Security Resource Scheduling Algorithm for Intelligent UAV Communication Network Based on Optimized Subgraph Isomorphism and Link Partition

Abstract

The resource scheduling problem of UAV communication networks has always been a hot research issue in the current environment. However, most of the current research focuses on meeting the user’s time cost requirements and rarely considers the user’s security requirements in the scheduling process. To solve the problems of low efficiency, more resource fragments, low network reliability, and unbalanced load, this paper improves the virtual network mapping model into a three-layer structure consisting of a security service request layer, virtual network provider layer, and security resource layer, so that it can be applied to the special scenario of security resource scheduling in an unmanned aerial communication network. An intelligent UAV communication network security resource scheduling algorithm based on optimized subgraph isomorphism and link segmentation is proposed. Intelligent UAVs can predict all possible access nodes and intelligently provide network services. The algorithm first improves and enriches the node constraint conditions and evaluation indicators, integrates the node resource attributes and topology attributes, optimizes the sorting process, then calculates the mapping domain in advance, considers the regional comprehensive resource capacity to balance the load, and finally combines the subgraph isomorphism and link segmentation technology to carry out a one-stage mapping scheduling to achieve the security service request in the network and the efficient allocation of network resources required to provide security services. The simulation results of the OMNeT++ show that the proposed algorithm improves the mapping success rate and the long-term average cost-benefit ratio of the UAVs.

1. Overview

With the progress of science and technology and the continuous reduction of manufacturing costs, UAVs have gradually entered industrial production and people’s daily life in the military field. Nowadays, UAVs have been widely used in various fields and play an important role in network communication, expanding the coverage of business and service agility [1,2]. For a long time, how to schedule the tasks submitted by users more reasonably and meet the quality of service of users is the key to the resource scheduling problem of the UAV communication network. In most studies of traditional network virtual resource scheduling, scheduling systems mainly provide users with computing resources, memory resources, bandwidth resources, and other common forms of resources. However, while UAVs bring various conveniences to production and life, their safety problems are gradually exposed. With the increasingly prominent security and rigidity issues [3], ensuring the safe execution of network request tasks has become the same concern of mobile users at present. While meeting the basic quality of service, adding security factors to the resource scheduling process of the UAV communication network has gradually become a new trend of research. Network virtualization creates conditions for solving the problem of network rigidity and scheduling the security resources of the UAV communication network [4]. How to efficiently and reasonably map the built virtual network to the existing infrastructure resources, that is, the Virtual Network Mapping Problem (VNMP) is the top priority of network virtualization and the first problem to be solved [5]. VNMP refers to the process of mapping a virtual network with virtual node and virtual link constraints into the infrastructure physical network. The virtual node is mapped to the physical node in the physical network, and the virtual link is mapped to the physical link in the physical network and meets the resource requirements of the virtual node and virtual link in the virtual network. The quality of mapping directly determines the scheduling efficiency of the UAV communication network [6].

The resource scheduling of the UAV communication networks has been widely concerned by academia. Shi Xuelin et al. [7] proposed a utility-maximizing scheduling model based on cloud computing and virtualization, which has a better user experience but needs to improve computing efficiency in complex environments. Wang Haibo et al. [8] proposed an ant colony optimization-simulated annealing scheduling algorithm to solve complex problems covering multiple constraints. Pi Benjie et al. [9] extended the scheduling scenario to the satellite system in combination with the previous research to improve the convergence speed.

In academia and industry, the resource scheduling problem of the UAV communication network can be called the virtual network mapping problem (VNMP) [10]. Yu et al. [11] selected physical nodes with the largest CPU resources for mapping each time, resulting in a high link load and low mapping success rate and scheduling efficiency. Zhu et al. [12] proposed the concept of pressure and evaluated load balancing through pressure ratio to avoid the bottleneck problems of links or nodes to a certain extent and improve the stability of resource scheduling. However, the topological attributes of nodes were not considered and the resource utilization rate was not very high. CHEN et al. [13] innovatively proposed an energy consumption optimization model, which could reduce energy consumption in the resource scheduling process, but did not consider other performance indicators. Zhu Guohui et al. [14] introduced the topological attributes of nodes in combination with the optimization of energy consumption and proposed a topology awareness algorithm (TR-VNE), which not only improved the resource utilization rate but also reduced the energy consumption. However, only the degree and proximity of nodes were considered, and the improvement effect was not obvious. Shi Chaowei et al. [15] proposed a multi-index ranking algorithm (TCEWA-VNE) to improve the evaluation method of the nodes. Node mapping is based on resource degree, centrality, proximity, proximity clustering, and considers both resource characteristics and topological characteristics, which significantly improves the success rate and resource utilization rate.

In addition, some studies have introduced graph theory techniques. Zhang et al. [16], aiming at mostly existing research, only consider the execution cost of the request and ignore the data transmission cost, which has received special attention in the era of big data. They introduced a directed acyclic graph in the mapping process, which greatly improved the performance. Lischka J. et al. [17] innovatively proposed a mapping algorithm (vnmFlib) based on subgraph isomorphism. Once the constraint is not met, it directly goes back to the last successfully mapped node pair for further mapping, which improves efficiency. Liu Caixia et al. [18] improved on the scheme proposed by Lischka J. et al. and proposed a VF2-H algorithm, which enriched node evaluation indexes but caused excessive resource fragments. It can be seen that the graph theory can improve mapping efficiency, but it still needs to be perfected.

To sum up, although a large number of studies have been proposed to deal with the virtual resource allocation of UAV communication networks, they have two main problems. The first problem is that in the existing research on mapping scheduling algorithms of UAV communication networks, the research on the combination of security resources is relatively small, and the security factors are mostly ignored. The second problem is that the problems of low reliability, resource utilization, and unbalanced loads are still outstanding, and the single-node evaluation method also leads to low efficiency and resource waste. For this reason, This article aims at the basic problem of virtual network mapping, fully considering the security performance during resource scheduling, and specifically improving the common virtual network mapping model to become a virtual network mapping model based on unmanned aerial vehicles with a three-layer structure consisting of a security service request layer, unmanned aerial vehicle virtual network providing layer, and security resource layer. An Intelligent UAV Security Resource Scheduling Algorithm Based on Optimized Subgraph Isomorphism and Link Partition (OSILP-NSRS) for intelligent unmanned aerial vehicle communication networks is proposed. The UAV trajectory does have an impact on virtual mapping [19]. This paper mainly focuses on improving the mapping efficiency, so as to quickly realize the mapping of security resources within the time slice when the current UAV network topology remains unchanged. The difference between the security resource scheduling algorithm for unmanned aerial vehicle communication networks proposed in this article and ordinary networks is that unmanned aerial vehicle communication networks can fully utilize the dynamic and flexible communication advantages of unmanned aerial vehicles, dynamically predict and connect the physical nodes involved, improve the quality of service, and promptly find other nodes when a node is interrupted or unable to provide services, improving the reliability of services. The services provided by traditional communication networks are mostly single, static, and one-dimensional. UAV communication networks can solve this problem well.

The characteristics of UAVs, such as high speed, high flexibility, and strong mobility, determine that they cannot maintain the same network topology as nodes in traditional networks for a long time after issuing security requests, resulting in higher requirements for fast and accurate mapping of network security resources and devices. Due to the high mobility of unmanned aerial vehicles (UAVs), traditional security resource scheduling schemes are often difficult to meet various security requirements in the UAV networks. To improve the security performance of drone networks and better meet personalized security requests from users, it is necessary to quickly, efficiently, and reasonably invoke security resources in the network, which cannot be separated from the rapid and accurate mapping of network security resource devices. Aiming at the application scenarios of low latency and high flexibility in UAV networks, the proposed scheme has the characteristics of high mapping efficiency and small latency and provides information security for highly mobile UAV mobile nodes through a fast and efficient security resource scheduling process.

Considering the impact of the rapid movement of a UAV on the network topology, this paper considers a period of time when the network topology is stable as a time slice, and designs the security resource scheduling scheme in each time slice. When the network topology changes due to UAV movement, the next time slice will be entered and a new virtual network mapping process will be triggered. Firstly, the mapping problem is formally described, and the existing common virtual network mapping model is specifically improved, making it suitable for the special scenarios of security resource scheduling in unmanned aerial vehicle communication networks, and efficiently handling personalized security requests from users. Secondly, we conduct a comprehensive evaluation of the topology of nodes, enriching node evaluation indicators from all aspects, such as the sum of adjacent link bandwidth, centrality, proximity, and the impact of adjacent nodes on themselves. Before mapping, we select the initial mapping domain and select areas with relatively concentrated resources to balance the load. The theory of subgraph isomorphism and link segmentation is incorporated into the mapping process, which improves the overall efficiency of the algorithm and the reception rate of virtual requests. Finally, a simulation experiment was conducted to analyze the mapping success rate and the long-term average cost-benefit ratio of the five mapping algorithms, and a comprehensive comparative analysis of the algorithm performance was conducted.

2. Network Model and Description

2.1. Abstract of Numerical Symbols in this Article

The summary of numerical symbols in this article is shown in

Table 1. Definition of digital symbols in this document.

Symbol Name	Meaning	Symbol Name	Meaning
$N_v$	Virtual node set	$\alpha$	The sum of node adjacency link bandwidth
$L_v$	Virtual link set	$\beta$	Node centrality
$C_v$	Virtual net bundle set	$\chi$	Influence of adjacent node on itself
$N_p$	Physical node set	$TR(n_i{}^{\prime })$	Importance of adjacent nodes
$L_p$	Physical link set	$\partial$	The success rate of virtual request mapping
$C_p$	Physical network constraint set	$R(G_v(t))$	Uav mapping income
$G_v$	virtual network	$C(G_v(t))$	Uav mapping overhead
$G_p$	physical network	$R/C$	The average long-term revenue-cost ratio of drones
$SN{C}_p(n_i)$	Node comprehensive resource capability

.

2.2. Network Virtualization Model

Network virtualization abstracts the network resources from hardware to software, facilitating flexible scheduling [19]. Figure 1 depicts a multi-dimensional internet based on network virtualization technology [12], including hosts, routers, links, and virtual terminal systems. The underlying layer is the physical layer. The hosts, routers, and links exist and form a physical network. By setting the virtual router, the virtual network function can be extracted from the hardware, thus eliminating the underlying differences [20].

2.3. Virtual Network Mapping Model

The literature [21] proposed a three-layer virtual network mapping model for the scenario of a powerful business system, but the three-layer structure did not specify in detail. Based on it, this paper makes targeted improvements to the bottom infrastructure layer and the upper service request layer to make them conform to the security resource scheduling scenario of the UAV communication network and expands and describes the structure and functions of the three layers in detail. Figure 2 describes a virtual network mapping model with a three-layer structure after targeted improvement. This network model mainly includes three layers, namely the security service request layer, the virtual network provision layer, and the security resource layer.

(1)

Security service request layer.

It mainly analyzes the user’s security service requests, such as encryption requests, filtering requests, anti-virus requests, etc., and divides them into different priorities, so that high-priority, more urgent, and relatively short-time-consuming requests can be given priority to resource allocation and processing. Figure 3 is a security service chain designed in this paper that is abstractly generated according to the user’s security requirements. The data flow needs to be processed by the corresponding virtual security service function according to the link order, and the customized network security service is completed by firewall → deep packet detection → encoder → data monitor → decoder. The whole process can be seen as an instance of a security service request.

(2)

Virtual network provision layer.

This layer mainly includes intelligent drones. For the application scenarios of the unmanned aerial vehicle communication networks, installing virtual devices on intelligent unmanned aerial vehicles can change the traditional static deployment method, dynamically predict all possible connected physical nodes through the introduction of unmanned aerial vehicles, and safely and intelligently generate virtual networks based on network services proposed by users. It mainly includes a variety of virtual networks with different topologies, which can be seen as the specific embodiment of personalized security service requests from the users. The security service request layer transmits the user’s security requirements to the lower virtual network provision layer. The virtual network provision layer generates corresponding virtual networks based on the user’s security requirements, preparing for subsequent mapping.

(3)

The security resource layer accommodates a variety of security resources.

These paper-specified security resources have a firewall, intrusion detection system, DOS attack detector, virus scanning detector, spam filters, deep packet inspection, intrusion prevention system, network scanning system, data monitor, load balancer, security router, line code machine, etc., which will be deployed on the same server, multiple security resources, or deployed separately for different security functions.

2.4. Virtual Network Mapping Problem Description

The purpose of mapping is to efficiently meet user requests specifically reflected in the rational allocation of existing underlying resources. The personalized request of a user can be abstracted as a virtual network, which includes the virtual network functions and various resource constraints required to complete the request. These functions, computing, and bandwidth resources need to be provided by the underlying physical network. This is the problem that needs to be solved for mapping. The efficiency and rationality of the mapping process determine the efficiency and rationality of the resource scheduling process. A virtual network mapping of a virtual network $G_v=(N_v,L_v,C_v)$ to a physical network $G_p=(N_p,L_p,C_p)$ is defined as a mapping of a subset $G_v$ to $G_p$, where $N$ is a set of virtual/physical nodes, $L$ is a set of virtual/physical links, $C$ is a set of network constraints, and each link or node $e\in N\cup L$ is associated with a set of constraints $C(e)=\{C_1(e),\dots ,C_m(e)\}$ [22]. The path length cannot exceed the limit value to avoid an excess loss of link bandwidth [23]. $P_p$ represents the subset of the acyclic path in $G_p$, and $M$ is known as an effective mapping that can be decomposed into node mapping and link mapping [24]. The details are as follows:

Node mapping: $M_N:N_v\to N_p$, this parameter must be met

$$cpu(n_v)\le cpu(n_p)$$

(1)

$$f(n_v)\subseteq f(n_p)$$

(2)

Link mapping: $M_L:L_v\to P_p$, this parameter must be met

$$bw(l_v)\le bw(l_p)$$

(3)

In addition, $cpu()$ represents the CPU computing resources required by the node, $f()$ represents the security resources that the node can provide, and $bw()$ represents the bandwidth resources required by the node. The virtual network constraints mainly include location, delay, demand, bandwidth demand, security demand, duration, and mapped distance constraints. The physical network constraints mainly include CPU resources, bandwidth resources, and achievable security functions. Security functions mainly refer to the nodes in the underlying network, namely the security resource layer, where each node can achieve different security functions by deploying different security resources in advance, such as filtering, encryption, and antivirus, and numbers all the security capabilities that can be provided to represent the security capabilities that each physical node can implement.

Taking $G_v$ $G_p$ Figure 4 as an example, each node is associated with a $CPU$ capacity, location, and security capabilities that can be implemented, and each link has a data rate limit. Circles represent nodes, center numbers represent $CPU$ requirements/resources, the links beside the figures show the bandwidth requirements/resources, and the node at the top of the parentheses can achieve security functions, used in Figure 4 (numbers from one to five). In turn, a firewall, deep packet inspection, encoder, data detector, decoder, and the physical node at the bottom of the curly braces determine the location of the physical nodes. Considering the resource constraints, and ultimately choosing the virtual network mapping scheme for {3}-{1}-{2}-{5}-{4}, the data stream flows through the sequence {3}-{1}-{0}-{2}-{5}-{4}. This mapping is effective because the capacity constraint of the virtual network does not exceed the capacity of the physical network.

3. Security Resource Scheduling Algorithm for Intelligent UAV Communication Network Based on Optimized Subgraph Isomorphism and Link Segmentation

In this algorithm, the theory of subgraph isomorphism and link segmentation is applied in the mapping process, and the resource attributes and topological attributes of nodes are evaluated comprehensively. The design principle and process of the scheme are as follows:

(1)

Enrich node evaluation indicators.

The constraint conditions and evaluation indexes of nodes are improved, and the resource attributes and topological attributes of nodes are considered comprehensively.

(2)

One-stage mapping.

The pre-selected mapping domain gathers advantageous resources, to a certain extent, to avoid load imbalance. Compared with traditional two-stage mapping, one-stage mapping avoids excessive bandwidth loss and makes the mapping process more secure and controllable.

(3)

Link segmentation.

When the bandwidth resources of the physical links cannot meet the requirements of the large virtual links, link segmentation is used to flexibly allocate bandwidth traffic, reduce the number of resource fragments, and accept requests that cannot be accepted. When a link is faulty, traffic can be quickly allocated to other links by changing the diversion ratio, which improves network robustness and flexibility to a certain extent.

3.1. Comprehensive Topology Evaluation of Nodes

In the current research of subgraph isomorphic mapping, the evaluation index of the nodes is generally single, which is easy to cause the repeated loss of bandwidth resources, low mapping efficiency, and resource utilization. Therefore, this paper enriched the evaluation indexes of the nodes and comprehensively evaluated the comprehensive resource capability of nodes from two aspects of node resources and topological resources, thus, saving the resource loss in the process of link mapping and improving the mapping efficiency and resource utilization. Node comprehensive resource capability is defined as:

$$SN{C}_p(n_i)=\frac{cpu(n_i)\times {\displaystyle \sum _{l\in L(n_i)}bw(l)}\times d(n_i)+{\displaystyle \sum _{n_i{}^{\prime }\in N}TR(n_i{}^{\prime })}}{{\displaystyle \sum _{n^{\prime }\in \partial (n)}d(n_i,n^{\prime })}}$$

(4)

where, the comprehensive resource capability of a node is composed of the node’s resources, the influence of the adjacent nodes on the node itself, and the average distance between the node and mapped nodes. Where $cpu(n_i)$ represents the $CPU$ resources of a node. The larger the value, the richer the resources, and the more important the node is.

The adjacency link bandwidth $\alpha$ of a node can be expressed as:

$$\alpha ={\displaystyle \sum _{l\in L(n_i)}bw(l)}$$

(5)

where $L(n_i)$ represents the set of node adjacent links of the node $n_i$. The larger the bandwidth sum of node adjacent links is, the richer the surrounding resources are, and the more important the node is. $d(n_i)$ represents the degree of the node, namely, the degree of proximity aggregation. The greater the degree of proximity aggregation, the more number of adjacent nodes, the more connectivity they can have, and the easier it is to find a short path between them and other nodes. As a result, the more concentrated the resources around the node, the more important the node.

The centrality $\beta$ of the node can be expressed as:

$$\beta =\frac{1}{{\displaystyle \sum _{n^{\prime }\in \partial (n)}d(n_i,n^{\prime })}}$$

(6)

where $\partial (n)$ is the set of physical nodes corresponding to the successfully mapped virtual nodes, and $d(n_i,n^{\prime })$ is the hops of the shortest path between physical nodes. The larger the node centrality degree $\beta$ is, the closer the node is to the network center and the more important the node is.

The influence $\chi$ of adjacent nodes on the node itself can be expressed as:

$$\chi ={\displaystyle \sum _{n_i{}^{\prime }\in N}TR(n_i{}^{\prime })}$$

(7)

where $N$ stands for the set of adjacent nodes of node $n_i$, and $n_i{}^{\prime }$ stands for the adjacent nodes of the node $n_i$.

$TR(n_i{}^{\prime })$, the ratio between the resource capacity of the adjacent node and the shortest distance between the node, can be expressed as:

$$TR({n^{\prime }}_i)=\frac{cpu(n_i{}^{\prime })\times {\displaystyle \sum _{l\in L(n_i{}^{\prime })}bw(l)}}{Dis(n_i{}^{\prime },n_i)}$$

(8)

The larger the value is, the greater the influence of the adjacent node on the node itself. That is, the adjacent node of the node is more important. Therefore, this node is more important and should be taken into consideration in the mapping process.

In the comprehensive evaluation process of the node ranking topology, the resource attributes and topological attributes of nodes are fully considered to avoid the one-sided influence caused by a single evaluation index. $SN{C}_p(n_i)$ is used to measure the importance of the nodes. The larger the parameter is, the stronger the comprehensive resource capability of the nodes is, and the priority is taken in the mapping.

3.2. Selecting the Initial Resource Mapping Domain

Calculate the sum of the comprehensive resource capacity of the subareas around each physical node (taking half of the average distance $G_v$ as the radius), and the larger the sum is, the larger the total resource of the region. Mapping to avoid the unnecessary loss of bandwidth and link distance length has certain limitations, so the map is generally concentrated in some regions of the physical network. The first virtual node selection of the regional comprehensive resources receives a maximum amount of the physical node mapping, which can have the effect of load balance and also helps to improve the success rate of mapping.

3.3. Multi-Link Selection Based on Link Segmentation Theory

Link segmentation can make full use of small bandwidths, reclaim resource fragments, and improve resource utilization. In addition, flexible link segmentation makes the virtual network mapping problem computationally easy to handle. Link segmentation allows virtual links with capacity constraints to be mapped to multiple paths on the physical network. The sum of the reserved end-to-end bandwidth along the multiple paths is equal to the total bandwidth requirements of the virtual links.

Link segmentation can also balance the network load and improve the overall reliability of the network. The maximum load on the physical network can be significantly reduced compared to the traditional solutions that limit the traffic to a single path, and splitting into multiple paths can also recover network failures more quickly. Failure requires the establishment of a new end-to-end path, resulting in a more severe service interruption than the traditional single-path setup. Flexible link segmentation should be a key feature of future virtual network infrastructure due to computing, performance, and reliability advantages.

As shown in Figure 5, we now have a physical network of five nodes, $G_p$, and a virtual network of two nodes, $G_v$. The bandwidth required by a virtual link is 30 bandwidth units, and the maximum bandwidth provided by a physical link is 20 bandwidth units. However, the resources provided by a physical link cannot meet the new requirements. Unfortunately, this virtual network cannot be mapped using the traditional mapping method. In this case, if the link is split, the two links share the requirements of the virtual link. The upper directly connected link shares two-thirds of the service traffic (20 bandwidth units) and the lower link, across two physical nodes, shares one-third of the service traffic (10 bandwidth units), and the request can be accepted. In this way, it can be seen that applying the link segmentation theory in the mapping process can reduce the number of resource fragments and accept more requests.

3.4. Optimization Mapping Based on Subgraph Isomorphism Theory

The problem of virtual network mapping can be transformed into the problem of subgraph isomorphism, which means that the relation between a graph and a subgraph of a graph is identical. Given a data graph $G=(N^{\prime },E^{\prime },L^{\prime })$ and a query graph $Q=(N,E,L)$, where $N$ represents a set of nodes, $E$ represents a set of edges, $L$ represents a set of node weights. If there exists an injective function $M:Q\to G$, such that $\forall (n\in N)$, $L(n)\subseteq L^{\prime }(M(n))$ and $\forall (n_i,n_j)\in E$, $(M(n_i),M(n_j))\in E^{\prime }$, then $Q$ is isomorphic to a subgraph of $G$, denoted as $Q\subseteq G$, that is, $Q$ can be mapped to $G$.

Figure 6 is used as an example to determine whether the physical node can meet the $CPU$ and security requirements, then whether it can meet the bandwidth requirements, and finally, whether it can be divided by links.

The whole process is divided into the following steps:

Step 1: Generate the virtual network. In the example in Figure 6, a security service chain with a logical sequence is abstracted and generated according to the security requirements of the users. The security service functions passed, in turn, are firewall–deep packet detection–encoder-decoder.

Step 2: Select the physical network mapping domain. If the area centered on node {3} has the most abundant resources, the first virtual node is mapped to node {3}.

Step 3: Through the calculation of Formula (4), the comprehensive resource capacity of node {1} is the most abundant and meets the $CPU$ requirements, link bandwidth requirements, and security requirements. Then the second virtual node is mapped to node {1}.

Step 4: According to the calculation of Formula (4), the comprehensive resource capacity of node {2} at this time is the most abundant. First, judge that it can meet the $CPU$ requirements and security requirements, and then judge that node {1} and {2} cannot be directly connected, that is, there is no link distance of one, but it can be connected across the intermediate node {0} to meet the demand of three units of bandwidth. The third virtual node is mapped to node {2};

Step 5: After step 4 and the calculation of node {5}, the most abundant comprehensive resource capacity, check that the first judgment can satisfy the requirements and safety requirements to determine that node {2} and {5} can be directly connected. The biggest can provide five units of bandwidth resources and cannot meet the demand of the nine units of virtual link bandwidth and other links also cannot meet these requirements. Consider link break up, otherwise, the request will not be accepted. The nine units of bandwidth demand are divided into five units of bandwidth {2}-{5} and four units of bandwidth {2}-{3}-{5} according to the 5:4 shunting ratio. In the subgraph isomorphism, the segmented link is still regarded as a link that can be mapped successfully, and then the fourth virtual node is mapped to node {4}.

Step 6: As in step 3, the fifth virtual node is mapped to node {5}. Finally, the virtual network is compared with the mapped physical network structure, which is the same chain structure, in line with the theory of subgraph isomorphism, and the mapping is successful.

Since the greater the distance of the underlying link after mapping means the greater the loss of bandwidth resources, the maximum distance constraint after mapping set in this paper is two, that is, the distance greater than two will not be considered. The algorithm execution flow chart is shown in Figure 7. The whole process is an iterative process, including several rounds, each of which maps a virtual node. If a node fails to be mapped successfully after all rounds, the request will not be accepted.

The specific process of the algorithm is shown in Algorithm 1, where $q$ is the number of virtual nodes and $k$ the number of physical nodes. The complexity of calculating the $SN{C}_p(n_i)$ value of each node is $O(k)$, and the complexity of generating the location array d[i] based on the $SN{C}_p(n_i)$ value is $O(k^2)$. The calculation amount to determine whether the mapping constraint is satisfied is $1+k+k\times (1+k\times q+k\times q)$, and the complexity is $O(k^{2}q)$. Since all the $SN{C}_p(n_i)$ values need to be calculated before each virtual node mapping, the total complexity of the algorithm is $O(k^3+k^{2}q)$.

Algorithm 1 OSILP–NSRS algorithm

Input:  $G_v$: includes virtual node vn[q], virtual link ve[q][q], and security requirement vf[m];  $G_p$: includes physical node n[k], physical link e[k][k], provided security function f[l]; Output:  Node_Embedding_List;  Link_Embedding_List;

1.  j = 0;

2.  for i = 1 to k do

3.   Calculate the $SN{C}_p(n_i)$ value of each physical node according to Formula (4);

4.   $\begin{array}{l}SN{C}_p(n_i)=\\ \frac{cpu(n_i)\times {\displaystyle \sum _{l\in L(n_i)}bw(l)}\times d(n_i)+{\displaystyle \sum _{n_i{}^{\prime }\in N}TR(n_i{}^{\prime })}}{{\displaystyle \sum _{n^{\prime }\in \partial (n)}d(n_i,n^{\prime })}}\end{array}$

5.   Sort the nodes according to the $SN{C}_p(n_i)$ value, spawn Position array d[i];

6.   if n[d[i]] >= vn[j] and f[d[i]] == vf[j] and j == 0 then

7.    vd[j] = d[i];

8.    Calculate the remaining resources;

9.    j = j + 1;

10.   end if

11.   if n[d[i]] >= vn[j] and f[d[i]] == vf[j] and j > 0 then

12.    if e[d[i]][vd[j-1]] >= ve[j][j-1] then 13. vd[j] = d[i];

14.     Calculate the remaining resources;

15.     j = j + 1;

16.    else if e[d[i]][m] >= ve[j][j-1] and e[m][vd[j-1]] >= ve[j][j-1] then

17.     vd[j] = d[i];

18.     Calculate the remaining resources;

19.     j = j + 1;

20.    else if ve[j][j-1] > e[d[i]][vd[j-1]] and e[d[i]][s] >= (ve[j][j-1]-e[d[i]][vd[j-1]]) and e[s][vd[j-1]] >= (ve[j][j-1]-e[d[i]][vd[j-1]]) then

21.     vd[j] = d[i];

22.     Calculate the remaining resources;

23.     j = j + 1;

24.    end if

25.   end if

26.  end for

27.  if j == q then

28.   return Embedding_success;

29.  else

30.   return Embedding_fail;

31.  end if

4. Algorithm Performance Evaluation and Analysis

The OSILP-NSRS algorithm is compared with the TR-VNE algorithm in the literature [14], the TCEWA-VNE algorithm in the literature [15], the vnmFlib algorithm in the literature [17], and the VF2-H algorithm in the literature [18]. The VF2-H algorithm is an improved subgraph isomorphism algorithm based on the vnmFlib algorithm. The TCEWA-VNE algorithm is a comprehensive multi-index sorting algorithm. Comparing the OSILP-NSRS algorithm with the TCEWA-VNE algorithm can better show the performance of the algorithm designed in this paper.

4.1. Algorithm Performance Evaluation Index

In this paper, the performance of the proposed algorithm is evaluated and analyzed by comparing the mapping success rate with the long-term average revenue and cost of the UAV. Among them, the mapping success rate is divided into the common request mapping success rate and the security service request mapping success rate. The higher the success rate of common request mapping, the higher the quality and performance of the algorithm. The success rate of security service request mapping is to evaluate the scheduling efficiency of the security resources in a specific scenario where users have security requirements. The resource utilization rate of a physical network is usually expressed by the ratio of long-term average revenue to the overhead of a UAV. The higher the value, the better the algorithm performance and the greater the revenue.

(1)

Success rate of mapping.

The success rate of virtual network request mapping is defined as:

$$\partial =\underset{T\to \infty }{\lim }\frac{Su{m}_{vs}(T)}{Su{m}_v(T)+\delta }$$

(9)

this formula represents the ratio of the number of successful mapping virtual network requests to the total number of requests within time $T$. Where $Su{m}_{vs}(T)$ and $Su{m}_v(T)$ respectively represent the number of virtual network requests successfully mapped (common requests/security service requests) and the total number of virtual network requests within time $T$, and $\delta$ represents an infinitesimal positive number.

(2)

Average cost-benefit ratio of UAV.

For infrastructure providers, the purpose of mapping is to ensure the benefits of UAV mapping while minimizing the mapping overhead of physical networks.

(a)

Mapping benefits.

The UAV mapping income is defined as:

$$R(G_v(t))={\displaystyle \sum _{n_v\in N_v}CPU(n_v)}+{\displaystyle \sum _{l_v\in L_v}BW(l_v)}$$

(10)

$t$ represents the arrival time of the request, and $CPU(n_v)$ represents the $CPU$ resource demand of the node $n_v$. $BW(l_v)$ indicates the bandwidth resource requirements of the link $l_v$.

(b)

Mapping overhead.

The UAV mapping overhead is defined as:

$$C(G_v(t))={\displaystyle \sum _{n_v\in N_v}CPU(n_v)}+{\displaystyle \sum _{l_v\in L_v}(BW(l_v)}\times length(M(l_v)))$$

(11)

$M(l_v)\in P_p$ represents the acyclic path mapped to $l_v$ the physical network, and $length(M(l_v))$ represents the acyclic path length, that is, the number of hops passed through the physical link after the virtual link is mapped successfully. The solution will set a limit on the value.

(c)

Long-term average revenue/expense ratio.

The long-term average cost-benefit ratio of UAV is usually used to evaluate the quality of the mapping algorithm and is defined as:

$$R/C=\underset{T\to \infty }{\lim }\frac{{\displaystyle \sum _{t=0}^{T}R(G_V(t))}}{{\displaystyle \sum _{t=0}^{T}C(G_V(t))}}$$

(12)

4.2. Experimental Environment

In this paper, the performance of the proposed algorithm is evaluated and analyzed in the OMNeT++ environment. Using the OMNeT++ algorithm, the experiment can not only verify the algorithm performance but also simulate the flow direction of the data stream more intuitively. The control variable method is adopted in the comparison experiment. Under the given same physical network, the virtual network requests are divided into the same two groups. The first group is common virtual network requests, and the second group is security resource requests with security constraints.

Table 2. Node resource parameter table.

Node	CPU (MHz)	Security Resource Capability
0	59	Firewall/Encryption
1	64	Intrusion detection /Encryption
2	87	Encryption
3	81	Antivirus
4	74	A firewall
5	73	Spam Detection
6	68	Network scanning
7	83	Load balancing/ Firewall
8	74	Depth packet detection
9	69	Intrusion detection

and

Table 3. Link resource parameter table.

Link	Bandwidth (Mb, s−1)	Link	Bandwidth (Mb, s−1)
0	57	9	58
1	84	10	67
2	74	11	85
3	79	12	69
4	68	13	73
5	85	14	81
6	69	15	52
7	96	16	93
8	74

show the physical network resource parameters. There are 10 nodes and 17 links. Each node and link is allocated with certain security, computing, and bandwidth resources. To avoid the disturbance of the experimental results caused by random factors, the simulation experiment was conducted 100 times, and the final results were averaged.

4.3. Performance Analysis of OSILP-NSRS Algorithm

Under the same physical network topology and virtual network request conditions, this section compares and analyzes the performance of the OSILP-NSRS algorithm and the other four algorithms (in terms of the mapping success rate and the long-term average cost-benefit ratio of the UAVs). The contrast experiment is divided into three groups. From the perspective of the algorithm principle, the first group of experiments verifies the algorithm’s performance based on the subgraph isomorphism, the second group of experiments verifies the algorithm’s performance based on a multi-index evaluation, and the third group of experiments verifies the security resource’s scheduling performance.

4.3.1. Performance Analysis Based on Subgraph Isomorphism Algorithm

Figure 8 shows the change in the mapping success rate and the long-term average cost-benefit ratio of the UAVs corresponds to the three virtual network mapping algorithms based on subgraph isomorphism with time units. As can be seen from Figure 8a, the mapping success rate of the vnmFlib algorithm is about 0.68. Since the vnmFlib algorithm only considers node $CPU$ resources, the mapping success rate is low. The VF2-H algorithm further optimizes the evaluation index of the nodes based on the vnmFlib algorithm. The three attributes of node $CPU$ resource, adjacency link bandwidth, centrality, and comprehensive evaluation, are considered in node ranking, and the performance is improved to a certain extent. The mapping success rate is stable at about 0.7, but the topological attributes of the nodes are not fully considered. Therefore, its performance improvement is small. The LSOPSI–VNM algorithm considers the node’s resource properties and the topological properties before each mapping calculation. Through virtual network mapping, the domain load is balanced and avoids node congestion, which makes it easier to accept more requests. Through the link segmentation, it can make full use of the resources in the process of mapping fragments, thus, greatly improving the success rate of the map. Therefore, the performance of this algorithm is optimal and the final stability is around 0.83.

As can be seen from Figure 8b, the vnmFlib algorithm only considers the node’s resource attributes and does not consider the topology attributes. If the node evaluation index is too small, the bandwidth resource loss after mapping is serious, and the long-term average cost-benefit ratio of the UAVs is significantly lower. The VF2-H algorithm optimizes the node evaluation index and takes into account the three attributes of the node’s resources, adjacent link bandwidth, and centrality when sorting. The long-term average cost-benefit ratio of the UAVs has been improved to a certain extent, but it does not consider the distance between physical nodes after mapping, which increases the cost of link bandwidth resources, so the improvement is small. The OSILP-NSRS algorithm sets the maximum distance constraint of the mapped link so that the distance between the mapped physical nodes will not cause bandwidth resource loss due to being too large. Link segmentation can also make efficient and flexible use of the bandwidth resources of the physical network and accept some originally unacceptable requests, which increases profits, further improving the long-term average cost-benefit ratio of the UAV, and, finally, stabilizes at about 0.58. Therefore, this algorithm has the best performance.

4.3.2. Performance Analysis Based on the Multi-Index Evaluation Algorithm

Figure 9 shows the change in the mapping success rate of three virtual network mapping algorithms based on multi-index evaluation with time units. As can be seen from Figure 9a, the mapping success rate of the TR-VNE algorithm is about 0.62. During the mapping process of a conventional greedy algorithm, only the CPU resources of nodes are considered, without considering the topological attributes, so the mapping success rate is low. The TCEWA-VNE algorithm comprehensively evaluates the topology attributes of the nodes (such as centrality, proximity, and proximity aggregation) and sorts the nodes by combining them with the resource attributes, such as the bandwidth of the adjacent link. The success rate of virtual network mapping is improved to about 0.76. The $CPU$ LSOPSI-VNM algorithm comprehensively considers the resource attribute and topological attribute of the nod, and considers the influence of the node’s adjacent nodes on the node itself. The evaluation method is more scientific and reasonable, the performance is improved significantly, and the final stable is around 0.83.

As can be seen from Figure 9b, the TR-VNE algorithm only considers the node’s resource attributes and does not consider the topology attributes. If the node evaluation index is too small, the bandwidth resource loss after mapping is too large, and the long-term average cost-benefit ratio of UAVs is significantly lower. The TCEWA-VNE algorithm considers the proximity of nodes when selecting physical nodes, effectively shortening the length of link mapping, and reduces the cost of link mapping while ensuring revenue. The long-term average revenue-cost ratio of the UAVs is significantly improved. The OSILP-NSRS algorithm has carried out a comprehensive evaluation and analysis of each index of the node. The node evaluation method is more scientific and the algorithm performance is optimal.

4.3.3. Security Performance Analysis

Figure 10 shows the change in the mapping success rate of five virtual network mapping algorithms over time in the scenario of specific security service requests. It can be seen that the OSILP-NSRS algorithm has always maintained a high success rate of security service request mapping, because the OSILP-NSRS algorithm optimizes the constraint conditions of nodes and adds security resource constraints, enabling it to efficiently process requests with security resource constraints. Furthermore, the algorithm has its performance advantages. The mapping success rate finally stabilized at 0.89. The other four algorithms do not consider the problems related to network security resources, so the success rate of mapping is low.

5. Conclusions

Aiming at the special scenario of security resource scheduling in UAV communication networks and ensuring scheduling efficiency, this paper proposes an intelligent UAV communication network security resource scheduling algorithm based on the optimized subgraph isomorphism and link segmentation. A virtual network mapping model, with a three-layer structure, is purposely improved, which comprehensively considers the node evaluation index and effectively integrates the subgraph isomorphism and link segmentation. To some extent, the problems of resource fragmentation, low resource utilization, load imbalance, and low reliability are solved. Through simulation experiments, the algorithm proposed in this paper can significantly improve the long-term average cost-benefit ratio of the UAV communication network, the success rate of virtual network mapping, and has advantages in the special scenario of UAV communication network security resource scheduling.

In the next stage of research, we will focus on the impact of fine-grained changes of the UAV tracks on virtual network mapping, and take the rapidly changing dynamic network topology as the condition of mapping, so as to further improve the efficiency of the scheme.