Content Delivery Networks (CDNs) are crucial for enabling delivery of services that require high capacity and low latency, primarily through geographically-diverse content replication. Optical networks are the only available future-proof technology that meets the reach and capacity requirements of CDNs. However, the underlying physical network infrastructure is vulnerable to various security threats, and the increasing importance of CDNs in supporting vital services intensifies the concerns related to their robustness. Malicious attackers can target critical network elements, thus severely degrading network connectivity and causing large-scale service disruptions. One way in which network operators and cloud computing providers can increase the robustness against malicious attacks is by changing the topological properties of the network through infrastructure upgrades.

This work proposes a framework for CDN infrastructure upgrade that performs sparse link and replica addition with the objective of maximizing the content accessibility under targeted link cut attacks. The framework is based on a newly defined content accessibility metric denoted as μ-ACA which allows the network operator to gauge the CDN robustness over a range of attacks with varying intensity. Two heuristics, namely Content-Accessibility-Aware Link Addition Heuristic (CAA-LAH), and Content-Accessibility-Aware Replica Addition Heuristic (CAA-RAH) are developed to perform strategic link and replica placement, respectively, and hamper attackers from disconnecting users from the content even in severe attack scenarios. Extensive experiments on real-world reference network topologies show that the proposed framework effectively increases the CDN robustness by adding a few links or replicas to the network.

内容交付网络（CDN）对于实现交付需要高容量和低延迟的服务至关重要，这主要是通过地理上分散的内容复制实现的。光网络是满足CDN的覆盖范围和容量要求的唯一可用的面向未来的技术。但是，底层的物理网络基础结构容易受到各种安全威胁的影响，而CDN在支持重要服务方面的重要性日益提高，加剧了对其健壮性的担忧。恶意攻击者可以将关键网络元素作为攻击目标，从而严重破坏网络连接并导致大规模服务中断。

这项工作提出了用于CDN基础结构升级的框架，该框架执行稀疏链接和副本添加，目的是在目标链接切断攻击下最大化内容可访问性。该框架基于新定义的内容可访问性度量标准，表示为μ-ACA，允许网络运营商在各种强度不同的攻击范围内评估CDN的鲁棒性。开发了两种启发式方法，即“内容可访问性感知的链接添加启发式（CAA-LAH）”和“内容可访问性感知的副本添加启发式（CAA-RAH）”，以分别执行战略链接和副本放置，并阻止攻击者断开用户连接甚至在严重的攻击情况下也可以从内容中删除。在现实世界中参考网络拓扑的大量实验表明，通过向网络添加一些链接或副本，该框架有效地提高了CDN的健壮性。