基于贝叶斯攻击图的SDN安全预测方法

现有研究者采用威胁建模和安全分析系统的方法评估和预测软件定义网络（software defined network， SDN）安全威胁，但该方法未考虑SDN控制器的漏洞利用概率以及设备在网络中的位置，安全评估不准确。针对以上问题，根据设备漏洞利用概率和设备关键度结合PageRank算法，设计了一种计算SDN中各设备重要性的算法；根据SDN攻击图和贝叶斯理论设计了一种度量设备被攻击成功概率的方法。在此基础上设计了一种基于贝叶斯攻击图的SDN安全预测算法，预测攻击者的攻击路径。实验结果显示，该方法能够准确预测攻击者的攻击路径，为安全防御提供更准确的依据。

SDN security prediction method based on bayesian attack graph

Existing researchers use threat modeling and security analysis system to evaluate and predict SDN (software defined network) security threats, but this method does not consider the vulnerability utilization of SDN controller and the location of devices in the network, so the security evaluation is not accurate.In order to solve the above problems, according to the probability of device vulnerability utilization and device criticality, combined with PageRank algorithm, a algorithm to calculate the importance of each device in SDN was designed; according to SDN attack graph and Bayesian theory, a method to measure the success probability of device being attacked was designed.On this basis, a SDN security prediction method based on Bayesian attack graph was proposed to predict the attacker's attack path.Experimental results show that this method can accurately predict the attacker's attack path and provide more accurate basis for security defense.