摘要
针对目前已有的软件定义网络(SDN)安全预测方法中未考虑攻击代价以及控制器漏洞对SDN安全所产生的影响,提出了一种基于贝叶斯攻击图的SDN入侵意图识别算法。利用PageRank算法求出设备关键度,并与漏洞价值、攻击成本、攻击收益以及攻击偏好相结合构建攻击图,建立风险评估模型,对入侵路径进行预测。通过实验对比可以看出,所提模型能更准确地预测入侵路径,有效地保证安全预测的准确性,并为SDN的防御提供依据。
Since the existing software defined network(SDN)security prediction methods do not consider the attack cost and the impact of controller vulnerabilities on SDN security,a Bayesian attack graph-based algorithm to assessing SDN intrusion intent was proposed.The PageRank algorithm was used to obtain the criticality of the device,and combining with the vulnerability value,attack cost,attack benefit and attack preference,an attack graph was constructed,and a risk assessment model was established to predict the intrusion path.Through experimental comparison,it is obvious that the proposed model can more accurately predict the intrusion path,effectively ensure the accuracy of security prediction,and provide a basis for SDN defense.
作者
罗智勇
张玉
王青
宋伟伟
LUO Zhiyong;ZHANG Yu;WANG Qing;SONG Weiwei(School of Computer Science and Technology,Harbin University of Science and Technology,Harbin 150080,China)
出处
《通信学报》
EI
CSCD
北大核心
2023年第4期216-225,共10页
Journal on Communications
基金
黑龙江省自然科学基金资助项目(No.LH2021F030)。
