LEVEL OF RESILIENCE MEASURE FOR COMMUNICATION NETWORKS

Our daily life applications have come to depend on communication networks to deliver services in an efficient manner. This has made it possible for an attacker to sabotage its operation. Network resiliency is concerned with the degree the network is able to bounce back to a normal operation in the face of attacks. This paper introduced a new resiliency measure, called Levelof-Resilience (LoR) for communication networks, determined by examining: (a) the Level-of-Stability-Reduction (LoSR), as measured by percentage of “IP traffic dropped”, (b) the eventual Level-of-Performance-Reduction (LoPR), as captured by the percentage of reduction in the application Quality-of-Service (QoS), namely latency and (c) Recovery-Time (RT), which is the time the network takes to detect and recover from an attack or a fault, as measured by convergence duration. Previous resiliency measures may only consider one aspect of the above parameters, while this measure is a composite of them. This paper showed that network topology can affect the network resilience, as indicated by the LoR metric. This measure is illustrated by comparing the resiliency level of two communication networks that served the same traffic, but differed in their network topology, under three different attack scenarios.


INTRODUCTION
An adverse event can affect both networks' stability and performance, and whose recovery time is also another important figure of merit.Therefore, when designing a network, it is crucial to choose the best design utilizing the given set of resources (of nodes and connectivity).Doing so, can affect the network's resiliency, i.e. its ability to withstand adverse events.Hence, this paper tackled the problem of measuring how resilient the network is against adverse events (link, or node failures).
Various measures of networks' resilience have been investigated throughout the literature.For instance, Farid (2015) proposed static resilience measures (number of service paths that realized a service, before and after a disruption) for large flexible engineering systems based upon an axiomatic design model which specifically considered the allocation of the system processes to system resources.Such processes and resources may be defined at any level of abstraction or decomposition at successive stages of the engineering design.Menth, Duelli, Martin, and Milbrandt (2009) assigned reasonable probabilities to failure scenarios, abnormal traffic matrices of the network for ingress-egress pairs and to overload on links.Then statistical measures for unavailability and overload in the network are derived.Baroud, Ramirez-Marquez, Barker, and Rocco (2014) introduced stochastic temporal metrics of resilience against a disrupted network.These are time to total system restoration, time to full system service resilience, and time to a specific %α resilience.
The network resilience measure is given by Shi & Fonseka (1997) as the percentage of lost traffic due to physical link failures.The scalability of network resilience is defined as the growth rate of this measure with respect to the physical topology, the failure probabilities, the protection schemes and the network layer traffic (Liu & Ji, 2009).
The integration of the area under the quality curve with values representing varying degrees of system operability is labeled with Resilience R by O'Rourke (2007).Moreover, the expected loss in the quality of communications, as modeled by a random variable, is proposed by Shirazi et al. (2013) as a resilience measure.The quality measure can be in terms of bandwidth, latency, throughput, or some other observable variables of interest, when the adversary takes out a number of nodes.
A series of experiments were conducted by CAIDA (2016) to infer topological resilience of complex networks to breakdowns or attacks, by estimating the percentage of the network that remains reachable when nodes with the largest out-degrees are removed, or by removing nodes with the smallest average distance to the rest of the network.A similar resilience measure is introduced by Matta (2014), namely Vertex Attack Tolerance (VAT).VAT represents the worst case scenario of the proportionally smallest number of vertices that must be attacked in order to disconnect the largest number of vertices from the network.
A comprehensive set of network characteristic parameters that affect the performance and the resilience of the network were identified by Mohammad, Hutchison, and Sterbenz (2006).These parameters were classified by density, mobility, channel, node resources, network traffic, and derived properties.A network metric is a function of these parameters.Then, mathematical expressions are defined for network states in terms of network operational metric (e.g.normal operation, partially degraded, and severely degraded), and also in terms of network performance (e.g.acceptable, impaired and unacceptable).
A two-dimensional classification framework for network resilience metrics was presented by ENISA (2010).The first dimension was incidence-based classification, where resilience metrics were grouped over three different times: the preparedness phase, the service delivery phase, and the recovery phase.The second dimension was domain-based classification, covering areas such as security, dependability and performability.In the preparedness phase, the number of links removed are varied, while measuring the network performance (e.g.bandwidth, packet loss) either empirically or via simulation.Using the data collected, an envelope were determined, which was confined by the best case curve (the upper boundary of the performance) and the worst case curve (the lower boundary of the performance) for a given number of link/node failures.
A quantitative framework based on using a measure analogous to availability through the dependence on the up and down times was proposed by Kwasinski (2015) for measuring and characterizing resiliency for communication networks power supply.The degree of dependency of a communications facility from the electric power grid or of components of a communications site could be measured based on a primary dependent resiliency R L .Heck, Kieselmann and Wacker (2016) measured the network connectivity within extensive simulations for different structured overlay network configurations to determine the resilience of self-organizing cyber-physical systems.The network resilience r is given by the number of nodes that can fail without loss of communication.
Conceptual frameworks for performance testing and network optimization that would enable operators in Thailand to optimize their network performance was developed by Chimmanee & Jantavongso (2016).This involved the QoS measurements of the services (e.g.latency, user data rates, and speed test measurements) by the 3G operators and on 850/900MHz and 2100MHz bands respectively.
The main contribution in this paper is to introduce the notion of Level-of-Resilience (LoR) for communication networks as a way to measure their resiliency.To quantify resiliency, the following are considered: (a) Levelof-Stability-Reduction (LoS R ), as measured in terms of the percentage of IP traffic dropped, (b) Level-of-Performance-Reduction (LoP R ), as measured in terms of percentage of reduction in the application Quality-of-Service (QoS) latency parameter, and (c) the amount of Recovery-Time (RT) it takes for a network to recover from an adverse event in terms of convergence duration.Two communication networks with the same users and applications, but with different topologies were analyzed using the Optimized Network Engineering Tools (Opnet Modeler), a software tool for computer network modeling and simulation (RTI, 2016).The collected data from the simulation were used to compare the Level-of-Resilience for these two networks under three different attack scenarios.

Communication Networks Stability
Traditionally, networks have been viewed as being a relatively stable layer over which traffic is routed.The traffic flows and the routing updates have been seen as sources of instability (Clayman, Clegg, Galis, & Manzalini, 2012).The level of path stability defined by Kuipers & Van Mieghem (2005), has a direct relation to the number of updates that are necessary to maintain an accurate view of the network state of information.If a small change in the network state does not affect the shortest path between network nodes, then such a change need not be distributed throughout the network.
Stability refers to the property of keeping the amount of traffic (number of packets) in the network to remain always bounded over time (Alvarez, Blesa, & Serna, 2011).Beyond such a bound, a network would incur packet drops/ losses, and therefore, the level of stability of a network is measured in terms of the percentage of IP traffic dropped.
The attack model presented here includes link or node failures (the latter also implies a set of link failures).Certainly a network must be endowed with layers of security (such as authentication, encryption, firewalls and detection) to cope with false/corrupted traffic, but those are viewed to be the resiliency properties of the security layer, and the network resilience is viewed to arise out of its topological and networking redundancy in coping with link/node compromises (Salles & Jr, 2011).This work examined the network resilience against link failures in terms of losses in level of stability and performance (i.e. the application latency QoS parameter) while recovery time as measured by convergence duration was another figure of merit.

Level-of-Resilience Formulation
Given a sequence of m faults/attacks, and the corresponding rerouting/ recovery actions, suppose the resulting network configurations (also referred to here as modes) are denoted by N 0 → N 1 → …→ N m , where N 0 is the initial mode, while N i is the mode after the i th fault and reconfiguration (i=1, …, m).The amount of IP traffic dropped in those configurations is denoted as: IP 0 → IP 1 → … → IP m .Then, as mentioned above, the Level-of-Stability-Reduction (LoS R ) is measured by the percentage of IP traffic dropped.
Definition 1.Given the sequence of mode switches: N 0 → N 1 → …→ N m , (under an attack scenario A), the corresponding sequence of amount of IP traffic dropped: IP 0 → IP 1 → … → IP m ,, and the total amount of IP traffic sent, IP s , the Level-of-Stability-Reduction, LoS R , is given by, LoS R := [(IP m -IP 0 )/ IP s ]%. (1) For the following definition, a factor is added, which is the Level-of-Performance-Reduction (LoP R ) in the application Quality-of-Service (QoS), namely network latency.
Definition 2. Given the sequence of mode switches: N 0 → N 1 → …→ N m , (under an attack scenario A), the Level-of-Performance-Reduction, LoP R , in the Quality-of-Service, QoS, Latency parameter, L, of a network application, is given by Maximum-Loss-in-Performance, MLiP: Another aspect of the resiliency metric is Recovery-Time (RT), which is the time network takes to detect and recover from an attack or a fault, as measured by convergence duration.This duration tells how much time it takes for a network that goes to failure condition to come back to normal condition (Shah & Waqas, 2013).
Using Definitions 1 and 2, the following definition can be used to compare the Level-of-Resilience of two or more networks under an attack scenario: A network is more resilient if it incurs a smaller loss of stability, or otherwise, a smaller loss of performance, or otherwise a smaller level of recovery-time.

Example Networks to Illustrate LoR
To illustrate this approach, a pair of communication networks with identical users and applications/services (Email, FTP, and Video) were considered, but with different topologies, as shown in Figures 1 (a) and (b).For the 1 st communication network, CN 1 , three routers; R 1 , R 2 , and R 3 were configured with Routing Information Protocol (RIP), and were connected with each other.
In addition to that, R 1 was connected to three Local Area Networks (LANs); LAN 1 , LAN 2 , and LAN 3 , where each LAN had ten users.R 2 was connected to LAN 4 , which had ten users as well.Router R 3 had three more links, which connected it respectively, to an Email server through the Internet, an FTP server, and a Video workstation.The 2 nd communication network, CN 2 , had the same users and applications/services as CN 1 , but possessed a different topology, in which LAN 1 was connected to R 3 as opposed to R 1 .
The application configurations, the node models in use, and link models in use for the two networks are tabulated in Appendix, Tables 10-12.For Email and FTP services, the latency corresponded to the download time, whereas for the Video application, it was measured as the packet delay variation.This work demonstrates through analysis that while the two networks served the same set of users/demands, and were served by the same set of servers/workstations, they had different resilience to the same attack due to their topological difference.

EXPERIMENTAL COMPARISON OF LoR
In this section, three different attack scenarios for two different communication networks CN 1 (Figure 1 (a)) and CN 2 (Figure 1 (b)) were simulated, with identical users, and applications/services (Email, FTP, and Video), but with different topologies.For each scenario, the LoR for each network was evaluated and compared.
In the first attack scenario A 1 , two links were compromised in the sequence: L 13 → L 23 .For CN 1 , the initial pre-fault average IP traffic dropped was: 0.0516 packets/sec, which was the average IP datagrams dropped by all nodes in the network (Sethi & Hnatyshin, 2013).A fault was applied at link L 13 between routers R 1 and R 3 at time 540 sec.For RIP, a distance vector routing protocol which offered hop count as a routing metric for path selection, the traffic was rerouted through a redundant path (if it existed).By default, the routing updates are broad-casted or multi-casted every 30 sec, with a maximum of 15 hops count from source towards the destination (i.e.RIP provides loop-free The application configurations, the node models in use, and link models in use for the two networks are tabulated in Appendix, Tables 10-12.For Email and FTP services, the latency corresponded to the download time, whereas for the Video application, it was measured as the packet delay variation.This work demonstrates through analysis that while the two networks served the same set of users/demands, and were served by the same set of servers/workstations, they had different resilience to the same attack due to their topological difference.

EXPERIMENTAL COMPARISON OF LoR
In this section, three different attack scenarios for two different communication networks CN 1 (Figure 1 (a)) and CN2 (Figure 1 (b)) were simulated, with identical users, and applications/services (Email, FTP, and Video), but with different topologies.For each scenario, the LoR for each network was evaluated and compared.
In the first attack scenario A1, two links were compromised in the sequence: L13 → L23.For CN1, the initial pre-fault average IP traffic dropped was: 0.0516 packets/sec, which was the average IP datagrams dropped by all nodes in the network (Sethi & Hnatyshin, 2013).A fault was applied at link L13 between routers R1 and R3 at time 540 sec.For RIP, a distance vector routing protocol which offered hop count as a routing metric for path selection, the traffic was rerouted through a redundant path (if it existed).By default, the routing updates are broad-casted or multi-casted every 30 sec, with a maximum of 15 hops count from source towards the destination (i.e.RIP provides loop-free routing) (CAN, 2016).In general, the rerouting time is dependent on the routing protocol in use.Here, both networks that were analyzed, were routing) (CAN, 2016).In general, the rerouting time is dependent on the routing protocol in use.Here, both networks that were analyzed, were configured with the same routing protocols, (i.e., RIP).After rerouting the traffic through a redundant path, (i.e. for the traffic communicated among LANs: LAN 1 , LAN 2 , and LAN 3 and the servers/workstations, the traffic was rerouted through R 1 ↔ R 2 ↔ R 3 ), the average IP traffic dropped converges to post-fault steady state of 0.3269 packets/sec.The total IP traffic sent was 39975.6 packets/sec, and the corresponding Level-of-Stability-Reduction (LoS R ), was given by 0.7×10 -3 %.If a second fault was applied at link L 23 between routers R 2 and R 3 at time 3600 sec, then, traffic communicated among the LANs, LAN 1 , LAN 2 , LAN 3 , and LAN 4 and the servers, had no redundant path to be rerouted through.Hence, the average IP traffic dropped grew unbounded as shown in Figure 2 and the network was no longer stable.
The same attack sequence A 1 was simulated for the second communication network, CN 2 , shown in Figure 1 (b), where the initial pre-fault average IP traffic drop was: 0.0496 packets/sec.A fault was applied at link L 13 between routers R 1 and R 3 at time 540 sec.Accordingly, the traffic communicated among the LANs, LAN 2 , LAN 3 and the servers, was rerouted through R 1 ↔ R 2 ↔ R 3 .The post-fault steady state IP traffic dropped was 0.2497 packets/sec.The total IP traffic sent was 36921.6 packets/sec, and the corresponding Level-of-Stability-Reduction (LoS R ) was given by 0.5×10 -3 %.After that, a second fault was applied at link L 23 between routers R 2 and R 3 at time 3600 sec.Then, the traffic communicated among the LANs, LAN 2 , LAN 3 , LAN 4 and the servers, had no redundant path to be rerouted through.Hence, the average IP traffic dropped grew unbounded as shown in Figure 3 and the network was no longer stable.0.7×10 -3 %.If a second fault was applied at link L23 between routers R2 and R3 at time 3600 sec, then, traffic communicated among the LANs, LAN1, LAN2, LAN3, and LAN4 and the servers, had no redundant path to be rerouted through.Hence, the average IP traffic dropped grew unbounded as shown in Figure 2 and the network was no longer stable.
The same attack sequence A1 was simulated for the second communication network, CN2, shown in Figure 1 (b), where the initial pre-fault average IP traffic drop was: 0.0496 packets/sec.A fault was applied at link L13 between routers R1 and R3 at time 540 sec.Accordingly, the traffic communicated among the LANs, LAN2, LAN3 and the servers, was rerouted through R1 ↔ R2 ↔ R3.The post-fault steady state IP traffic dropped was 0.2497 packets/sec.The total IP traffic sent was 36921.6 packets/sec, and the corresponding Level-of-Stability-Reduction (LoSR) was given by 0.5×10 -3 %.After that, a second fault was applied at link L23 between routers R2 and R3 at time 3600 sec.Then, the traffic communicated among the LANs, LAN2, LAN3, LAN4 and the servers, had no redundant path to be rerouted through.Hence, the average IP traffic dropped grew unbounded as shown in Figure 3 and the network was no longer stable.The LoP R associated with each mode of configuration was measured by the Maximum-Lossin-Performance (MLiP), following Equation (2), of the coressponding latency of the Email, FTP, and Video services.Figure 4 shows the Email latency for CN1 and CN2, respectively.It is given by the average download response time under A1.Here, it can be noticed that for CN2 under the second fault at link L23, only LAN1 was served (connected) with a MLiP of 34.63%, whereas for CN1, no LAN is served and with an infinite download response time (i.e.LoPR=∞).In this case, the Opnet Modeler marked the same data collected at the time step preceding the current infinite (undefined) value (Sethi & Hnatyshin, 2013), (i.e. the value of 0.3455 sec generated at time the second fault at link L 23 , only LAN 1 was served (connected) with a MLiP of 34.63%, whereas for CN 1 , no LAN is served and with an infinite download response time (i.e.LoP R =∞).In this case, the Opnet Modeler marked the same data collected at the time step preceding the current infinite (undefined) value (Sethi & Hnatyshin, 2013), (i.e. the value of 0.3455 sec generated at time 3528 sec was continuosly repeated for the remaining time of simulation as shown in red in Figure 4.) Similar observations can be made regarding the FTP latency, which is given by the average download response time.LAN 1 was configured with Email and FTP applications.Hence, under the second fault at link L 23 , LAN 1 was served (connected) in CN 2 , while it was no longer served (connected) in CN 1 , making the eventual LoP R for CN 2 = 13.20%,whereas, the eventual LoP R for CN 1 was infinite (i.e.infinite download response time), and is given by Opnet as the data preceding the current infinite (undefined) value, (i.e. the value of 0.9539 sec was continuously repeated after the second fault, as shown in red in Figure 5.) For Video application, Figure 6 shows the average in packet delay variation as a latency parameter for CN 1 and CN 2 respectively, under A 1 .It can be seen that after the 2 nd fault at link L 23 , both CN 1 , and CN 2 no longer serve the Video application, (i.e. both have an infinite delay variation, which is given by the For Video application, Figure 6 shows the average in packet delay variation as a latency parameter for CN1 and CN2 respectively, under A1.It can be seen that after the 2 nd fault at link L23, both CN1, and CN2 no longer serve the Video application, (i.e. both have an infinite delay variation, which is given by the Opnet values of 0.0407 for CN1, and 0.0079 for CN2), as LAN2 and LAN3 are not connected to the networks.Hence, LoPR=∞ for both CN1, and CN2.
Opnet values of 0.0407 for CN 1 , and 0.0079 for CN 2 ), as LAN 2 and LAN 3 are not connected to the networks.Hence, LoP R =∞ for both CN 1 , and CN 2 .For Video application, Figure 6 shows the average in packet delay variation as a latency parameter for CN1 and CN2 respectively, under A1.It can be seen that after the 2 nd fault at link L23, both CN1, and CN2 no longer serve the Video application, (i.e. both have an infinite delay variation, which is given by the Opnet values of 0.0407 for CN1, and 0.0079 for CN2), as LAN2 and LAN3 are not connected to the networks.Hence, LoPR=∞ for both CN1, and CN2.
Figure 7 shows the average IP convergence duration for CN1 and CN2 respectively, under A1.It can be seen that CN2 took less time (7.53 sec on average) to converge as compared to CN1 (7.69 sec on average).
Tables 1 and 2 show the data collected for the average Email (respectively, FTP) download response time, D. While, Table 3 shows the data for Video packet delay variation, V, of each network at t = 540 sec, and t = 3600 sec, respectively, and the eventual LoPR under A1, following equation ( 2).For CN1, the LoPR for the three applications.Email, FTP, and Video was ∞, while for CN2, Email LoPR = 34.63%,FTP LoPR = 13.20%, and Video LoPR = ∞.Hence, CN1 had -3 Tables 1 and 2 show the data collected for the average Email (respectively, FTP) download response time, D. While, Table 3 shows the data for Video packet delay variation, V, of each network at t = 540 sec, and t = 3600 sec, respectively, and the eventual LoP R under A 1 , following equation (2).For CN 1 , the LoP R for the three applications.Email, FTP, and Video was ∞, while for CN 2 , Email LoP R = 34.63%,FTP LoP R = 13.20%, and Video LoP R = ∞.Hence, CN 1 had higher LoP R than CN 2 over all applications.Moreover, CN 1 had higher LoS R (0.7×10 -3 %) as opposed to CN 2 (0.5×10 -3 %).In addition, the RT of CN 1 was greater than the RT of CN 2 , so LoR(CN 2 , A 1 ) > LoR(CN 1 , A 1 ).Thus, CN 2 was more resilient to attack scenario A 1 as compared to CN 1 .Table 3 Average Video Packet Delay Variation, V of Each Network and LoPR (%) Under A1 Similarly, under a second attack scenario, A2: L13 → L12, the average IP traffic dropped (respectively, Email download response time, FTP download response time, and Video packet delay variation) for both CN1 and CN2 as shown in Figures 8-12.      Figure 13 shows the average IP convergence duration for CN1 and CN2 respectively, under A2.
It is clear that CN2 took less time (7.44 sec on average) to converge as compared to CN1 (7.70 sec on average).
Tables 4 and 5 show the data collected for the average Email (respectively, FTP) download response time, D. Table 6 shows the data for Video packet delay variation, V, of each network at t = 540 sec, and t = 3600 sec, respectively, and the eventual LoPR under A2, following equation (2).For CN1, Email LoPR = 36.58%,FTP LoPR = 23.82%, and Video LoPR = ∞.On the other hand, for CN2, the Email LoPR = 35.57%,FTP LoPR = 15.61%, and Video LoPR = ∞.Hence, CN1 had higher LoPR than CN2 over all applications.Moreover, both CN1 and CN2 had the same LoSR (0.7×10 -3 %).Also, the RT of CN1 was greater than the RT of CN2, so LoR(CN2, A2) > LoR(CN1, A2).Tables 4 and 5 show the data collected for the average Email (respectively, FTP) download response time, D. Table 6 shows the data for Video packet delay variation, V, of each network at t = 540 sec, and t = 3600 sec, respectively, and the eventual LoP R under A2, following equation ( 2 4 and 5 show the data collected for the average Email (respectively, FTP) download response time, D. Table 6 shows the data for Video packet delay variation, V, of each network at t = 540 sec, and t = 3600 sec, respectively, and the eventual LoP R under A 2 , following equation (2).For CN 1 , Email LoP R = 36.58%,FTP LoP R = 23.82%, and Video LoP R = ∞.On the other hand, for CN 2 , the Email LoP R = 35.57%,FTP LoP R = 15.61%, and Video LoP R = ∞.Hence, CN 1 had higher LoP R than CN 2 over all applications.Moreover, both CN 1 and CN 2 had the same LoS R (0.7×10 -3 %).Also, the RT of CN 1 was greater than the RT of CN 2 , so LoR(CN 2 , A 2 ) > LoR(CN 1 , A 2 ).A third attack scenario A3, was also simulated, A3: L12 → L23.The average IP traffic dropped (respectively, Email download response time, FTP download response time, and Video packet delay variation) for both CN1 and CN2 as shown in Figures 14-18.Tables 7 and 8 show the data collected for average Email (respectively, FTP) download response time, D. Table 9 shows the data for Video packet delay 1 Figure 19 shows the average IP convergence duration for CN1 and CN2 respectively, under A It is clear that CN2 took less time (7.58 sec on average) to converge as compared to CN1 (7.9 sec on average).Tables 7 and 8 show the data collected for average Email (respectively, FTP) download response time, D. Table 9 shows the data for Video packet delay variation, V, of each network at t = 540 sec, and t = 3600 sec, respectively, and the eventual LoPR under A3, following equation (2).For CN1, Email LoPR = 26.11%,FTP LoPR = 4.78%, and Video LoPR = 14.83%.On the other hand, for CN2, the Email LoPR = 7.50%, FTP LoPR = 1.29%, and Video LoPR = 3.45%.Hence, CN1 had higher LoPR than CN2 over all applications.Moreover, both CN1 and CN2 had almost the same LoSR (CN1 LoSR = 3.84×10 -5 %, and CN2 LoSR = 4.55×10 -5 %).Also, the RT of variation, V, of each network at t = 540 sec, and t = 3600 sec, respectively, and the eventual LoP R under A 3 , following equation (2).For CN 1 , Email LoP R = 26.11%,FTP LoP R = 4.78%, and Video LoP R = 14.83%.On the other hand, for CN 2 , the Email LoP R = 7.50%, FTP LoP R = 1.29%, and Video LoP R = 3.45%.Hence, CN 1 had higher LoP R than CN 2 over all applications.Moreover, both CN 1 and CN 2 had almost the same LoS R (CN 1 LoS R = 3.84×10 -5 %, and CN 2 LoS R = 4.55×10 -5 %).Also, the RT of CN 1 was greater than the RT of CN 2 , so LoR(CN 2 , A 2 ) > LoR(CN 1 , A 2 ), implying that topology CN 2 was more resilient as compared to CN 1 , under the three attack scenarios.The experimental results show that while both CN 1 and CN 2 had same users, and services, yet, following Definition 3. CN 2 was more resilient as compared to CN 1 under the three attack scenarios, owing to their topological difference.Hence a network designer may suggest to use CN 2 design as opposed to CN 1 .

CONCLUSION
In this work, a new measure for comparing Level-of-Resilience (LoR) for communication networks was proposed.This measure was based on examining Level-of-Stability-Reduction (LoS R ), as measured by percentage of IP traffic dropped, Level-of-Performance-Reduction (LoP R ), as measured by percentage of reduction in application Quality-of-Service (QoS) latency parameter, and the network Recovery-Time (RT), as measured by convergence time, under various attack scenarios.Future work could involve a model-based approach for generating such attack scenarios.Examples were illustrated to compare the LoR of two different communication network topologies under three different attack scenarios.While RIP was implemented here as a routing protocol, other dynamic routing protocols such as OSPF and EIGRP could be introduced.Each of these protocols has its own routing process and hence, may incur different LoR for same topology and attack sequence.It was shown that the placement of network resources could affect the network resilience, as indicated by the LoR metric.Thus, using this metric, alternate network designs could be analyzed and evaluated to achieve a best-case resilience utilizing the given set of resources (of nodes and connectivity).

Figure 19
Figure19shows the average IP convergence duration for CN 1 and CN 2 respectively, under A 3 .It is clear that CN 2 took less time (7.58 sec on average) to converge as compared to CN 1 (7.94 sec on average).

Table 1
Average Email Download Response Time, D of Each Network (sec) and LoP R (%) Under A 1

Table 3
Similarly, under a second attack scenario, A 2 : L 13 → L 12 , the average IP traffic dropped (respectively, Email download response time, FTP download response time, and Video packet delay variation) for both CN 1 and CN 2 as shown in Figures 8-12.

A 1 D 0 , t = 540 sec D (L13), t = 540 sec D 0 , t = 3600 sec D (L12), t = 3600 sec LoP R
A third attack scenario A 3 , was also simulated, A 3 : L 12 → L 23 .The average IP traffic dropped (respectively, Email download response time, FTP download response time, and Video packet delay variation) for both CN 1 and CN 2 as shown in Figures14-18.

Table 7
Average Email Download Response Time, D of Each Network (sec) and LoP R (%) Under A 3

Table 9
Average Video Packet Delay Variation, V of Each Network and LoP R(%)