Attack vulnerability of scale-free networks due to cascading breakdown

Liang Zhao,1,2 Kwangho Park,1 and Ying-Cheng Lai1,3

1Department of Mathematics and Statistics, Arizona State University, Tempe, Arizona 85287, USA2Institute of Mathematics and Computer Science, University of São Paulo, São Paulo, Brazil

3Departments of Electrical Engineering and Physics, Arizona State University, Tempe, Arizona 85287, USA(Received 28 April 2004; published 3 September 2004)

The possibility that a complex network can be brought down by attack on asingle or a very few nodesthrough the process of cascading failures is of significant concern. Here we investigate a recent model forcascading failures in complex networks and uncover a phase-transition phenomenon in terms of the keyparameter characterizing the node capacity. For parameter value below the phase-transition point, cascadingfailures can cause the network to disintegrate almost entirely. We obtain a theoretical estimate for the phase-transition point and provide numerical support.

DOI: 10.1103/PhysRevE.70.035101 PACS number(s): 89.75.Hc, 89.20.Hh, 05.10.2a

Complex networks arise in natural systems and they arealso an essential part of modern society. Many real complexnetworks were found to be heterogeneous with power-lawdegree distribution[1–3]: Pskd,k−g, wherek is the numberof links of a randomly chosen node in the network andg isthe scaling exponent. This power-law, or algebraic, distribu-tion means that the probability for a subset of nodes to pos-sess a large number of links is not exponentially small, incontrast to random networks. Mathematically, the power-lawdistribution means that statistical moments of the degreevariable are generally not defined, hence the name of scale-free networks. Because of the ubiquity of scale-free networksin natural and manmade systems, the security of these net-works, i.e., how failures or attacks affect the integrity andoperation of the networks, has been of great interest since thediscovery of the scale-free property. The work by Albertetal. [4] demonstrated that scale-free networks possess therobust-yet-fragile property, in the sense that they are robustagainst random failures of nodes but fragile to intentionalattacks. However, the term fragility here means that a scale-free network can become disintegrated under attacks on asmall but still appreciable set of nodes that include a substan-tial fraction of links in the network[5]. An attack on a singleor a very few nodes will, in general, not bring down thenetwork. This interesting result was actually obtained basedpurely on the scale-free architecture of the network. In otherwords, dynamics in the network, i.e., how information orload is distributed in the network, was not taken into ac-count.

An intuitive reasoning based on the load distributionwould suggest that, for a scale-free network, the possibilityof breakdown triggered by attack on or failure of even only asingle node cannot be ignored. Imagine such a network thattransports some physical quantities, or load. Nodes withlarge numbers of links receive a relatively heavier load. Eachnode, however, has a finite capacity to process or transportload. In order for a node to function properly, its load mustbe less than the capacity at all times; otherwise the nodefails. If a node fails, its load will be directed to other nodes,causing a redistribution of load in the network. If the failingnode deals with a small amount of load, there will be little

effect on the network because the amount of load that needsto be redistributed is small. This is typically the situation ofrandom failure of nodes. However, if the failing node carriesa large amount of load, the consequence could be seriousbecause this amount of load needs to be redistributed and itis possible that for some nodes, the new load exceeds theircapacities. These nodes will then fail, causing further redis-tributions of load, and so on. As a consequence, a large frac-tion of the network can be shutdown.

Cascading failures can occur in many physical systems. Ina power transmission grid, for instance, each node(a genera-tor) deals with a load of power. Removal of nodes, in gen-eral, can cause redistribution of loads over all the network,which can trigger a cascade of overloading failures. The re-cent massive power blackout caused by a series of seeminglyunrelated events on August 14, 2003 in the northeasternUnited States and Canada seemed to have the characteristicsof cascading breakdown. Another example is the internet,where the load represents data packets and a node(router) isrequested to transmit and overloading corresponds to conges-tion [6]. The rerouting of data packets from a congestedrouter to another may spread the congestion to a large frac-tion of the network. Internet collapses caused by congestionhave been reported[7]. With the possibility of cascadingfailures, a realistic concern is attacks on complex networks.In particular, for a scale-free network, the majority of thenodes deal with a small amount of load, so the probabilityfor a node with a large amount of load to fail randomly issmall. This, of course, will not be the case of intentionalattacks that usually target one or a few of the most heavilylinked nodes.

There have been a few recent studies on cascading fail-ures in complex networks[8,9]. In Ref. [8], a simple mecha-nism was proposed to incorporate the dynamics of load inboth random and scale-free networks. The model generatesresults that are completely consistent with the above intuitionon cascading failures. For instance, it was demonstrated thatrandom networks are robust against cascading breakdown,but it can be easily triggered by intentional attacks in scale-free networks. The existing results are, however, largely de-scriptive and qualitative. The purpose of this work is to ad-dress theoretically and numerically the fundamental

PHYSICAL REVIEW E 70, 035101(R) (2004)

RAPID COMMUNICATIONS

1539-3755/2004/70(3)/035101(4)/$22.50 ©2004 The American Physical Society70 035101-1

mechanism of cascading breakdown. To make analysis ame-nable, we focus on scale-free networks, use the load model inRef. [8] that captures the essential features of cascading fail-ures, and investigate cascades triggered by attack on a singlenode. Our finding is that cascading breakdown in scale-freenetworks can be understood in terms of a phase transition. Inparticular, leta be the tolerance parameter characterizing thecapacity of nodes in the network. Cascading breakdown dueto attack on a single node is possible only whena is below acritical valueac. By making use of the degree distribution ofscale-free networks and the concept of betweenness[10] tocharacterize the load distribution, we are able to derive atheoretical formula for estimating the phase-transition pointac, which is verified by numerical experiments. In terms ofpractical utility, our result enables a possible implementationof predicting and preventing mechanism for cascading break-down in scale-free networks.

The load dynamics in scale-free networks can be mod-eled, as follows. For a given network, suppose that at eachtime step one unit of the relevant quantity, which can beinformation, energy, etc., is exchanged between every pair ofnodes and transported along the shortest path. To character-ize the load distribution, the concept of betweenness is useful[10]. The load(or betweenness) at a nodei is defined as thetotal number of shortest paths passing through this node. Thecapacity of a node is the maximum load that the node canhandle. In manmade networks, the capacity is severely lim-ited by cost. Thus, it is natural to assume that the capacityCiof nodei is proportional to its initial loadLi [8],

Ci = s1 + adLi , s1d

where the constantaù0 is the tolerance parameter. When allnodes are on, the network operates in a free-flow state inso-far asaù0. But, the removal of nodes in general changesthe distribution of shortest paths. The load at a particularnode can then change. If it increases and becomes larger thanthe capacity, the node fails. Any failure leads to a new dis-tribution of load and, as a result, subsequent failures canoccur. The failures can stop without affecting too much ofthe connectivity of the network but it can also propagate andshutdown a considerable fraction of the whole network. Cas-cading failures can be conveniently quantified by the relativesize of the largest connected component

G =N8

N, s2d

where N and N8 are the numbers of nodes in the largestcomponent before and after the cascade, respectively. Theintegrity of the network is maintained ifG<1, while break-down occurs ifG<0.

To obtain an analytic estimate of the critical value of thetolerance parameter, we focus on the situation where cascad-ing failures are caused by attack on the node with the largestnumber of links and the failures lead to immediate break-down of the network. That is,G becomes close to zero afterone redistribution of the load. For a node in the network, itsload is a function of the degree variablek. For scale-freenetworks, we have[11,12],

Lskd , kh, s3d

whereh.0 is a scaling exponent. To proceed, we write thedegree distribution asPskd=ak−g and the load distribution asLskd=bkh, wherea andb are positive constants. Letkmax bethe largest degree in the network. Before the attack, we have

E1

kmax

Pskddk= N and

E1

kmax

PskdLskddk= S, s4d

whereS is the total load of the network. These two equationsgive

a =s1 − gdNfkmax

1−g − 1gand

b =bS

as1 − kmaxd−b , s5d

whereb;g−h−1. After the removal of the highest degreenode(it is only the first step of the whole cascading process),the degree and load distributions becomeP8skd=a8k−g8 and

L8skd=b8kh8, respectively. Since only a small fraction ofnodes are removed from the network, we expect the changesin the algebraic scaling exponents of these distributions to benegligible. We thus writeP8skd<a8k−g and L8skd<b8kh,where the proportional constantsa8 andb8 can be calculatedin the same way as fora and b. We obtaina8=s1−gdsN−1d / fkmax8

1−g −1g and b8=bS8 /a8s1−kmax8d−b, whereS8 is the

total load of the network after the attack. For nodes withklinks, the difference in load before and after the attack can bewritten asDLskd<sb8−bdkh=fsb8 /bd−1gLskd. Given the ca-pacity Cskd, the maximum load increase that the nodes canhandle is Cskd−Lskd=aLskd. The nodes still function ifa. fsb8 /bd−1g but they fail if a, fsb8 /bd−1g. The criticalvalueac of the tolerance parameter is then

ac =b8

b− 1

< Skmax81−g − 1

kmax1−g − 1

DS 1 − kmax−b

1 − kmax8−bDSS8

SD − 1

< S 1 − kmax−b

1 − kmax8−bDSS8

SD − 1

< h1 − skmax−b − kmax8

−bdjSS8

SD − 1

= H1 − kmax8−bF− 1 +S kmax

kmax8D−bGJSS8

SD − 1, s6d

where the third line of Eq.(6) is obtained from the secondline by using the factskmax8

1−g−1d / skmax1−g−1d<1. This is

so because bothkmax81−g and kmax8

1−g approach zero when

ZHAO, PARK, AND LAI PHYSICAL REVIEW E 70, 035101(R) (2004)

RAPID COMMUNICATIONS

035101-2

N→` and g.1. In the limit N→`, we havekmax8−b ,0,

kmax/kmax8,constant, andS8 /S→1, so ac<0, indicatingthat an infinite scale-free network cannot be brought downby a single attack ifa.0. On the other hand, for a finite-sizenetwork, sincekmax8

−b.0, we haveac.0, suggesting that

breakdown can occur fora,ac. The practical usage of Eq.(6) is that it provides a way to monitor the state of(finite)network to assess the risk of cascading breakdown. In par-ticular, the critical valueac can be computed in time andcomparison with the predesigned tolerance parameter valuea can be made. Ifac shows a tendency of increase andapproachesa, an early warning can be issued to signal animmediate danger of network breakdown.

We now provide numerical support for the theoretical pre-diction Eq.(6). We generate scale-free networks by using thestandard Barabási-Albert model[1], as detailed in Ref.[13].The shortest paths and the loadLskd are computed by usingthe algorithm developed by Newman[10]. Figure 1(a) showsthe algebraic scaling of the load for a scale-free network. Thescaling exponent of the degree distributionPskd is g<3 (notshown) and the average number of links in the network iskkl=4. The open circles in Fig. 1 indicate the values of theload for the original network. ApparentlyLskd follows theexpected algebraic distribution, with exponenth<1.6. Fig-ures 1(b) and 1(c) show the exponentsh in relation to systemsize before and after the highest degree node is removed,respectively. In both cases, we obtainedh=h8=1.6s2d. Com-puter simulations show that the load distribution and cascad-ing behavior observed above hold for variouskkl. To simu-late an intentional attack, we remove the node with themaximum number of links(kmax=81 for the realization of thenetwork shown in the figure). The distribution of the load isrecalculated after the network stabilizes itself. That is, afterthe attack the load on the removed node is redistributed tothe network and new load to every node is recalculated. Anynode with load exceeding its capacity is removed and load isrecalculated, and so on, until the process reaches a new equi-librium. The new values of the load are denoted by the as-

terisks in Fig. 1. We see that the distribution still follows apower law with approximately the same scaling exponent.This justifies the approximationh8<h used in our theory.

As N is increased, we expectkmax to increase following analgebraic scaling law[13]. This behavior is shown in Fig.2(a). After the attack and redistribution of load, we find thatthe ratio kmax/kmax8, where kmax8 is the new value of themaximum number of links, is constant, regardless of the net-work size. We also numerically observed that the load ratioS8 /S (before and after the attack) is approximately one forlargeN, as shown in Fig. 2(b).

Figure 3(a) shows cascading failures when a single nodewith a different degree is removed from the network. We seethat, when a node with a small degree is removed, theGvalue remains close to one except whena is close to zero.However, when the node with the largest degree(in this casek=81) is removed, nearly total breakdown of the network, asrepresented by values ofG close to zero, occurs whena,0.1. The phase-transition pointac is thus about 0.1. Withnumerical values ofkmax=81, kmax8=60, S<1.863107, andS8<1.913107, theoretically predicted value ofac in Eq. (6)

FIG. 1. (a) Algebraic scaling of the loadLskd for a scale-freenetwork ofN=10 000 nodes,g=3, andkkl=4. The open circles andthe asterisks denote the load values before and after an intentionalattack that removes the node with the maximum number of links.We haveh<h8<1.6. (b), (c) algebraic scaling exponents of theload in relation to network size, before and after the nodes with thelargest degree are removed, respectively. For each network sizeN,the resulting data were averaged over more than 20 realizations.

FIG. 2. (a) Algebraic scaling ofkmax with N. For each networksizeN, 5000 realizations are averaged.(b) Load ratioS8 /S vs 1/N.For each network sizeN, more than 20 realizations were averaged.

FIG. 3. Cascading failure in a scale-free network in relation tothe tolerance parametera. (a) Removal of the nodes with differentnumber of links forN=2000. In the case of the removal of the nodewith the highest degree, the phase-transition point isac<0.1,meaning that fora,ac, the networks disintegrate almost entirelyunder intentional attack on a single node.(b) Phase transitions fornetworks of different sizes. The resulting data points were averagedover 30 realizations.

ATTACK VULNERABILITY OF SCALE-FREE NETWORKS… PHYSICAL REVIEW E 70, 035101(R) (2004)

RAPID COMMUNICATIONS

035101-3

givesac<0.1, which is consistent with numerics. This phasetransition phenomenon seems to be robust for different sizesof network, as shown in Fig. 3(b), G vs a for N=1000,N=2000, andN=5000, respectively.

What about attacks that target more than one node? In thiscase, we expect that the phase transition will occur for highervalues of the tolerance parameter, because it becomes moredifficult for the network to maintain its integrity at lowertolerance, as compared with the case of attack on a singlenode. Figure 4 showsG versus botha andNtrigger, the num-ber of nodes that an attack targets. Here the removed nodesare those with the highest numbers of links. We see that, asNtrigger is increased, the phase-transition pointac also in-creases. Roughly we haveac,Ntrigger. Note that the numberof targeted nodes, while more than one, is still far smallercompared with the total number of nodes in the network.Practically, this means that, even if the network is designedto have a high tolerance by stipulating high capacities for itsnodes, cascading failures triggered by attack on a very smallsubset of nodes are capable of bringing down the entire net-work.

In summary, we investigated cascading failures triggeredby attacks on a single or a few nodes in scale-free networksin a more quantitative manner and focused on the fundamen-tal and practically important question of whether such fail-ures can lead to the disintegration of the network. Our find-ing is a phase-transition-like phenomenon in terms of thenetwork tolerance parameter characterizing the node capac-ity, where the two distinct phases correspond to the situations

where the network under attack remains largely integrated ordisintegrated as a result of cascading failures. We obtained atheoretical estimate for the phase-transition point and pro-vided a numerical check. These results should be useful infurthering studies in the important area of network security.

This work was supported by NSF under Grant No. ITR-0312131 and by AFOSR under Grant No. F49620-01-1-0317.

[1] A.-L. Barabási and R. Albert, Science286, 509 (1999).[2] R. Albert and A.-L. Barabási, Rev. Mod. Phys.74, 47 (2002).[3] M. E. J. Newman, SIAM Rev.45, 167 (2003).[4] R. Albert, H. Jeong, and A.-L. Barabási, Nature(London) 406,

378 (2002).[5] R. Cohen, K. Erez, D. b-Avraham, and S. Havlin, Phys. Rev.

Lett. 85, 4626(2000); ibid. 86, 3682(2001).[6] A. Arenas, A. Días-Guilera, and R. Guimerà, Phys. Rev. Lett.

86, 3196(2001).[7] V. Jacobson, Comput. Commun. Rev.18, 314 (1988).[8] A. E. Motter and Y.-C. Lai, Phys. Rev. E66, 065102(R)

(2002).[9] P. Holme and B. J. Kim, Phys. Rev. E65, 066109(2002); P.

Holme, ibid. 66, 036119(2002).[10] M. E. J. Newman, Phys. Rev. E64, 016132(2001); Proc. Natl.

Acad. Sci. U.S.A.98, 404 (2001).[11] K.-I. Goh, B. Kahng, and D. Kim, Phys. Rev. Lett.87, 278701

(2001); M. Barthélemy,ibid. 91, 189803(2003); K.-I. Goh,C.-M. Ghim, B. Kahng, and D. Kim,ibid. 91, 189804(2003).

[12] K. Park, Y.-C. Lai, and N. Ye(to be published).[13] A.-L. Barabási, R. Albert, and H. Jeong, Physica A272A, 173

(1999).

FIG. 4. (Color online) For a scale-free network ofN=2000nodes under attack targeting multiple nodes,G vs a andNtrigger, thenumber of targeted nodes. For each parameter value,G is averagedover 30 realizations.

ZHAO, PARK, AND LAI PHYSICAL REVIEW E 70, 035101(R) (2004)

RAPID COMMUNICATIONS

035101-4