), there exists a smooth geodesic γ from a to b on the Riemann manifold M, where

(1) v(t) is the tangent vector field on the smooth geodesic γ; and

(2) u(t) is a nonzero Jacobi field along the geodesic γ.

For v(t), we have

Where

For u(t), suppose , we then have

where R(V,U) is the curvature of operator, which satisfies

Solving the ordinary differential Eqs. (25) and (27), we obtain the unique solution: v(t), u(t).

《3.3. Calculation principle of behavior utility》

3.3. Calculation principle of behavior utility

3.3.1. Determination of the critical point of the path curve

From Eq. (3), if c is the critical point for the behavior path curve ρ, then the gradient ▽ρ(c) of ρ at c is 0, and under the local coordinates (χ¹,χ²,…,χ^m) of c, are

If the Hessian matrix of ρ at c is non-degenerate, that is,

then there are m eigenvalues λ_j(1≤j≤m) for Hρ(c). If the number of negative eigenvalues in λ_j is k, then k is called the Morse index of the critical point c.

According to Morse theory, if c ∈ρ^-1[a,b] is the only critical point, then M^b is homotopically equivalent to the CW complex

where represents the disjoint union, S^k is a k-dimensional sphere, and φ :δS^k →M^a represents a homeomorphism.

For the differential manifold of regular segments on the behavior path, we use the homotopically equivalent CW complex description. The Morse index of ci at the critical point is defined as k_i. At the starting point of the path, we have k₀ =0; Morse theory is used to obtain the homotopically equivalent relation of the differential manifold, as shown in Table 1.

《Table 1》

Table 1 Homotopical equivalence of differential manifolds.

When calculating the behavior utility of each regular segment, we use the homotopically equivalent CW complex as the descriptive manifold of M.

3.3.2. The principle of behavior utility on the path

The behavior utility of a path curve ρ is the sum of the behavior utility of all regular segments on it; that is,

where is the behavior utility of the behavior in the regular segment of the path curve.

In an arbitrary regular segment of the path curve, let the path curve be ρ_i , and let . Then from Eq. (4), we have

where ρ'_i(t) is the tangent of the path curve at the point position ρ_i(t), v(t) is a vector field determined by the tangent vector of ρ_i(0) and its parallel ρ_i(t), D[v_i,ρ'_i(t)] is the action of ρ_i(t) on the behavior path, ds_ρi(t) is the infinitesimal movement vector of the point position ρ_i(t).

《4. Evaluation framework of the network attackdefense confrontation based on behavior utility》

4. Evaluation framework of the network attackdefense confrontation based on behavior utility

A network system security evaluation can be performed from a variety of perspectives, with different methods of evaluation for each perspective. During the assessment process of the network attack and defense, we are often confronted with the question of whether a given network security defense system has enough ability to resist a certain type of attack. This paper proposes an evaluation framework for such questions by calculating the utility of network attack and defense.

《4.1. Identification and recognition of network attack and defense》

4.1. Identification and recognition of network attack and defense

The essence of network system security is a balance between network attack and defense from the perspective of offensive and defensive confrontation. Network attack and defense can be manifested as network behavior. In certain network scenarios, we can establish behavior utility judgment and identification criteria of the network system security, as shown in Fig. 4.

《Fig.4》

Fig. 4. Utility criteria for network system security.

where E_D is the defense behavior utility and E_A is the attack behavior utility.

A network attack is a process composed of a number of different sessions. For each attack target, we can determine the corresponding attack behavior and attack scenarios. At the same time, there are corresponding defensive goals and behaviors in the corresponding attack scenarios, as shown in Fig. 5.

《Fig.5》

Fig. 5. Offensive and defensive behavior and scenario decomposition.

Suppose the given attack A consists of n sessions; the attack behavior corresponding to the ith session is

where a_ij is the ith session of the jth attack behavior, which satisfies

where is partial order.

Let the ith session of the attack scenario be M_i , then the defensive behavior of the corresponding scenario is

where d_ik is the kth defense of the ith session, which satisfies

where is partial order.

Thus, the attack utility in the ith session is the behavior utility of the ordered attack behavior set A_i in the M_i scenario; that is,

The defense utility in the ith session is the behavior utility of the ordered defense behavior set D_i in the M_iscenario; that is,

Since the behavior of the attack and defensive sequences occurs in the same scenario, if E_Ai≥ E_Di , then the ith attack is successful; otherwise, the attack is unsuccessful, according to Eq. (35).

We can obtain the following judgment and identification criteria of the network attack and defense. According to the criteria, by using attack and defense behavior utility calculations in different scenarios, we can achieve judgment and identification of the network attack and defense.

Judgment and identification criteria of the network attack and defense

Given the network security defense system, for each session of the specified attack,

(1) If all sessions’ attack behavioral utilities are greater than their defense behavioral utilities, the attack process is successful; and

(2) If the attack behavior utility of a certain session is less than its defense behavior utility, the previous session can be identified as the stage of the attack.

《4.2. Network security assessment framework based on attack and defense effectiveness》

4.2. Network security assessment framework based on attack and defense effectiveness

Network security assessment based on the attack and defense effectiveness includes three parts: determination of the scenario differential manifolds, the behavior path calculation, and identification of offensive and defensive behavior utility. Its processing flow is shown in Fig. 6.

《Fig.6》

Fig. 6. Network security assessment process based on attack and defense effectiveness.

4.2.1. Determination of scenario differential manifolds

Using the attack and defense behavior and scenario decomposition method of Fig. 5, we can obtain the scenarios of all sessions in the attack process along with the partial positives of the attack behavior and the defense behavior in each scenario. Using the nonempty set of various types of network objects involved in the scenario, we can obtain the scenario affine space. Thus, we can determine the differential structure of the scenario and the action points sequences of the attackdefense behavior on the differential manifold.

4.2.2. Behavior path calculation

The Riemann structure is added to the differential manifolds of the scenario. In the action point sequences of the attack-defense behavior, we use the geodesic connection of adjacent points. Thus, in the case of differential manifolds, we can obtain the attack path curve and the defense path curve.

4.2.3. Identification of offensive and defensive behavior utility

Based on the principle of network behavior utility calculation, we can calculate the behavior utility of the partial positives of the attack and defense behavior, respectively, under the attack path and defense path of the differential manifold. Using the criteria for the identification and recognition of network attack and defense, we can determine whether the attack was successful or not, and identify the stage that the attack can reach.

《5. Conclusion》

5. Conclusion

This paper presents a principle and method for the accurate calculation of network behavior utility based on the principle of differential geometry. The basic idea is to use differential manifolds to describe the network scenario and define the network behavior as a selfhomeomorphic transformation on the differential manifold. Using behavior and its parallel movement at the action point on a tangent vector field, the network behavior utility is quantitatively described. For the Riemann manifold scenario, we establish a principle and method for network behavior utility calculation.

To push forward the metric to obtain a precise calculation, we must propose a unified global metric indicator, and establish a theoretical basis for the quantitative calculation and evaluation. This paper provides a quantitative calculation method for network behavior utility. The description of a behavior scenario and the definition and calculation of behavior utility are all realized with mathematical definitions and reasoning, and the obtained value of the network behavior utility is a scalar, that is independent of the choice of a localized coordinate system.

Behavior utility is the basic indicator of the design and evaluation of a system based on a logical behavioral relationship. The research described in this paper provides implications for future research.

《Acknowledgements》

Acknowledgements

This work is supported by the National Key Research and Development Program of China (2016YFB0800700).

Show More