Research On Key Technologies Of Security Situational Awareness Of Inter-domain Routing System For Multi-link Failure

Inter-domain routing system is key infrastructure of internet.With the increasing size of network,inter-domain routing system has become a huge complicated system.The control plane and data plane of the inter-domain routing system are coupled,thus failure of some links would cause failure of other links and nodes,leading to availability decreasing of internet or even paralysis of the whole network.Detecting,locating,and forecasting multi-links failure of interdomain routing system shows great importance in protecting normal operation of internet.This thesis starts from security measurement of inter-domain routing system and threat classification,takes deep consideration in recognizing threats of multi-link failures.Then,link failure location method is studyed under multi-link failure circumstances after pointing out the defects of single link failure methods.And then this thesis studys inter-domain routing system cascading failure model and experimental network construction approaches.Finally,this thesis studies cascading failure oriented security trend prediction method of inter-domain routing system.There are five parts in this thesis:1.Considering the difficulty of modeling inter-domain routing system abnormal states under security threat identification and classification,a mean value deviation comparison matrix based model is proposed.By analyzing the relative changes of security indicators when the system is exposed to different security threats,the abnormal state of the system is qualitatively modeled.After that,the similarities between the current state of the system and the normal state of the system or the specific abnormal states of the system are comprehensively considered,then the threat indicator is defined to quantify the system's security and indicate the type of security threat.The experiment result turns out that the proposed method can achieve accurate threat recognition of multi-link failures under SMW-4 optical cable event and Malaysia route leakage event.2.Considering the low accuracy problem of multi-link failure location method in inter-domain routing system,a multi-link failure location method based on weighted statistical fit score called WSFS is proposed.Based on the analysis of the target link selection strategy of cascade failure attack,the number of failed links contained in the revocation path is estimated.Therefore,when the number of withdrawn of the link is counted,it is weighted by the reciprocal of the path length.The simulation result turns out that the average precision of WSFS improves by 5.45% when compared with the typical single link failure location methods.3.Considering the problem of single failure cause and lack of factor characterization in cascading failure model of inter-domain routing system,a node/link hybrid failure based interdomain routing system cascading failure model is proposed,shorted in HCFM.HCFM distinguishes the failure conditions of node failure and link failure,and considers the interaction between them.During the process of cascading failure evolution,the load extinction phenomenon caused by decreasing network connectivity are described.HCFM can simulate the disruption of UPDATE message propagation and the disappearance of traffic between divided networks during cascading failure,which is more reasonable than the classical CFM model.The comparative experiment result shows that there is no substitutable relationship among hybrid model,two single factor model and hybrid factor model.4.Considering the lack of multi-emulation planning method in construction of experimental network for cascading failure research,a capability measurement based multi-emulation planning method for experimental environment is proposed.Firstly,a capability measurement based emulation fidelity description method is defined,and then fidelity satisfiability constraints are given.Finally,the multi-emulation scheme is solved by minimizing the emulation cost.The analysis based on the cascading failure experimental scenario of the inter-domain routing system shows that the simulation scheme solved by proposed method has the lowest resource consumption compared with two single emulation schemes when satisfying fidelity requirements.5.Considering the lack of security trend prediction research for cascading failure in the security situational awareness of inter-domain routing system,a cascading failure oriented security trend prediction method of inter-domain routing system called DLP is proposed.The method is based on the cognition that the cascade failure process of complex system obeying the rule of the model.Thus the cascading failure model could be used to predict future state of inter-domain routing system by initializing failure links and running cascading failure model.Based on the analysis of the duration of each phase of the cascading failure of inter-domain routing system,the time complexity analysis and performance experiments of DLP are carried out.Aiming at the long time-consuming problem caused by the high complexity of prediction method of cascading failure based on HCFM,the parallelization method is introduced to reduce the time consumption.The performance experiment result shows that running DLP on a single workstation can predict the state within one hour,satisfying timeliness requirement of defense decision-making.