Vulnerability Assessment Model of SDN Mobile Network for Service Transmission

Abstract

Abstract: Aiming at the problems that the existing vulnerability assessment algorithms can not be directly applied to software defined network（SDN）， and the assessment technology is generally biased towards network connectivity and can not analyze the vulnerability of SDN according to service and transmission performance， a service-oriented SDN mobile network vulnerability assessment model and algorithm are proposed， a mobile network vulnerability assessment framework based on SDN is designed. A method for security vulnerability analysis of mobile network server nodes and network equipment based on SDN is proposed. The vulnerability of node equipment is evaluated from static configuration information and dynamic operation information respectively， so as to make the evaluation more comprehensive and accurate; Then， according to the service and transmission characteristics of SDN mobile network， the node importance of service-oriented and transmission based SDN mobile network is calculated from 2 aspects: topology transmission performance and node activity. Finally， the security vulnerability and importance of node devices are fused to evaluate the vulnerability of mobile network based on SDN， and the evaluation results are obtained. The effectiveness of the proposed algorithm is verified by examples and simulation experiments. Compared with similar algorithms， it can achieve higher evaluation accuracy.

Key words: SDN, vulnerability assessment, security vulnerability, node importance

BAO Chun-hui, ZHUANG Yi, GUO Li-ye. Vulnerability Assessment Model of SDN Mobile Network for Service Transmission[J]. Computer and Modernization, 2022, 0(11): 43-51.

References

［1］ JOUINI M， RABAI L B A. Mean failure cost extension model towards security threats assessment: A cloud computing case study［J］. Journal of Computers， 2015，10（3）:184-194.
［2］ FAN Z J， XIAO Y， NAYAK A， et al. An improved network security situation assessment approach in software defined networks［J］. Peer-to-Peer Networking and Applications， 2019，12（2）:295-309.
［3］ BERNARDO D V， CHUA B B. Introduction and analysis of SDN and NFV security architecture （SN-SECA）［C］// 2015 IEEE 29th International Conference on Advanced Information Networking and Applications （AINA）. 2015:796-801.
［4］ SHOHANI R B， MOSTAFAVI S， HAKAMI V. A statistical model for early detection of DDoS attacks on random targets in SDN［J］. Wireless Personal Communications: An International Journal， 2021120（1）:379-400..
［5］ DOTCENKO S， VLADYKO A， LETENKO I. A fuzzy logic-based information security management for software-defined networks［C］// 2014 16th International Conference on Advanced Communication Technology （ICACT）. 2014:167-171.
［6］ EVANS S， BUSH S F， HERSHEY J. Information assurance through Kolmogorov complexity［C］// Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01. 2001:322-331.
［7］ BUSH S. Network Vulnerability Analysis Tool Precis［R］. General Electric Corporate Research and Development Center， 1999.
［8］ ORTALO R， DESWARTE Y， KAANICHE M. Experimenting with quantitative evaluation tools for monitoring operational security［J］. IEEE Transactions on Software Engineering， 1999，25（5）:633-650.
［9］ WANG S， WANG J H， TANG G M， et al. A network vulnerability assessment method based on attack graph［C］// 2018 IEEE 4th International Conference on Computer and Communications（ICCC）. 2018:1149-1154.
［10］LIU G Q， WANG X T， YANG J G， et al. A novel network risk assessment method based on vulnerability correlation graph［C］// 2014 IEEE Workshop on Electronics， Computer and Applications. 2014:31-34.〖HJ1.26mm〗
［11］ZHOU L B. Study on applying the neural network in computer network security assessment［C］// 2016 Eighth International Conference on Measuring Technology and Mechatronics Automation （ICMTMA）. 2016:639-642.
［12］NUNNALLY T， ULUAGAC A S， COPELAND J A， et al. 3DSVAT: A 3D stereoscopic vulnerability assessment tool for network security［C］// Proceedings of the 2012 IEEE 37th Conference on Local Computer Networks（LCN 2012）. 2012:111-118.
［13］LI T. Design and implementation of computer network vulnerability assessment system［C］// 2017 International Conference on Computer Systems， Electronics and Control （ICCSEC）. 2017:440-445.
［14］SHARAFALDIN I， LASHKARI A H， GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization［C］// 4th International Conference on Information Systems Security and Privacy. 2018:108-116.
［15］OU X， SINGHAL A. Quantitative security risk assessment of enterprise networks［M］// The Common Vulnerability Scoring System（CVSS）. Springer， 2012:9-12.
［16］WANG W R， SHI F， ZHANG M， et al. A vulnerability risk assessment method based on heterogeneous information network［J］. IEEE Access， 2020，8:148315-148330.
［17］章子游，赵千川，杨文. 基于网络演算的网络故障检测方法［J］. 控制理论与应用， 2019，36（11）:1861-1870.
［18］NIGAM R， SHARMA D K， JAIN S， et al. A local betweenness centrality based forwarding technique for social opportunistic IoT networks［J］. Mobile Networks and Applications， 2022，27（2）:547-562.
［19］段佳勇，郑宏达. 基于节点重要度的复杂网络脆弱性分析方法［J］. 控制工程， 2020，27（4）:692-696.
［20］张笛，李兴华，刘海，等. SDN网络中面向服务的网络节点重要性排序方法［J］. 计算机学报， 2018，41（11）:2624-2636.
［21］BANERJEE M， AGARWAL B， SAMANTARAY S D.An integrated approach for Botnet detection and prediction using honeynet and socialnet data ［C］// International Conference on Intelligent Computing and Smart Communication 2019. Springer， 2020:423-431.
［22］VERMA M E， IANNACONE M D， BRIDGES R A， et al. Addressing the lack of comparability & testing in CAN intrusion detection research: A comprehensive guide to CAN IDS data & introduction of the ROAD dataset［J］. arXiv preprint arXiv:2012.14600， 2020.
［23］SEO J H. A study on the performance evaluation of unbalanced intrusion detection dataset classification based on machine learning［J］. Journal of Korean Institute of Intelligent Systems， 2017，27（5）:466-474.
［24］黎学斌，范九伦，刘意先. 基于AHP和CVSS的信息系统漏洞评估［J］. 西安邮电大学学报， 2016，21（1）:42-46.
［25］ALLOUZI M A， KHAN J I. Identifying and modeling security threats for IoMT edge network using markov chain and common vulnerability scoring system（CVSS）［J］. arXiv preprint arXiv:2104.11580， 2021.

[1]	XIAO Junbi, QIU Yi. SDN Failure Detection and Recovery Scheme Based on State-aware Data Plane [J]. Computer and Modernization, 2024, 0(12): 116-123.
[2]	JIANG Hou-hai, ZHUANG Yi, CAO Zi-ning. A Fast Failure Recovery Scheme for SDN Based on Flow Aggregation and Congestion Avoidance [J]. Computer and Modernization, 2023, 0(10): 77-83.
[3]	JIANG Hou-hai, ZHUANG Yi, CAO Zi-ning. SDN Reliability Evaluation Algorithm Based on Improved BDD [J]. Computer and Modernization, 2023, 0(09): 64-69.
[4]	LEI Yi-han, CAO Li-feng, HAN Meng-da, HAN Xue. Security Handover Architecture and Method for Software Defined Space-ground#br# Integration Network [J]. Computer and Modernization, 2023, 0(08): 119-126.
[5]	CHU Su-hong, LIU Lei, . POF Protocol Parser [J]. Computer and Modernization, 2022, 0(09): 93-98.
[6]	LING Zhi-yuan, CHEN Xiao, SONG Lei, . Flow Table Merging on Programmable Data Planes Based on MAT Model [J]. Computer and Modernization, 2022, 0(07): 74-78.
[7]	WANG Wen-wei, XIAO Jun-bi, CHENG Peng, ZHANG Yue. SDN-based DDoS Attack Defense System [J]. Computer and Modernization, 2021, 0(02): 117-121.
[8]	DAI Song, SUN Yan-tao, LIU Qiang, JIA Ze-qun, . Networking Method for SDMANET Based on Multi-mode Radio [J]. Computer and Modernization, 2020, 0(08): 82-88.
[9]	YUAN Jie， ZHANG Min-lei. Research on Fault Recovery Mechanism of Power Information System Based on SDN [J]. Computer and Modernization, 2018, 0(11): 7-.
[10]	TIAN Ye1， SUN Yan-tao1,2， XIONG Ke1,2. A Semi-centralized SDN Routing Strategy in Data Center Network [J]. Computer and Modernization, 2018, 0(01): 95-101.
[11]	ZHAN Han. Research on Distributed SDN Controller Dragonflow Based on OpenStack [J]. Computer and Modernization, 2017, 0(7): 91-94.
[12]	ZHUANG Huai-dong, DU Qing-wei. A Method of Data Center Network Dynamic Traffic Scheduling Based on SDN [J]. Computer and Modernization, 2016, 251(07): 80-86.
[13]	MA Chao1,2, CHENG Li1, KONG Ling-ling3. Performance Analysis of Traffic Anomaly Detection in Cloud-based Software-defined Network [J]. Computer and Modernization, 2015, 0(10): 92-97+102.
[14]	SHEN Qingguo， HUANG Liaoruo， LUO Jian. Analyses of Softwaredefined Network and Its Application [J]. Computer and Modernization, 2014, 0(4): 133-137.