| The Internet can be understood as an interconnected network composed of tens of thousands of autonomous systems(ASes),and the BGP protocol is the actual inter-domain routing protocol of the Internet,carrying the routing exchange function between ASes.However,at the beginning of the design,the BGP protocol paid more attention to the efficiency and robustness of network operation.There are major flaws in the security design,and it cannot identify false BGP routes generated by malicious attacks,resulting in serious security issues,such as traffic black holes,network interruptions,and traffic eavesdropping.Among them,prefix hijacking and route leak are the two most common BGP routing attacks that cause false routes,and there are many challenges in the solutions to these two attacks.First of all,the existing prefix hijacking defense methods face many problems in the deployment process of the real network,which leads to slow deployment and cannot achieve the desired defense effect.Secondly,most of the existing routing leak detection methods rely on the business relationship information of ASes,which is non-public data and cannot be obtained directly.The detection method based on data inference lacks accuracy,and the method based on information sharing reduces the enthusiasm of AS deployment due to the lack of privacy protection,which is not conducive to the detection.In addition,both the defense method and the detection method are still partially deployed in the current network,and cannot completely prevent the occurrence of attacks.Therefore,how to effectively mitigate the attacks that have occurred and reduce the negative impact of the attacks is also an important issue that needs to be solved.Aiming at the problems of prefix hijacking and route leak in BGP routing,this paper starts from the deployment of prefix hijacking defense,the privacy protection of route leak detection,and the attack mitigation of prefix hijacking and route leak,and conducts research on how to improve the routing security of BGP.The research content and main contributions of this paper are as follows.1.A prefix hijacking defense method based on evolutionary game theory is proposed.RPKI(Resource Public Key Infrastructure)is currently the mainstream prefix hijacking defense method,and its defense includes signing and filtering strategies.At present,the deployment speed of RPKI is slow,and a key issue affecting its deployment is the deployment dependency between RPKI signing and filtering strategies.ASes face different choices when deploying RPKI,and the choice of these strategies is influenced by the choices of other ASes,and the choices are constantly evolving over time.Therefore,the deployment dependency problem of RPKI can be regarded as an evolutionary game problem.This paper analyzes the deployment conflict relationship between the two main strategies of RPKI(signing and filtering)from a macro perspective,and constructs an evolutionary game model with ASes as the participants and RPKI as the strategy choice.Then,the evolution of the model was simulated by replicator dynamic equations,and the key factors affecting the evolution were analyzed.The analysis results show that when the internal equilibrium point of evolution is reduced,the probability of the evolution eventually tending to the ideal deployment state is higher,and the internal equilibrium point of evolution is related to the deployment benefit of the strategy.Moreover,when the deployment rate of any one strategy is increased beyond a certain critical value,it will promote the deployment of another strategy.Based on these analysisresults,this paper proposes an improved method of RPKI called RPKIN(RPKI with Notification).The key idea of this method is to improve the probability of receiving normal routes by helping neighbors identify prefix hijacking,and increase the benefit of deploying filtering strategies.Experiments show that RPKIN can not only improve the deployment profits of filtering strategy in RPKI,but also increase the deployment profits of signing strategy,and reduce the success rate of hijacking as a whole,which can promote the deployment of RPKI.2.A route leak detection method based on federated learning is proposed.Existing routing leak detection methods usually require ASes to share their business relationship information directly,so as to judge the rationality of their routing propagation authority.However,the business relationship information of ASes is a kind of non-public information and complex,so the detection method that requires ASes to share business relationship information will reduce its deployment enthusiasm and is not conducive to solving the leak problem.Aiming at this problem,this paper introduces a new detection method called FL-RLD,which employs federated learning to improve the privacy protection of shared information among ASes.In FL-RLD,ASes can cooperate to train the detection model by sharing model parameters without directly sharing business relationship information,which better protects the data privacy of ASes.In addition,FL-RLD also introduces blockchain technology to further enhance data security.This paper also proposes a training data generation method,using AS triples as local data,AS local routing policy and neighbor relationship as the basis for local data labeling,thus alleviating the lack of real verification data in the live network.Experimental results show that while FL-RLD provides privacy protection,it can also improve the accuracy of routing leak detection for a single AS.3.A routing attack mitigation method based on AS reachability is proposed.Routing attack mitigation methods refer to the corresponding measures taken after the attack occurs to reduce the negative impact of the attack.Traditional routing attack mitigation methods mainly rely on manual operations,and there are problems such as untimely mitigation.Outsourcing mitigation is an automated prefix hijacking mitigation method proposed in recent years,but its mitigation effect is limited by the selection of mitigation points,and the mitigation effect is unstable.In order to solve this problem,this paper first proposes a mitigation effect evaluation metric to evaluate the mitigation effect of different AS as mitigation points,and analyze the relationship between different characteristics of ASes and mitigation effect.In order to screen out ASes with high mitigation effects,this paper proposes a mitigation point selection algorithm based on AS reachability.The algorithm assumes that the mitigation point that can reach the most ASes through the shortest number of hops has a higher mitigation effect.In addition,this paper extends the outsourcing mitigation method to route leak mitigation,and finally forms an attack mitigation method suitable for both prefix hijacking and route leaking.The experimental results show that,compared with the mitigation point selection algorithm based on other features,the mitigation method based on AS reachability can screen out the mitigation points with high mitigation ability,so as to achieve better mitigation effect. |
PDF Full Text Request