Research On Monitoring And Anomaly Analysis Technology Of Inter-domain Routing

With the expansion of Internet scale,Inter-domain routing security problems become more serious.In recent years,there are many routing security incidents in domestic and overseas,it has great effect on the Internet.BGP,as the core infrastructure of the Internet,it is in lack of effective and feasible security protocol mechanism,which makes the routing security incidents very difficult to be discovered and detected.Today,the research related to routing security problem mainly include designing new routing protocol and and inter-domain routing monitoring system.The new routing protocol haven't been deployed effectively,and its practical application value is to be evaluated,at The present stage,inter-domain routing monitoring system is relatively the most effective solution of the inter-domain routing security problems.This paper designs a more effective knowledge base module and an anomaly detection module based on the existing RouSSeau routing monitoring system to which new anomaly analysis module also been added.In this paper,the main work and innovations are as follows:1.Design and construction method of knowledge base is proposed.IP-AS-ISP knowledge base information is the core knowledge of inter-domain routing monitoring system,and the accuracy of this information directly affects the accuracy of the the monitoring system's detection results.IP addresses and AS numbers registered information is not complete since they were allocated,and there exists complex commercial relations between AS in the actual use,which leads the acquisition of the relationship among IP-AS-ISP become complexity.This paper proposes a new method of building knowledge base,which builds AS neighbor relationship knowledge base,the basic information of AS knowledge base and IP-AS mapping knowledge base.In this paper,we divided the entire inter-domain routing networks hierarchy by anlyze the function and scale of the Internet AS.This paper proposes a simple and effective neighbor's relationship extract algorithm.what's more,according to the declaration relationship of AS and IP,we proposed an IP-AS matching method based on spatial consistency and temporal stability,and constructed an IP-AS mapping knowledge base.2.The detection and analysis of prefix anomaly.Routing table has large amounts of MOAS anomaly,one part of these anomalyes are caused by reasons such as network structure or the ISP traffic engineering,this part of the MOAS anomaly will not affect the network availability,we think it is a legal MOAS.The other part is produced by attacks are mixed in a large number of legal MOAS anomaly,which make them difficult to be found.In this paper,various prefix anomaly behavior has been analyze deeply.Starting from the cause of MOAS anomaly,this paper proposes a method of detecting MOAS anomaly through the spatial relationship of AS-IP declaration and designs the MOAS detecting module,and it is analyzed that the reasons which the anomaly of MOAS is produced and its behavioral characteristics of MOAS anomaly,what's more,we classified MOAS anomaly according to its behavior characteristics,and detected the abnormalities caused by the attack behavior to reduce the damage on the network.3.The detection and analysis of path anomaly.There are many kinds of path anomaly,the cause of each anomaly is also different,and how to judge the legitimacy of the path anomaly becomes a crux of anomaly detection and analysis.In this paper,anomaly detection module and anomaly analysis module are designed on basis of Inter-domain routing monitoring system.for each different path anomaly,we designed an anomaly detection method,and then this paper analyzes the legitimacy of the path anomaly,and finds anomaly caused by path attack behavior,Finally,by use tools like traceroute,we verify this abnormal behavior.In this paper,based on the above innovation points,we updated the knowledge base module,anomaly detection module,anomaly analysis module in RouSSeau system,and using the foreign public routing table tests the function of each module in the system.Test results show that the updated inter-domain routing monitoring system improve the detection accuracy of original RouSSeau system,and it can generate more reliable knowledge information.