CN105516177B - 5G network multi-level based on SDN and NFV attacks alleviation method - Google Patents
5G network multi-level based on SDN and NFV attacks alleviation method Download PDFInfo
- Publication number
- CN105516177B CN105516177B CN201511002737.8A CN201511002737A CN105516177B CN 105516177 B CN105516177 B CN 105516177B CN 201511002737 A CN201511002737 A CN 201511002737A CN 105516177 B CN105516177 B CN 105516177B
- Authority
- CN
- China
- Prior art keywords
- attack
- sdn
- probability
- evidence
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of, and the 5G network multi-level based on SDN and NFV attacks alleviation method, includes the following steps: step 1: extension SDN-MN framework;Step 2: according to the SDN-MN framework of extension, be applied SDN-MN and the evidence driving security evaluation mechanism based on NFV detection;Step 3: the evidence driving attack graph of the new probability of security evaluation mechanism and generation being driven by the evidence to measure the security level of static network;Step 4: driving the security evaluation algorithm in security evaluation mechanism to calculate state node probability in attack graph, movement node probability and posterior probability by evidence;Step 5: using SDN control and NFV deployment attack alleviation mechanism, and the corresponding attack alleviation plan of security level deployment for driving attack graph to obtain by evidence.The present invention can directly apply in 5G network, can carry out tactful judgement according to current network environment in time, and solve the deployment issue of attack mitigation strategy.
Description
Technical field
The present invention relates to mobile communication security fields, and in particular, to a kind of 5G network multi-level based on SDN and NFV is attacked
Hit alleviation method.
Background technique
The development of mobile communications network promotes the birth of next generation mobile communication 5G network.5G network can be various intelligence
Energy equipment and heterogeneous network link together, so that 5G network is than previous more diversified and complication.With a large amount of sensibility
Information and confidential information access 5G network, and how to provide effective security service is that 5G network needs the key solved to ask
Topic.
At the same time, multi stage attack is one of maximum network security threats of harmfulness.It attempt by multiple steps into
Row attack is to achieve the effect that conceal attack, and the injury that each step generates is smaller than overall injury.Current most of peaces
Full equipment only analyzes single-stage attack, therefore is difficult to prevent a complete multi stage attack.Due to the diversity and complexity of 5G network
Property, it is easier than common network by multi stage attack.Therefore, the prerequisite for security service being executed on 5G network is to mention
For an effective multi stage attack mitigation scheme.
Software defined network (Software Defined Network, SDN) has been increasingly becoming Future network architectures.?
In SDN, control plane be forwarding separation and it is directly programmable.Simplified strategy is executed this function and network (again) matches
It sets and evolution provides a great help.In this context, it is based on mobile network SDN(Software Defined Network-
Mobile Network, SDN-MN) it has been increasingly becoming one of the framework of possible 5G network from now on.In addition to SDN-MN technology, also
It can be using network function virtualization (Network Function Virtualization, NFV) technology to networking pipe
Reason.For example, make the network equipment, such as firewall, deep-packet detection (Deep Packet Inspection, DPI) and intrusion detection
System configures in the system of common hardware as virtualisation component.
Be conducive to alleviate the attack in 5G network by new features brought by SDN-MN and NFV.SDN-MN can be monitored
Whole network, including all-network event and evidence of attack, then the security application above controller can measure network
Current safe state and make tactful judgement.When security application issues the decision of strategy, it is programmable that it can use SDN
Property and NFV virtualizing performance notification controller deployment secure alleviate plan.
To resist the multi stage attack in 5G network, wherein there are three major issue needs to solve.First is adjoint
Attack occur, the evaluation problem of internet security.In security evaluation field, attack graph is a kind of main method.At present
There are many researchs attack graph for common network security assessment, but these methods cannot directly be used in 5G network.The
Two be security strategy select permeability.Research in terms of policy selection there are also, but they most of be that research is in spy
Policy selection in different environment, not can be used directly SDN-MN.Third is that the deployment issue of attack mitigation strategy, according to current
Network environment come meet strategy judgement timeliness.Therefore a kind of new attack is needed to alleviate deployment framework.
Summary of the invention
For the defects in the prior art, the object of the present invention is to provide a kind of 5G network multi-levels based on SDN and NFV to attack
Hit alleviation method.
The present invention provides effective multi stage attack mitigation scheme using SDN and NFV for 5G network.By using SDN and
SDN-MN framework is extended to a more fully framework by the advantage of NFV.In the present invention, security function is widely deployed in net
In network, and the centralized control to security architecture is provided, the architecture provides flexible policies and effective response function.Together
When, the security evaluation mechanism and algorithm of evidence driving are proposed, solves the problems, such as dynamic secure estimation, it can be measured based on prestige
Coerce the current security level of the SDN-MN of information.In addition, alleviating in question essence present invention demonstrates attack is that a constraint is excellent
Change problem and constrained optimization method can be such that strategy determines effectively, and demonstrate the validity of attack alleviation mechanism and algorithm.
The 5G network multi-level attack alleviation method based on SDN and NFV provided according to the present invention, includes the following steps:
Step 1: extension SDN-MN framework;
Step 2: according to the SDN-MN framework of extension, be applied SDN-MN and the evidence driving safety based on NFV detection
Evaluation mechanism;
Step 3: driving the evidence of the new probability of security evaluation mechanism and generation that attack graph is driven to survey by the evidence
Measure the security level of static network;
Step 4: driving the security evaluation algorithm in security evaluation mechanism to calculate state node in attack graph by evidence
Probability, movement node probability and posterior probability;
Step 5: attacking alleviation mechanism, and the safety for driving attack graph to obtain by evidence using SDN control and NFV deployment
Plan is alleviated in the corresponding attack of rank deployment.
Preferably, the step 1 includes:
Step 1.1: establishing the SDN-MN controller of reinforcement;Wherein:
The SDN-MN controller of the reinforcement includes: VNF discovery module, VNF registration module, VNF management module, SDN-MN
Security module, attack strategies module, network event collection module and the SDN component that control module, evidence drive;
The VNF registration module safeguards the starting registration information of all VNF examples, the registration information include function, at
This effect;
The VNF discovery module is interacted for carrying out VNF selection and negotiation with VNF registration module, to select
With the safety standard of VNF example match;
The SDN-MN control module is from control panel collecting network information, and notification controller executes safety policy;
The VNF management module collects security incident from VNF example domains, and VNF example is notified to execute safety policy;
The security module of the evidence driving is triggered by evidence of attack, and as evidence measures current safe state, when
When assert in dangerous situation, triggering attack strategies module determines to alleviate plan;
The attack strategies module determines to alleviate plan according to the security strategy sent from security application;
The network event collection module is responsible for monitoring network defensive equipment, comprising: IDS, firewall;And event is sent
The security module driven to evidence;
The SDN component is the basic configuration for the SDN-MN controller reinforced, for realizing storage, router-level topology, topology
It was found that;
Step 1.2: the SDN-MN controller of the reinforcement being electrically connected with interchanger by northbound interface or southbound interface
It connects, and further includes multiple VNF containers in addition to surface low is dynamic in the interchanger, the form of the multiple VNF container includes: virtual machine
Or interpreter.
Preferably, the step 2 includes:
Step 2.1: the SDN-MN controller of reinforcement collects topology and vulnerability information from network node;
Step 2.2: the SDN-MN controller of reinforcement generates electric current attack graph according to the topology and vulnerability information that are collected into;
Step 2.3: security incident is detected by the cyber-defence equipment based on NFV;
Step 2.4: the SDN-MN controller of reinforcement generates corresponding evidence driving peace according to electric current attack graph, security incident
Full evaluation mechanism.
Preferably, the step 3 includes:
Step 3.1: the evidence that the SDN-MN controller of reinforcement is obtained by step 2.4 drive the measurement of security evaluation mechanism by
The current security level of evidence driving;
Step 3.2: the SDN-MN controller of reinforcement measures static network by the probability that evidence drives attack graph to obtain
Security level.
Preferably, the step 4 includes: and drives the security evaluation algorithm in security evaluation mechanism to calculate by evidence to attack
Hit state node probability in figure, movement node probability and posterior probability;Specifically,
The state node probability distribution under local condition are as follows: in directed acyclic graph AG, i-th of state nodeCondition
Probability-distribution function is,It indicatesPremise node, be defined as follows:
A. for decomposition
WhenWhen,
WhereinIndicate j-th of movement node,It indicatesPremise node,It indicates to meet
All conditionsProbability;
B. for or decompose
WhenWhen,
In formula:Indicate j-th of movement node,It indicatesPremise node,It indicates to meet and appoint
One conditionProbability;
Node probability distribution is acted under local condition are as follows: in directed acyclic graph AG, i-th of state nodePart
Conditional probability distribution function is mathematically equivalent to,It indicatesPremise node, specifically
It is defined as follows:
A. for decomposition
WhenWhen,
WhereinIndicate j-th of state node,It indicatesPremise node,Expression meets institute
It is conditionalProbability;
B. for or decompose
WhenWhen,
WhereinIndicate j-th of state node,It indicatesPremise node,It indicates to meet and appoint
One conditionProbability;
The security evaluation algorithm, is described in detail below:
Measurement safety and evidence need separate computations arrival to act nodeProbabilityWith arrival state node
Probability, and calculate the posterior probability of evidence;
Arrival acts nodeProbabilityCalculation method it is as follows:
In the common loophole points-scoring system CVSS of NIST,Indicate access vector,Indicate the complexity of access,
Indicate certification example;
Reach state nodeProbabilityA usually very big value is enabled close to 1;
Posterior probability and evidence: each network state has a determining probability of happening, when certain security incidents occur,
Posterior probability can change in Network morals;
It enablesThe movement node of evidence is had observed that for one group,Indicate m-th of satisfaction
Observe the movement node of evidence, andEvidence as needed is indicated to determine the movement node of probability, that is, is asked
Solve posterior probability, calculation formula is as follows:
In formula:Indicate the existing unconditional probability value for the movement node that one group has observed that evidence,Table
Show correspondingThe existing unconditional probability value of node,It indicatesItem when event occurs jointly
Part probability.
Preferably, the step 5 includes:
Step 5.1: the SDN-MN controller of reinforcement determines that attack is slow according to security strategy predefined in all VNF examples
Solution plan;
Step 5.2: the SDN-MN controller of reinforcement obtains attack and alleviates plan, and installs VNF example to selected net
Network node, wherein VNF can be implemented as binary code or interpretative code script;
Step i: it can reach lower than given threshold according to all probability in attack graph and dispose attack alleviation plan.
Preferably, the step i includes:
Step i1: it setsIt is movementAttack alleviate mechanism,It indicates to reduceThe probability of success because
Element,It is that control cost is alleviated in deployment attack, then obtains following calculation formula:
In formula:It indicates to act in satisfactionAttack alleviation mechanism in the case of actConditional probability;
WithExpression movementAttack alleviate mechanism, wherein
It is operationAttack alleviate mechanism,Indicate i-th of state node;One boolean vectorTable
Show an attack alleviation plan, whereinThere are two value True or False,When indicateIt is being used in the works,
WhenWhen indicateIt is not used in the works;
Assuming that have P paths to target in attack graph, and T is attack alleviation plan;Indicate that the i-th paths are successfully attacked
Plan is alleviated in the probability hit, attackTotle drilling cost be, in order to realize the target of attack alleviation plan, then must obey
Following policy:
,
It is equal to
,
In formula:Indicate the difference between the probability and Threshold of the i-th paths successful attack,Expression is attacked
Hitting in figure has P paths to target,It indicates threshold values, is the maximum value allow after attack alleviation plan;
It calculates the smallestValue, then plan is alleviated in corresponding attackAlleviate for optimal attack and plans.
Compared with prior art, the present invention have it is following the utility model has the advantages that
1, since current attack graph is the most commonly used method in security evaluation field, there are many researchs that attack graph is used
In common network security assessment, but this cannot directly be applied in 5G network;And proposed in the present invention using SDN-MN because
Element and the evidence detected based on NFV drive security evaluation mechanism very good solution this problem, can directly apply to 5G net
In network.
It 2, can be in time according to current the invention proposes using SDN control and NFV to dispose the mechanism for carrying out attacking alleviation
Network environment carry out tactful judgement, and solve the deployment issue of attack mitigation strategy.
Detailed description of the invention
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention,
Objects and advantages will become more apparent upon:
Fig. 1 is the enhanced configuration diagram of SDN-MN based on 5G network;
Fig. 2 is the overall structure diagram of SDN-MN enhanced controller;
Fig. 3 is using SDN-MN factor and the evidence based on NFV detection drives security evaluation mechanism principle schematic diagram;
Fig. 4 is typical network attack schematic diagram;
Fig. 5 is the mechanism principle schematic diagram that attack alleviation is carried out using SDN control and NFV deployment.
Specific embodiment
The present invention is described in detail combined with specific embodiments below.Following embodiment will be helpful to the technology of this field
Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill of this field
For personnel, without departing from the inventive concept of the premise, various modifications and improvements can be made.These belong to the present invention
Protection scope.
The present invention extends the definition of the SDN-MN framework in 5G first to improve system capability and monitor comprehensive network thing
Then part and in time on-premise network security function are proposed using SDN-MN factor and the evidence driving peace based on NFV detection
Full evaluation mechanism, and finally propose the mechanism that attack alleviation is carried out using SDN control and NFV deployment.
Specific steps of the invention include:
Step S1: extension SDN-MN framework;
Step S2: obtaining using SDN-MN factor and the evidence based on NFV detection drives security evaluation mechanism;
Step S3: the security level of static network is measured by using attack drawing method;
Step S4: the security evaluation algorithm of evidence driving is obtained;
Step S5: show that SDN control and NFV deployment carry out the mechanism of attack alleviation;
Step S6: the algorithm for the attack that is eased.
Specifically, as shown in Figure 1, the controller in figure, which not only controls SDN switch also, can control other network equipments, also
IDS, firewall and log are controlled, the interchanger and the network equipment in the enhanced framework of the SDN-MN of 5G network have installation virtual
The ability of network function (VNF).This function improves the processor of current SWITCH and the network equipment and the performance of memory.
Further, as shown in Fig. 2, in addition to common SDN controller assemblies, such as northbound interface and southbound interface, institute
It states in the controller of SDN-MN further include: discovery VNF module, registration VNF module, virtual network function management module, SDN-MN
Control module, evidence driving security evaluation module, attack Choice of Countermeasures module, network event collection module and SDN component.
VNF registration module safeguards that the starting registration information of all VNF examples, the registration information include function, cost effect etc..
VNF discovery module is interacted with VNF registration module for carrying out VNF selection and negotiation, thus selection with
The safety standard of VNF example match.
SDN-MN control module is from control panel collecting network information, and notification controller executes safety policy.VNF management
Module collects security incident from VNF example domains, and VNF example is notified to execute safety policy.
The security module of evidence driving is triggered by evidence of attack, and as evidence measures current safe state, works as identification
When in dangerous situation, triggering attack strategies module determines to alleviate plan.
Attack strategies module determines to alleviate plan according to the security strategy sent from security application.
Network event collection module is responsible for monitoring network defensive equipment, such as IDS, firewall, and sends an event to evidence
The security module of driving.
Various types of VNF examples, such as IDS, firewall and log recording are stored in the controller of the SDN-MN.
Wherein the form of VNF is binary code or interpretative code script.In the interchanger of proposition, in addition to surface low is dynamic, there is also several
VNF container, the form of the VNF container include: virtual machine or interpreter.
Specifically, as shown in figure 3, SDN-MN controller collects topology and vulnerability information, the vulnerability information master in time
All to occur within network nodes from network node, such as connectivity and loophole.Therefore topology is collected from network node
It is the work for being easy to do for SDN-MN controller with vulnerability information, because it has the work of center control in a network
With.
It can detecte in traditional network protection equipment and cyber-defence equipment based on by NFV real-time on network
Security incident, and send them to SDN controller.SDN controller measures the current security level driven by evidence.The card
The security evaluation algorithm driven according to i.e. evidence.
Specifically, as shown in figure 4, indicating the current security level of network with attack graph.Network attack map is one 7 yuan
Group directed acyclic graph, in which:
Indicate the finite aggregate of one group of state node, whereinIndicate i-th of state node;
Indicate the set of state when attacker begins to take over, setBelong to set;
Indicate the set of target of attack, setBelong to set;
Indicate the finite aggregate of set node, whereinIndicate i-th of movement node;
Indicate the finite aggregate on the side of one group of connecting node together, specifically,It is one
Side collection indicates that a movement can only consider the side collection for the prerequisite state captured by attacker,It is a side
Collection indicates that acts the side collection that attacker may be allowed to capture some other state.In general, use "" and "”
Come the premise node and subsequent node indicated.
It indicates when a movement considers its premise whether it is satisfied
Conditional probability distribution, whereinIndicate i-th of movement node,It indicatesPremise node;
Indicate the conditional probability distribution that a movement can be carried out successfully, wherein
Indicate i-th of movement node,It indicatesSubsequent node.
If the presence on the side between two nodes, then it represents that have a cause and effect dependence between described two nodes, i.e.,
Indicate the decomposition of each node.Mean that the state that is compromised an of node implys that the institute in the superset of the node with decomposing
There is node to be also damaged.Similarly, or decomposition means that at least one father node is to be in time of day.
Local condition's probability distribution of state node are as follows: in directed acyclic graph AG,Conditional probability distribution function be,Indicate i-th of state node,It indicatesPremise node, be defined as follows:
A. for decomposition
WhenWhen,
WhereinIndicate j-th of movement node,It indicatesPremise node,Expression meets all
PartProbability
B. for or decompose
WhenWhen,
WhereinIndicate j-th of movement node,It indicatesPremise node,Expression meets any bar
PartProbability
Local condition's probability distribution of operation: in AG,Local condition's probability-distribution function, be mathematically equivalent to,Indicate i-th of state node,It indicatesPremise node definition it is as follows:
A. for decomposition
WhenWhen,
WhereinIndicate j-th of state node,It indicatesPremise node,Expression meets all
PartProbability
B. for or decompose
WhenWhen,
WhereinIndicate j-th of state node,It indicatesPremise node,Expression meets any bar
PartProbability
The security evaluation algorithm of the evidence driving, is described in detail below:
According to probabilistic method, measures safety and solved with evidence three problems in need.They are how separately to count
It calculatesProbabilityWithProbability, and how to calculate the posterior probability of evidence.
The probability of loophole exploitation: some researchers use the common loophole points-scoring system CVSS(Common of NIST
Vulnerability Scoring System) defined in standard come a possibility that estimating attack.
In view of the exposure information (CVSS attribute) of the loophole, a given loophole exploitation is being executedWhen,ProbabilityThe calculation method of successful probability is as follows:
In CVSS,Indicate access vector,Indicate the complexity of access, andIndicate certification example.
The probability of the wish of attacker will execute more multioperation: when attacker starts to execute attacking network;His (or she) begins
It is that would like to do more eventually.Therefore,Probability, usually a very big value is close to 1, and in invention, we are defined:。
Posterior probability and evidence: each network state has a determining probability of happening.When certain security incidents occur,
This probability can change in Network morals.
It enablesThe movement node of some evidences is had observed that for one group,Indicate m-th of satisfaction
Observe the movement node of evidence.ThenThe movement node of its probability is determined for some evidences as needed.
That is, interested probability is, it is obtained by using Bayes' theorem:
Wherein,WithIt is the existing unconditional probability value of corresponding node.It is
Conditional probability when event occurs jointly.
The mechanism that attack alleviation is carried out using SDN control and NFV deployment, is described in detail below:
It is registered before being abided by terms of SDN-MN controller by the evidence driving mentioned before based on attack drawing method
All VNF examples, and determine to determine attack alleviation plan by accepting predefined security strategy.
Then, SDN-MN controller obtains attack alleviation plan, and installs VNF example to selected network node.VNF
It can be implemented as binary code or interpretative code script.After completing these steps, mobile network can resist these threats, and reach
To safe condition.
Firstly, settingIt is operationAttack alleviate control.AndIt is to reduceThe probability of success factor,It is that control cost is alleviated in deployment attack.Then:
In the present invention, the target for attacking alleviation plan is deployment attack alleviation mechanism enough, so that all in attack graph
In probability can reach lower than certain threshold value, and simultaneously guarantee for deployment attack alleviate control cost be in all alleviations
It is minimum value in the works.
Then, it allowsAs movementAttack alleviate control, whereinIt is operationAttack alleviate control,Indicate i-th of state node.One boolean vectorIt indicates
Plan is alleviated in one attack, whereinThere are two value True or False,When indicateIt is being used in the works,
WhenWhen indicateIt is not used in the works.
Assuming that have P paths to target in attack graph, and T is attack alleviation plan.Threshold value is to carry out attack alleviation plan
The maximum value allowed afterwards.Then the probability for capableing of the path of successful attack is.Plan is alleviated in attackTotle drilling cost be.In order to realize that the target of attack alleviation plan, value must obey policy:
, 。
It is equal to
,
It calculates the smallest。
Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited to above-mentioned
Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow
Ring substantive content of the invention.
Claims (7)
1. a kind of 5G network multi-level based on SDN and NFV attacks alleviation method, which comprises the steps of:
Step 1: extension SDN-MN framework;
Step 2: according to the SDN-MN framework of extension, be applied SDN-MN and the evidence driving security evaluation based on NFV detection
Mechanism;
Step 3: driving the evidence of the new probability of security evaluation mechanism and generation to drive attack graph quiet to measure by the evidence
The security level of state network;
Step 4: by evidence drive security evaluation mechanism in security evaluation algorithm calculate state node probability in attack graph,
Act node probability and posterior probability;
Step 5: attacking alleviation mechanism, and the security level for driving attack graph to obtain by evidence using SDN control and NFV deployment
Plan is alleviated in the corresponding attack of deployment.
2. the 5G network multi-level according to claim 1 based on SDN and NFV attacks alleviation method, which is characterized in that described
Step 1 includes:
Step 1.1: establishing the SDN-MN controller of reinforcement;Wherein:
The SDN-MN controller of the reinforcement includes: VNF discovery module, VNF registration module, VNF management module, SDN-MN control
Security module, attack strategies module, network event collection module and the SDN component that module, evidence drive;
The VNF registration module safeguards that the starting registration information of all VNF examples, the registration information include function, cost effect
It answers;
The VNF discovery module is interacted with VNF registration module for carrying out VNF selection and negotiation, thus selection with
The safety standard of VNF example match;
The SDN-MN control module is from control panel collecting network information, and notification controller executes safety policy;
The VNF management module collects security incident from VNF example domains, and VNF example is notified to execute safety policy;
The security module of the evidence driving is triggered by evidence of attack, and as evidence measures current safe state, works as identification
When in dangerous situation, triggering attack strategies module determines to alleviate plan;
The attack strategies module determines to alleviate plan according to the security strategy sent from security application;
The network event collection module is responsible for monitoring network defensive equipment, comprising: IDS, firewall;And send an event to card
According to the security module of driving;
The SDN component is the basic configuration for the SDN-MN controller reinforced, for realizing storage, router-level topology, Topology Discovery;
Step 1.2: by northbound interface or southbound interface by the SDN-MN controller of the reinforcement with exchange mechatronics, and
It in addition to surface low is dynamic further include multiple VNF containers in the interchanger, the form of the multiple VNF container includes: virtual machine or solution
Release device.
3. the 5G network multi-level according to claim 2 based on SDN and NFV attacks alleviation method, which is characterized in that described
Step 2 includes:
Step 2.1: the SDN-MN controller of reinforcement collects topology and vulnerability information from network node;
Step 2.2: the SDN-MN controller of reinforcement generates electric current attack graph according to the topology and vulnerability information that are collected into;
Step 2.3: security incident is detected by the cyber-defence equipment based on NFV;
Step 2.4: the SDN-MN controller of reinforcement generates corresponding evidence driving safety according to electric current attack graph, security incident and comments
Estimate mechanism.
4. the 5G network multi-level according to claim 3 based on SDN and NFV attacks alleviation method, which is characterized in that described
Step 3 includes:
Step 3.1: the evidence that the SDN-MN controller of reinforcement is obtained by step 2.4 drives security evaluation mechanism to measure by evidence
The current security level of driving;
Step 3.2: the SDN-MN controller of reinforcement drives the probability that obtains of attack graph by evidence to measure the peace of static network
Full rank.
5. the 5G network multi-level according to claim 4 based on SDN and NFV attacks alleviation method, which is characterized in that described
Step 4 include: by evidence drive security evaluation mechanism in security evaluation algorithm calculate state node probability in attack graph,
Act node probability and posterior probability;Specifically,
The state node probability distribution under local condition are as follows: in directed acyclic graph AG, i-th of state nodeConditional probability
Distribution function is,It indicatesPremise node, be defined as follows:
A. for decomposition
WhenWhen,
WhereinIndicate j-th of movement node,It indicatesPremise node,Expression meets all conditionsProbability;
B. for or decompose
WhenWhen,
In formula:Indicate j-th of movement node,It indicatesPremise node,Expression meets either condition
'sProbability;
Node probability distribution is acted under local condition are as follows: in directed acyclic graph AG, i-th of state nodeLocal condition it is general
Rate distribution function is mathematically equivalent to,It indicatesPremise node, be defined as follows:
A. for decomposition
WhenWhen,
WhereinIndicate j-th of state node,It indicatesPremise node,Expression meets all conditionsProbability;
B. for or decompose
WhenWhen,
WhereinIndicate j-th of state node,It indicatesPremise node,Expression meets either conditionProbability;
The security evaluation algorithm, is described in detail below:
Measurement safety and evidence need separate computations arrival to act nodeProbabilityWith arrival state nodeIt is general
Rate, and calculate the posterior probability of evidence;
Arrival acts nodeProbabilityCalculation method it is as follows:
In the common loophole points-scoring system CVSS of NIST,Indicate access vector,Indicate the complexity of access,It indicates
Authenticate example;
Reach state nodeProbabilityA usually very big value is enabled close to 1;
Posterior probability and evidence: each network state has a determining probability of happening, when certain security incidents generation, posteriority
Probability can change in Network morals;
It enablesThe movement node of evidence is had observed that for one group,Indicate that m-th of satisfaction is observed
The movement node of evidence, andEvidence as needed is indicated to determine that the movement node of probability, i.e. solution posteriority are general
Rate, calculation formula is as follows:
In formula:Indicate the existing unconditional probability value for the movement node that one group has observed that evidence,It indicates to correspond to
'sThe existing unconditional probability value of node,It indicatesConditional probability when event occurs jointly.
6. the 5G network multi-level according to claim 5 based on SDN and NFV attacks alleviation method, which is characterized in that described
Step 5 includes:
Step 5.1: the SDN-MN controller of reinforcement determines that meter is alleviated in attack according to security strategy predefined in all VNF examples
It draws;
Step 5.2: the SDN-MN controller of reinforcement obtains attack and alleviates plan, and installs VNF example to selected network section
Point, wherein VNF can be implemented as binary code or interpretative code script;
Step i: it can reach lower than given threshold according to all probability in attack graph and dispose attack alleviation plan.
7. the 5G network multi-level according to claim 6 based on SDN and NFV attacks alleviation method, which is characterized in that described
Step i includes:
Step i1: it setsIt is movementAttack alleviate mechanism,It indicates to reduceThe probability of success factor,It is that control cost is alleviated in deployment attack, then obtains following calculation formula:
In formula:It indicates to act in satisfactionAttack alleviation mechanism in the case of actConditional probability;
WithExpression movementAttack alleviate mechanism, whereinIt is
OperationAttack alleviate mechanism,Indicate i-th of state node;One boolean vectorIndicate one
Plan is alleviated in a attack, whereinThere are two value True or False,When indicateIt is being used in the works, whenWhen indicateIt is not used in the works;
Assuming that have P paths to target in attack graph, and T is attack alleviation plan;Indicate the i-th paths successful attack
Plan is alleviated in probability, attackTotle drilling cost be, in order to realize the target of attack alleviation plan, then must obey such as
Lower policy:
,
It is equal to
,
In formula:Indicate the difference between the probability and Threshold of the i-th paths successful attack,It indicates in attack graph
There are P paths to target,It indicates threshold values, is the maximum value allow after attack alleviation plan;
It calculates the smallestValue, then plan is alleviated in corresponding attackAlleviate for optimal attack and plans.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511002737.8A CN105516177B (en) | 2015-12-28 | 2015-12-28 | 5G network multi-level based on SDN and NFV attacks alleviation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511002737.8A CN105516177B (en) | 2015-12-28 | 2015-12-28 | 5G network multi-level based on SDN and NFV attacks alleviation method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105516177A CN105516177A (en) | 2016-04-20 |
CN105516177B true CN105516177B (en) | 2019-02-22 |
Family
ID=55723813
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511002737.8A Active CN105516177B (en) | 2015-12-28 | 2015-12-28 | 5G network multi-level based on SDN and NFV attacks alleviation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105516177B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3111506A1 (en) * | 2020-06-19 | 2021-12-17 | Orange | System and method for monitoring at least a slice of a communications network |
FR3111505A1 (en) * | 2020-06-19 | 2021-12-17 | Orange | System and method for monitoring at least one slice of a communications network using a confidence index assigned to the slice of the network |
WO2021255400A1 (en) * | 2020-06-19 | 2021-12-23 | Orange | Monitoring of at least one section of a communications network using a confidence index assigned to the section of the network |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107135221B (en) * | 2017-05-10 | 2020-05-05 | 上海海事大学 | Method for progressively solving K maximum probability attack path |
CN109818762B (en) * | 2017-11-20 | 2022-03-08 | 中国电信股份有限公司 | Method, adapter and system for realizing automatic registration of SDN controller |
CN108737213B (en) * | 2018-05-22 | 2020-06-09 | 中国电子科技集团公司第四十一研究所 | High-parallelism and high-throughput penetration test system and method based on FPGA |
CN110868376A (en) * | 2018-11-29 | 2020-03-06 | 北京安天网络安全技术有限公司 | Method and device for determining vulnerable asset sequence in network environment |
CN109743261B (en) * | 2019-01-07 | 2020-10-30 | 中国人民解放军国防科技大学 | SDN-based container network resource scheduling method |
CN112904817B (en) * | 2021-01-19 | 2022-08-12 | 哈尔滨工业大学(威海) | Global safety detection system for intelligent manufacturing production line and working method thereof |
CN115001831B (en) * | 2022-06-09 | 2023-04-07 | 北京交通大学 | Method and system for dynamically deploying network security service based on malicious behavior knowledge base |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104125214A (en) * | 2014-06-30 | 2014-10-29 | 北京邮电大学 | Security architecture system for realizing software definition security and security controller |
CN104202264A (en) * | 2014-07-31 | 2014-12-10 | 华为技术有限公司 | Carrying resource allocation method for clouded data center network, device and system |
-
2015
- 2015-12-28 CN CN201511002737.8A patent/CN105516177B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104125214A (en) * | 2014-06-30 | 2014-10-29 | 北京邮电大学 | Security architecture system for realizing software definition security and security controller |
CN104202264A (en) * | 2014-07-31 | 2014-12-10 | 华为技术有限公司 | Carrying resource allocation method for clouded data center network, device and system |
Non-Patent Citations (2)
Title |
---|
《SDN安全防护技术研究》;陶冶;《电信技术》;20150630(第6期);全文 |
《Security for Future Software Defined Mobile Networks》;Liyanage;《web of science》;20150923(第9期);全文 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3111506A1 (en) * | 2020-06-19 | 2021-12-17 | Orange | System and method for monitoring at least a slice of a communications network |
FR3111505A1 (en) * | 2020-06-19 | 2021-12-17 | Orange | System and method for monitoring at least one slice of a communications network using a confidence index assigned to the slice of the network |
WO2021255400A1 (en) * | 2020-06-19 | 2021-12-23 | Orange | Monitoring of at least one section of a communications network using a confidence index assigned to the section of the network |
Also Published As
Publication number | Publication date |
---|---|
CN105516177A (en) | 2016-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105516177B (en) | 5G network multi-level based on SDN and NFV attacks alleviation method | |
Liu et al. | Secure Internet of Things (IoT)-based smart-world critical infrastructures: Survey, case study and research opportunities | |
Koroniotis et al. | A holistic review of cybersecurity and reliability perspectives in smart airports | |
Rubio et al. | Current cyber-defense trends in industrial control systems | |
Li et al. | Deep learning in security of internet of things | |
Choi et al. | Ontology-based security context reasoning for power IoT-cloud security service | |
CN101309180B (en) | Security network invasion detection system suitable for virtual machine environment | |
CN107659543B (en) | Protection method for APT (android packet) attack of cloud platform | |
US10862926B2 (en) | Cybersecurity threat detection and mitigation system | |
CN102546638B (en) | Scene-based hybrid invasion detection method and system | |
CN105493060A (en) | Honeyport active network security | |
US11418533B2 (en) | Multi-tiered security analysis method and system | |
Salim et al. | Securing Smart Cities using LSTM algorithm and lightweight containers against botnet attacks | |
Li et al. | A critical review of cyber-physical security for building automation systems | |
CN106850558A (en) | Intelligent electric meter abnormal state detection method based on seaconal model time series | |
CN104601553A (en) | Internet-of-things tampering invasion detection method in combination with abnormal monitoring | |
Mihalache et al. | Resilience enhancement of cyber-physical systems: A review | |
Alem et al. | A novel bi-anomaly-based intrusion detection system approach for industry 4.0 | |
Yeboah-ofori et al. | Cybercrime and risks for cyber physical systems: A review | |
Pacheco et al. | Enabling risk management for smart infrastructures with an anomaly behavior analysis intrusion detection system | |
CN110430158A (en) | Collection agent dispositions method and device | |
CN110099041A (en) | A kind of Internet of Things means of defence and equipment, system | |
CN117768166A (en) | AMI risk quantification evaluation method and system considering network attack damage-caused path | |
Sharma et al. | Network security and privacy evaluation scheme for cyber physical systems (CPS) | |
Bharati et al. | A survey on hidden Markov model (HMM) based intention prediction techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |