work package 6 – d6manmade.maths.qmul.ac.uk/output/d6.1.pdf · 2011. 4. 6. · work package 6 –...

SIXTH FRAMEWORK PROGRAMME

Project contract no. 043363

MANMADE

Diagnosing vulnerability, emergent phenomena and volatility in man-made networks

SPECIFIC TARGETED PROJECT

NEST PATHFINDER

Sub-Priority Tackling Complexity in Science

Work Package 6 – D6.1 Vulnerability of interconnected networks

D6. 1 A method to calculate interoperability matrices Revision 1

Due date of delivery: M18

Actual submission date: June, 09 2008

Start date of project: 1st of January 2007 Duration: 36 months

Lead authors for this deliverable: [Ljupco Kocarev, MASA; Irina Petreska, MASA; Igor Tomovski, MASA; Nikola Zlatanov, MASA]

Project co-funded by the European Commission within the Sixth Framework Programme (2002-2006)

Dissemination Level

PU Public

PP Restricted to other programme participants (including the Commission Services) X

RE Restricted to a group specified by the consortium (including the Commission Services)

CO Confidential, only for members of the consortium (including the Commission Services)

MANMADE DELIVERABLE 6.1

Contents

List of Figures 2

1 Introduction 5

2 Theoretical background 52.1 Vulnerability, Robustness, and Resilience . . . . . . . . . . . . . . . . . . . . . . . . . 52.2 Network vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.2.1 Vulnerability: An Axiomatic Approach . . . . . . . . . . . . . . . . . . . . . . 72.2.2 Connectivity and robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.3 Static and Dynamic Robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.3.1 Static Tolerance to Errors and Attacks . . . . . . . . . . . . . . . . . . . . . 82.3.2 Modeling Cascading Failures and Strategies of Defense . . . . . . . . . . . . . 92.3.3 Cascading Failures in Power Transmission Systems . . . . . . . . . . . . . . . 10

3 Spectral and modal analysis of grid networks 113.1 Laplacian spectrum of Erdos–Renyi random graph . . . . . . . . . . . . . . . . . . . 123.2 Laplacian spectrum of Small-World Graph . . . . . . . . . . . . . . . . . . . . . . . . 123.3 Laplacian spectrum of Barabasi-Albert graph . . . . . . . . . . . . . . . . . . . . . . 143.4 Modal analysis: theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

4 Vulnerability of power grid 184.1 Methods to assess busyness of nodes and lines . . . . . . . . . . . . . . . . . . . . . . 184.2 Attack vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

5 Network flow 215.1 The Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245.2 Vulnerability analysis of the power grid . . . . . . . . . . . . . . . . . . . . . . . . . 26

6 Influence model 286.1 Binary influence model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286.2 Generalized binary influence model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306.3 Heterogeneous influence model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336.4 From undirected graph to network influence graph . . . . . . . . . . . . . . . . . . . 366.5 Interdependencies of critical infrastructures . . . . . . . . . . . . . . . . . . . . . . . 376.6 Summary - methods to calculate interoperability matrices . . . . . . . . . . . . . . . 40

7 Conclusions 41

1


List of Figures

1 Laplacian spectrum for a random ER graph with N = 1024 and linking probabilitya) p = pc, b) p = 2pc, c) p = 4pc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2 Laplacian spectrum for a random WS small-world graph with N = 1024, k = 1 andlinking probability a) 0.1 and b) 0.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3 Laplacian spectrum for a random WS small-world graph with N = 1024, k = 2 andlinking probability a) 0.1 and b) 0.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

4 Laplacian spectrum of a scale-free BA graph with N = 1024, a) d0 = 1 b) d0 = 2, c)d0 = 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

5 a) The dependence of the relative size of the giant component on the fraction ofremoved nodes for a random ER graph with 1000 nodes and average degree 3.5 b)The dependence of the relative size of the giant component on the fraction of removednodes for a random SF graph with 1000 nodes and average degree 3.5 . . . . . . . . 20

6 NORDEL synchronized zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 The degree distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Nodal distribution of the modal weight for one of the possible modes obtained by

the modal analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Attack vulnerability of a manmade network compared to an adequate generic BA

graph, both networks has 524 nodes, average degree 3.5 and similar degree distribu-tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

10 Attack vulnerability of a manmade network, simulated by an adaptive strategy, forunweighted graph, having 524 nodes and average degree of 2.4 . . . . . . . . . . . . 23

11 Attack vulnerability of a manmade network, simulated by an adaptive strategy, forweighted graph, having 524 nodes and average degree of 2.4 . . . . . . . . . . . . . 24

12 A sample of a power grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2613 Flow model based assessment of vulnerability of a power grid due to removal of lines

according to their nominal capacities and adequate modal weights . . . . . . . . . . 2714 Flow model based assessment of vulnerability of a power grid due to removal of lines

according to their actual loads and adequate modal weights . . . . . . . . . . . . . . 2715 Vulnerability rank for binary influence model on a random ER graph . . . . . . . . . 3016 Vulnerability rank for binary influence model on a scale-free graph . . . . . . . . . . 3117 Vulnerability rank for binary influence model on a small-world graph . . . . . . . . . 3118 Percentage of the nodes that need to be in the status off at time k = 0, so that when

k → ∞, the probability of all the cites to be in the status 1(off) is greater or equalto 0.5 for 150 different realizations of the corresponding graph . . . . . . . . . . . . . 32

19 Network influence graph with 200 cites . . . . . . . . . . . . . . . . . . . . . . . . . . 3220 Generalized influence model for a small-world graph with probability of rewiring p=0 3421 Generalized influence model for a small-world graph with probability of rewiring p=0.1 3422 Generalized influence model for a small-world graph with probability of rewiring p=0.8 3523 Illustration of the interoperating nodes . . . . . . . . . . . . . . . . . . . . . . . . . . 3624 Graph of the interdependent networks consisting of basic supplies, technical infras-

tructures and threats (BS–Basic Supplies, TI–Technical Infrastructures, T–Threats) 3825 Interdependency matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3926 The influence model simulation outcome (the width of the lines is proportional to

the probability the corresponding nodes to be in the same status (ON or OFF), TIstands for technical infrastructure, BS - basic supplies, T - threats) . . . . . . . . . . 39

2


27 Vulnerability Rank for infrastructure network influence graph shown in Figure 26. . 40

3


Executive summary

The activities carried out for the purposes of the MANMADE’s project Work Package 6 – “Vul-nerability of interconnected networks” due end of M18 were organized in five phases.

In the first phase a detailed extensive study over the theoretical background and the recentachievements in the field of vulnerability of complex networks was performed. Despite the fact thatthe concept of vulnerability has been introduced in several fields including psychology, sociology,political science, economics, epidemiology, biology, environmental and geosciences, and engineering,there is no generally accepted definition of it, even if we only consider technical, or engineering,applications.

In the second phase, different strategies and approaches to developing mathematical modelsof vulnerability of interconnected networks were considered and a frame for further activities wasset. The influence model was accepted as the most suitable one for describing interdependencies ofnetworks and it was further implemented in studying vulnerability of various networks topologies.

In the third phase static tolerance of complex networks, including generic types, as well asmanmade samples was investigated by simulating attacks based on different ranking criteria. Theresults obtained through these analyses are submitted for presentation at the International Sympo-sium on Nonlinear Theory and its Applications – NOLTA 2008, that is going to be held in Budapestand an extended manuscript is in preparation. In the same phase, dynamic analyses by using theinfluence model were also carried out.

In the fourth phase a network flow model, based on linear programming (LP) algorithms wasdeveloped and the redistribution of flow of the physical quantities over a network was analyzed.

The fifth phase was devoted to summarizing the results from the researches and deriving con-clusions. Based on the analyses performed within these period of the project development severalmethods of calculating interoperability matrices for interconnected networks were established.

4


1 Introduction

This report comprises the results that were obtained by MASA MANMADE project team withinthe framework of the Work Package 6 (WP6), entitled “Vulnerability of interconnected networks”by M18. Considering the tasks set in this work package, the report is organized as follows: insection 2 we give a brief theoretical background regarding the robustness and vulnerability of com-plex networks, in section 3 spectral and modal analyses of networks having different topologies areperformed, in section 4 the results of a theoretical analysis of grid vulnerability are presented, insection 5 a mathematical analysis on flow through complex networks is carried out, in section 6the influence model is applied on different networks, as well as an overall discussion on variousapproaches to study interdependencies between complex networks and methods to calculate inter-operability matrices is given, and in section 7 conclusions and future perspectives of the WP6 areelaborated.

2 Theoretical background

In the last few decades the complex networks, having irregular structure and heterogeneity havebeen subject of very active researches. As the focus of this project are manmade networks, such aspower grids, gas networks, urban networks, communication networks, we here give a brief introduc-tion on the mathematical modeling of complex networks. From the recent achievements in complexnetworks modeling, we can extract two main fields of interest: structure of complex networks anddynamics of complex networks. Structure of the complex networks is topologically modeled bygraphs consisting of nodes and edges. In complex infrastructure networks nodes are entities thatproduce, consume or transform a resource (e. g. generators or substations in electricity networks),while the edges are physical or virtual entities linking the nodes and enabling flow of a physicalquantity, information or influence. Many years of experience have generated a consistent systemof statistical measures describing properties that are common to most of the real-life networks.Several generic models such as Erdos–Renyi (random graph), Watts–Strogatz (small world) andBarabasi–Albert (scale-free) models have been established and investigated [1, 2, 3, 4, 5, 6, 7].However, the real-life networks do not follow the predictions based on this models completely, eventhough they manifest resemblance to some of them. All manmade networks have one main pur-pose, which is providing various services of essential importance for the society and people. Asthe demands grow and the networks grow on complexity, one crucial question arises: How can wemeasure the networks vulnerability and prevent malfunctions? Since investigating vulnerability ofinterconnected networks is the main goal of the Work Package 6 (WP6), thus we pay more attentionon the definitions and methods to describe and explore robustness and vulnerability of complexnetworks.

2.1 Vulnerability, Robustness, and Resilience

The concept of vulnerability has been introduced in several fields including psychology, sociology,political science, economics, epidemiology, biology, environmental and geosciences, and engineering[8]. In dictionary definitions of “vulnerable”, a common denominator is references to deliberateactions (threats), e.g. “susceptible to attack”, and “open to attack or assault by armed forces”[9]. However, there is no generally accepted definition of the concept vulnerability even if we onlyconsider technical, or engineering, applications. Below we will give a few examples of possibledefinitions of vulnerability in relation to technical systems.

5


Einarsson and Rausand [10] study industrial systems, and define vulnerability as “the propertiesof an industrial system; its premises, facilities, and production equipment, including its humanresources, human organization and all its software, hardware, and net-ware, that may weakenor limit its ability to endure threats and survive accidental events that originate both withinand outside the system boundaries”. Berdica [11] defines vulnerability in the road transportationsystem as “a susceptibility to incidents that can result in considerable reductions in road networkserviceability”. In the field of information security, vulnerability is commonly thought of as aweakness in the security system that might be exploited to cause harm or loss. Morakis et al. [12]define vulnerability as a “measure of the exploitability of a weakness”. In structural engineering, theterm vulnerability is often used to capture the “susceptibility of a component or a system to someexternal action”. Thus, a structure is vulnerable if “any small damage produces disproportionatelylarge consequences” [13]. Finally, vulnerability is also a topic in mathematics. In the branch ofdiscrete mathematics called graph theory, vulnerability implies a lack of resistance of the graph tothe deletion of vertices and edges [14].

Robustness and resilience taken together can be treated as a complement to vulnerability.Robustness signifies that the system will retain its system structure (function) intact (remainsunchanged or nearly unchanged) when exposed to perturbations, and resilience implicates that thesystem can adapt to regain a new stable position (recover or return to, or close to, its originalstate) after perturbations. Hansson and Helgesson [15] use the recovery time, i.e. the time it takesfor the system to recover after a perturbation, and show in a formal analysis that robustness canbe treated as a special case of resilience (i.e. when the recovery time equals zero).

2.2 Network vulnerability

In the literature there are different approaches to the concept of vulnerability of networks. Onetrend relates the vulnerability or robustness of a network with its connectivity [16], while othersrelate it with the decrease of efficiency when some vertices or edges are under attack [17, 18]. Forexample Latora and Marchiori define the importance or local vulnerability of a vertex i in a networkG as the drop in the network efficiency caused by the deactivation of the node, i.e.,

νloc = E(G)− E(G \ {i})

where E(·) denotes the efficiency which measures in some sense how the information is exchangedover the network [17, 18]. If we have in mind this point of view and we want to define a globalversion of this concept, it is natural to define the global efficiency as an arithmetic mean of the localvulnerabilities (if we are considering random attacks to vertices or breakdowns) or as a maximum(if we think about intentional attacks), that is

νglob =1N

∑

i∈G

|E(G)− E(G \ {i})|

This definition is consistent with the intuitive idea of vulnerability and have been used in differentcontexts [19, 20], but it is easy to check that they cannot distinguish networks that should havedifferent vulnerabilities. For example, if we consider the cycle C4 and the complete graph K4, it iseasy to check that both graphs have vulnerability zero, but our intuition suggests that K4 is morerobust than C4.

6


2.2.1 Vulnerability: An Axiomatic Approach

A mathematical quantity called vulnerability should satisfy several properties. First, the invarianceunder isomorphisms should be the first property a vulnerability measure must fulfil; since we aretrying to gauge a network property depending on its topology, it does not make sense that theresulting value depends on where the nodes are located, but only on which edges are present betweenthem. Another requirement is normalization: we want the measure to take values within the unitinterval [0, 1], and to do so in a reasonable way, with the most vulnerable graphs having valuesclose to one while robust graphs are close to zero. Third, vulnerability should be computable inpolynomial time (this is necessary for practical reasons). Forth, the key property of a vulnerabilitymeasure is that it should never increase by adding edges.

Definition 1 Let G be the set of all possible graphs with a finite number of vertices. A vulnerabilityfunction ν is a function ν : G → [0, 1] verifying the following properties:

1. ν is invariant under isomorphisms.

2. ν(G0) ≥ ν(G) if G is obtained from G0 by adding edges.

3. ν(G) is computable in polynomial time respect to the number of vertices of G

A generic network is represented by a graph G with N vertices (nodes) and |L| edges (links orconnections). The degree of a generic node i is the number di of edges incident with vertex i andthe maximum and minimum degrees of the vertices of G will be denoted by M and m respectively.The vulnerability of a network can be first defined as the quantity

ν∗ = exp{

M −m

N+ N − |L|+ 2

N− 2

}

A simple computation shows that the vulnerabilities of the complete graph KN , the star SN

and the cycle CN are respectively

ν∗(KN ) = exp{−N3 + 3N2 − 4N + 4

2N

},

ν∗(SN ) = 1,

ν∗(CN ) = exp{−2 +

2N

}.

2.2.2 Connectivity and robustness

A graph G(N, L), with N nodes and L links, is connected if there is a path between each pair ofnodes and disconnected otherwise. It is essential that a network should be robust: it should stilloperate if some of the links between nodes are broken. Hence, the network graph should possessa redundancy of links. The minimum number of links to connect all nodes in the network equalsN − 1.

There exist interesting results from graph theory that help to dimension a reliable network [21].The edge and vertex connectivity seem natural quantifiers from which robustness can be derived.The edge connectivity η(G) of a connected graph G is the smallest number of edges (links) whoseremoval disconnects G. The vertex connectivity κ(G) of a connected graph G different from the

7


complete graph KN is the smallest number of vertices (nodes) whose removal disconnects G. Forany connected graph G holds that

κ(G) ≤ η(G) ≤ dmin(G).

In particular, for the complete graph KN , κ(KN ) = η(KN ) = dmin(KN ) = N − 1.By Menger’s Theorem, it follows that there are at least η(G) link-disjoint paths and at least

κ(G) node-disjoint paths between any pair of nodes in G. In order to dimension the graph G of arobust network, the goal is to maximize both η(G) and κ(G). Of course, the most reliable graph isthe complete graph; however, it is also the most expensive. Therefore, the total number of links Lshould be minimized. Since the minimum cannot exceed the average, we have that dmin ≤ da = 2L

N .It follows that the best possible reliability is achieved if the network graph is designed such that

κ(G) =2L

N

The optimum implies that dmin(G) = da = 2LN or that each node has the same degree dj =

da. Hence, a best possible reliable graph is a regular graph (dj = da), but not every regulargraph necessarily obeys κ(G) = da. Furthermore, two different graphs with the same parametersN, L, κ(G), η(G) and dmin(G) are not necessarily equally reliable. Indeed, the edge and vertex dis-connectivity only give a minimum number η(G) and κ(G) respectively, but do not give informationabout the number of subsets in G that lead to this number. It is clear that if only one vulnerableset of nodes is responsible for a low κ(G), while in another graph there are more such sets, thatthe first graph is more reliable than the second one. In summary, the presented simplified analysisgives some insights, but more details (e.g. the number of vulnerable sets or subgraphs) must beconsidered in the dimensioning study.

2.3 Static and Dynamic Robustness

In brief, robustness of a network refers to the ability of a network to avoid malfunctioning whena fraction of its constituents is removed. Robustness can be encountered in two different variants.The first one is static and the second one dynamic. The static robustness is meant as the act ofdeleting nodes without need to redistribute any quantity that is being transported by the network(e.g. energy, information etc.). On the other hand, the dynamic robustness refers to the case whenthe redistribution of flows through the remaining nodes is taken into account.

Modeling the damages and failures in the networks can be performed by deleting some com-ponents of the networks. Since the graph formalism is used to model networks this would meandeletion of nodes or edges. We first focus our attention on studying the main quantitative measuresthat describe the load of the components of a network, the effects of the damages to the load, aswell as tolerance of a network to errors and attacks. Errors or sometimes called random failures arerandom deletions of fractions of nodes or edges, while attacks are related to preferential deletionsof nodes or edges, for instance highly connected nodes or nodes and edges of highest weight in thenetwork.

2.3.1 Static Tolerance to Errors and Attacks

Considering the definitions above, two kinds of tolerances would be of interest in investigatingthe robustness of networks, static and dynamic tolerance. We’ll first pay attention on the statictolerance. Static tolerance is the ability of the system to maintain its connectivity properties after

8


the random deletion of a fraction f of its edges or nodes. Static tolerance of a network is usuallytreated with the percolation theory method so that the fraction of deleted nodes is labeled asf , thus the portion of the remaining nodes would be 1 − f . The phase transition occurs when afraction of nodes known as critical fraction fc or percolation threshold is removed. Average shortestpath length and efficiency of the networks are tracked in investigating the static tolerance of thenetworks.

The first numerical studies on the networks robustness refer to the Internet and a sample ofthe World Wide Web. Albert at al. have studied how the properties of the mentioned networkschange when a fraction f of the nodes is removed [22]. The nodes are deleted either randomlyto simulate errors or in decreasing order of their degree to simulate attacks. It was shown thatboth the Internet and WWW are persistent for high rates of random node removal i.e. persistentto errors, but sensitive to attacks. This corresponds to the mathematical predictions for scale-freenetworks, confirming once more that most of the real-life examples of networks are most adequatelydescribed by the scale-free model.

Crucitti et al. [17] examined the dependence of average shortest path and the global efficiencyof BA scale-free network and ER random graph on the fraction of the removed nodes. In thiswork it was shown that the difference between scale-free networks becomes less pronounced as thefraction of removed nodes increases. The scale-free networks are the most affected by attacks, evenif a small fraction of nodes is removed (sometimes a single one) [17]. It is worth to be mentionedthat as a network becomes unconnected (larger fraction of nodes are removed), the global efficiencyis a better quantity to describe the system than the average shortest path. The numerical resultsregarding static tolerance of networks to errors and attacks, given above are supported by analyticalcalculations, that are not going to be discussed in this deliverable.

2.3.2 Modeling Cascading Failures and Strategies of Defense

Modeling the dynamics of flows of the physical quantities of interest over the network is anotherimportant dimension in treating the complex networks. A network may be fully characterized onlyby considering the interplay between structural and dynamical aspects.

As it was mentioned above in the dynamical treatment of errors and attacks tolerance of net-works, after a defect occurs (deletion of a node or an edge) the load is redistributed among theremaining nodes or edges. By redistributing the load among the remaining nodes an overload ofsome other nodes might happen which means that this node would be deleted and the redistributionis applied again. This process will go on until all the nodes have free-flow regime meaning that nonode is overloaded. Betweenness centrality is taken as a measure of the load of a node. Capacityof each node is proportional to its betweenness at the initial moment of time. The coefficient ofthe proportionality is said to be a parameter of tolerance to attacks. There is a number of relevantpapers treating the robustness of the networks by analyzing the cascading failure as a function ofthe parameter of tolerance [23, 24, 25, 26].

Since the capacity of a node is proportional to its initial load one may write

Ci = (1 + α)Li (1)

where α is the tolerance parameter. When all nodes are on, the network operates in a free flow stateinsofar as α ≥ 0. The removal of nodes generally changes the distribution of shortest paths. Theload at a particular node can then change. If the load of a node increases and becomes greater thanthe node’s capacity, the node fails. Subsequent redistribution of load among the nodes can causeanother node to be overloaded and so on. The redistribution process continues until a certain

9


moment when all the remaining nodes satisfy the condition bi(t′) ≤ Ci. This process of failurespreading in a network is known as cascading failure.

So far it was shown that the removal of a small fraction of highly connected nodes, or even asingle node, simulating the breakdown of an Internet router or of an electrical substation can causea cascading failure in scale-free networks. The homogenous networks do not experience cascadingfailures due either to random breakdown or to intentional attack for α as small as 0.05, while for theheterogeneous networks the same value of α, attack on a key node can reduce the giant componentto less than 10% of the original size. This means that the homogeneous networks appear to bemore resistant to cascading failures than the heterogeneous ones.

Since in heterogeneous networks the damage of a single node triggers a cascade breakdown inthe network, the most important issue to be considered regards the possible strategies of defense toprevent the cascade from propagating through the entire network. Very often the only acceptableaction is further removal of nodes and edges because the other measures like rewiring or adding newnodes and edges would involve extra costs and requires more time that available. The intentionalremoval of nodes having small load and edges with large excess of load reduces the cascade drasti-cally. Even though any removal of nodes always increases the damage of the network, the resultinggiant component is in this case significantly larger, as compared to the case without defense.

Another way of defense proposed by Crucitti et al., instead of permanent removal of overloadednodes is degradation of the communication through these nodes, so that the flow of energy orinformation (or any other quantity transported by the network) will avoid them [17]. The modelassumes that the network is described by a weighted graph. The weight wij attached to each edgeis a number in the range (0, 1] and measures the efficiency in the communication along the edge.At the initial moment all the transmission lines function perfectly, which means the weight of eachedge is one. The removal of a node starts the dynamics of the model, creating overloads on somenodes. The overloaded nodes are not removed, but at each time step for each overloaded node thefollowing weights update is adopted:

y =

{wij(0) Ci

bi(t)if bi(t) > Ci

wij(0) if bi(t) ≤ Ci(2)

meaning that the efficiency of all the arcs passing through node i are reduced, so that eventuallythe flow will take alternative paths.

2.3.3 Cascading Failures in Power Transmission Systems

The models described so far are too simplistic when it comes to model real blackouts in powergrids. Dobson et al. have proposed a more realistic model for such cases [27]. In this model thenetwork nodes are characterized by an input power Pi, which is positive for generators and negativefor customers/users and each electric line connecting two nodes is characterized by the power flowthrough it wij and the impedance zij . The power flow through the network is calculated by solvingthe DC power flow equation

F = AP , (3)

where F is a vector whose NL components are the power flows through the lines Fij , P is a vectorwhose NN − 1 components are the power of each node Pi, with the exception of the referencegenerator P0, and A is a constant matrix. The reference generator power is not included in thevector P to avoid singularity of A as a consequence of the overall power balance.

Cascading failures in this model are simulated by assigning a maximum power Pmaxi to each

generator it can supply, and a maximum power flow wmaxij to each line. When an overloaded line

10


(wij > wmaxij ) is found in the solution of equations the line impedance is multiplied by a large

number, and the corresponding maximum weight wmaxij is divided by another large number, so that

there is no power flow through the line. In modeling the dynamics of power transmission systems,two time scales must be considered, slow time scale, of the order of days and years and fast timescale, of the order of minutes to hours. Over the slow time-scale the power transmission networkself-organizes as a result of two opposing processes. The power demand increases in time and onthe other hand, the system is being upgraded in response to demand increase and appearance ofblackouts. This slow opposing processes lead to dynamic equilibrium of the system. In generalthe slow dynamics has three components: the growth of the demand, response to blackouts byupgrades in the grid transmission capability Γ and response to increased demand by increasingmaximum generator power. Several parameters and quantities are introduced to describe each ofthis components. The values of this parameters are determined by applying a statistical analysis ofblackouts and power system upgrades over a longer period of time (e. g. 10-20 years). Calculationscarried out within this model showed that there are two different dynamical regimes. The firstone is characterized by the low value of generator capability margin (a measure of the generationcapability of the power system in response to fluctuations of the power demand). In this regime, theavailable power is limited and has difficulties in meeting demand, blackouts are frequent, but theyaffect only a small number of loads and there are only a few outages. In the opposite regime-highΓ, the blackouts are less frequent, but they tend to involve multiple line outages when they happen.This regime is interesting because there are many cascading events that can cause blackouts in alarge part of the network.

According to this brief description of the Dobson et Al. model, one can notice that allows toexamine cascading failures as the load power demand increases and to identify two types of criticalpoints, those characterized by transmission line flow limits and those characterized by generatorcapability limits [27]. In particular it is found that operation near critical points can produce powertails in the blackout size probability distribution. The results obtained by this model are in goodagreement to those observed in 15 years of North American blackout data.

3 Spectral and modal analysis of grid networks

Eigenvalues of graphs are useful for controlling many graph properties (and consequently havenumerous algorithmic applications including low rank approximations, information retrieval andcomputer vision). There are several ways to associate a matrix to a graph. The usual adjacencymatrix A associated with a (simple) graph has eigenvalues quite sensitive to the maximum degree(which is a local property). The (combinatorial)Laplacian

L = D −A (4)

with D denoting the diagonal degree matrix is a major tool for enumerating spanning trees andhas numerous applications [28, 29]. Another matrix associated with a graph is the normalizedLaplacian I − D−1/2AD−1/2 which controls the expansion/isoperimetrical properties (which areglobal) and essentially determines the mixing rate of a random walk on the graph. The traditionalrandom matrices and random graphs are regular or almost regular so the spectra of all the abovethree matrices are basically the same (with possibly a scaling factor or a linear shift). However, forgraphs with uneven degrees, the above three matrices can have very different distributions. Theeigenvalues of the adjacency matrix were much more investigated in the past than the eigenvaluesof the Laplacian matrix: see e.g. [30, 31] for books on the eigenvalues of the adjacency matrix ande.g. [32, 33] for surveys on the eigenvalues of the Laplacian matrix.

11


The set of vertices adjacent to a vertex vi ∈ G is denoted by V (vi). The degree of vi isd(vi) = |V (vi)|. The minimum degree of the vertices of a graph G is denoted by δ(G) and themaximum degree by ∆(G). If δ(G) = ∆(G) = k, that is every vertex of G has degree k then G is saidto be k-regular graph. If V (G) = {v1, v2, . . . , vN}, then δ(G) = d(v1) ≤ d(v2) ≤ . . . ≤ d(vN ) = ∆(G)is a degree sequence of G. The average degree or simply degree of a graph is d(G) =

∑i d(vi)/N .

The degree distribution pd(k) denotes the fraction of vertices that have degree equal to k.Let λ1 = 0 ≤ λ2 ≤ . . . ≤ λN , repeated according to their multiplicities, be eigenvalues of the

matrix L. These eigenvalues are called Laplace eigenvalues of the graph G. Laplace eigenvalues ofthe complete graph KN are λ1(KN ) = 0 and λk(KN ) = N for 2 ≤ k ≤ N . The Laplace eigenvaluesof the N -cycle CN are the numbers

λk(CN ) = 2− 2 cos(

2(k − 1)πN

), k = 1, . . . , N.

It is easy to see that 0 is always an eigenvalue of L, and than (1, 1, . . . , 1)T is the correspond-ing eigenvector. More precisely, we have the following description of the multiplicity of 0 as aneigenvalue of L. The multiplicity of 0 as an eigenvalue of L is equal to the number of connectedcomponents of G. This implies if λ2 > 0 then the graph is connected. The following inequalitieshold

λ2(G) ≤ N

N − 1δ(G) ≤ N

N − 1∆(G) ≤ λN (G) ≤ 2∆(G). (5)

The proof of the above two statements can be found, for example, in [6, 7].

3.1 Laplacian spectrum of Erdos–Renyi random graph

In this set of simulations we consider realization of the Erdos–Renyi random graph Gp(N), withN = 1024 and increasing link probability p. For Gp(N), the probability of having a link betweenany two nodes (link probability p) is p ≥ pc = log N/N . For each value of p, we have simulated104 independent configurations of the random graph. For each independent configuration, the setof N eigenvalues of the Laplacian matrix has been computed, leading eventually to the Laplacianspectrum, created by picking at random one out of N eigenvalues. Figure 1 shows the Laplacianspectrum of Gp(N) for the link probabilities pc, 2pc, 4pc, respectively. At the critical thresholdprobability p = pc, there exists random graphs that are not connected; here we have consideredonly connected ER random graphs. With p = 4pc, the spectrum has a bell shape, centered aroundthe mean nodal degree p(N − 1). Moreover, for fixed p = 4pc, the high peak becomes smaller whilethe bell shape becomes wider, representing that, for increasing N , the spectrum variance is inagreement with the Wigners Semicircle law [21]. In fact, the spectrum is pointing to uncorrelatedrandomness what is a characteristic property of an ER random graph. Hence, the Laplacianspectra are indicating that, for the increasing link density, the underlying structure of Gp(N)graphs transforms from a tree-like structure with a small diameter into a more homogeneous graphwhere the degree is closely centered around the mean degree.

3.2 Laplacian spectrum of Small-World Graph

In this set of simulations we consider Watts and Strogatz small-world graph, built on the ring latticeC(N, k) with N = 1024. For each graph size N , every node is connected to its first 2k neighbors (kon either side). In order to have a sparse but connected graph, we have considered N À 2k À ln Nin the following ring lattice graphs: C(1024, 1), C(1024, 2). The small-world model is then created

12


a)

b)

c)

Figure 1: Laplacian spectrum for a random ER graph with N = 1024 and linking probability a)p = pc, b) p = 2pc, c) p = 4pc

13


a)

b)

Figure 2: Laplacian spectrum for a random WS small-world graph with N = 1024, k = 1 andlinking probability a) 0.1 and b) 0.5

by moving, with probability pr, one end of each link to a new location chosen uniformly in thering lattice, except that no double links or self-edges are allowed. Figures 2–3 show the Laplacianspectrum for the considered small-world graphs.

3.3 Laplacian spectrum of Barabasi-Albert graph

The preferential attachment scheme is often attributed to Herbert Simon. In his paper [34] of1955, he gave a model for word distribution using the preferential attachment scheme and derivedZipf ’s law. The basic setup for the preferential attachment scheme is a simple local growth rulewhich leads to a global consequence — a power law distribution. Since this local growth rule givespreferences to vertices with large degrees, the scheme is often described by “the rich get richer”.Of interest is to determine the exponent of the power law from the parameters of the local growthrule.

The Barabasi-Albert model (BA) model incorporates the concepts of growth and preferentialattachment [2]. The network begins with an initial network of m0 nodes. It should be noted thatm0 ≥ 2 and the degree of each node in the initial network should be at least 1, otherwise it will

14


a)

b)

Figure 3: Laplacian spectrum for a random WS small-world graph with N = 1024, k = 2 andlinking probability a) 0.1 and b) 0.5

15


always remain disconnected from the rest of the network.New nodes are added to the network one at a time. Each new node is connected to m of the

existing with a probability that is biased so that it is proportional to the number of links that theexisting node already has. Formally, the probability pi that the new node is connected to node i is:

pi =di∑j dj

(6)

where di is the degree of the node i. The new nodes tend to connect to the already heavilylinked nodes. After t time steps this procedure results in a graph with N = m0 + t nodes andL = m0(m0−1)

2 + mt links.The spectral density of BA model has a different shape from the semicircular spectral density

of random graph. It has a triangle-like shape with the top lying well above the semicircle and edgesdecaying as a power law. In this work we have investigated the spectral properties of a BA graph,consisting of 1024 nodes, with average degrees of the initial graph d0 = 1, 2 and 4, respectively.Figure 4 shows the Laplacian spectra of several BA networks.

3.4 Modal analysis: theory

The dynamical models describing networks of interconnected mass-spring oscillators can be success-fully implemented for modeling various oscillatory systems. The fundamentals of the method are inthe equations of motion, derived from the Second Newton’s Law. Let us consider a two-dimensionaloscillatory system consisting of N point-like objects having mass mi, respectively, connected bysprings with elasticity constants aij . The point-like objects serve as nodes of a graph and the springsas edges, therefore the entries of the adjacency matrix would be determined by the correspondingspring constants. The oscillations of the nodes are oriented perpendicularly with respect to theplane. If we denote the position (along the direction of oscillations) of each node by xi, then theforce fi acting to the node i and due to the node j would be given by f j

i = aij(xj − xi), where aij

stands for the elasticity constant of the spring connecting the nodes i and j. The net force actingon the node i due to all other nodes is given by

fi =N∑

j=1

aij(xj − xi) = −(N∑

j=1

aijxi −N∑

j=1

aijxj). (7)

Note that the first sum in the equation above gives the node degree di, thus the net force actingon the node i can be expressed as

fi = −(dixi −N∑

j=1

aijxj). (8)

Stacking up the equations for each node, the complete system of equations for the consideredoscillating system in a matrix form would be:

F = −(D −A)X = −LX (9)

where D, A,L stand for the diagonal degree matrix, adjacency matrix and the Laplacian, respec-tively. This system of equations has a major role in the analysis of the normal vibrational modesin Structural Dynamics, since it governs the dynamics of a mass-spring grid. This is more obvious

16


a)

b)

c)

Figure 4: Laplacian spectrum of a scale-free BA graph with N = 1024, a) d0 = 1 b) d0 = 2, c)d0 = 4 17


if we express the forces fi by miω2i (xj − xi), where the quantities ωi give the frequencies of the

possible oscillating modes of each node.Let us now consider the application of the modal analysis in manmade networks as suggested

in [35]. Given an undirected graph G(N, L,W ) with vertex set N = {n1, n2, n3, ..., nN}, edge setL = {l1, l2, l3, ..., lN} and weighting rule W (L). The weighted adjacency matrix is given by:

A ={

wij where wij is the weight of the edge lij0 if the nodes i and j are not connected

(10)

In power grids, the weight of the links may be determined by their kV rating. Considering thesedefinitions, the entries of the matrix D in the Laplacian 4 would be given by di =

∑Ni=1 wij . Let

Λ, Φ be the Laplacian eigenvalues and eigenvectors, respectively. We can now generate the modalconnectivity matrix [35, 36]

Γ = LT Φ (11)

where (LT stands for the transposed Laplacian). Modal contributions to each node can be deter-mined as follows [35, 36]

wi =N∑

j=1

|γij | (12)

for i = 1 . . . N , where γij are the elements of the modal connectivity matrix Γ. The modal con-tribution is a measure of the load each node receives, thus it wi can be used to rank the nodesaccording to their busyness. The modal ranking of the nodes was used to develop strategy fortheoretical study of the power grid vulnerability. The modal spectral analysis can be also appliedto assess busyness of lines. The modal load of a line is given by the sum of the absolute values ofthe differences between modal contributions of neighboring nodes [35]

li,j =n∑

k=1

|γik − γjk|. (13)

4 Vulnerability of power grid

4.1 Methods to assess busyness of nodes and lines

As it was mentioned above, attacks are simulated by preferential removal of nodes and lines. Theproblem of establishing quantitative criterion to rank the nodes and links of a network and tomodel attacks by preferential removal is still open in the scientific community worldwide. Formathematical modeling of networks vulnerability, it is of great importance to develop methods forassessment of the nodes and lines busyness. In the scientific literature several methods for this arepointed out. Usually, statistical measures such as closeness and betweenness centrality are utilizedfor busyness assessment. Betweenness centrality of a node is defined as the fraction of all shortestpaths between pairs of vertices, passing through the node, given by the equation [1]:

bi =∑

s6=i6=t

σst(i)σst

(14)

While, the betweenness centrality of an edge is given by the fraction of all shortest paths joiningthe pairs of vertices, passing through the observed edge [1].

bi,j =∑

s6=i6=j 6=t

σst(i, j)σst

(15)

18


Within the frames of the MANMADE project, an attempt to apply modal analysis for nodes andlines assessment and their ranking according to the busyness on generic graphs, as well as existingmanmade networks was made. Ranking based on the modal analysis was compared to the rankingaccording to centrality measures [37].

4.2 Attack vulnerability

The modal analysis was first applied to random networks generated by Erdos–Renyi and Barabasi–Albert models. The latter represents scale-free networks that are usually better description forreal-world networks. Networks having 1000 nodes and average degree 3.5, initially connected, wereinvestigated. Modal analysis and ranking of the nodes according to their modal weight was carriedout by a programming code developed for the purposes of this work.

The rankings according to connectivity, betweenness centrality and modal weight were com-pared, which was further used to develop a strategy to simulate attacks on the networks. TheSpearman’s correlation coefficient between the rankings according to the modal weight and the be-tweenness centrality is about 0.56462, while the correlation between modal ranking and closenesscentrality is about 0.5, meaning that there is no high correlation between these ranking criteria.However, we find the modal weight of the nodes a reliable measure for a node utilization andbusyness especially for manmade networks (power grids, urban networks, internet), where the flowof the physical quantity transported through the network is of importance. Thus, we analyzedvulnerability of complex networks by preferential removal of the nodes according to their modalweight and we compared the results with those obtained by preferential removal according to thestandard measures.

We applied two different strategies to examine the attack vulnerability of the considered net-works. First one, so called non-adaptive strategy, uses the initial ranking of the nodes, withoutrecalculating the properties after a removal of a fraction of nodes. In the frames of the second one,the adaptive strategy, the modal weight, as well as the betweenness centrality and nodes’ degreewere recalculated after each deletion of nodes, and the new ranking was utilized.

The dependence of number of clusters, the diameter and the relative size of the giant componenton the fraction of deleted nodes was tracked in our simulation. The failure of the random ERnetwork considered in this work, tracked by the decrease in the relative size of the giant componentwith the deletion of nodes is represented in 5a). The same analysis for the scale-free graph is givenin 5b).

In agreement to the recent findings [2, 17], our results confirm that the scale-free networks aremore vulnerable than ER networks, when submitted to attacks (preferential removal of nodes).Analyzing the graphs, one can notice that deletion of nodes of the considered scale-free and ERnetworks according to their connectivity and betweenness centrality is more efficient strategy todisintegrate a generic network.

The same analysis was also applied to several examples of manmade networks, sectors of theEuropean power grid. The EU power grid data set was processed and compiled on GIS(GeographyInformation System) by the MANMADE team from ELSA - JRC. The condensed graph of the EUpower network consists of about 5297 nodes and 6859 lines, divided into four synchronized zones:NORDEL (Nordic countries, 524 nodes, 641 lines), ATSOI (Ireland, 45 nodes, 60 lines), UKTSOA(United Kingdom, 393 nodes, 492 lines), UCTE (continental Europe, 4335 nodes, 5666 lines). Inthis work the spectral modal analysis was applied to each of the zones.

As an illustration we here give the graphical representation of the modal weight distributiononly for a certain mode the NORDEL synchronized zone, that consists of 524 nodes and 641 edges,

19


a)

b)

Figure 5: a) The dependence of the relative size of the giant component on the fraction of removednodes for a random ER graph with 1000 nodes and average degree 3.5 b) The dependence of therelative size of the giant component on the fraction of removed nodes for a random SF graph with1000 nodes and average degree 3.5

20


Figure 6: NORDEL synchronized zone

see Figure 6. The degree distribution for this network is given on the graph (Figure 7). The modalweight distribution among the nodes for a certain mode for one of the sectors investigated, is shownin Figure 8.

The vulnerability of the sectors of EU power grid was investigated with two different approaches.The first one was a basic topological analysis, in which the weights of the edges (power transmissionlines) were neglected (set to one), while the other took into consideration the weights of the lines (thevoltages of the power transmission lines). We here present the results from these investigations foronly one of the considered sectors, since the results for the rest are rather similar. Figure 16 showsthe results obtained by the non-adaptive strategy for NORDEL synchronized zone in comparisonto those for an adequate BA scale-free network. As it is obvious from the presented analyses themodal weight based strategy can be an efficient method to disintegrate a manmade network byremoving a small fraction of nodes.

5 Network flow

In addition to the analyses on attack vulnerability presented above, that is primarily related to thenetwork topology, we have also investigated the flow through networks and its redistribution aftera removal of the components. This is of crucial importance, because a reliable picture of a networkvulnerability can be obtained only if the flow of the quantity transferred through the network istracked and the possible alternative flows are found when attack happens. To analyze the flowthrough networks we utilized the well-known linear programming (LP) simplex algorithm. In brief,this algorithm enables to maximize the flow through an observed network by linear programming,which describes a broad class of optimization tasks in which both the constraints and the opti-mization criterion are linear functions. In the case of electric power systems the conversion froma flow network to a linear programming format requires the development of a set of constraints

21


Figure 7: The degree distribution

Figure 8: Nodal distribution of the modal weight for one of the possible modes obtained by themodal analysis

22


Figure 9: Attack vulnerability of a manmade network compared to an adequate generic BA graph,both networks has 524 nodes, average degree 3.5 and similar degree distribution

Figure 10: Attack vulnerability of a manmade network, simulated by an adaptive strategy, forunweighted graph, having 524 nodes and average degree of 2.4

23


Figure 11: Attack vulnerability of a manmade network, simulated by an adaptive strategy, forweighted graph, having 524 nodes and average degree of 2.4

for the generating nodes, demand nodes and transmission lines. In addition, an objective functionmust be developed that reflects the reaction of the system to disruptions. That is, some measure ofeffectiveness of the electric power system following a disruption must be available if post disruptionsystem effectiveness is to be assessed.

Though very simple in its nature, as well as not as precise as the DC or AC Power Flowmodels, generally used in the analysis of the electric power grids, the presented approach gives wellassessment of the distribution of loads in real-world networks as suggested in [38]. The advantage ofthe model is in its simplicity and generality: it may be introduced in the flow analysis of other typesof networks (gas, transportation, internet), with only minor revisions in the constrains definitions.

5.1 The Model

Simplex method and its use in the assessment of the flow distribution throughout a network is wellknown and elaborated in the literature. Therefore, only a model specific issues will be addressedin this sub-section.

Firstly, the basic definition of simplex method, understands positivity of the values of flowtrough connection lines, with flow direction pre-set in the problem definition. In other words theuse of the method is based on the presumption that the graph that represents the analyzed networkis directed. If we accept a rigid approach, we might consider the lines that come from the generationnodes, as well as those that end in the demand nodes to be directed; however this is unacceptablewhen defining the flow trough the lines that connect the transmission nodes with the network.Using a more flexible approach in our analysis, each generating and demand node is considered asa transmission node as well, i.e. each line in the network is treated as bi-directional. In order toadjust our approach to the basic definition, the use of multiple (double) lines is introduced: eachbi-directional line, connecting any two nodes in the network, is substituted by a combination of twoseparate directed lines. Hence, the model works with twice as many variables (lines) then there is

24


in the real physical system.Transmission lines between nodes require two constraints in order to keep power transmission

from exceeding line capacity. Both constraints are necessary because the direction of flow is un-known until the final solution for a given disruption is known. For example, the constraints for alink would be expressed as:

xi, xj ≤ C

|xi − xj | ≤ C

where xi and xj represent flow values trough directed lines, forming (when observed as a pair) abi-directional line with capacity C.

For a generating node a constraint is necessary so that net outflow does not exceed the generatingcapacity of the node. The general form for such a constraint is given by:

n∑

i=1

xi ≤ G, (16)

where G is the nodal generating capacity.For a substation, a constraint is necessary to ensure that outflow equals inflow. Such a constraint

implies that a substation doesn’t function as a generation or demand node. The general form forsuch a constraint is given by:

n∑

i=1

xi = 0. (17)

For each demand node, a constraint is needed so that the inflow minus the outflow is less thanor equal to the demand for that node. Such a constraint will also allow the demand node to act asa transhipper, if necessary. The general form for a demand node constraint is given by:

n∑

i=1

xi ≤ D (18)

where D is the nodal demand. Several possibilities exist for the construction of an objective functionto assess system performance under various disruptions. We’ll here utilize the method that uses afunction which maximizes the sum of the products of node consumptions and node priorities. Anode priority is a flexible quantity which can be adjusted according to the needs of the analysis.Priorities can be based on total demand requirements or requirements by sectors. Such an objectivefunction would appear as:

Z =n∑

i=1

CiPi (19)

where Ci is the consumption at the ith node and Pi is the priority index at the ith node. Thisobjective function is going to be used to provide power flow analysis for a sample of a power grid,shown in 12

Another potential objective function which may be utilized, employs the concept of artificialpower. In this case each demand node is supplied by an artificial power source and the objectivethen becomes the minimization of the artificial power, but this method is not going to be usedhere.

25


Figure 12: A sample of a power grid

5.2 Vulnerability analysis of the power grid

In the presented investigation, network attacks were simulated by preferential removal of lines.Different strategies of line ranking were used; however in all cases the adaptive approach was used,meaning that the ranking criteria indicators were re-calculated after each step line removal.

The strategies used may be divided in two major categories based on the types of line values,each of them further divided into two more separate sub-categories, based on ranking criteria, withpossible hybrid variations, as follows:

• Using nominal line capacities

– ranking by capacity

– ranking by modal weight

• Using actual line loads

– ranking by load

– ranking by modal weight

The first category is based on the physical properties of the lines in the analyzed networks. In eachstep a line with the highest ranking, according to the utilized sub-strategy, is removed, after whichthe redistribution of loads is re-calculated. The second category is based on the actual behavior ofthe network: the ranking indicators are calculated or used (depending on the sub-strategy), on thebase of the current situation in the system. In both cases, the fraction of the consumed power bythe demanding nodes in the network, compared to the consumption in the original, undisturbedpower grid, was used as an indicator of the attack success.

Analyses presented here were performed on a electrical power grid shown in Figure 12, foundin [38]. The results of the analyzes may be summarized in Figures 13 and 14.

One of the most significant results of the analysis is the indication that in real world networks,physical properties, resulting in specific distribution of the flow, may be of higher importance

26


Figure 13: Flow model based assessment of vulnerability of a power grid due to removal of linesaccording to their nominal capacities and adequate modal weights

Figure 14: Flow model based assessment of vulnerability of a power grid due to removal of linesaccording to their actual loads and adequate modal weights

27


concerning network vulnerability compared to topological properties. The analysis has shown thatremoval of lines with smaller nominal capacity could cause more severe damage to the networkcompared to a removal of a high capacity line. As it might be seen from the figures, the destructionof the grid happens much faster when using the “real values” approach. However, further and morethrall research is necessary to fully confirm this statement.

Other important conclusion of the analysis is the use of joint strategy in evaluation of networkvulnerability from both practical, as well as economical “time”/“efficiency” point of view. Toclarify this, we will have to explain first an additional difference in the approach when obtainingthe results in Figures 13 and 14 and using the line capacities/actual loads as ranking criteria. Inthe first case, when two or more lines had the same nominal capacity, next line to be removed waschosen randomly. In the second case, however, different scenarios were investigated, resulting in thehighest “damage”/“numbers of lines removed” ratio. Though obtaining optimal results, the extratime spent on the analysis in the second case may be considered as an additional cost resulting fromthe increased algorithm complexity. Since the preferential removal of lines ranked by modal weightdoes not give optimal results a joint strategy of using both line flow as a primary criteria and themodal weight as a decision making criteria in the case when having a multiple choices, may be used.The result, as may be seen from Figure 14 is that though not obtaining the optimal result, the useof joint strategy makes fair assessment of the network vulnerability, while the analysis algorithmcomplexity is not greatly increased.

Use of simplex method for flow analysis of the networks has proven to be a very powerful tool inthe assessment of network vulnerability to preferential attacks. Simplicity of the algorithm allowsa general use of the same, regardless of the type of the infrastructure analyzed. This opens a widearea for further research, especially in relating this approach to influence model expecting to resultin a more comprehensive theory of interdependencies within complex systems.

6 Influence model

Besides the investigation of the mentioned properties, within the frames of the WP6 - MANMADEproject the failure spreading in the network, by accounting the influence between the woundednode and the remaining was also analyzed. In brief, in the frame of the influence model a statusis assigned to each node and the evolution of the statuses, which is modeled by Markov chains, isfollowed, assuming that each node receives influence from the neighboring ones.

The influence model is simple (and mathematically tractable) model of random, dynamicalinteractions on networks. It consists of a network of nodes, each with a status that evolves overtime. The evolution of the status at a node is according to an internal Markov chain, but withtransition probabilities that depend not only on the current status of that node, but also on thestatuses of the neighboring nodes.

6.1 Binary influence model

Define the directed graph of a n× n matrix A, denoted by G(A), as the directed graph on nodes1 to n, where a directed edge from i to j, denoted by (i, j), exists if and only if aij 6= 0. The edgeweight is given by aij . Consider a graph with n nodes, referred to as cites; each cite has a statusvalue that varies over time as it is ‘influenced’ by the neighbors. Assume that we are given ann × n matrix D = [dij ] (dij ≥ 0), called network influence matrix. We further assume that D isa stochastic matrix, that is

∑j dij = 1 for each i. The graph G(DT ) will be called the network

influence graph. An edge (i, j) exists on this graph if the status of j can be influenced by the status

28


of i. The edge weight is given by dij . dij is interpreted as the amount of influence that j exerts on irelative to the total amount of influence that j receives. The total amount of influence received byany site is equal to the sum of incoming edge weights, which is 1, because D is stochastic matrix.

For the binary influence model, the status of the site i is represented by xi, xi ∈ {0, 1}. Thevalues 0 or 1 may represent any two different statuses such as ‘on’ vs. ‘off’, ‘healthy’ vs. ‘sick’,or ‘normal’ vs. ‘failed’. Let x = [x1 . . . xn]T . The binary influence model refers to the followingequation:

x(k + 1) = Bernoulli[Dx(k)],

Define p(k+1) = Dx(k); p(k+1) is the length-n vector whose i-th entry represents the probabilitythat xi(k + 1) = 1. Since D is stochastic matrix, it follows that pi(k) ≤ 1 for each k and i. Theoperation Bernoulli[p(k+1)] can be thought of as flipping n independent coins to realize the entriesof x(k + 1), where the probability of the i-th coin turning up heads (status 1) is pi(k + 1).

We now assume that G(DT ) is an ergodic (irreducible and aperiodic) graph. The followingtheorem is proven in [39]:

Theorem 1 The only recurrent states in a binary influence model in the case of an ergodic networkgraph are the all-ones and all-zeros consensus states.

If D is ergodic, thenlim

k→∞Dk = 1πT

where π is the left eigenvector corresponding to the eigenvalue 1, which has been normalized sothat πT1 = 1. We conclude that

limk→∞

E(s(k) | s(0)) = limk→∞

Dks(0) = 1πT s(0)

The last equation indicates that all sites have the same probability of πT s(0) of reaching thestatus 1. The probability of reaching the all-zeros consensus state is, therefore, 1 − πT s[0]. LetπT = [π1, . . . , πn]. Since D is ergodic pi > 0; moreover

∑πi = 1. Assuming that πi 6= πj for all

i, j, we write the sequence of numbers πi as 0 < πjn < . . . < πj2 < πj1 . Let sj1(0) = 1 and si(0) = 0for all i 6= j1. Then the probability of reaching the all-ones consensus state is πj1 . Since πj1 > πi,for all i, the site j1 is the most vulnerable site. We call j1, j2, . . . , jn the Vulnerability Rank of thegraph G. Assume that πj1 + . . . πjk

> 0.5; let sji(0) = . . . = sjk(0) = 1 and si(0) = 0 otherwise.

Then the probability of reaching the all-ones consensus state is πj1 + . . . πjk> 0.5.

Consider the following example, in which the matrix D is given by

D =

1/60 7/15 7/15 1/60 1/60 1/601/6 1/6 1/6 1/6 1/6 1/619/60 19/60 1/60 1/60 19/60 1/601/60 1/60 1/60 1/60 7/15 7/151/60 1/60 1/60 7/15 1/60 7/151/60 1/60 1/60 11/12 1/60 1/60

.

It is easy to compute the eigenvector π,

πT =[

.03721 .05396 .04151 .3751 .206 .2862].

Note that the cite 4 is the most vulnerable site and π4 + π6 > 0.5.

29


Figure 15: Vulnerability rank for binary influence model on a random ER graph

Figures 15–17 show the Vulnerability Rank for several networks with different topologies. Allfigures are generated as follows. Let G be a finite simple undirected connected graph with n nodes,so that its adjacency matrix A = (aij) is a symmetric (0,1)-matrix with zeros on its diagonal. Thereare several ways to correspond network influence graph to an arbitrary graph G. Here D = (dij)is a matrix such that dij = aij/di. Clearly, D is a stochastic matrix, and its graph Γ(DT ) is thenetwork influence graph for the the graph G. The most vulnerable site is in the scale free network:its vulnerability is 10 times larger than the maximum vulnerabilities of small world and Erdos–Renyi (ER) graphs. The distribution of vulnerabilities of a scale free network follows power-lowdistribution. For example, for a scale free graph with 2048 nodes and a minimum node degree 2, wefound that distribution of vulnerabilities fits well the power-law distribution with exponent 1.8943.The average values of vulnerabilities for both small world and ER graphs are almost identical.Figure 18 shows the percentage of the nodes that need to be failed so that in the final steady state(when k → ∞) the probability of the whole network (all sites) to be in the status 1 (‘failed’) isgreater or equal to 0.5. It is evident that the most vulnerable graph is the scale free graph.

6.2 Generalized binary influence model

We now discuss generalized binary influence model. It refers to the following equation:

x(k + 1) = Bernoulli[ADx(k) + (I −A)s],

where A = diag(a1, . . . , an), I is identity matrix, and s = [s1 . . . sn]T , such that 0 ≤ ai ≤ 1 andsi ∈ [0, 1]. Define p(k + 1) = ADx(k) + (I −A)s; p(k + 1) is the length-n vector whose i-th entryrepresents the probability that xi(k+1) = 1. Since D is stochastic matrix, it follows that pi(k) ≤ 1for each k and i.

The number dij measures the amount of influence that j exerts on i (relative to the total amountof influence that i receives). The parameter ai describes the ‘strength of influence’ of the cite i: ifai is close to 1, the status of the site i at the time k + 1, xi(k + 1), depends mostly on the totalamount of the influence,

∑j dij , that the cite i receives at time k and not on the parameter si.

On the opposite, when ai is close to 0, the influence of other sites to the status of the site i is

30


Figure 16: Vulnerability rank for binary influence model on a scale-free graph

Figure 17: Vulnerability rank for binary influence model on a small-world graph

31


Figure 18: Percentage of the nodes that need to be in the status off at time k = 0, so that whenk → ∞, the probability of all the cites to be in the status 1(off) is greater or equal to 0.5 for 150different realizations of the corresponding graph

Figure 19: Network influence graph with 200 cites

32


very small. In this case the status of the cite i is mostly influenced by the value of si (which isconstant), and therefore, the status of the cite i does not change in time rapidly. The parametersi plays role of the ‘confidence’ of the site i to the values 0 and 1: if | 1 − 2si | is close to 1, thestate i is ‘confident’ to the values 0 or 1, while when | 1− 2si | is close to 0, the site i is ‘uncertain’about the values 0 and 1. When 1− ai is close to 1 and the product (1− ai)si is close to 1, thenalmost certainly the next status of the cite i will be 1. Similarly, if 1 − ai is close to 1 and theproduct (1 − ai)si is close to 0, then almost certainly the next status of the cite i will be 0. Thesite i is called autonomous if its status is not influenced by other cites; the cite i is autonomouswhen dii = 1 or when ai = 0. The status of the cite i is constant (does not change in time) whendii = 1 and ai = 1, or when ai = 0.

Theorem 2 Let B = I −A and G = AD. Then

y(k) = Gky(0) +k−1∑

i=0

GiBs (20)

When k →∞ we have

limk→∞

y(k) =

(I −G)−1Bs for 0 < aj < 1D∞y(0) for aj = 1s for aj = 0G∞y(0) +

∑∞i=0 GiBs otherwise

(21)

where j = 1, . . . , N .

Therefore, for 0 < aj < 1, the sum of statuses in all cites in steady-state (when k →∞) is equalto 1T (I −G)−1Bs (where 1 = [1 . . . 1]T ) and does not depend on the initial condition y(0).

Figures 20,21,22 show numerical examples of generalized influence model implemented on small-world graphs having different parameters. We generate graphs staring from lattice graph C(1024, 1),and then by moving, with probability pr, one end of each link to a new location chosen uniformlyin the ring lattice, we create two graphs with probability p + r = 0, pr = 0.1 and pr = 0.8.For all figures, a67 = 0.1, a133 = 0.1, while all other elements of the diagonal matrix A are 1;b1 = . . . = b100 = 0, b101 = . . . b200 = 1. Therefore for the sites 63 and 133 the influence of othersites is very small (0.1) and the sites remain in the status 0 (site 67) and 1 (site 133), respectively.

6.3 Heterogeneous influence model

Let mi be the order of the local Markov chain at the cite i for 1 ≤ i ≤ n. Let si(k) and pi(k) bethe status vector and the next-status (probability mass function) PMF vector of the cite i at thetime k. Let s(k) and p(k) denote state and probability vectors (both are column vectors of length(m1 + m2 + . . . mn). For each pair i and j, the state transition matrix is an mi ×mj nonnegativematrix whose rows sum to 1. The more general form of influence matrix is defined as:

H = DT ⊗ {Aij} =

d11A11 . . . dn1A1n...

...d1nAn1 . . . dnnAnn

.

The evolution equations of the general influence model are defined as

pT (k + 1) = sT (k)H, (22)sT (k + 1) = MultiRealize(pT (k + 1)), (23)

33


Figure 20: Generalized influence model for a small-world graph with probability of rewiring p=0

Figure 21: Generalized influence model for a small-world graph with probability of rewiring p=0.1

34


Figure 22: Generalized influence model for a small-world graph with probability of rewiring p=0.8

where MultiRealize(·) performs a random realization for each row of pT (k + 1) according to PMFprovided by pi.

The influence matrix H is, in general, not stochastic. However, its dominant eigenvalue is one.Assuming for simplicity that all its eigenvalues are distinct, the state-state value of the evolutionof the status PMF approaches the left eigenvector π corresponding to eigenvalue 1, that is

E(sT (k)) = E(sT (0))Hk → π

as k → ∞, where the notation E(·) is used for expectation or expected value. In what follows wediscuss in more detail a simple heterogenous influence model.

We now present a numerical realization of the heterogeneous influence model by investigating thestatus evolution of two interdependent nodes. It is a condensed model, in which one node representsa power plant and the other one weight, thus it illustrates the applicability of the influence modelin describing interoperability of networks (Fig. 23). Let us denote the weight as node 1 and thepower plant as node 2, and define the following influence matrix

D =[

0.5 0.51 0

](24)

Obviously, the node 1 receives influence 0.5 from itself and from the node 2, while the node 2 istotaly influenced by the node 1. The node 1 can have only two statuses, “demand” and “normal”(not demand), and the node 2 three possible statuses “normal”, “alert” or “failed”.

Then the Markov chain of the first node and the Markov chains of the nodes 1-2 and 2-1 aregiven by:

A11 =

demand normaldemand 0.5 0.5normal 0.5 0.5

A12 =

normal alert faileddemand 0 0.5 0.5normal 0.5 0.5 0

35


Figure 23: Illustration of the interoperating nodes

A21 =

demand normalnormal 0.5 0.5alert 0.5 0.5failed 0 1

From A12 it is obvious that when the node 1 is in the state “demand”, than the node 2 canevolve to the status “alert” or “failed” with equal probability, but it can not get the status “normal”.When the node 1 has the status “normal”, the node 2 can be in the statuses “normal” or “alert”,while it can not be in the state “failed”. From A21, it follows hat when the node 2 is in the status“normal” or “alert”, then the node 1 can change the state to “demand” or “normal” with equalprobabilities. When the node 2 is in the state “failed”, the node one can evolve only to the status“demand”. The main conclusion that can be derived from this model is that the realization ofeither status doesn’t depend on the initial status, but in the stationary state the probabilities foreach of the nodes are given by:

pT1 = [demand normal] = [0.4444 0.5556]

pT2 = [normal alert failed] = [0.2778 0.5 0.2222]

6.4 From undirected graph to network influence graph

Let G be a finite simple undirected graph, so that its adjacency matrix A = (aij) is a symmetric(0,1)-matrix with zeros on its diagonal. Let di be the degree of the node i. There are several waysto correspond network influence graph to an arbitrary graph G. Let D = (dij) be a matrix suchthat dij = aij/di. Then D is a stochastic matrix, and its graph G(DT ) is the network influencegraph for the the graph G. Consider now binary influence model with influence matrix D definedas above. We would like to rank nodes of G according to their vulnerabilities.

36


An irreducible Markov chain is one in which every state is eventually reachable from every otherstate. Irreducibility is a desirable property because it is precisely the feature that guarantees thata Markov chain possesses a unique (and positive) stationary distribution vector πT . When G(DT )is an ergodic graph, then computation of Vulnerability Rank for the graph G is easy. However,when G(DT ) is reducible further adjustment is necessary in order ensure irreducibility. FollowingBrin and Page [40], we make every state directly reachable from every other state by adding aperturbation matrix to D so that:

D∗ = αD + (1− α)eeT

n

where eT = [1 . . . 1]. It is easy to show that if the respective spectra of D and D∗ are σ(D) ={1, µ2, . . . , µn} and σ(D∗) = {1, λ2, . . . , λn}, then

λk = αµk, k = 2, . . . , n.

It should be noted here that the matrix D∗ in the context of Web’s hyperlink structure is generallycalled “the Google matrix” and its stationary distribution πT is the real PageRank vector.

We now present example. Let

D =

0 1/2 1/2 0 0 01/6 1/6 1/6 1/6 1/6 1/61/3 1/3 0 0 1/3 00 0 0 0 1/2 1/20 0 0 1/2 0 1/20 0 0 1 0 0

.

This matrix is stochastic, but it is reducible, so it cannot have a unique positive stationary distri-bution. To force irreducibility. choose α = 0.9 and form

D∗ = αD + (1− α)eeT

n=

1/60 7/15 7/15 1/60 1/60 1/601/6 1/6 1/6 1/6 1/6 1/619/60 19/60 1/60 1/60 19/60 1/601/60 1/60 1/60 1/60 7/15 7/151/60 1/60 1/60 7/15 1/60 7/151/60 1/60 1/60 11/12 1/60 1/60

.

6.5 Interdependencies of critical infrastructures

In this section we present a mathematical model that might be applied for assessment of thecompound risk of failure of interdependent networks. The interdependencies between the failuresare taken as a base for this model. In fact a statistical analysis of failures was provided by Sivonen,in the frames of which the following groups of inter-operating items have been considered: technicalinfrastructure (energy supply, communications, information systems), basic services and supplies(food supply, transport logistics, mass media, health care, financial services) and threats (threatsto data system, illegal immigration, threats to food and health, threats to environment, economicthreats, crime and terrorism, disasters, international tension, war and warlike situations) [41].These items can be broken down to a more detailed level. It is important to understand thedifference between the threats and the rest of the items. The threats come from outside the systemand the model will first allocate the risks to threats, because all the items depend on them, but

37


Figure 24: Graph of the interdependent networks consisting of basic supplies, technical infrastruc-tures and threats (BS–Basic Supplies, TI–Technical Infrastructures, T–Threats)

they don’t depend on anything, Figure 24. For each of the items the frequency, duration and effectsof failures are studied, as well as the dependency of a failure of one item on the failures in otheritems. The interdependencies between different infrastructures and basic services and threats arepresented as a grid of colored squares. The color symbol BLACK means that a failure in the itemin the vertical column is one of the primary causes of a failure in the item in the horizontal row (e.g.relative value of 1). RED means a secondary cause (relative value of 0.1), YELLOW a rare cause(relative value 0.01) and GREEN a possible cause (relative value 0.001). (WHITE: no dependency.)If there are 200 items, there will be 40 000 possible positions in the interdependency grid.

The mean time between failures in each infrastructure or service and occurrence of a threat areclassified as BLACK (less than a year), RED (1-10 years), YELLOW (10-100 years), and GREEN(more than 100 years). The durations of different failures are classified as ≤ 0.5 day, ≤ 1 day,≤0.5 week, ≤ 1 week, > 1 week. The direct effect of a one-day-long failure in each infrastructure orservice is classified as BLACK (more than 1000 units), RED (100-1000 units), YELLOW (10-100units), GREEN (1-10 units). The unit can be freely chosen. It can be financial loss, loss of onehuman life, or an abstract disadvantage measurement unit.

The results of the calculation are, for each item:probability of at least one failure in a year (togive an indication of vulnerability), combined effect of failure of one day, combined risk for oneyear. The items are sorted by decreasing combined risk.

The compound risk connected to the infrastructures or services is the stochastically expectedvalue of the effect of failures. This is equal to the quantity effect×probability×duration addedover the different duration categories and times of occurrences of failure a year. A sample inter-dependency matrix represented according to the already explained color code is given in Figure25.

We further provided an analysis of the statuses of the components of the interdependent net-works based on the influence model. The compound risk quantified by the method explained aboveis considered as influence between the nodes, so it gives the elements of the influence matrix (Figure26).

38


Figure 25: Interdependency matrix

Figure 26: The influence model simulation outcome (the width of the lines is proportional to theprobability the corresponding nodes to be in the same status (ON or OFF), TI stands for technicalinfrastructure, BS - basic supplies, T - threats)

39


Figure 27: Vulnerability Rank for infrastructure network influence graph shown in Figure 26.

In calculating the Vulnerability Rank for the graph shown in Figure 26 we face the followingproblem: the graph is not irreducible. We first compute the following quantity

πi = (1/n)n∑

i=1

limk→∞

Dksi(0),

where si(0) = [si1(0) . . . sin(0)]T such that sii = 1, otherwise sij = 0. The Vulnerability Rank forthis graph is π = [π1 . . . πn]T . Next, we make every state directly reachable from every other state

by adding a perturbation matrix to D so that: D∗ = αD+(1−α)11T

n . Let π∗ be the left eigenvectorcorresponding to the eigenvalue 1 of the matrix D∗. Numerically we found that π∗ ≈ π for valuesof α close to 1. Figure 27 shows the Vulnerability Rank for infrastructure network influence graphshown in Fig. 26. The most vulnerable sites are the sites representing the following threats (outof 17 threats grouped in 4 groups: Causes for severe disturbances, Economic threats, Environmentand health treats, Political security threats) : 1. Weather phenomenon, 2. Threats to data systems,3. Crime and terrorism, 4. Strike, and 5. International logistics crisis. The threats 1 and 4 belongto the same group: ‘Causes for severe disturbances’, threats 2 i 5 to the group ‘Economic threats’and 3 to ‘Political security threats’.

6.6 Summary - methods to calculate interoperability matrices

In this report the results obtained by MASA MANMADE project team up to M18 were elaborated.The activities of our team were oriented towards one main goal, which was to carry out a consis-tent and wide theoretical analysis on networks vulnerability in order to summarize and generalizethe mathematical models for describing various interdependent infrastructures. First, a detailedoverview on the recent achievements in studying vulnerability of complex networks was made, andthen, some of the already developed models and tools, together with our original extensions andnovel approaches were applied to the generic graphs, as well as to some examples of manmade net-works. In the frames of our study of networks static robustness we analyzed the system responseto simulated attacks from the perspectives of its topological properties. A novel approach basedon modal analysis was applied to detect the most vulnerable nodes and lines.

40


The dynamical analyses were primarily based on the concepts of network flow models and theinfluence model. The latter took the central place in modeling interoperating networks in ourproject researches. Considering the fact that there’s no definition of interoperability matrix in theworldwide literature, we here introduce the influence matrix as one possible device to quantifythe interoperability of the networks. The interdependent entities of the observed networks areconsidered as nodes that can exert mutual influence, thus the question of calculating interoper-ability matrices can be redefined as calculating the entries of influence matrix. This is obviously avery complex problem, dependent on the properties of each particular system under consideration.From the results and discussions presented in this report, one can recognize two main methods ofcalculating the influence matrix elements.

The first method is based on the physical properties of the observed system and in fact theweights of the links are taken as a measure of the influence that the interconnected componentsexert one to another. For example, for power networks these weights are line voltages, powertransmitted through the line or modal weights, which were applied in complex networks within theMANMADE project. These physical quantities, normalized, are the entries of the influence matrix.

The second method is based on the statistical analyses of the failure interdependence betweenthe observed infrastructures (explained in details under subsection 6.5). In this case, the compoundrisk gives the elements of the influence matrix. The compound risk comprises the effects of a failure,quantified by introducing units of loss; probability of a failure, derived from statistics, and durationof a failure, also based on statistical analysis of failures.

Once the interoperability matrix is determined, the evolution of the statuses of the interoper-ating components is modeled by Markov chains (explained in details in 6), which enables to assessthe interdependence of the nodes, by analyzing the probabilities the interconnected nodes to getthe same status ( for example, if node A fails, the node B fails, too).

7 Conclusions

The report presents a comprehensive study of vulnerability of interconnected networks. Severaldefinitions of robustness and vulnerability of complex networks are presented and further appliedin investigating generic graphs, as well as manmade networks. The vulnerability of the considerednetworks was analyzed from static and dynamic aspect. In the frames of the research related tostatic robustness and vulnerability the attacks were simulated by preferential removal of nodesand edges based on different ranking criteria. It was confirmed that the scale-free networks aremore sensitive to attacks compared to other types of generic networks. In the frames of theseresearch the modal analysis was introduced as a new tool for ranking nodes and lines in additionto standard ranking criteria (node degree and betweenness centrality). Subsequently, it was shownthat in manmade networks attacks based on modal analysis cause fast disintegration.

The investigation of the dynamic vulnerability was based on the LP flow models and the influ-ence model. The interoperability of networks was treated by introducing the concept of influence,in the frames of which the status of each node is dependent on the statuses of the neighboringnodes. We have suggested a method for calculating the Vulnerability Rank for networks of Markovchains. The method is readily applicable for huge matrices and heterogenous Markov chains. Itcan be applied to any network, including most of the critical infrastructures, such as power grid,gas network, transportation etc.

41


References

[1] Strogatz, S. H. “Exploring complex networks”, Nature 410 (2001) 268–276.

[2] Albert, R., Barabasi, A.-L. “Statistical mechanics of complex networks”, Rev. Mod. Phys.74(2002) 47–97.

[3] Dorogovtsev, S. N., Mendes, J.F.F. “Evolution of networks”, Adv. Phys. 51 (2002) 1079–1187.

[4] Watts, D.J. “The dynamics of networks between order and randomness”, Princeton UniversityPress, Princeton, NJ, (1999).

[5] Wasserman, S., Faust, K. “Social networks analysis”, Cambridge University Press, Cambridge,(1994).

[6] Bollobas, B. Graph Theory: An Introductory Course, Springer–Verlag, New York, (1979).

[7] Bollobas, B. Random Graphs, Cambridge University Press, 2nd edition, Cambridge, (2001).

[8] McEntire, D. A. “Why vulnerability matters: exploring the merit of an inclu-sive disasterreduction concept”, Disaster Prevention and Management 14 (2005) 206–222.

[9] Merriam-Webster (2006) Merriam-Webster Online Dictionary: http://www.m-w.com/

[10] Einarsson, S. and Rausand, M. “An approach to vulnerability analysis of complex industrialsystems”. Risk Analysis 15 (1998) 535–546.

[11] Berdica, K. “An introduction to road vulnerability: what has been done, is done and shouldbe done”. Transport Policy 9 (2002) 117–127.

[12] Morakis, E., Stylianos, V. and Blyth, A. “Measuring vulnerabilities and their exploitationcycle”. Information Security Technical Report 8 (2003) 45–55.

[13] Agarwal, J., Blockley, D. and Woodman, N. “Vulnerability of structural systems”. StructuralSafety 25 (2003) 263–286.

[14] Barefoot, C. A., Entringer, R. and Swart, H. “Vulnerability in graphs – a comparative survey”.Journal of Combinatorial Mathematics and Combinatorial Computing 1 (1987) 13–22.

[15] Hansson, S. O. and Helgesson, G. “What is stability?”. Synthese 136 (2003) 219–235.

[16] Dekker, A. H. and Colbert, B. D. “Network robustness and graph topology”, Proceedings of27th Australasian Computer Science Conference (ACSC2004), Dunedin, New Zealand. CRPIT(2004) 359–368.

[17] Crucitti, P., Latora, V., Marchiori, M. and Rapisarda, A. “Efficiency of scale-free networks:Error and attack tolerance”, Physica A 320 (2003), 622–642.

[18] Holme, P., Kim, B. J., Yoon, C. N. and Han, S. K. “Attack vulnerability of complex networks”,Phys. Rev. E 65 (2002) 056109.

[19] Latora, V. and Marchiori, M. “Efficient behavior of small-world networks”, Phys. Rev. Lett.87(19) (2001) 1-198701-4.

42


[20] Latora, V. and Marchiori, M. “Economic small-world behavior in weighted networks”, Eur.Phys. J. B 32 (2003) 249–263.

[21] Van Mieghem, P. Performance analysis of communications networks and systems, CambridgeUniversity Press, (2006).

[22] Albert, R., Jeong,H. and Barabasi, A. L. “Error and attack tolerance of complex networks”,Nature 406 (2000) 378-382.

[23] Freeman, L.C. “A set of measures of centrality based on betweenness”, Sociometry 40 (1977)35–41.

[24] Newman, M. E. J. “Scientific collaboration networks: II. Shortest paths, weighted networks,and centrality”, Phys. Rev. E 64 (2001) 016132.

[25] Goh, K. I., Kahng,B., Kim, D. “Universal Behavior of Load Distribution in Scale-Free Net-works”, Phys. Rev. Lett. 87 (2001) 278701.

[26] Barthelemy, M. “Comment on Universal Behavior of Load Distribution in Scale-Free Net-works”, Phys. Rev. Lett. 91 (2003) 189803.

[27] Dobson, I., Carreras, B. A., Dobson, I., Lynch, V. E., Newman, D. E. “Complex SystemsAnalysis of Series of Blackouts: Cascading Failure, Criticality, and Self-organization”, BulkPower System Dynamics and Control - VI, Cortina dAmpezzo, Italy (2004).

[28] Biggs, N. Algebraic Graph Theory, Cambridge University Press, (1993).

[29] Kirchhoff, F. “Uber die Auflosung der Gleichungen, auf welche man bei der Untersuchung derlinearen Verteilung galvanischer Strome gefuhrt wird”, Ann. Phys. Chem. 72 (1847) 497-508.

[30] Chung, F.R.K. Spectral graph theory, American Mathematical Society, Providence, RI, (1997).

[31] Cvetkovic, D.M., Doob, M., Sachs, H. Spectra of graphs, theory and applications, JohannAmbrosius Barth Verlag, Heidelberg, (1995).

[32] Merris, R. “Laplacian matrices of graphs: a survey”, Linear Algebra and its Applications 197(1994) 143-176.

[33] Mohar, B., Alavi, Y., Chartrand, G., Oellermann, O.R. and Schwenk, A.J. “The Laplacianspectrum of graphs”, Graph Theory, Combinatorics and Applications 2 (1991) 871-898.

[34] Simon, H. A. “On a class of skew distribution functions”, Biometrika 42 (1955) 425–440.

[35] Gutierrez,E., Caperan, P., Morris, S., T.N. I.05.59, IPSC-JRC, European Commission, “ACase study in vulnerability analysis of high-voltage electricity transmission system from a sectorof the European grid”, (2005).

[36] Chopra, A.K. Dynamics of Structures – Theory and Application to Earthquake Engineering,Prentice-Hall International Series in Civil Engineering and Engineering Mechanics, Willliam JHall - Editor, (1995).

[37] Petreska, I., Tomovski, I., Gutierrez, E., Kocarev, Lj., Bono, F., Poljansek, K. “A modalanalysis based approach in studying robustness and vulnerability of complex networks“ submittedto NOLTA International Symposium (2008)

43


[38] Lambert B.K at al. “Vulnerability of regional and electric power systems: Nuclear weaponseffects and civil defence actions”, Report, Prepared for the Defence Civil Preparedness Agencyby the Defence Electric Power Administration, (1975).

[39] Asavathiratham, A. “Influence Model: A tractable Representation of Networked MarkovChains”, PhD thesis, Massachusetts Institute of Technology (2000).

[40] Sergey, B. and Lawrence, P. “The anatomy of a large-scale hypertextual Web search engine”,Proceedings of the 7th international conference on World Wide Web 7, 107 (1998).

[41] Sivonen, H. “Calculating Compound Risk of Failure Based on Interdependencies of CriticalInfrastructures”, EAPC / PfP Workshop on Critical Infrastructure Protection and Civil Emer-gency Planning, Zurich, (2004).

[42] Batagelj, V., Mrvar, A. “Pajek Program for Large Network Analysis“, http://vlado.fmf.uni-lj.si/pub/networks/pajek/

44

work package 6 – d6manmade.maths.qmul.ac.uk/output/d6.1.pdf · 2011. 4. 6. · work package 6 –...

Documents