面向服务传输的SDN移动网络脆弱性评估模型

针对现有的脆弱性评估算法无法直接应用于软件定义网络（Software Defined Network， SDN），以及评估技术普遍偏向于网络连通，无法针对服务与传输性能对SDN进行脆弱性分析等问题，提出一种面向服务传输的SDN移动网络脆弱性评估模型与算法，设计基于SDN的移动网络脆弱性评估框架。提出一种对基于SDN的移动网络服务器节点与网络设备进行安全脆弱性分析的方法，将静态配置信息和动态运行信息融合评估节点设备的脆弱性，使评估更加全面准确；针对SDN移动网络的服务与传输特性，从传输拓扑和SDN节点活跃度2个方面，计算面向服务与传输的基于SDN的移动网络节点重要度；最后融合节点设备的安全脆弱性和重要度来对基于SDN的移动网络进行脆弱性评估，得到评估结果。通过实例和仿真实验验证了所提算法的有效性，相比同类算法可达到更高的评估准确性。

Vulnerability Assessment Model of SDN Mobile Network for Service Transmission

Aiming at the problems that the existing vulnerability assessment algorithms can not be directly applied to software defined network（SDN）， and the assessment technology is generally biased towards network connectivity and can not analyze the vulnerability of SDN according to service and transmission performance， a service-oriented SDN mobile network vulnerability assessment model and algorithm are proposed， a mobile network vulnerability assessment framework based on SDN is designed. A method for security vulnerability analysis of mobile network server nodes and network equipment based on SDN is proposed. The vulnerability of node equipment is evaluated from static configuration information and dynamic operation information respectively， so as to make the evaluation more comprehensive and accurate; Then， according to the service and transmission characteristics of SDN mobile network， the node importance of service-oriented and transmission based SDN mobile network is calculated from 2 aspects: topology transmission performance and node activity. Finally， the security vulnerability and importance of node devices are fused to evaluate the vulnerability of mobile network based on SDN， and the evaluation results are obtained. The effectiveness of the proposed algorithm is verified by examples and simulation experiments. Compared with similar algorithms， it can achieve higher evaluation accuracy.