Adversarial Hiding Deception Strategy and Network Optimization Method for Heterogeneous Network Defense

Abstract

Heterogeneous networks are powerful tools for describing different types of entities and relationships and are more relevant models of complex networks. The study of heterogeneous network defense is of great practical significance for protecting useful networks such as military combat networks and critical infrastructure networks. However, a large amount of current research on complex network defense focuses on homogeneous networks under complete information conditions, which often ignore the real conditions such as incomplete information and heterogeneous networks. In this paper, we propose firstly a new adversarial hiding deception strategy for heterogeneous network defense under incomplete information conditions. Secondly, we propose an adversarial hiding deception network optimization method based on a genetic algorithm and design node importance index and a fitness function, which take into account the graph structure information and information about the type of nodes. Finally, we conduct comparison experiments for different defense strategies, and the results show that the proposed strategy and network optimization method are effective at hiding the critical nodes and inducing the attacker to attack the non-important nodes. The generated adversarial hiding deception network has a similar graph structure to the real network.

1. Introduction

Complex networks are a research paradigm that represents complex systems as network structures. Traditionally, complex networks have been studied mainly as homogeneous networks. However, in the real world, heterogeneous networks consisting of different types of entities and relationships are prevalent. However, in the real world, citation networks [1], social networks [2], recommender systems [3], cybersecurity [4] and military combat networks are composed of networks of different types of entities and relationships. Compared to homogeneous networks, heterogeneous networks can more accurately describe the different types of entities and relationships in these networks.

In the real world, unexpected incidents and malicious attacks against military combat networks, critical infrastructure networks, the Internet, and so forth, occur frequently. A large number of threats pose a serious challenge to the secure operation of these networks. We expect to avoid these threats by taking defense measures to make the networks operate safely and stably. Therefore, the study of complex network defense is of great practical importance to protecting network security.

Current research on complex network defense mainly includes: Pinyu Chen at National Taiwan University, assuming that each node has local detection capability and proposing a defense strategy for information fusion [5]; Xuejun Zhang from Beijing University, in Aeronautics and Astronautics, proposed a resource allocation algorithm for complex network defense based on a particle swarm algorithm [6]. The robustness of the network is closely related to the defense capability of the network, and many scholars have tried to enhance the defense capability of complex networks by optimizing the network structure to improve the robustness from the perspective of network structure robustness; Yehezkel from Bar-Ilan University, Israel, proposed the defense method of increasing links and analyzing the defense effect compared to low, medium, and high nodes [7]. Simply adding links can improve network structural robustness. Still, many scholars have questioned its economics and have proposed more optimal solutions to increase robustness with as few changes as possible to the current network structure; Schneider from ETH Zurich proposed a new robustness measure R. A network structure optimization algorithm for migrating active attack damage is presented, and this algorithm can improve the network structure robustness to a large extent by changing the network structure a little [8]; An Zeng of the University of Fribourg, Switzerland, proposed a link robustness measure Rl, based upon which he proposed a network structure optimization algorithm capable of defending against both node attacks and link attacks. An Zeng believed that the cost of changing the node degree is too high, so this algorithm does not change the degree of the network nodes in the optimization process [9]; Liang Bai of the National University of Defense Technology proposed an intelligent optimization scheme that can quickly improve the robustness of the network [10]. All of the above defense strategies assume that the attacker has access to the complete information; however, there is missing or false information obtained by the attacker in the real world. Moreover, improving robustness by modifying the structure of the real network itself is not only costly but also a completely reactive defense approach.

Therefore, some scholars think about improving the robustness of complex networks from the perspective of incomplete information. Jun Wu’s team at the National University of Defense Technology found that hiding a small number of network nodes can effectively improve network robustness and is more economical than simply adding links [11,12,13]. In their subsequent research, they explored network robustness under uncertain attack information [14]. They proposed a network robustness enhancement method based on node degree information perturbation [15]. Yehe of the University of Electronic Science and Technology enhances the robustness of complex networks through hidden links [16]. Yehezkel at Bar-Ilan University, Israel, similarly considers the degree of information about the node degree in possession of the attacker [7]. This part of the research explores improving networks’ robustness from the perspective of a hidden network structure, which opens up a new direction of complex network defense research under incomplete information conditions. However, no scholars have raised the complex network defense method from the passive defense form to the active state. Still, no scholars have proposed a proactive method for complex network defense based on hiding and deception.

In summary, the traditional complex network defense approach has the following four primary deficiencies: first, the assumption that the attacker knows the complete network information of the defender is not consistent with the real environment. It does not consider the characteristics of asymmetric information between attackers and defenders and exploits the impact of incomplete and false information on defense effectiveness. Second, the mainstream approach improves robustness by modifying the real network structure itself, which is an entirely reactive defense strategy and does not meet practical requirements. Third, traditional defense methods by changing the network structure are low concealment, high cost, and difficult to implement in real-world scenarios. Fourth, a large amount of current research on complex network defense focuses on homogeneous networks and does not target heterogeneous network defense research closer to the real-world networks.

To summarize, the research on heterogeneous network defense is a blank. This paper further conducts the network attack and defense research from incomplete information by adding hidden edges and deceptive edges to generate a disguised network and first proposes a proactive, heterogeneous network defense method that introduces incomplete information without changing the original network structure. First, in this paper, we propose an adversarial hiding deception strategy from the perspective of hiding deception by taking a heterogeneous combat network as the research object. Secondly, we propose an adversarial hiding deception network optimization method based on a genetic algorithm. Finally, we verify the effectiveness of our proposed method by comparing different defense strategies experimentally.

The structure of this paper is as follows. Section 2 describes the heterogeneous network defense problem. In Section 3, we introduce the adversarial hiding deception strategy proposed in this paper. Section 4 presents the adversarial hiding deception network optimization method based on a genetic algorithm. Section 5 shows the comparative experiments of the defense effect under the same attack strategy and analyzes the experimental results in detail. Finally, Section 6 discusses the conclusion.

2. Heterogeneous Network Defense Problem Description

2.1. Heterogeneous Combat Network

In this paper, we study the heterogeneous combat network (HCN), a special kind of heterogeneous network composed of different types of nodes and edges to represent various information flows between different combat entities. In this paper, we mainly study how to optimize the combat network from the defender’s point of view without considering the attacker’s entities, and therefore use Dekker’s proposed FINC [17] model to classify the combat forces on the battlefield into three categories: sensor entities, decision entities, and influence entities.

Definition 1.

Heterogeneous combat network (HCN) [18]: a $G=(V,E)$, where $V=S\cup D\cup I=\left\{v_1,v_2,v_3\cdots ,v_n\right\}$ represents node set and edge set $E=\left\{e_1,e_2,e_3,\cdots ,e_w\right\} \subseteq V\times V$ represents information flow between functional entities. Specifically, all functional entities are divided into a set of sensor entities $S=\left\{v_1^S,v_2^S,v_3^S,\cdots ,v_k^S\right\}$, a set of decision entities $D=\left\{v_1^D,v_2^D,v_3^D,\cdots ,v_l^D\right\}$, and a set of influence entities $I=\left\{v_1^I,v_2^I,v_3^I,\cdots ,v_p^I\right\}$. The variable $N=\left|V\right|$ and $W=\left|E\right|$ denote the number of nodes and edges in the combat network, and $K=\left|S\right|$, $L=\left|D\right|$, $P=\left|I\right|$, respectively, the number of sensor entities, the number of decision entities, and the number of influence entities. Different types of nodes provide different functions during combat. The operational capabilities of the sensor entity, decision entity, and impact entity are denoted as $C{A}_S$, $C{A}_D$ and $C{A}_I$. Figure 1 shows the heterogeneous combat network (HCN).

2.2. Disguised Network for Heterogeneous Network Defense

Under the condition of incomplete information, to interfere with the attacker’s access to real operational information in the process of reconnaissance and influence its critical decisions, the defender actively changes the information of the observation network characterized by the original complex network by hiding part of the information and adding false information to form a brand new observation network that selectively conveys the information of the defender’s network, calling this observation network a disguised network. This paper assumes that the incomplete information in the disguised network contains only active hidden information and active false information, and no random external interference is considered.

Definition 2.

Disguised network: a $G=(V,E)$, where $V=S\cup D\cup I=\left\{v_1,v_2,v_3\cdots ,v_n\right\}$ represents node set and edge set $E=\left\{e_1,e_2,e_3,\cdots ,e_w\right\}\subseteq V\times V$ represents the connected edges between nodes.The observation network $G_F=(V_F,E_F)$ constructed by the defender is the disguised network, where $V_F=V$, $E_F= \left(E-E_D\right) \cup E_A$, by setting the hidden edge $E_D$ and the deceptive edge $E_A$, while keeping the number of nodes constant. Figure 2 shows the schematic diagram of the connected edge relationship between the disguised network and the real network.

3. Adversarial Hiding Deception Strategy

As shown in Figure 3, we set the real operational network of the defender, denoted as $G_T$. Under the incomplete information condition, the attacker cannot reconnoiter the complete network information. Its reconnoitred network is the adversarial hiding deception network deployed by the defender, denoted as $G_F$. The attack strategy of the attacker is denoted as A. Our objective is to solve the adversarial hiding deception network $G_F$, deployed by the defender based on the real operational network.

3.1. Adversarial Hiding Deception Network Building

Hiding and deception are the core ideas of the adversarial hiding deception strategy, that is, to reduce the possibility of critical nodes in a complex network being targeted by the attacker as disintegration targets by setting hidden edges in the network and to increase the possibility of non-critical nodes in a complex network being targeted by the attacker as disintegration targets by setting deceptive edges. In the following, we further propose the definition of an adversarial hiding deception network based on the disguised network.

Definition 3.

Adversarial hiding deception network: a $G=(V,E)$, where the set V represents that there are $\left|V\right|$ nodes and the set E represents that there are $\left|E\right|$ connected edges. $k_x$ is the importance metric of node $v_x$, which indicates the importance of node $v_x$. Different attack strategies have different definitions for it, such as node degree, betweenness, giant connection component size (GCC), and so forth. The attacker uses a node-importance-first attack strategy to attack each node in $\left|V\right|$ in descending order one by one. $\tilde{V}\subseteq V$ denotes the destroyed target nodes, $\tilde{E}\subseteq E$ denotes the connected edges that fail and are removed after node removal, and the network model after being attacked is $\tilde{G}=(V-\tilde{V},E-\tilde{E})$. Using some network performance measure $Rb$, assuming that the higher $Rb$ the stronger the network performance, the performance of G under the node importance-first attack strategy can be expressed as $Rb(G,\tilde{G})$. G in $Rb$ denotes the target network under attack, and $\tilde{G}$ in $Rb$ denotes the sequence of attacking nodes (indicating that the attack sequence originates from G).The defender constructs the network $G_F=(V_F,E_F)$ on the basis of the real network by setting the hidden edge $E_D$ and the deception edge $E_A$ is the disguised network, where $V_F=V$, $E_F= \left(E-E_D\right) \cup E_A$, where the camouflage network that can achieve the condition $Rb\left(G,\widetilde{G_F}\right)>Rb(G,\tilde{G})$ is called the adversarial hiding deception network.

As shown in Figure 3, in the adversarial hiding deception strategy, the attacker detects the disguised defender’s network and gets the observation network. The attacker formulates an attack strategy based on this observation network. In contrast, the defender effectively interferes with the attacker’s judgment by setting hidden edges and deceptive edges to achieve the purpose of defense.

3.2. Constraint Settings for Attacker and Defender

In order to be closer to the real combat scenario and according to the actual situation of both combat sides, we set the constraints of both attacker and defender based on the above constructed adversarial hiding deception network.

3.2.1. Attacker Constraint Settings

• The attacker does not have complete information about the defender’s network. The network object attacked by the attacker is a disguised network observed by the attacker, that is, an adversarial hiding deception network set up by the defender;
• Assume that the attacker uses the maximum degree attack (HDA) strategy for the attack;
• The attack strategies all use node attacks. The attacker selects some nodes to attack, and when a node is successfully attacked, the edges attached to the node are also removed.

3.2.2. Defender Constraint Settings

• The defender has complete information about its own network, but does not know the attack strategy adopted by the attacking party;
• The defender must try to maintain the consistency of the network structure in the process of constructing the adversarial hiding deception network, and the unlimited setting of hidden and spoofing edges may greatly change the network structure in a way that is not true, and the number of changing edges must be limited [19]. Therefore, we set the total number of hidden edges and deceptive edges to be $|E_D|$ and $|E_A|$, respectively, satisfying $\left|E_D\right|\le \phi \left|E\right|=f_D$, $\left|E_A\right|\le \phi \left|E\right|=f_D$, where $\left|E\right|$ is the number of connected edges of the original network, $\phi$ is the defense factor, and $f_D$ is the defense strength;
• The defender needs to consume a large amount of defense cost to defend, so we limit the number of nodes that the defender can defend to no more than 50 of the total number of network nodes.

3.3. Performance Index

3.3.1. Node Importance Index

For heterogeneous combat networks, this paper proposes a node importance index to evaluate the importance of nodes in heterogeneous combat networks by combining the structure and type information of nodes to determine the “critical nodes”, that is, the nodes we need to focus on protecting.

We believe that the importance of a node in a heterogeneous combat network consists of two main aspects: first, the graph structure information contained in the node, and second, the type of information contained in the node. For graph structure information, the node degree is the most direct and effective index to represent node graph structure information, so we use node degree $d\left(i\right)$ to represent the graph structure information of nodes.

For type information, nodes of different types form combat chains through command communication relationships, and complete combat chains include combat capabilities against enemy targets. Therefore, we sum the capability values of all operational chains containing node i to $h\left(i\right)$ to represent the type information of nodes. The calculation of the operational chain capability values is specified below. To accomplish a specific operational task, an operational chain (OC) is constructed by sensor entities, decision entities, and influence entities cooperating in an orderly manner [18].

Let $l_k$ be an operational chain (OC) containing sensor entity $S=\left\{S_k\right\}$, decision entity $D=\left\{D_k\right\}$, and influence entity $I=\left\{I_k\right\}$. The operational capability of $l_k$ can be calculated as:

$$U\left(l_k\right)=\frac{1}{\left|l_k\right|}\sum _{j=S,D,I}\sum _{j_k\in j}C{A}_j\left(j_k\right),$$

(1)

where $C{A}_j\left(j_k\right),j=S,D,I$ denotes the detection capability of the sensor entity $S_k$, the decision capability of the decision entity $D_k$, and the destructive capability of the influence entity $I_k$ in the combat network, respectively, while $|l_k|$ denotes the length of the operational chain $l_k$.

We sum the capability values of all the operational chains containing node i to obtain the node operational chain capability value $h\left(i\right)$.

$$h\left(i\right)=\sum U\left(l_k\right).$$

(2)

Finally, we combine the graph structure information and type information of the nodes to obtain the node importance index, defined as follows:

$$Im\left(i\right)=d\left(i\right)+\beta h\left(i\right),$$

(3)

where $d\left(i\right)$ is the degree of the node, $\beta$ is the weight factor, and $h\left(i\right)$ is the node operational chain capability value.

3.3.2. Network Performance Index

We use the normalized operational capability index $C_G$ as an evaluation index for the performance of heterogeneous combat networks. For a heterogeneous combat network G and a set of operational chains OCs, $L_G=\left\{l_k\right\},k=1,2,\cdots ,m$, the operational capability can be expressed as [18]:

$$O_G=\sum _{l_k\in L_G}U\left(l_j\right),$$

(4)

where $O_G$ is called the combat capability index of G. Then, we normalize $O_G$ to obtain:

$$C_G=\frac{ln\left(O_{\tilde{G}}\right)}{ln\left(O_G\right)},$$

(5)

where $\tilde{G}$ is the post-attack network and G is the complete network consisting of N nodes. $C_G$ is the normalized operational capability index used to evaluate the operational capability of the post-attack heterogeneous combat network $\tilde{G}$.

3.4. Example of Adversarial Hiding Deception Strategy

The following is an example to demonstrate the adversarial hiding deception strategy in a communication network, where the nodes of the communication network are communication base stations and user terminals, and the connected edges are the wireless communication relationships between individual communication base stations, between communication base stations and users, and between users. Because the real communication network is too complex, each node is distributed in various locations in the city, and the wireless communication relationship between nodes is difficult to get through detection. So the attacker cannot obtain the real network topology directly, and the defender can easily construct an adversarial hiding deception network by setting hidden edges and deceptive edges. The attacker obtains the wireless communication relationship between the nodes by detecting the communication frequency and communication strength and then obtains the observed communication network. The defender’s hidden edge setting is implemented by decreasing the communication frequency and communication strength between nodes. The deceptive edge setting is implemented by increasing the communication frequency and communication strength between nodes. The following is a network example to demonstrate the construction process of the adversarial hiding deception network and its effectiveness. Suppose the original network consists of 21 nodes and 33 edges, that is, $V=21$, $E=33$, as shown in Figure 4. The three nodes with the highest degree are node 1, node 8, and node 10, and their degree values are $d\left(1\right)=9$, $d\left(8\right)=8$, and $d\left(10\right)=7$, respectively, and each of the three nodes are colored, and the higher the degree, the darker the color.

An adversarial hiding deception network is constructed as follows: all nodes remain unchanged, two real connected edges are hidden, represented by red dashed lines, and two deceptive edges are added, represented by green dashed lines. The formation process and results of the adversarial hiding deception network are shown in Figure 5.

As can be seen in Figure 5, the order of the three nodes with the highest degree in the original network is node 1, node 8 and node 9, while the order of the three nodes with the highest degree in the constructed adversarial hiding deception network changes to node 10, node 8 and node 1. Thus, the construction of the adversarial hiding deception network changes the original degree sequence compared to the node degree sequence of the original network. Under the complete information condition, the attacker perceives the completely true network information and calculates the attack order accordingly. Under the adversarial hiding deception network condition, the attacker perceives the adversarial hiding deception network information and calculates the attack order based on it, but it is the original network itself that is actually changed after the attack.

4. Adversarial Hiding Deception Network Optimization Method Based on Genetic Algorithm

4.1. Combinatorial Optimization Model for Adversarial Hiding Deception Strategy

The adversarial hiding deception strategy finds a set of hidden edges set $E_D$ and deceptive edges set $E_A$, satisfying $E_F= \left(E-E_D\right) \cup E_A$. The adversarial hiding deception network $G_F$ is generated based on the real network G such that $Rb\left(G,\widetilde{G_F}\right)>Rb(G,\tilde{G})$ is maximized.

Thus, finding the optimal adversarial hiding deception strategy on a heterogeneous network can be equated to solving the following combinatorial optimization model:

$$\begin{array}{cc}\hfill & max\left\{Rb\left(G,\widetilde{G_F}\right)-Rb(G,\tilde{G})\right\}\hfill \\ \hfill & \mathrm{s}.\mathrm{t}.\left\{\begin{array}{c}{E}_F= \left(E-E_D\right) \cup E_A\hfill \\ \left|E_D\right|\le f_D\hfill \\ \left|E_A\right|\le f_D.\hfill \end{array}\right.\hfill \end{array}$$

(6)

4.2. Adversarial Hiding Deception Network Optimization Method Based on Genetic Algorithm

In solving more complex combinatorial optimization problems, genetic algorithms can obtain better optimization results faster than some conventional optimization algorithms. In this paper, we design the Adversarial Hiding Deception Network optimization method based on a Genetic algorithm (Figure 6), called AHDNG.

4.2.1. Population Chromosome Encoding Design

The chromosome encoding of each individual in the population is a candidate solution. The chromosome encoding scheme is as follows: we compute the network’s adjacency matrix, take its upper triangular matrix, and expand it into a row vector as the chromosome encoding of the network.

4.2.2. Fitness Function Design

The fitness function value represents the score of each chromosome encoding. We use the fitness function to evaluate the degree of change in the importance of nodes before and after adjusting the strategy, that is, the evaluation of hiding ability for critical nodes and the assessment of deception ability for setting decoy nodes. We divide the fitness function into two parts, that is, the hiding ability $fitnes{s}_1$ and the deception ability $fitnes{s}_2$. We define the fitness function as follows:

$$\left\{\begin{array}{c}fitness=fitnes{s}_1+fitnes{s}_2\hfill \\ fitnes{s}_1=\sum _{i=V_I}\left(I{m}_G\left(i\right)-I{m}_{G_F}\left(i\right)\right)\hfill \\ fitnes{s}_2=\sum _{j\in V_J}\left(I{m}_{G_F}\left(j\right)-I{m}_G\left(j\right)\right).\hfill \end{array}\right.$$

(7)

4.2.3. Selection Operation

The roulette wheel strategy is used for the selection operation. We apply an exponential transformation ($e^x$) to the fitness value to make the fitness value positive. The larger the fitness value, the greater the ability to hide from critical nodes and the ability to deceive non-critical nodes, and the greater the probability of being selected.

4.2.4. Crossover Operation

In this paper, we use a single point crossover with a crossover rate of $pc$. Each individual in the selected population is traversed, and that individual is taken as the father, and another individual from the population is selected and taken as the mother. The crossover points are generated randomly, and the offspring genes are the result of the crossover between the father and mother genes.

4.2.5. Mutation Operation

After completing the crossover operation, a mutation operation is performed on the generated chromosome code. Each position in the chromosome code is traversed, and the mutation operation is performed according to the mutation rate $pm$. Specifically, a randomly selected position from the chromosome is generated by replacing “0” with “1”, that is, a deceptive edge is generated, and a randomly selected position is generated by replacing “1” with “0”, that is, to generate a hidden edge.

The algorithm pseudocode is is shown in Algorithm 1.

Algorithm 1 Adversarial hiding deception network optimization method based on genetic algorithm.

Input:   1: Real Network network $G=(V,E)$;   2: Number of loops $N_{gen}$;   3: Number of populations $pop\_num$;   4: Defense factor $\phi$

Output:   5: Adversarial hiding deception network $G_F$   6: $Calculatetheadjacencymatrix$A$of$$G=(V,E)$   7: $Calculatethechromosomalcode$$pop\_G$$of$$G(V,E)$   8: $Calculatethelengthofthecode$$len\_pop=\left|V\right|\left(\right|V|-1)/2$   9: $Calculatedefensestrength$$f_D=\phi \left|E\right|$ 10: $Initialization$$Im\_G\_rank=null$, $zero\_list=null$, $one\_list=null$ 11: $\mathit{for}ifrom1to\left|V\right|\mathit{do}$ 12: $$$Calculatingnodeimportanceindex$$Im\left(i\right)$ 13: $$$Im\_G\_rank=Im\left(i\right)$ % Ranking node importance indexes 14: $\mathit{end}\mathit{for}$ 15: $\mathit{for}jfrom1topop\_num\mathit{do}$ 16: $$$\mathit{if}pop\_G\left[j\right]==0\mathit{then}$ 17: $$$zero\_list=j$ % Add the position 0 in $pop\_G$ to $zero\_list$ 18: $$$\mathit{else}$ 19: $$$one\_list=j$ % Add the position 1 in $pop\_G$ to $one\_list$ 20: $$$\mathit{end}\mathit{if}$ 21: $\mathit{end}\mathit{for}$ 22: $\mathit{for}kfrom1tolen(zero\_list)\mathit{do}$ 23: $$$edge\_a=random.sample(zero\_list)$ 24: $$$pop\_G[edge\_a]=1$ % Randomly take $f_D$ positions from zero_list to set deceptive edges 25: $$$pop\_a=pop\_G$ 26: $\mathit{end}\mathit{for}$ 27: $\mathit{for}mfrom1tolen(one\_list)\mathit{do}$ 28: $$$edge\_d=random.sample(one\_list)$ 29: $$$pop\_a[edge\_d]=0$ % Randomly take $f_D$ positions from one_list to set deceptive edges 30: $$$pop\_d=pop\_a$ % Generate initial populations 31: $\mathit{end}\mathit{for}$ 32: $\mathit{for}nfrom1toN\_gen\mathit{do}$ 33: $$$\mathit{for}pfrom1topop\_num\mathit{do}$ 34: $$$Calculatingthefitnessofthepopulationcodefitness[pop\_d[p\left]\right]$ 35: $$$\mathit{end}\mathit{for}$ 36: $$$pop\_s=select(pop\_d)$ %Selection operation 37: $$$pop\_c=crossover(pop\_s)$ %Crossover operation 38: $$$pop\_m=mutation(pop\_c)$ %Mutation operation 39: $$$pop\_next=pop\_m$ %Generate child codes 40: $$$\mathit{while}kfrom1tolen(zero\_list)\mathit{is}\mathit{False}$ %Determine whether the child codes satisfies the constraint 41: $$$pop\_next=crossover(pop\_next)$ 42: $$$pop\_next=mutation(pop\_next)$ 43: $$$\mathit{end}\mathit{while}$ 44: $\mathit{end}\mathit{for}$ 45: $\mathit{for}tfrom1topop\_num\mathit{do}$ 46: $$$Calculatingthefitnessofthepopulationcodefitness[pop\_d[t\left]\right]$ 47: $$$pop\_best=argmax\left(fitness\right[pop\_d\left[t\right]\left]\right)$ %Obtain the optimal code 48: $\mathit{end}\mathit{for}$ 49: $A_F=Adj(pop\_best)$ %Calculate the adjacency matrix of the optimal code 50: $G_F=graph\left(A_F\right)$ 51: return$G_F$.

4.3. Degree Distribution Examination

The degree distribution of a network is an important feature reflecting the network’s structure; therefore, we examine the degree distribution of the generated adversarial hidden spoofing network against the original network to ensure that the degree of variation in the network structure is within a reasonable range.

Noting that most real-world networks obey power-law distributions, we refer to the power-law distribution estimation method proposed in the literature [20,21] to estimate whether the two degree distributions of G and $G_F$ are from the same distribution.

5. Experimental Results and Analysis

First, we conduct a disintegration comparison experiment between the original undefended network and the network defended with AHDNG to verify the effectiveness of the proposed method. Secondly, this paper uses the undefended original network as a benchmark for two defense methods: the AHDNG and the random disguised defense method to conduct comparative experiments to verify that the proposed method outperforms the existing methods.

5.1. Data Description

We use the B-A model [22] to generate the heterogeneous combat network as a defense object. The network data are presented in

Table 1. Heterogeneous combat network attributes.

Node Type	Number of Nodes	Node Operational Capability
Sensor node (S)	55	2
Decision node (D)	12	2
Influence node (I)	30	2

.

5.2. Experimental Results and Analysis of Adversarial Hiding Deception Network Defense

Figure 7a shows the real network and Figure 5b shows the adversarial hiding deception network generated using AHDNG. The basic topological characteristics of the network are shown in

Table 2. Basic network topology characteristics include Network size N, edge number E, average degree <k>, average path length <d>, clustering coefficient C.

Network	N	E	<k>	C	<d>
Real Network	97	190	3.918	0.116	2.924
Adversarial hiding deception network	97	190	3.918	0.084	2.983

. First, the attacker uses HDA to disintegrate the original network and the adversarial hiding deception network, respectively, and the obtained sequence of disintegrate nodes $\tilde{G}$ and $\widetilde{G_F}$. Second, the combat capability indices $C_T$ and $C_F$ are calculated separately for disintegrating the original network using the sequence of disintegrating nodes $\tilde{G}$ and $\widetilde{G_F}$; the results are shown in Figure 8. Figure 8 shows the process of HDA disintegrating the original network using the sequence of attack nodes $\tilde{G}$ and $\widetilde{G_F}$, respectively, from which we can see that, in the initial stage of disintegrating, the operational capability of the real network before and after defense is basically the same. When the attack strength $f_N$ is greater than 0.15, the nodes with high importance ranking in the undefended real network are dismantled first. In contrast, the real network defended by adversarial hiding deception induces the attacker to disintegrate the real nodes with low importance ranking in the network. When the attack strength $f_N$ is greater than 0.25, the operational capability of the undefended real network is already 0. In contrast, the real network defended by adversarial hiding deception still has multiple complete operational chains and maintains an operational capability of about 0.56.

Table 3. Comparison of disintegration node sequences before and after defense.

$\tilde{G}$	2-1-19-7-3-5-17-0-14-23-10-4-63-31-6-86-66-58-48-39-21-20-16-92-71-57
$\widetilde{G_F}$	2-1-19-7-5-3-17-0-23-10-21-14-4-31-6-86-66-63-48-39-20-16-92-90-74-58

shows the node sequence comparison of the attacker’s disintegration of the original network before and after the defense. Combined with Figure 7, we can see that the disintegration node sequence changes from $\tilde{G}$ to $\widetilde{G_F}$, and the attacker’s sequence of nodes that disintegrate the original network is successfully induced.

5.3. Experimental Results and Analysis of Different Defense Method under the Same Attack Strategy

Under the HDA attack strategy, we use random disguised defense and AHDNG, respectively. The results are shown in Figure 9. Analyzing the experimental results, the defense effect of the adversarial hiding deception network and the defense effect of the random disguise defense network are basically the same as the real network at the beginning of the disintegration phase, and the analysis is because we limit the number of hidden edges and deceptive edges set in the process of generating the adversarial hiding deception network. Therefore, the process of setting hidden and deceptive edges cannot be overly modified for a few nodes, and the effect of disguise is not obvious for nodes with high node importance in the original network. When the defense effectiveness of the adversarial hiding deception network is significantly better than that of the real network when the attack strength $f_N$ is greater than 0.13, this is due to the fact that, by setting the hidden and deceptive edges, we hide the nodes with high node importance in the real network and set the nodes with low node importance in the real network as decoy targets to actively expose, thus inducing the attacker to attack the non-important nodes. It can be seen that, when the attack strength $f_N$ is greater than 0.20, the defense effect of the adversarial hiding deception network is significantly better than that of the random disguise defense network. When the attack strength $f_N$ is greater than 0.25, the operational capability of the real network is already 0. The operational capability of the real network with random disguise defense remains around 0.30, while the operational capability of the real network with adversarial hiding deception strategy defense remains around 0.56, which indicates the effectiveness of the adversarial hiding deception strategy defense. The ability of the random disguised defense network to resist HDA attacks is basically the same as that of the real network. This is due to the fact that randomly set hidden edges and deceptive edges cannot be targeted to defend important nodes in the real network, but the defense capability is scattered among the nodes, resulting in ineffective defense.

5.4. Degree Distribution Examination

We use the degree distribution to test the similarity of the graph structure of the adversarial hidden spoofing network to the real network. Assuming that the data come from a power-law distribution with $x\ge x_{min}$, we can derive the maximum likelihood estimate (MLE) for parameter $\alpha$. Although there is no exact expression for the MLE in the discrete case, we can use the approximation of rounding to the nearest integer for the power-law distribution to obtain, from Equation (5) [21], the coefficients of the degree distributions of the real network and the adversarial hiding deception network are calculated as ${\alpha }_G=3.27$ and ${\alpha }_{G_F}=3.22$, respectively. Therefore, we can consider that both the real network and the adversarial hiding deception network come from a power-law distribution with coefficient $\alpha =3$.

$${\alpha }_G=1+\left|V_G\right|{\left[\sum _{d_i\in D_G}ln\frac{d_i}{d_{min}-\frac{1}{2}}\right]}^{-1},$$

(8)

where $d_{\min }$ denotes the minimum degree of nodes in the network G, $D_G$ is the set of node degrees, and $|V_G|$ is the total number of nodes. Figure 8 shows the degree distribution of the real network and the adversarial hiding deception network. From Figure 10, we can visualize that the degree distributions of the two networks are consistent.

6. Conclusions

The contributions and innovations of this paper are mainly in the following four areas.

• In this paper, we first proposed a heterogeneous network defense strategy based on hiding and deception under incomplete information, that is, an adversarial hiding deception strategy. This strategy is the first study for heterogeneous network defense. We build an adversarial hiding deception network to hide the critical nodes in the network and induce the attacker to attack the non-important nodes, which breaks the limitation of the traditional passive defense strategy and realizes the active defense of the network;
• This paper proposed the adversarial hidden spoofing strategy. The traditional defense strategy defends by modifying the network structure, which consumes many costs and is difficult to implement. Instead of adjusting the network structure itself, the adversarial hidden deception strategy takes advantage of the information asymmetry and presents the hiding deception network to the adversary by setting up false information.
• We design node importance metric and fitness functions for heterogeneous operational networks, considering the graph structure information and type information of nodes. Based on this, we propose an adversarial hiding deception network optimization method based on a genetic algorithm;
• Through comparative experiments, we demonstrate that the defense effectiveness of the proposed adversarial hiding deception network is significantly improved compared to the real network. Under the same attack strategy, we compare the disintegration results of the undefended original network, the network with a random disguised defense method, and the network with an AHDNG defense, and the results show that the AHDNG proposed in this paper has a better defense effect. We also demonstrate that the generated adversarial hiding deception network has a similar graph structure to the real network using the degree distribution test.