Independent Monitoring Technology For Inter Domain Routing System

Inter domain routing system security is the foundation of Internet security. Monitoring technology performs without changing the current routing protocols, making it an easy and effective solution. However, there are two existing shortcomings within it:First, since the monitoring system and its monitoring process are closely dependent on inter-domain routing system, which results in the poor robustness. Once the inter domain routing system is paralysed, monitoring behavior will be severely weakened. Secondly, surveillance process are overvalued but the control process are always ignored, as well as lack of global optimization, which lead to the low monitoring efficiency, making it hard to block the threat spreading and recover the failed routes timely.An independent monitoring model for inter domain routing system is proposed in this thesis, named Indem. The core idea of Indem is to be independent of the inter domain routig system which is to be monitored. Specifically, the model does not rely on the existing inter-domain routing system, but regard it as the object of monitored and controlled, constructing the monitoring system out of the inter domain routing system, physically and logically independent. Indem do not have to change the existing inter domain routing protocols and facilities. In face of routing malfunction or attack, Indem could timely sense and take charge, and could also find and recover the routing failures, enable a high priority control onto the sudden and paralyzing threats.The main works include:independent monitoring model design for inter domain routing system, inter domain routing system threats spreading modeling, maliciousness decision of autonomous system, global survivability situation assessment for inter domain routing system and failed route recovery for inter domain routing system.1. Because of the security monitoring shortcomings of poor robustness and low efficiency, a hierarchical structure based independent monitoring model is proposed.In order to enhance the robustness of inter domain routing system especially facing the paralyzing threats, improve the monitoring efficiency from the perspective of global and full life cycle, this thesis states the basic principles for monitor modeling and presents a hierarchical structure based independent monitoring model, named Indem. The abstract infrastructure, functional modules and relations are first indicated, and then the monitoring process and FSM of inter domain routing system under Indem are depicted, and the key technologies and referenced deployment scheme are discussed at last. Analysis indicates that Indem monitoring could effectively get rid of the independence of inter domain routing system, by building an independent and stable plane of high-level surveillance. Indem enhances the coupling and coordination of surveillance and control. Meanwhile, as a lightweight model, Indem runs without changing the existing inter domain routing protocol and routing infrastructure, fully utilizing the current maintenance and self-healing capabilities owned by inter domain routing system.2. Because threats spreading against inter-domain routing system is hard to monitor and warn, an epidemic dynamics based model for threat spreading is proposed.In order to more accurately describe and analyze the security threatening behavior towards inter-domain routing system, as well as timely monitor and predict the spreading scope and spatial characteristics of malicious attacks, this article first analyzes the structural feature of inter domain routing system, and then proposes an epidemic dynamics based model for threat spreading, named Edats. Low-rate denial of service attack is taken as a validation object, and the results of experiment have shown that:the numerical simulation and theoretical values indicate good consistency, fitting the attack propagation curves very well. The influence of average degree of the scale-free network on attacked node density is also in line with the propagation characteristics and the power-law fragility of inter-domain routing system. Above all, Edats is able to effectively characterize and predict the propagation pattern of current low-rate denial of service attack against inter domain routing system.3. Because the malicious autonomous system as well as its behavior are difficult to sense and evaluate, a trust quantitative model for AS maliciousness decision is proposed.In order to detect potential or existing malicious behaviors from the perspective of routing nodes, uncover the pre-set, controlled and misbehaved nodes, it is important to decide the maliciousness of autonomous systems. Based on the study of abnormal routing behavior and interpersonal trust, a trust quantitative model for AS maliciousness decision is proposed, named Trume. This model defines three judging criteria including the direct decision, collaborative decision and co-ordination degree, through comprehensively analyzing and quantifying the routing interactions of target autonomous system, Trume also defines the node involvement degree as amplification factor of the final decision. Simulations and verifications are carried out, and the results indicate that:in face with typical malicious activities like route deception, services limitation and false report of collaborative nodes, Trume is able to accurately and stably monitor and evaluate the malicious behaviors of specific autonomous system.4. Because the global survivability situation of inter domain routing system is difficult to perceived, a Danger Theory based model for situation assessment for inter domain routing system is proposed.In order to grasp the instant security situation and evolutional trend of inter-domain routing system from a global perspective, it is necessary to use situation assessment technology to strengthen monitoring and control on inter domain routing system. Given the current studies have not formed an optimal solution in assessment infrastructure and related algorithms, a Danger theory based model for situation assessment for inter domain routing system is proposed, named Darse. By collecting features including the attributes of routing update packet and the running characteristics of routing nodes as input signals and antigens, which are subsequntly sensed and analyzed, to obtain the global survivability situation of inter domain routing system. Based on two real routed events:Japanese earthquake and Youtube prefix hijack, simulations are performed and experimental results have shown that:compared with Renesys analysis conclusion, Darse has great advantages in terms of accuracy and real-time for situation assessment.5. Because the failed route of inter domain routing system under paralyzing attacks are difficult to recover, a structured backup subgraph based model for route recovery is proposed.In order to strengthen the monitoring and control integration process, suppress the perceived threat timely, it is necessary to use route recovery technology to guarantee the basic communications services after partial nodes failure. Given the current route recovery technology has not effectively resolved issues including backup storage cost, redundant recovery ability and AS benefit protection, a structured backup subgraph based model for route recovery is proposed, named Starr. The method contains three algorithms including topology key points, important adjacent nodes and sort for neighboring links, which respectively resolve the problems of backup storage cost reduction, the redundant recovery characteristic for multi-node and AS benefit request. Simulations focusing on the amount of backup subgraph and length of backup path are performed, the results have indicated that:compared to the original single failed routing recovery, the backup subgraph number of Starr is significantly reduced, compared to classical RRL, the backup subgraph length of Starr is better.