Operations Manual for Program Network Analysis v4.0

Ted G. Lewis

Table of Contents

DESKTOPNETANALYSIS, NETWORK ANALYSIS .......................................................................... 2NETWORK ANALYSIS MENUS & BUTTONS.................................................................................... 3

Figure 1. Menus and Buttons of Network Analysis............................................................................. 3FILE MENU.......................................................................................................................................... 4EXAMPLES MENU.............................................................................................................................. 5CONSEQUENCE MENU...................................................................................................................... 6

Figure 2. Node and Link Default Values. Also Shown: Program Default Values................................ 7LAYOUT MENU .................................................................................................................................. 8

Figure 3. Histogram Graph Associated With Hub Layout................................................................ 10Figure 5. Damage Value vs. Node and Link..................................................................................... 11Figure 6. Around %Allocation of Availability Points Display. ......................................................... 12Figure 7. Around $Allocation of Budget Dollars Display. ............................................................... 13Figure 8. Grid Layout. .................................................................................................................... 13Figure 9. JPEG Map as Backdrop to a Network. ............................................................................. 14Figure 10. A comparison of linear, power, and exponential models. ................................................ 15

INPUTS AND OUTPUTS ...................................................................................................................... 16DATA ENTRY........................................................................................................................................ 16

Figure 12. Typical Input Dialog. ..................................................................................................... 17Figure 13. Centers Network Layout................................................................................................. 19

PROGRESS THERMOMETER.................................................................................................................... 19Figure 14. Allocation of Dollars or Availability Points.................................................................... 20

RESOURCE ALLOCATION: POINTS AND BUDGET .................................................................................... 20ATTACK CHART................................................................................................................................. 21

ALLOCATION ALGORITHMS........................................................................................................... 21HUB ANALYSIS ALGORITHM ................................................................................................................. 21FLOW ANALYSIS ALGORITHM............................................................................................................... 22

Figure 15. Control Buttons.............................................................................................................. 23

CONTROLLING NETWORK ANALYSIS.......................................................................................... 23ANALYSIS BUTTONS: HUB AND FLOW................................................................................................... 23ATTACK BUTTON ................................................................................................................................. 24

Figure 16. Network Editing Buttons. ............................................................................................... 25

EDITING A NETWORK....................................................................................................................... 25ATTACKING THE NETWORK........................................................................................................... 26

FAILURE MODES................................................................................................................................... 26ATTACK CHART.................................................................................................................................... 26

Figure 17. A Network Under Attack................................................................................................. 27

DesktopNetAnalysis, Network Analysis

Program DesktopNetAnalysis.jar is the desktop version of Network Analysis. Programnetworkanalysis.html is the browser version. These programs are identical except for:

networkanalysis.html cannot save or open files from your local computer. It also requiresa browser.

DesktopNetAnalysis.jar is a stand-alone desktop application that runs on Macs and PCs,and does not need a browser. However, like all PC applications, DesktopNetAnalysis.jarmust be properly installed on your computer before it is launched. It requires the latestJava Virtual Machine. Installation requires an administrative password under WindowsXP.

These two variants of the same program will be collectively called “Network Analysis”.Updates are available approximately every 6 months and are downloadable from theInternet.

Network Analysis is copyleft open source software, which means it is free. However, allchanges must be returned to the author for re-distribution as open source. The Java sourcecode of Network Analysis is available from the author. It may be used for research andeducational purposes, but it cannot be sold.

Network Analysis Menus & Buttons

Figure 1 below shows the display window of Network Analysis immediately after it islaunched and the GO button has been pressed, activating the program. The top panelcontains FILE, EXAMPLES, CONSEQUENCE, LAYOUT, and network editing buttons:ERASE NODE, ADD NODE, ADD LINK, ERASE LINK, and EDIT. These are used tocontrol the program and provide built-in examples of real-life examples.

The bottom panel contains one data input field: DEFAULT BUDGET (with a data entryfield) for entering the budget to allocate, and four control buttons, left-to-right: HUBANALYSIS, FLOW ANALYSIS, ATTACK, and GO/RESET. The display area inbetween contains messages, the network to be analyzed, and various charts and graphs.You must press the GO button to start the program.

Generally, you will run Network Analysis like any other program by pressing GO to startthe program, and then observing the messages that appear in the upper left-hand corner ofthe display window. This message area provides error messages as well as ‘modal’information to guide you through multi-step processes.

Network Analysis performs both hub allocation and flow allocation. Hub analysis isdocumented in the textbook, but flow analysis is not. Flow analysis attempts to allocate$Budget points of availability to maximize flow in a directed-link network where there isat least one SOURCE node and one SINK node. Network Analysis will display an errormessage if your network lacks at least one SOURCE and one SINK node.

In addition, version 4 of Network Analysis includes the CONSEQUENCE menu, whichallows you to select from a list of 7 alternative consequences: CASUALTIES, REPAIR-TIME, PSYCHOLOGICAL, CAPITAL, ECONOMIC, OTHER, and TOTAL damages.This is the major difference between version 4.0 and earlier versions. You can minimizenetwork risk or maximize flow of any of these 7 damage categories by setting yourobjective using the CONSEQUENCE menu.

Figure 1. Menus and Buttons of Network Analysis.

FILE MENU

FILE MENU contains the ABOUT, OPEN, SAVE, SAVE AS, IMPORT, and QUITmenu items. When running Network Analysis from within a browser, the OPEN, SAVE,SAVE AS, and IMPORT items are disabled, because Java does not allow you to accesslocal disk drives via the Web.

ABOUT presents the user with information about the program: the Creators, Copyleftinformation, etc. This program is open source, which means you may use it withoutcharge, but if you modify it, you must share your modifications with the author, who inturn will share it with others. This program cannot be sold, and if part or all of it arecopied, the modifications must be returned to the creator.

OPEN allows you to read a previously saved network file from your local disk.

SAVE allows you to store the current network to your local disk. If previously saved byusing the SAVE, or SAVE AS… item, you will not be prompted for the name of the file asecond time. Rather, the current network will be saved over the current file – erasing itand replacing it with the current network.

Networks, and all of the associated data values, are saved as a single “serialized” file. Atthis time, it is not possible to export the data for import to a spreadsheet program orgraphics file.

SAVE AS allows you to name the current network and place it in a directory of yourchoosing. SAVE AS can be used to save multiple versions of the current network underdifferent names. This may be useful, for example, if you want to save a series ofnetworks, each with different input values.

IMPORT JPEG map allows you to import a JPEG graphic as a background under thenetwork in the display area of the screen. This is useful for laying out a new graph usinga map or diagram as backdrop. For example, a map of a power grid, transportation

system, or telecommunications network might be imported. Then you can use theimported map or diagram to overlay the nodes and links corresponding to the map.

Be sure your map is in the JPEG format, because this function only works on JPEGimages.

Note: The imported image will be scaled to fit the display window. Resizing this windowwill stretch or shrink it, which can distort the image. You may remove the image byselecting the LAYOUT > CLEAR JPEG MAP item.

QUIT will cause the program to stop and exit.

EXAMPLES MENU

The EXAMPLES menu contains a list of built-in example networks that illustrate thevalue of Network Analysis. This list may vary depending on the version of the programyou have. Selection of one of these built-in examples will cause the program to stopdoing whatever it was doing, and start over, with the new network installed and displayedin the display screen area.

Most of the examples contain pre-set values of CapitalLoss, CapitalCost, andEconomicLoss, EconomicCost, which are used to perform an allocation. They can bechanged by setting up the DEFAULT NODE/DEFAULT LINK values (under theCONSEQUENCE menu) before loading the example network. See CONSEQUENCEMenu, below.

The examples can be saved to your local disk (DesktopNetAnalysis.jar, only) andmodified to create similar networks. For example, you might use one of the water

network examples as a template to create your own water network, and aftermodification, save it under your own file name.

CONSEQUENCE MENU

The CONSEQUENCE menu is new – it did not exist in previous versions. It contains twotypes of items: CONSEQUENCES and DEFAULTS. There are sevenCONSEQUENCES: CASUALTIES, REPAIR-TIME, PSYCHOLOGICAL FEAR,CAPITAL LOSS, ECONOMIC LOSS, OTHER LOSS, and TOTAL LOSS.

CASUALTIES: This is usually measured in number of humans injured or killed by theincident. Associated with this will be the CASUALTY COST input estimate, thatattempts to quantify the cost to remove this consequence through preventative measures(security).

REPAIR-TIME: This is usually measured in days, weeks, months, or years. It is anestimate of the time to repair the node or link, assuming that it is successfully attacked.This number is also used by the ATTACK button to simulate a cascade failure. REPAIR-TIME will be equal to the time a link or node is inoperable.

PSYCHOLOGICAL FEAR: This is typically measured in terms of loss of business, lossof productivity, etc. resulting from an attack. It is measured in dollars.

CAPITAL LOSS: This is measured in dollars, and is an estimate of the replacement costof re-building an asset. For example, if the asset is a bridge, this number is the value ofthe bridge.

ECONOMIC LOSS: This is measured in dollars, and is the estimate of productivity orbusiness losses incurred due to an attack. For example, the Twin Towers that weredestroyed by the 9/11 terrorist attacks were estimated to have a CAPITAL value of $30billion, but the economic costs to the airline and travel industry was perhaps ten to twentytimes this amount.

OTHER LOSS: This is any other type of loss that you want it to be. It is typicallymeasured in terms of dollars, but it could also be non-financial. For example, it could beunits of equipment (squad cars, busses, computers, etc.) or a less tangible value such as“pride”, “image”, or “status”.

TOTAL LOSS: This is typically measured in terms of dollars. It is the sum total of the 4financial losses: PSYCHOLOGICAL FEAR + CAPITAL LOSS + ECONOMIC LOSS +OTHER LOSS.

DEFAULTS: Default values may be set prior to data entry to reduce the labor of enteringnumbers into the program. There are two types of data: NODE DEFAULTS, and LINKDEFAULTS. Examples of these default value settings are shown in Figure 2. Thesevalues are used when adding nodes and links to a network.

Figure 2. Node and Link Default Values. Also Shown: Program DefaultValues.

The default value dialogs shown in Figure 2 are almost identical – they only differ bypurpose: one is for setting up default values for nodes, and the other is for setting defaultson links. These values are used when you create a new node or link (or edit an existingone). They are also used by the EXAMPLE networks.

At the top of each dialog are three radio buttons: SLOW, MEDIUM, and FAST. Theseare used to set the program’s speed. SLOW and MEDUIM are useful for studying howthe program works. It reduces processing speed so you can observe the details of programoperation.

The two columns of labeled data entry fields shown in the middle of these dialogs arewhere you enter default values for each of the consequence types: CASUALTIES,REPAIR-TIME, PSYCHOLOGICAL FEAR, CAPITAL LOSS, ECONOMIC LOSS,OTHER LOSS, and TOTAL LOSS. In addition, the right-column is where you enter theestimated cost to prevent the loss identified in the left-column. Thus, CAPITAL LOSS

can be eliminated by an amount given in the ELIMINATION COST field. For eachdamage estimate, there is a corresponding ELIMINATION COST.

At the bottom of both default dialogs is a budget and tally. The BUDGET TOALLOCATE field is where you enter the amount of money you have to invest, and theTOTAL COST field shows the sum of all costs entered. You cannot modify this field.

BUDGET TO ALLOCATE in these dialogs is identical to the DEFAULT BUDGET fieldat the bottom of the display screen. If you change it within the default dialogs, it willautomatically change in the display screen, and the reverse. They are the same number.

The program will use one of these consequences to compute an allocation. You can selectwhich one is used, from the LAYOUT menu. The default LAYOUT selection is TOTALCOST.

LAYOUT MENU

The LAYOUT menu is actually several menus in one: the top sub-menu contains twoitems – FIND NODE and SET THRESHOLD. The second pair of items are used toREMEMBER THIS LAYOUT and RECALL SAVED LAYOUT. These are ratherobvious – they are used to save and then recall a network layout that you may havearranged by dragging nodes around on the display screen.

The next sub-menu contains a list of network layout options – used to display a variety ofproperties of an analyzed network. These will be described in more detail, below.

The next sub-menu contains CLEAR JPEG MAP, which removes the background mapinserted by selecting FILE > IMPORT JPEG MAP.

The REVERSE LINKS item works only on directed networks (when performing flowanalysis). Obviously, it reverses the direction of ALL links in the network. If you want toreverse a single link, select it, and then press the EDIT button. There will be a FLIPDIRECTION radio in the link dialog.

Finally, the bottom section of this menu contains a SPEED sub-menu. The program canbe run SLOW, MEDIUM, or FAST. You may want to adjust the speed in order to watchhow network analysis works. This menus is identical to the default speed radioscontained in the DEFAULTS dialog described above. [They are more convenient.].

The LAYOUT menu items are designed to assist you in understanding network analysisby arranging the network according to various layout options. In addition, they providedifferent information for different purposes. For example, one layout displays dollarallocation, while the other displays availability point allocations.

Here are the menu items, in order, from top-to-bottom of this menu:

FIND NODE… is used to find and highlight a node, see the input dialog, above. This isuseful when the network is large and there are many nodes – possibly overlapping oneanother. The found node is shaded gray, so you can visually identify it.

You can search on node number or node name – the search retrieves all matching nodesand paints them gray. In the case of search-by-name, all node names are shaded thatmatch the string entered as a prefix. Thus, if you enter ‘N’, all nodes beginning with thisletter are shaded. If you enter ‘Nat’, all nodes beginning with ‘Nat’ are shaded.

The radio buttons on the second row of the dialog are used to select which way you wantto search for nodes – by name or number. Select either one of these prior to pressing theOK button.

SET THRESHOLD…produces the dialog shown above. Use this to filter the networkdisplay – only nodes and links with an allocation of p% or more points are displayed.Here, p is shown as 50%. In general, the number you enter here is used as a thresholdvalue. Network Analysis will display only nodes and links with at least thisAVAILABILITY threshold value. All others will be suppressed – but they are still there!

REMEMBER THIS LAYOUT merely remembers the current network layout. This isuseful if you have re-arranged the network by dragging nodes around the screen, and youwant Network Analysis to recall this arrangement, later. This works as long as theprogram is running, but does not work if you return to the program later after quitting.

Networks that have been saved to disk also save their location on the screen. Thesecoordinates are used to display a network that loads from disk. Therefore, it is a goodidea to save your network the way you want to see it on the screen, and thenREMEMBER this location before you do any analysis. Analysis and LAYOUT willchange the coordinates, but you can override this by RECALLING a REMEMBERedlayout.

RECALL SAVED LAYOUT simply recalls the layout that you saved by selectingREMEMBER THIS LAYOUT. Use this to reposition your network after any LAYOUToperation that changes the network’s layout.

Figure 3. Histogram Graph Associated With Hub Layout.

AROUND HUB(S) arranges the current network around its hubs and displays ahistogram as shown in Figure 3. The histogram plots the percentage of nodes with g linksversus g. In addition, Network Analysis does its best to fit a Poisson Distribution (blueline) and a Power Law Distribution( red line) to the histogram. The parameters for eachof these curve-fits are given at the top of the screen.

In addition, the program inserts a Log-Log plot corresponding to the histogram.Researchers prefer to use the Log-Log plot and fit it to a straight line, to obtain theexponent of the Power Law that best fits the histogram. The Log-Log plot is includedhere to satisfy these researchers!

Recall that a network hub is any node that has the most connections, i.e. the node with thehighest degree. Therefore, LAYOUT tries to place the hub in the center of the screen, andradiate the other nodes outward, like spokes in a wheel. The higher each node’s degree,the closer it is to the center. The lower the degree, the further away from the center.

Figure 4. Centers Graph Shows Percentage of Nodes With Radius r.

AROUND CENTER(S) arranges the current network around the network center. A nodeis a center if it is connected to the network in such as way that the number of hops fromthe center to any other node is the minimum number of hops between any node and anyother node. In other words, a center is a node that is closest to all other nodes in thenetwork. More formally, center nodes are the minimum of the maximum distance fromall other nodes, over all nodes. Of course, an arbitrary network may have more than onecenter.

The center node(s) are shown as red rectangles, and the outer-most nodes are shown asred diamonds. This layout inscribes the radial distance (r) inside each node and along sideof each link. The letter ‘r’ means ‘radius’.

The corresponding graph shown in Figure 4 shows the percentage of nodes with radius r,versus each node.

Figure 5. Damage Value vs. Node and Link.

AROUND DAMAGE(S)/CAPACITY(S) arranges the current network around thedamage values of each node. Damage is defined by the CONSEQUENCES menu. If youselected REDUCE CAPITAL $LOSS, then damage equals CAPITAL LOSS. If youselected REDUCE CASUALTIES, then damage equals CASUALTIES, etc. Be sure youset the CONSEQUENCE menu, before you draw conclusions from your analysis.

The nodes with the highest values of damage are positioned toward the center of thedisplay and the nodes with the lowest values are positioned away from the center. Thislayout makes it easy to pick out the highest valued nodes.

In addition, the graphical display shown in Figure 5 enumerates the damage value of eachnode and link so you can compare them. Node values are painted gray and link values arepainted blue.

The chosen damage value is interpreted as the maximum capacity value for each nodeand link when you are doing flow analysis. Thus, if you selected REDUCE CAPITAL$LOSS, then the flow capacity equals CAPITAL LOSS. If you selected REDUCECASUALTIES, then flow capacity equals CASUALTIES, etc. Network Analysismultiplies the availability of each node/link by this capacity value to determine flow.Therefore, flow will range from zero to the capacity for each node/link. The objective offlow analysis is to arrange the availability numbers (zero to 100%) such that flow ismaximized.

Figure 6. Around %Allocation of Availability Points Display.

AROUND %ALLOCATIONS arranges the network around the allocation of points tonodes and links. The nodes with the highest allocation are moved toward the center of thedisplay and the nodes with the lowest allocation are moved away. When this layout isselected, you can watch as points are allocated to the nodes and links. The display ofFigure 6 will continually update itself to display the allocation, but the network layoutwill not. You have to repeatedly select the layout item in LAYOUT, to update thenetwork layout.

Figure 7. Around $Allocation of Budget Dollars Display.

AROUND $ALLOCATIONS arranges the network around the allocation of dollars(budget) to nodes and links. The nodes with the highest allocation are positioned in thecenter of the display and the nodes with the lowest allocation are moved away from thecenter. When this layout is selected, you can watch as points are allocated to the nodesand links. The display of Figure 7 will continually update itself to display the dollarallocation, but the network layout will not. You have to repeatedly select the layout itemin LAYOUT, to update the network layout.

Figure 8. Grid Layout.

CHECKERBOARD GRID arranges the network in rows and columns like the squares ofa checkerboard. This layout is useful because it often makes it easier to view the structureof the network. See Figure 8.

This option has no corresponding graph of allocations. It is simply a convenience.However, you can perform hub and flow analysis while in this layout mode.

Figure 9. JPEG Map as Backdrop to a Network.

CLEAR JPEG MAP does exactly what it says. If you have used FILE > IMPORT JPEGMAP to import a map or diagram in the JPEG format, it will appear as background toyour network, Figure 9. Use this feature to draw and edit (arrange) your network. But,once you are done, the map may become distracting. If so, remove it with this command.

REVERSE LINKS is used to reverse all link directions at once. Availability flows in onedirection – from input (SOURCE) nodes to output (SINK) nodes. By selectingREVERSE LINKS all SINK nodes become SOURCE nodes, and SOURCE nodesbecome SINK nodes. This may be useful for analyzing transportation networks, forexample, to identify the difference in allocations when traffic flow is reversed.

SLOW, MEDIUM, FAST. These speed controls are identical to the ones found in theDEFAULT dialogs. They are used to reduce the speed of the program for the purpose ofobserving how it works.

You will want to run the program in FAST mode most of the time, but SLOW andMEDIUM are useful when you want to watch as an ANALYSIS or ATTACK takesplace. Nodes and links are painted in different colors during these operations to help youvisualize the program’s operation.

Model Menu

A MODEL is defined as an approximation of reality: in this software, it isthe relationship between money spent and vulnerability reduction. Thisrelationship is approximated by one of three idealistic equations: linear,power law, or exponential. Linear assumes vulnerability is reduced linearlyas funding is increased, up to the ELIMINATION COST input parameter.Power Law assumes vulnerability declines as an inverse power law functionof funding. Exponential assumes vulnerability declines exponentially asfunding increases. See Figure 10.

In all cases, vulnerability is reduced when availability is increased, becauseavailability = (1 – vulnerability). Also, 0 ≤ vulnerability ≤ 1.0, and fundingis bounded by: 0 ≤ x ≤ ELIMINATION COST.

LINEAR: Selection of this item invokes the relation:Availability(x) = x/ELIMINATION COST;

POWER LAW: Selection of this item invokes the relation:Availability(x) = 1-1/xp; p > 1.0

EXPONENTIAL LAW: Selection of this item invokes the relation:Availability(x) = exp(-A)-exp(-Ax); A is some constant.

Figure 10. A comparison of linear, power, and exponential models.

Models of Availability vs. Funding

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

0 10 20 30 40 50 60 70 80 90 100

Funding, $x

Avail

ab

ilit

y,

a%

Linear

Power

Exponential

Figure 11. Network Histogram Display: Bridges of Koenigsburg.

Inputs and Outputs

Figure 11 uses the Bridges of Koenigsburg network to illustrate network layout andhistogram display of a typical network. We will use this example to provide additionaldetails of Network Analysis. Nodes and links have consequences associated with themthat represent how much time, effort, money, equipment, people, etc. should be allocatedto each node and link. These are the values that must be entered into Network Analysisbefore an allocation can be performed.

Data Entry

The DEFAULT BUDGET input field shown at the bottom of the display screen, plusvarious input dialogs are all you need to enter data and run Network Analysis. The maininputs to Network Analysis are:

$Budget = the amount of money to be allocated. This is converted into a total number ofpoints to allocate during ANALYSIS by the following formula:

Points = fraction * 100 * (#Nodes + #Links))

Where $Budget = input by userTotal $Cost = sum of elimination costs over all nodes and link.fraction = $Budget/Total $Cost

$Damage, where $Damage can be any one of the consequences provided by the inputdialog shown below in Figure 12 and in Figure 2. Thus, for each node/link, you mustenter:

CASUALTIES CASUALTY ELIMINATION COSTREPAIR-TIME REPAIR-TIME ELIMINATION COSTPSYCHOLOGICAL FEAR PSYCH FEAR ELIMINATION COSTCAPITAL LOSS CAPITAL LOSS ELIMINATION COSTECONOMIC LOSS ECONOMIC LOSS ELIMINATION COSTOTHER LOSS OTHER LOSS ELIMINATION COSTTOTAL LOSS TOTAL COST

Note: REPAIR-TIME is the number of simulated time units it takes to repair a brokenlink or node. This varies for each node/link, and so it is input by the user for eachnode/link that is created or edited.

Figure 12. Typical Input Dialog.

The heavy black borders – top and bottom – indicate that this is a node input dialog. Linkinput dialogs have heavy blue borders, see Figure 12.

NODE NAME: At the top of this dialog is a field for entering the name of the node. Thisis optional. All nodes and links are numbered, so you can identify them by number orname.

The Consequences & Costs fields are shown next. Consequences are damages.Elimination costs correspond with consequences, and are the estimated cost to entirelyremove the threat that would lead to the damages on the left. Network Analysis 4.0assumes a linear relationship between Elimination Cost and security. Spending twice as

much money to eliminate a threat leads to twice as much security. Of course, this isnonsense, but an approximation we have to live with in this version.

From Figure 13, you can see that the data we enter via a node or link dialog is partiallyrevealed in the network display. But you will have to select different LAYOUTs to seeeverything. In addition, the nodes and links of Figure 13 are inscribed with outputs – theanswers we seek. For example, in Figure 13, nodes contain the number of links attachingthem to the rest of the network, and links are simply numbered and named (optional).

After ANALYSIS, nodes and links are assigned dollars and availability points based onthe amount of damage and elimination cost entered by the user, and the topology of thenetwork. In hub analysis, allocation is based on the damage value and degree of eachnode, and the damage value of each link. In flow analysis, the allocation is based onfinding the path from source to sink that can carry the “most damage”. That is, flowanalysis attempts to maximize the flow, which means maximizing the value of thenetwork as measured by the potential loss of capacity.

Charts appear in the left-most, lower portion of the display window. When the AROUNDHUB(S) layout is selected, the chart area contains a node frequency histogram as shownin Figure 13. This chart can be used to classify the network’s structure.

SCALE-FREE structure is revealed when the histogram obeys a power law. A “best-fit”power law is computed and overlaid on the histogram (red lines and numbers). If theexponent of this power law lies between two and three, the network is scale-free.

In addition, a Log-Log plot is shown inserted into the histogram. According the theory,the Log-Log plot should follow a straight line, if the histogram follows a Power Law. Theprogram attempts to fit a straight (red) line to the Log-Log plot.

Network structure is revealed when the histogram obeys a power law, but has some“missing frequencies”, as Figure 13 shows. The missing frequencies occur because thenetwork has clusters of nodes, which means it does not strictly obey the continuouslydeclining power law.

RANDOM structure is revealed when the histogram obeys a Poisson Distribution – onethat is shaped like a lop-sided mountain. Network Analysis attempts to fit a PoissonDistribution curve to the data provided by the histogram. A (blue) Poisson curve issuperimposed on the histogram, and the values of this distribution are displayed abovethe plot. You can decide for yourself if the network is RANDOM or not by observingthese curve fits.

Most networks are a combination of random, scale-free, or small world structures. Theimportant thing is that you can exploit even the slightest structure in a network to protectit.

Figure 13. Centers Network Layout.

Figure 13 illustrates what is displayed when layout is AROUND CENTER(S). Thepercentage of nodes with radius r is plotted and the network is arranged around the nodesthat are nearest to all other nodes. R is the maximum distance from the node to all othernodes. Of all nodes, the center nodes have the smallest value or r.

The concept of a ‘center’ is useful when contemplating the spread of cascade failures in anetwork, because centers can be reached in r steps from any other node. That is, thenodes with r=2 can be reached in two hops; the nodes with r=3 can be reached in threehops, etc. Obviously, a node with r=100 is more difficult to reach than a node with r=2,because it takes 100 hops to traverse the path between them.

The r-value of each node is inscribed in nodes and the network is arranged around thesmallest r-valued nodes. Links have no r-value, and so they simply display their numberand (optional) name. If a link has no name, its number is displayed twice.

Progress Thermometer

Figure 11 also illustrates the progress thermometer that accompanies each layout, exceptHUB and CHECKERBOARD GRID. The purpose of the progress thermometer is to tellthe user how close the allocation is to perfection.

The objective of hub analysis is to minimize risk, so the thermometer declines to the leastrisk value possible during hub analysis. The objective of flow analysis is the opposite – tomaximize flow. Therefore, the thermometer rises to its highest possible value during flowanalysis.

The thermometer shows maximum/minimum values – as the case may be – and thecurrent value of allocation. In addition, it shows the current value as a percentage ofmaximum/minimum value.

In Network Analysis 4.0 and 5.0, hub analysis is calculated directly. The allocation doesnot vary unless there are several solutions (allocations of budget) that yield the sameminimum value. In the case of flow analysis, Earlier versions of Network Analysis usedan iterative organizing principle to home in on the optimal solution. Thus, thethermometer – and corresponding allocation – varied as the organizing principle wasrepeated. In versions 4.0 and above, a maximum flow will be found immediately, andsubsequent solutions found, if they are also optimal.

Figure 14. Allocation of Dollars or Availability Points.

Resource Allocation: Points and Budget

Figure 14 illustrates the output from Network Analysis when resource allocation isperformed – either hub or flow analysis. When hub analysis is completed, the output is interms of availability points (%), or dollars ($). If you select a Layout around $Allocation,the inscribed number represents dollars. If you selected Layout around %Allocation, theinscribed number is a percentage (availability).

The letter ‘a’ is used in the network to indicate ‘allocation’. Therefore, an inscription of‘$210a’ means $210 has been allocated. An inscription of ‘21%a’ means that 21availability points have been allocated to the node or link.

ATTACK Chart

When the ATTACK button is pressed, a 50-unit time window appears along the bottomof the network display screen. This chart contains the percentage of operational nodesversus time. The percentage of operational nodes is equal to 100% - FAILED%, whereFAILED% is the percentage of nodes rendered inoperable by the attack. This number willvary over time, as each link and node is repaired, Repair time is set by the user in theREPAIR-TIME field. Obviously, the longer it takes to repair a node or link, the lower theaverage percentage of operable nodes. Use this chart to study the effect of repair time onaverage reliability of the network.

Allocation Algorithms

Network Analysis allocates $Budget availability points through a careful initial allocationscheme followed by repeated application of an organizing principle.

Hub Analysis algorithm

In the case of linear Hub analysis, the budget is first allocated by rank ordering nodes andlinks according to the following:

Assign each node a value equal to its degree times its damage value = g * damageAssign each link a value equal to its damage value = damage

Rank order the list of nodes and links according to their assigned values. Allocate 100%points to the highest ranked node/link in the list, until less than 100% point remain.Allocate the remaining points to the next node/link in order.

This algorithm has been shown to be optimal, but it has a deficiency. It does notrecognize equivalent allocations that yield the same minimum risk. There may be severalsolutions to the allocation problem, especially when the network contains nodes/linkswith equal rank. Hence, the following organizing principle is applied to look for other(equivalent) allocations.

Select a donor and recipient randomly, and exchange a small amount of budget. If theexchange diminishes risk, the exchange is kept, otherwise it is canceled. Let the ‘smallamount’ of budget be defined as follows:Exchange Value = 1.0 if the budget is greater than 10, and it has no decimal part.

= 0.1 if the budget has one decimal, e.g. 100.5 or is less than 10.= 0.01 if the budget has 2 decimals, e.g. 100.05, or is less than 1.

Budget dollars are converted into availability points by a simple linear rule: availability isproportional to the allocation of budget:

Points = 100 *Elimination Cost/$Allocation, where Elimination Cost is an input for eachnode/link, and $Allocation is what we are solving for.

The power law and exponential allocation algorithms apply different algorithms. Thesewere discussed under “Model Menu”, above.

Flow Analysis Algorithm

In the case of Flow analysis, $Budget is initially allocated to the highest-capacity(damage) paths from source to sink nodes. Then, donor and recipient nodes/links arerandomly selected and a small amount of budget is exchanged. If the exchange increasesthe sum of flows over all sink nodes, the exchange is kept, otherwise it is canceled.

The appropriate organizing principle is repeated forever, or until you press theANALYSIS-OFF button and stop it.

Initializing the maximum network flow heuristic is non-trivial because dollars must beinitially distributed along the largest-capacity paths – in rank order. This is done byinitially setting the availability of all nodes/links to 100%, and then computing the flowfrom sources to sinks. The flow value at each sink is used to sort the sinks intodescending order. The highest flow paths are funded first, in descending order.

Budget dollars are initially allocated to nodes and links that connect the highest-rankingsink nodes to source nodes. The next-highest sink – and all of the links and nodes along apath from sources to sink - are allocated from the remaining budget, and so on until thebudget is used up.

We use the same conversion formula to obtain availability points from dollars as before:

Points = 100 *Elimination Cost/$Allocation, where Elimination Cost is an input for eachnode/link, and $Allocation is what we are solving for.

The maximum flow heuristic begins its self-organizing re-allocations from a flow valueclose to the maximum. In some cases, no further allocation is needed. In general, budgetdollars are shifted from links and nodes such that the initial allocation is improved. That

is, the initial flow is increased. After many iterations, flow cannot be increased further, sothe optimum has been reached.

Generally, “network flow” is defined as the flow obtained by multiplying the availabilityof each node or link by its current flow value. Source nodes initiate the flow by assigningthe damage value of each source node as the initial flow value. At each node, incomingflows are summed, taking care not to exceed the capacity of node or incoming links. Inthis way, the ‘expected flow’ at each node/link propagates through the network fromSOURCE to SINK.

The flow reaching a SINK is the product of all availabilities times damages accumulatedalong a path from SOURCE(S) to SINK. Flows are not allowed to exceed the capacity ofany node/link. Therefore, if a node flow is 100 units and an outgoing link connecting it toanother node has capacity of 50 units, only 50 units are propagated.

This simple model assumes an even simpler rule when flows leave a node. Each outgoinglink is supplied with the node’s flow value. That is, a node with a flow of 200 units,forwards 200 units along all outgoing links. Therefore, if a node has 10 outgoing links, 10* 200 = 2000 units of flow are propagated to the successor nodes. This violates reality.

Figure 15. Control Buttons.

Controlling Network Analysis

Network Analysis has only four control buttons: HUB ANALYSIS, FLOW ANALYSIS,ATTACK, and GO/RESET, see Figure 15. These buttons are used to start/stop theprogram, allocate the budget, and simulate a cascade failure within the network. They aremodal, which means only one can be active at a time. Pressing any one of them, stops anyother and resets the mode to the current button.

GO starts the program and RESET stops the program. You must press GO beforeanything else. RESET erases the current network and starts a new one. Be careful to saveyour network before you press RESET, because all network data will be lost.

Analysis Buttons: Hub and Flow

HUB ANALYSIS-ON applies the hub algorithm to distribute budget to links and nodes.It computes the minimum risk possible given the network and damage values assigned toeach node and link.

When FLOW ANALYSIS_ON is pressed, Network Analysis computes the maximumflow possible given the network and damage values assigned each node and link.

In each algorithm, the damage values assigned to each node/link are obtained from thesettings in the CONSEQUENCE menu. If the objective is to analyze CASUALTYdamages, select Reduce Casualties, from CONSEQUENCE. If it is to analyzeECONOMIC LOSS, select Reduce Economic Loss from the CONSEQUENCE menu.

Attack Button

ATTACK-ON starts the cascade failure process. If the user has selected a node or link,Network Analysis simulates the failure of this node or link and illustrates how a singlefailure propagates to remaining links and nodes. Failure is propagated through links toother nodes and links as follows:

For each node or link:Probability of failure propagation = (100 – Availability)/1000 < Random Number <= 1.0

If (Random Number <= Probability of propagation) then the failure propagates to thenode or link. Otherwise, it does not.

Suppose the Availability value of node/link is 50. This means the node/link will fail withprobability of (100 – 50)/100 = 50%. Then, 50% of the time the failure propagates and50% of the time it does not.

Similarly, suppose the Availability value of a node/link is 100. Probability of failurepropagation is (100-100)/100 = 0%. The failure cannot propagate.

Finally, if Availability = 0, failure always propagates, because Random Number is neverzero.

Node/Link failure is simulated the same way for both Hub and Flow analysis. When anode/link fails, it remains inoperable for REPAIR-TIME time units. REPAIR-TIMEs canbe different for each node/link. During this time, an inoperable node/link can “infect” anadjacent node/link: if a node is inoperable, it infects a connecting link with probability(100 – Availability_of_Link)/100. If a link is inoperable, it infects nodes at either endwith probability (100-Availability_of_Node)/100, at each end. Hence, failure propagateshand-over-fist through the network by infecting nodes, links, nodes, links…. Etc.

Infected nodes/links repair themselves after REPAIR-TIME units of simulated time.They are then eligible to be infected again. Thus, ATTACK-ON simulates an SIS(Susceptible-Infected-Susceptible) epidemic.

Figure 16. Network Editing Buttons.

Editing a Network

Five buttons in the top panel of the display window provide all the actions necessary tomodify an existing current network or build a new network from scratch. See Figure 16.These buttons all work the same way: first select a node or link by clicking on it, thenselect one of these buttons.

ERASE NODE removes a selected node from the network. First, select the node to beremoved. Then click on ERASE NODE. The node and all of its links will be removed.

ADD NODE inserts a new node and new link into the network. First, select a node toconnect to the new node, Then click on the ADD NODE button. Two date entry dialogswill appear: the Node Dialog, followed by the Link Dialog, see Figure 14.

The selected node is shaded, and the node dialog appears followed by the link dialog.Enter the node/link name and the Consequence/Cost values of both node and new link. Ifyou press the CANCEL button, the insertion will be aborted.

The link dialog is slightly different than the node dialog. For links, the FLIP LINKDIRECTION radio may be clicked if you want to reverse the direction of the link.Otherwise, the link will point away from the selected node to the new node.

When the input values are entered and the OK button pressed, the new node and new linkwill be added to the network.

Use ADD LINK to add a new link between two existing nodes. This is a 3-step process:1). select a node, 2). press ADD LINK, and then 3). select another node. After all threesteps have been properly done, you will be able to fill out the link dialog. If any one ofthese steps fails, you will see an error message in the upper left-hand corner of the screen.

Once again, the link will point from the first node to the second node unless you selectthe radio button: FLIP LINK DIRECTION. The direction of a link is shown only whenflow analysis is in process. Otherwise, a link’s direction is not shown.

ADD LINK is the most complex editing operation in Network Analysis, because it takesthree steps to complete. If you do it wrong, the message field will tell you! The key is toremember this: select two nodes – the ‘from node’ followed by the ‘to node’. When bothhave been selected, the data entry dialog appears. Otherwise, an error message willappear. When the dialog is dismissed (OK Button), the link will appear between the twonodes you selected.

Network Analysis permits a maximum of one link between any two nodes. Attempts toadd more than one link will result in an error message. Therefore, two nodes cannot belinked in both directions at once.

ERASE LINK is the simplest operation: First select the link to be removed, then pressERASE LINK. The link will disappear.

Use EDIT to change the values and name assigned to a node or link. Select a node or linkand then press EDIT to obtain the input dialog. Enter your changes, and press OK.

Attacking the Network

This section has additional details about the ATTACK-ON button. The purpose ofsimulated attack is to gauge the effectiveness of node/link hardening when faced by acascade failure. This raises the possibility of failure modes.

A failure in a node or link is propagated through the network as described earlier. As itprogresses from node to link and link to node, the failed node/link is colored ORANGEto indicate that it is disabled or damaged. [Orange may appear Gold on some monitors].The damaged node/link will remain damaged for REPAIR-TIME units. After thenode/link is repaired, it is once again colored black (node) or blue (link). Figure 17 showsa cascade failure in process.

Failure Modes

Figure 17 illustrates a failure mode of a network. A failure mode occurs when only aportion of the network fails. This portion consists of all nodes and links coloredORANGE. A network may have many failure modes. That is, one random failure of anode or link may propagate to a subset of the network, and another random failure inanother node or link may propagate to another subset of the network. Each subsetrepresents one failure mode.

Failure modes are established when hardened nodes or links set up a barrier topropagation. For example, a node with Availability of 100% means it will never fail.Hence, it cannot propagate a failure to other links or nodes. Hardening links and nodes ishow we achieve heightened reliability.

Attack Chart

The ATTACK Chart shown at the bottom of the display window summarizes how thenetwork responds to a failure. This chart shows the percentage of operational nodes andlinks versus simulated time. If this plot is 100%, then all nodes and links are operatingproperly. If it is zero, then none of the links and nodes are operating.

The message in the upper left corner of the display is an average value computed byaveraging the last 50 values of the plot. Therefore, if “Avg.#Working = 10%” appears inthe message area, the network is 10% operational. That is, 10% of its nodes and links areoperational.

Some failures cascade forever, and others do not. If the network fully recovers from asingle failure, the number of operating nodes and links will return to 100% after a finiteamount of time.

This analysis can be used to identify failure modes, persistent or temporary failures, andthe average value of “up time” or percentage of time you can expect the network tooperate under random failures.

From the textbook you know that random networks are prone to collapse by cascadefailures more so than scale-free networks, but only when the hubs are hardened. A hub-hardened scale-free network will exhibit multiple failure modes. A hub-hardened randomnetwork (an oxymoron) will typically collapse, because there are more likely to be pathsaround the hardened hub. Thus, a random network is more likely to have one failuremode – complete collapse!

Network ATTACK is a mere simulation: it lacks many of the details of real networkfailure such as the cascade failure of a power grid or telecommunications network. Buteven this simple simulation is valuable for gaining insight into network theory.

Figure 17. A Network Under Attack.