面向服务传输的SDN移动网络脆弱性评估模型  被引量：3

作　　者：包春晖 庄毅[1] 郭黎烨 BAO Chun-hui;ZHUANG Yi;GUO Li-ye(College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China;Shanghai Aerospace Electronic Technology Research Institute,Shanghai 201108,China)

机构地区：[1]南京航空航天大学计算机科学与技术学院,江苏南京211106 [2]上海航天电子技术研究所,上海201108

出　　处：《计算机与现代化》2022年第11期43-51,共9页Computer and Modernization

基　　金：国家自然科学基金资助项目(61572253)。

摘　　要：针对现有的脆弱性评估算法无法直接应用于软件定义网络(Software Defined Network,SDN),以及评估技术普遍偏向于网络连通,无法针对服务与传输性能对SDN进行脆弱性分析等问题,提出一种面向服务传输的SDN移动网络脆弱性评估模型与算法,设计基于SDN的移动网络脆弱性评估框架。提出一种对基于SDN的移动网络服务器节点与网络设备进行安全脆弱性分析的方法,将静态配置信息和动态运行信息融合评估节点设备的脆弱性,使评估更加全面准确;针对SDN移动网络的服务与传输特性,从传输拓扑和SDN节点活跃度2个方面,计算面向服务与传输的基于SDN的移动网络节点重要度;最后融合节点设备的安全脆弱性和重要度来对基于SDN的移动网络进行脆弱性评估,得到评估结果。通过实例和仿真实验验证了所提算法的有效性,相比同类算法可达到更高的评估准确性。Aiming at the problems that the existing vulnerability assessment algorithms can not be directly applied to software defined network(SDN),and the assessment technology is generally biased towards network connectivity and can not analyze the vulnerability of SDN according to service and transmission performance,a service-oriented SDN mobile network vulnerability assessment model and algorithm are proposed,a mobile network vulnerability assessment framework based on SDN is designed.A method for security vulnerability analysis of mobile network server nodes and network equipment based on SDN is proposed.The vulnerability of node equipment is evaluated from static configuration information and dynamic operation information respectively,so as to make the evaluation more comprehensive and accurate;Then,according to the service and transmission characteristics of SDN mobile network,the node importance of service-oriented and transmission based SDN mobile network is calculated from 2 aspects:topology transmission performance and node activity.Finally,the security vulnerability and importance of node devices are fused to evaluate the vulnerability of mobile network based on SDN,and the evaluation results are obtained.The effectiveness of the proposed algorithm is verified by examples and simulation experiments.Compared with similar algorithms,it can achieve higher evaluation accuracy.

关 键 词：软件定义网络 脆弱性评估 安全脆弱性 节点重要度 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]