A model of cryptographic network protection when using distributed big data arrays

Big Data arrays are used when analysing the accumulated information and identifying patterns that can be implemented in the form of documents or development strategies, depending on the type of object. The use of the Big Data analysis methodology makes it possible to assert that the formation of clusters for storing and using the obtained information is possible only with an active correlation and interaction between individual arrays. The novelty of the study is determined by the fact that the use of Big Data in the tasks of socio-economic development requires the simultaneous analysis of information from various institutions and establishments. The authors show that Big Data analysis for the purposes of socio-economic development is possible only if access to distributed networks is established. At the same time, network protection should be based on closed cryptographic protocols. The paper shows that the use of protocols of a cryptographic type also makes it possible to verify the received data. The practical significance of the study is determined by the structure of a distributed type network and formation of a model for using Big Data in the tasks of socioeconomic development. This will allow in the long term to ensure the establishment of a civil society model and reduce both financial and credibility losses.


Introduction
Information and communication network using distributed Big Data arrays has a hierarchical structure, both at the information and technical levels [1]. Therefore, traffic management methods should take into account the specifics of managing hierarchical systems [2]. In addition, management principles should allow to reduce the dimensionality of the tasks being solved [3]. Therefore, in accordance with the basic principles of the methodology of risk-adapted management of Big Data flows, the following principles of traffic distribution management are performed for this task [4]: 1) the principle of decomposition, providing for the division of the network into a number of subnets; 2) the principle of coordinating the management of subnets, when the tasks of managing the distribution of traffic for each subnet are performed taking into account the state of other subnets; 3) the principle of coordinating the goals of subnet management, in which the partial (local) goals of traffic distribution managements in individual subnets must ensure that the global goal of managing the distribution of traffic throughout the network is achieved. The parameters of flows between subnets during management are determined by the tasks solved on the network and the distribution of system applications and databases between nodes in each subnet [5]. Therefore, if intrasubnet management redistributes system applications and databases between subnet nodes, it will not cause flow changes between subnets, although it may cause redistribution of flows within the subnet. Then the assertion conditions are satisfied [6]. Therefore, intra-subnet control can redistribute system applications and databases, redistribute data flows between nodes within a subnet [7]. Since there is an interconnection between the parameters of the technical structure of Big Data and the characteristics of applied and system software operating in the network nodes, it is advisable to consider the interaction of hardware and software of the network [8]. The information and communication network has, as a rule, a large dimensionality, therefore, the direct solution to the problem of general control over a complete network requires special approaches [9]. To get out of this situation, it is necessary to decompose management problems, bringing the solution of the general problem to the solution of a set of partial tasks [10]. To decompose management problems, we will decompose the information and communication network into multiple subnets in advance [11]. The rules of network decomposition must ensure that the following conditions are met [12]: 1) network is divided into subnets in a way that each subnet is controlled autonomously, and the quality of the subnet is determined by the functionality of the parameters of only this subnet; 2) data flows between subnets should not depend on the management of each subnet. It should be noted that the above conditions can be fulfilled if the network is decomposed at the level of basic parameters, which comes out of the peculiarities of the state space of the network [13]. Then, each basic network variant defines a set of subnets and their composition [14]. However, data flows between subnets may be independent of how each subnet is managed [15]. The particularities of managing each subnet, in which the data flows between subnets remain unchanged, can be formulated as follows [16]. If the control of each subnet allows the redistribution of system applications only between the nodes of this subnet and does not allow the redistribution of nodes and system applications between subnets, then with such control the values of data flow rates between subnets do not change [17]. As a proof, the authors note that Big Data with dedicated subnets can be considered as a network with a complex structure, in which there are matrix elementsintensity of data flows between nodes, the value of which depends on the distribution of system requirements across nodes and on the flow intensity of requests to execute system applications. This matrix remains unchanged when the conditions of the approval are met. In the case when a system application moves from one node of a subnet to another node of the same subnet, the data flow rates between Big Data nodes change [18]. However, the total flow rates between this application and others installed on nodes outside this subnet remain unchanged [19][20][21][22][23][24][25][26][27][28]. Therefore, moving a system application within a subnet does not change the rate of total data flows between this subnet and other subnets.

Materials and methods
In the course of the study, the current state of the development of cryptographic network protection using distributed Big Data arrays was investigated. Scientific and special methods were used, mainly: the analytical method was used in the analysis of Big Data arrays; the method of calculations for solving problems, the classification method determined the ability to differentiate the basic principles of traffic distribution management, and the description method formulated their characteristics; the monographic method was used during the study of special literature on the development of a model of cryptographic network protection using distributed Big Data arrays; The findings were processed using the system-analytical method [29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44].
Within the framework of the investigated topic, it is necessary to study Big Date arrays, analyse the cryptographic protection system of the previously mentioned arrays. The obtained result allows us to consider the tasks of managing the distribution of Big Data traffic as a two-stage task: 1) at the first stage (network configuration stage), the configuration problem is solved, where the composition of subnets and the distribution of applications and nodes over subnets are formed; 2) at the second stage, the problem of operating control of subnets is solved, while each subnet is controlled autonomously [45][46][47][48][49][50][51][52][53][54][55][56][57][58].
To formulate the management problem, we note that since after solving the configuration problem, subnets are allocated, each of which is controlled autonomously, it is necessary to allocate a set of control parameters for each subnet. Such set will be denoted as wherethe subnet number. General management problems in this case are formulated as follows, described below. The solution to the problem of setting up a network will be a set of basic parameters that determines the division of network nodes into subnets, which ensures the optimal value of the network quality indicator [59][60][61][62][63][64][65][66][67][68][69][70][71]. The solution to the operating control problem will be an optimal set of operating control parameters at each control step. The proposed approach has the following advantages. 1) the dimensionality of the network tuning problem is reduced, since in the equation with the general management problem the number of restrictions is reduced, and the objective function is simplified; 2) the decomposition of the task of operating control into the task of operating control of subnets is carried out, which makes it possible to reduce the dimensionality of each task; 3) it becomes possible to independently solve the problem of operating control of subnets, applying for each task its own sets of quality indicators and control parameters, as well as control algorithms [72][73][74][75][76][77][78][79].
In Big Data arrays, preference is given to centralised methods of data processing and storage (for example, when using GRID technology), then among the set of management problems, the task of allocating resources of a multi-server information processing node becomes the most urgent. A feature of this task is a sharp increase in both the number of users of centralised processing facilities and the intensity of the system applications execution requests. To solve the problem, it is necessary to use multi-server nodes for data storage and query processing. Such nodes are characterised by the appearance of problems of managing the flow of requests distribution between servers, approaches to the solution of which have been considered in many studies. However, the particularities of the relations of information and technical structure of Big Data, on the basis of which it is possible to obtain information on the distribution of the bandwidth of the involved communication channels, were not taken into account. Therefore, a method is proposed for the optimal selected criterion for managing the distribution of resources of a multi-server information processing node, which is based on a hierarchical model of the network structure and a developed method for distributing the bandwidth of the involved communication channels.

Results and discussion
Big Data with dedicated subnets can be considered as a network with a complex structure (the number of subnets is equal 1 ). The total intensity of data flows between subnets and can be calculated by the formula: in which the matrix elements = ( = 1, , = 1, ,number of nodes involved)the intensity of data flows between nodes , , the value of which depends on the distribution of system requirements among nodes and on the intensity of requests flow for the execution of system applications. To calculate the intensity of data flows between subnets, a matrix of subnetting nodes is used: (2) Thus, if under such a control the partition does not change, i.e., the matrix 1 remains constant and the values do not change either, then the matrix 1 ( 1 ) also does not change, which was required to prove. Let us consider the tasks of setting up a network. Given: 1) a set of tasks to be solved on the network (the number of tasks -); 2) a set of basic parameters of the BSN; 3) a set of basic network management parameters -0 (parameters 1 , 2 , 1 , 2 are included in the set of basic network management parameters); 4) a set of quality indicators of network settings -, = 1, ; 5) a set of quality indicators of network settings for each task -, = 1, , = 1, ; 6) a set of weight assignment { 0 } for partial problems; 7) a set of weight assignment { 0 } for quality indicators of solving particular problems. Find: where 01 , 02set of limit (permissible) values for basic network parameters; ̱ ,̄( = 1, )set of lower and upper limit values of network characteristics set for task number . So, in particular, the following specific restrictions must be met: where ̱ ,̄lower and upper bounds for the number of nodes in the -th level groups; where ̱ ,̄matrices of lower and upper bounds for the values of data flows intensities between groups and within groups of the -th level; ̱ * ( * ) ≤ * ( * ) ≤̄ * ( * ), ∈ {2,3}, where ̱ * ( * ),̄ * ( * )matrices of lower and upper boundaries of information flows intensities between switches of the -th network level. It is also possible to use as a limitation the data on the bandwidth offers of communication channels specified by matrices. The content of these restrictions is that subnetting, which is carried out when solving the problem of network configuration, must take into account the restrictions on data flows intensity between subnets and the bandwidth of communication channels between switches. An element of a set 0 * is, for example, a matrix 1 . Another result of solving the configuration problem should be the determination of subsets composition 1 , wherethe subnet number. Further, the tasks of the operating control of subnets should be solved [80][81][82][83][84][85][86][87][88][89][90][91][92][93][94][95][96]. Note that operating management is carried out constantly, control, as noted above, is carried out in steps, therefore, here is the statement of the problem for the control step. This is due to the fact that with unchanged basic parameters, control within a given basic subspace of states is carried out in one step. The general task of operating network control can be broken down into a number of tasks of operating subnetwork control. Since these tasks are solved autonomously, the authors will present the formulation of the task of operating subnetwork control. The task of operating subnet control (subnet number ). Given: 1) a set of basic network parameters -BSN, including a set of optimal values of basic control parameters, - 2) a set of parameters for operational subnet control-1 , = 1, ; 3) a set of quality indicators of operating subnetwork control -1 , = 1, ; 4) a set of indicators of the quality of operating subnet control for each task solved in the subnet, -1 , = 1, , = 1, ;

5) a set of values of quality indicators for solving particular problems
( 1 ( )); 6) a set of weight assignments { 1 } for partial subnet problems; 7) a set of weight assignments { 1 } for quality indicators of solving particular problems. Find: for a given system of restrictions on parameter values 1 = 11 ∪ 12 , which take into account the characteristics of the subnet for -th problem: where 11 , 12 , = 1,set of limit (permissible) values for subnet parameters; ̱ ,̄, = 1,set of lower and upper limit values of network characteristics set for -th problem on a subnet. In particular, the following restrictions must be met for each subnet: where ̱ 1 * ( 1 * ),̄1 * ( 1 * )matrices of upper and lower bounds for the intensity of information flows between switches of the first level and within groups of nodes connected to switches of the first level in the subnetwork. The meaning of this restriction is that when managing a subnet, restrictions on the bandwidth of communication channels within the subnet must be taken into account. However, decomposition of the management problem implies consistent management of all subnets, for which purpose it is necessary to ensure that the management goals for the subnets are consistent. The coordination of subnet management in this case should provide time-consistent control. The need for coordination is associated both with the difference in subnet control steps in terms of duration and with the limitation of the autonomy of each subnetwork control, which does not always allow choosing the beginning of a control step regardless of the state of other subnets. There may be times when a new subnet control step cannot be started due to changes in other subnets. So, if the basic parameters of the network change, this can lead to a change in the basic states for individual subnets, to a change in the basic subspace of subnets, and, accordingly, to a change in the parameters and goals of operational management of these subnets [97][98][99][100][101][102][103][104][105][106][107][108][109][110][111]. We can formulate the following rule for coordinating subnet management. Rule 1: when the basic states of the network change, the operating control processes in the subnets must be stopped until the task of configuring the network with the new basic parameters is solved. After solving the configuration task, the operating control of subnets can begin. Further, due to the impossibility of synchronising the beginning of the steps for operational subnet control, there may be cases when subnet control causes a change in the state of other subnets, for example, a change in the data flows. At the same time, the administrators of these subnets begin procedures network management, which is useless and sometimes harmful, since this can lead to a deterioration in the quality of the subnets and the entire network as a whole. It is necessary to find out the reason for the change. This is especially true for changing the parameters of data flows entering the subnets. With online management of subnets, the parameters of data flows between subnets do not change; changes can be caused either by management in subnets, or by a change in basic parameters. In the first case, the control in the subnet must be changed, and in the second, the task of network configuration must first be solved, as follows from rule 1 of subnet control coordination [112][113][114][115][116][117][118][119][120][121][122][123]. Another rule for subnet coordination can be formulated. Rule 2: if the parameters of data flows between subnets have changed without changing the basic network parameters, then there is no need to change the management of subnets; it is necessary to determine the cause of the change in the flow parameters and eliminate it. The reasons can be either erroneous management, or failure of subnetwork equipment, or unauthorised change of basic network parameters. It was noted above that not always the optimal solution of individual problems leads to the optimal operation of the entire network as a whole. However, it is necessary to find a form of setting partial tasks so that they can be solved autonomously, but the results obtained would lead to a common goal, that is, to optimise the integrated target indicator of the network performance. If we take into account the possibility of decomposition of the control problem, then it can be noted that the coordination of control objectives when solving problems of operational control of subnets is possible within the framework of the general functional of control quality, since these problems are independent. Naturally, it is first necessary to solve the problem of network configuration, where it will be determined how the subnets are connected to each other, since the redistribution of common resources occurs during configuration. In this case, it is advisable to use additional criteria and restrictions to weaken the mutual influence of subnets. A possible solution is to allocate specific resources to each subnet so as to optimise the performance of the network as a whole. An acceptable solution would be to use an additive metric of network performance using weight assignment and performance metrics for subnets: whereperformance weight assignment of -subnet, and the value * ( 1 * ) calculated by the formula (8).
Obviously, in the case of autonomous operation of subnets, formula (11) makes it possible to calculate the optimal value of the quality indicator of the network operation with the optimal values of the quality indicators of the subnets. A feature of solving problems of operational control of subnets is the need to take into account the competition of processes of solving applied problems for resources shared within the subnet. Therefore, it is proposed to ensure the coordination of goals when solving problems within a subnet by managing the resources allocated for each task or group of tasks. Typically, tasks are grouped according to the types of threads used, and management is reduced to creating the most favourable conditions for each type of thread. The essence of management is that each task is solved in a way that the optimum indicator of the quality of its solution is achieved on the resources that are allocated to it. For example, for each type of data flow, its own bandwidth in the communication channel can be allocated, or its own share of the time when processing on servers. Let us denote the number of types of resources that are distributed between task groups -. We denote the number of problem types as Introduce the resource allocation matrix: Matrix allows to set the way resources are allocated between tasks and items in multiple control parameters. By forming the matrix we can manage the distribution of resources in the implementation of operational management of subnets. In general, the task of operational control associated with the division of resources can be formulated as follows. Given: 1)the number of task types -′ ; 2) the number of types of resources -′ ; 3) a set of maximum values of resources of each type; 4) resource allocation matrix ; 5) a set of weight assignments { 1 } for partial problems of subnet ; 6) a set of weight assignments { 1 } for quality indicators of solving particular problems on a subnet; 7) a set of weight (cost) assignments for the resources allocated by tasks, ≥ 0, = 1, , = 1, ′ Find: with a given system of restrictions: 1) each -th type of problem must receive the required amount of resources of the form ( )( ) ≥ , = 1, ′ , = 1, ′ , (16) where minimum admissible amount of resource of the form, assigned to the group of tasks of the type; 2) the total amount of resources of the type, allocated to all tasks should not exceed the total amount of available resources of this type The result of solving this task will be the distribution of the resources of the subnet between the tasks that are solved on this subnet. Note that in this case, goals are coordinated to optimise the quality functional of solving problems on a subnetwork, while for consistency, the weight assignments of each problem, quality indicators of its solution and the resources allocated by it are used. The main factors influencing the data flows in infocommunication networks, the loading of communication channels and network equipment are the following parameters: 1) distribution of system applications to network nodes; 2) distribution of users across network nodes; 3) intensity of the request flows to launch applications (tasks); 4) structure of the network, which defines the communication channels between the network equipment and the 5) binding of workstations and servers to the network equipment; 6) amount of bandwidth of communication channels used in the network; 7) bandwidth of network equipment; 8) allocation of communication channels bandwidth between individual tasks (groups of tasks); 9) routing data streams in the network. The developed models make it possible to calculate the parameters of data flows in the network with fixed initial network parameters: 1) structure; 2) network equipment; 3) distribution of applications to network nodes; 4) the intensity of the requests flow to launch tasks or system applications. However, in a real Big Data network, the intensity of user requests and the composition of tasks to be solved can change over time, in addition, with the development of the network, the composition of the equipment and its parameters changethe basic parameters of the network change. All this makes it necessary to correct or change the control parameters of the network to achieve the required efficiency of its operation. Such change in network parameters is an integral part of the debugging process, which, in turn, is one of the main network management processes. In this case, of course, it is necessary to ensure the required values of the quality indicators of the network operation associated with the solution of applied problems. Since the distribution of users among workstations of the network, as a rule, is determined by the structure of the organisation and the territorial location of users, then the distribution of users will further be considered a given and constant parameter of the network. Thus, network management in this case is reduced to solving such basic problems: 1)control of distribution and migration of system applications; 2)control of the network structure; 3) control of debugging of network equipment or control of data flows in the network; 4) parametric control of servicing data streams; 5) routing control. One of the main components for solving these problems is to achieve optimal bandwidth allocation. When transmitting several types of data streams with one communication channel, it becomes necessary to allocate bandwidth. Each such stream can be assigned to a specific group of tasks solved in the Big Data environment. We denote flow rate type ( = 1, ), wherenumber of stream types. Assume the flow of -th type need bandwidth . For a communication channel with a total bandwidth ∑ the following conditions must be met: That is, it is possible to control each task in accordance with its bandwidth requirements. The numerical values of the quantities are set in accordance with the requirements for guaranteed quality of service. However, a situation often arises when condition (14) is satisfied, which may be associated either with the capabilities of communication channels, or with a change in the requirements of the problem and, as a consequence, a temporary change in some type of traffic, for example, due to the appearance of new users, which perform applied tasks. Let us consider the case, in which: that is, the channel bandwidth is insufficient to meet the needs of all types of data flow. This raises the task of bandwidth allocation between all types of flows. We will seek a static solution to the problem when the channel distribution between flows is rigidly established for known flow characteristics. We will assume that the channel is distributed among streams of each type. In this case, the amount of costs associated with the deviation of the dedicated stream of the -th type of bandwidth from what it requires (the bandwidth that was allocated) is proportional to the magnitude of the deviation, i.e Then the total cost of servicing flows is, where ̄= ( ),̄= ( )vectors of cost coefficients defined in (15); ̄= ( )vector of specified bandwidth values that should be allocated to each stream type; ̄= ( )vector of bandwidth values allocated to each type of stream; ̄= ( )vector, -th component of which is the probability that a stream of a given type is transmitted by this channel; ̄= ( )vector, -th component of which is the probability that a stream of this type is not transmitted by a channel, that is, a stream of an unnecessary communication channel, since there is no data of this type to transmit. In this case, it is assumed that each stream of the -th type does not constantly enter the communication channel, but when it does, it has an intensity: = , (23) The duration of the interval when the stream enters the channel, that is, data for transmission, will be denoted as , and the duration of the interval when the stream does not enter the channel (there is no data for transmission) -. We will assume that , random variables with distribution functions ( ), ( ) respectively, and for the first two moments of all random variables the following conditions are satisfied: Thus, each flow can be thought of as a recovery process. In this case, the probability that at an arbitrary moment of time in the channel there is or is not a flow of k type is calculated by the formulas: Using these expressions, we can find the numerical value of function (22)the total cost of servicing flows. Then, with static channel control, the task of controlling the bandwidth allocation is posed as follows: for given values of the number of types of data flows, the maximum value of the channel bandwidth, which is allocated for servicing data flows, vectors of characteristics of data flows, the required values of bandwidths and cost factors, find the value ̄ * , with which: (̄, , ,̄ * , ,̄) =̄(̄, , ,̄ * , ,̄), (29) and the following restrictions are met: The meaning of restriction (31) is that the total value of the bandwidth that are actually allocated to different types of channel flows should not exceed the maximum value of the channel bandwidth allocated to serve these data flows. The meaning of restriction (32) is that it is possible to set the following values of the bandwidth, which in total will exceed the capabilities of the channel. The solution to problem (31) -(32) allows minimising the costs of servicing flows, that is, potentially increasing the real network resource; its feature is the ability to take into account user activity, since this activity is determined by the values of the vector components ,̄, and known methods can be used to solve it. The general scheme of the method is shown in Figure 1. To meet the quality requirements for solving problems, it is necessary to use multi-server nodes for data storage and query processing. Consider a multi-server information processing node as a closed system, the input of which receives information from the network in accordance with the Big Data communication channel bandwidth allocation control algorithm, that is, a multi-server information processing node will be considered as a node consisting of servers, each of which can serve all applications that correspond to the tasks that are solved on the network. The input of a multi-server information processing node receives Poison flows of requests to launch applications, the flow rates of which correspond to the rates of execution of tasks using these applications. Flow rates of requests for execution of -th application of make up vector = ( ), = 1, , Let's denote the probability of sending a request to launch an application on the server as . The values of these probabilities form a matrix = , and the following conditions must be met: applications of each type must be distributed between servers ∑ =1 = 1, = 1, , each server can receive requests to execute the application ∑ =1 = 1, = 1, , The duration of the application on -th server ( ) a random variable with a distribution function ( ), that has the final first and second initial moments: We will also assume that all servers work independently of each other. In this case, as a model of the investigated system of servers, we can consider a set of single-line queuing systems of the / /1/∞ type, that is, the model of operation of each server can be considered as a queuing system of this type, at the input of which Poisson flows of requests for applications launch arrive. We will assume that the server responds to the service equipment to the queuing system, and the queuing system number coincides with the server number. The intensity of the flow of requests to launch the j-th application arriving at the input of the n-th queuing system is calculated by the formula: This thread is also Poisson, since it exits the flow of requests to start the -th application using a sifting procedure. Analysing the operation of one queuing system, for the sake of simplicity, we assume that all requests on each server form one queue and are served in the queued order. Then the total flow of requests to the -th server has an intensity: The probability that a request taken from the queue to the -th server will be a request to launch an application is The Laplace-Stieltjes transform of the distribution function of the processing time of an arbitrary request on the n-th server is calculated as: where: When distributing requests, conditions must be met to prevent server overload: Server downtime probability is calculated by the formula: Thus, formulas are obtained for calculating the characteristics of a single server. However, all servers share request streams among themselves, so it is necessary to investigate how they work together to service requests. To do this, we introduce the quality functional for managing the distribution of node resources: where coefficients and penalties per unit of waiting time for a request in the queue to the -th server and unit of idle time of the -th server, respectively. The functionality allows to calculate the amount of costs associated with requests downtime in the processing queue, as well as costs arising in the event of server downtime. The task of optimal control of the resource allocation of a multi-server node is formulated as follows: for a given number of tasks to be solved on the network, applications executed when solving problems, the number of servers, a set of application and task parameters, flow rate matrices of requests for task execution, a set of weighting with server downtime and waiting for requests in queues for a unit of time, and admissible values of the intensities of the flows of requests arriving at the servers, determine the matrix of the probability of sending requests to launch application j on servers in a way that the value of functional (48) is minimal, that is: ( , * , ) = ( , , ) = ∑ ( ( , ) + 0 ( , )) =1 , (50) with such restrictions: where *an element of an a priori given Boolean matrix, in which the unit elements define those request flows that can be served only by specific servers. Problem (50) -(54) is a mathematical programming problem that allows to minimise the cost of servicing threads; to solve it, we can apply well-known methods. Since the applied tasks of Big Data are quite diverse: from the transfer of different types of data, collection and processing of information, then for each task it is necessary to identify indicators of the quality of its solution. Let us define a unified set of quality indicators for solving applied problems, taking into account the specifics of each problem: wherethe total number of quality indicators for solving applied problems in the network. Note that each i-th quality indicator has a specific physical meaning, for example, the time to solve the problem, the loading of communication channels with the data of this problem, and so on. The use of a common scale of quality indicators allows not only to significantly simplify the mathematical description of network management processes, but also to use uniform agreed criteria when assessing the operation of the network and its elements when solving various applied problems. For the k-th problem, the set of solution quality indicators is determined by the bit string; = ( 1 , 2 , . . . , ), If the i-th quality indicator is used to assess the quality of the solution to the k-th problem, then we will denote it as (ℑ ), where ℑset of parameters of the k-th problem, wherein (ℑ ) = , (58) and the set of quality indicators for the k-th problem is formed as follows: ℜ (ℑ ) = ( 1 1 , 2 2 , . . . , ), (59) moreover, for many quality indicators of the solution of individual problems, the following condition is satisfied: The use of a unified system of indicators for assessing the quality of solving applied problems makes it possible to determine the system of particular goals of network management as a set of the following functions: where ℑa set of network control parameters, and the parameters of each task can be either basic parameters or control parameters. The main feature of solving a set of tasks in a network is that the processes that programmatically implement tasks or an application, as a rule, compete for network resources and the simultaneous achievement of optimal results for each task indicator and for each task is not always possible to determine. So, for example, metrics related to latency in queues and metrics related to equipment utilisation are mutually contradictory. In addition, optimisation of the quality indicators for solving each individual problem cannot always ensure optimal operation of the network and the critical infrastructure system as a whole. In this regard, to manage the network, it is necessary to solve the following problems: 1) determine the quality indicators of the network as a wholeintegrated (complex) quality indicators; 2) ensure the agreement of private goals and, accordingly, quality indicators for solving individual problems.
In order to obtain integrated indicators of the quality of solving problems, we introduce a set of weights = { } for each problem, and a set of weights of problems = { }. Then, taking into account (55) and (56): whereintegrated general indicator of the quality of problem solving;value of the integrated solution quality indicator of -th task. Using formulas (61) -(62), we derive a generalised formula for calculating the integrated (target) indicator of the network performance for solving a given set of problems: where (ℑ)values of integrated indicators of the quality of the network for solving each problem separately. Similarly, we can define target indicators of the quality of the solution to each problem: It should be noted that the congruence is not always true: This means that the optimum of the integrated target indicator of the quality of the network is not always equal to the sum of the weighted optimum of the integrated indicators of the quality of solving each of the problems on the network. This may be due, for example, to the fact that the optimal value of the control parameters for one task will not be optimal for another task, since the tasks can compete for network resources. In this regard, it is necessary to agree on partial goals, which will allow obtaining acceptable solutions.

Conclusion
The authors have formulated the principles of network traffic distribution management and determined the practical requirements of data transmission efficiency. The possibilities of applying the general principles of complex system management are determined: decomposition, coordination and agreement on goals in the case of traffic distribution management. The possibilities of network decomposition by allocating separate subnets are shown, this corresponds to the use of VLAN and VPN technologies, the properties of data flows during decomposition are investigated, the tasks of configuration and operational management during network decomposition are formulated, the advantages of applying the decomposition principle when creating and managing a network are presented. The problems of coordination in the management of subnets were investigated, which made it possible to formulate the rules of management coordination, which make it possible to carry out informed decisions in the subnet management. To harmonise the management goals, it is proposed to use additive functionals of the quality of management of the entire network, including weight functions of the quality of management of individual subnets, which makes it possible to localise the tasks of operating control (for example, tasks of allocating resources in subnets). A set of network parameters, a network state space and three traffic distribution control parameters are defined. This made it possible to isolate many primary and secondary parameters and establish links between them. A set of basic parameters that define the structure of the network and many parameters of operating control have been determined. The state space of the network is formed and its properties are investigated, it is revealed that for networks with unchanged basic parameters, the state space is connected, that is, it is possible to transfer the network from one state to another in one control step. The results obtained make it possible to determine the composition of the network parameters, select the control parameters and link them with the capabilities and parameters of the network equipment used to create the network. The method of resource allocation of a multi-server information processing node has been improved by considering the server systems as a set of single-line queuing systems and using information about the allocation of the bandwidth of communication channels, which minimises the costs of servicing streams. The substantiation of the requirements for the complex criterion of the quality of network traffic management is carried out and a generalised formalised trace is given.