The Research And Implementation Of Anomalous Traffic Monitoring Of Inter-domain Routing System Based On Flow

With the rapid development of the information technologies, Internet has become an important part of society infrastructure. However, Border Gateway Protocol (BGP), which is the defacto standard inter-domain routing protocol in the Internet today, has severe problems, such as worm viruses, DoS attacks and lack of security mechanisms etc. Currently, the researches on the inter-domain routing system of the Internet have got great attentions, and are being hot research points. This paper mainly conducts research on the BGP mornitoring of anomalous traffic based on flow technologies.Firstly, it introduces the current research progress and relevant technologies in inter-domain routing system and flow. According to the BGP anomalous traffic mode, it proposes an effective monitoring model of inter-domain anomalous traffic.By studying the products of Cisco and Arbor Network etc, and considering of the previous model and BGP traffic characteristics, provides a detailed design scheme of BGP anomalous traffic analyzer and implemented a prototype system of the analyzer.After researching on the traffic collection and analyse model, focus on BGP anomalous traffic, provides a mechanism of traffic collection and analyse management based on Netflow. The mechanism proposes a subsequent asynchoronism mode of flow resolving by using memory flow cache, which overcomes the shortage of Cisco's asynchoronism mode of using temporary file as medium. This mechanism separates the flow's receiver and resolver. Then filtrate, distribute, aggregate the resolved flows, provides a visible result to the system administrator at last.Considering the problems on experiences in fact circumstances, using a method of the simplified FSM (Finite State Machines), and it implements a BGP anomalous traffic generator after researching the pattern of anomalous BGP traffic caused by worm virus, which is the tool to generate anomalous traffic in lab for active research on BGP anomalous traffic.At last, experimentes with the BGP traffic generator and analyzer. Those experiments testes work in this paper.