Key Technologies For Inter-domain Routing System Security Monitoring

The BGP-based inter-domain routing system plays an improtant role in the Internet. Notonly the performance of data forwarding, but also the topology, robustness, and security of theInternet severely rely on the inter-domain routing system. However, the BGP has some designflaws, which result in many serious security issues for the inter-domain routing system.Therefore, it is most urgent to propose effective solutions to enhance the security of inter-domainrouting system.Security monitoring systems have been developed in recent years. These systemssignificantly enhance the security of the inter-domain routing system through merely deployingseveral monitoring nodes. Compared with previous approaches, they are cheaper and easier todeploy because there is no need to construct public-key infrastructure or modify the BGP. Therealso exist some key problems to be resolved, although researches into security monitoring havegained several outcomes. For example, existing solutions cannot support the detection ofabnormal inter-domain routes nor recognize malicious BGP nodes. This thesis pays specialattention to investigate and study security monitoring technologies for inter-domain routingsystem. Major contributions of this thesis are as follows:Firstly, this thesis explores the cascading failure phenomenon of inter-domain routingsystem, and then proposes a cascading failure model based on the preferential attachmentcharacteristic of BGP nodes.Recent works have revealed that vulnerabilities in the inter-domain routing system couldlead to cascading failures. Obviously, once it happens, the connectedness of Internet will beseverely damaged. Therefore, it needs to study the mechanism of cascading failure ininter-domain routing system, and then propose a novel solution to evade and control this problem.However, few works have studied the production mechanism of cascading failure in theinter-domain routing system, especially the reason why different failure scenes have differentinfluences on the scale of cascading failure.On the basis of the preferential attachment characteristic, this thesis propose a cascadingfailure model for inter-domain routing system, which depicts the production mechanism ofcascading failure, and introduce two evaluating indicators, the proportion of failed nodes and theproportion of failed links, to assess the scale of cascading failure. Furthermore, this model isapplied to display two different cascading failure scenes. Experimental results show that therandom failure has less influence on the inter-domain routing system, while its robustness againstthe hostile attack is weak.Secondly, this thesis proposes a new model based on immune theory to monitor theinter-domain routing system.Existing solutions cannot support the detection of abnormal inter-domain routes norrecognize malicious BGP nodes. Thus, a new model based on immune theory for monitoring theinter-domain routing system, termed the ITMM, is proposed. The proposed model has greaterability to detect abnormal inter-domain routes and identify malicious nodes. Specifically, the anomaly detection borrows immunity mechanisms used to identify “self”and “non-self”, such as immune memory and negative selection. Furthermore, based on dynamicimmune network theory, a new method for identifying anomalous nodes is presented. In this way,the system can identify anomalous nodes through the mutual evaluation between nodes. Theexperimental results confirm the method’s ability to detect abnormal routes and identifyanomalous nodes in the inter-domain routing system.Thirdly, this thesis proposes a new mechanism based on cooperative query to certify theAS_PATH attribute of BGP updates.In the process of exchanging routing information between BGP nodes, the BGP will notcertify the authenticity of that information. It results that malicious nodes can optionallyannounce several special bogus routes to redirect the traffic, which should be forwarded to somenode. However, there is no solution satisfying the requirement of real environment up to now.To address the above problem, DAIR, a new mechanism based on path authentication forabnormal detection is proposed. It offers an efficient and defensive method to prevent bogusAS_PATH attack. In the DAIR, every participant declares its peering links, and makes use of theothers’ peering links to validate BGP routes. The experimental results show that just minoritiesof core nodes join in DAIR, it can meet with good results of preventing bogus AS_PATH attack.Furthermore, this mechanism need not modify the BGP, so it is easier to deploy and cheaper toimplement.Fourthly, a cloud-model-based awareness method is proposed, which can evaluate thesecurity status of the inter-domain routing system.Existing researches evaluate the security status of inter-domain routing system throughanalyzing and processing the set of abnormal routes. However, because the abnormal route set isdifficult to collect, and its integrality can be hardly ensured, so those methods have not beenwidely accepted.Borrowed an idea from Cloud Model theory in transforming values of quantitativecharacteristics to a qualitative concept, CSSAM, an awareness method for inter-domain routingsystem is proposed. It constructs a cloud model with a mass of numerical values of threatcharacteristics at the normal state, and then computes threat probability of the system throughmeasuring the degree of threat characteristics deviating from their norms. The experimentalresults show that this method has a good ability to sense the security situation of the inter-domainrouting system.Finally, for enhancing the success rate of information exchange between cooperativemonitoring nodes, a game-theory-based incentive strategy is proposed.The cooperative monitoring, which supports incremental deployment and does not modifythe BGP protocol, is a feasible way to improve the security of the BGP-based inter-domainrouting system. However, the behavior of its participants is autonomous and changeable forgetting much more profit, that results the cooperative network working in low efficiency.The above problem is depicted as an non-cooperative game, and based on the Game Theory,GTIS, an incentive strategy for the inter-domain routing cooperative monitoring, is proposed. In GTIS, the reputation status is used to describe the performance of a node in the cooperativenetwork. It encourages nodes to choose positive and honest behavior strategies for greater andlong-term benefits. At the same time, a "humane" punishment mechanism is developed to curbspeculation nodes. If a node depart from the normal many times in its life period, it will bepunished superimposed. By this way, the "first offender" nodes and the "recidivist" nodes can beeffectively distinguished. Theoretical analysis and simulation results show that, with the GTISstrategy, cooperative nodes turn to be positive and honest when exchanging routing information,so that, the success rate of information exchange between nodes gets higher.