| BGP prefix hijacking attacks can hijack the inter-domain network traffic, resulting in large-scale networks shock, with great dangers of today’s BGP inter-domain network security research focus. Full BGP prefix hijacking prevention mechanism for security vulnerability exists in the BGP prefix hijacking prevention mechanism and the deployment and security of the contradictions and problems, a comprehensive prefix hijacking attacks against the system. The main idea of the system is based on the AS aggregation coefficient on the inter-domain network to be divided for small aggregation coefficient AS is deployed based on the AS group joint prefix hijacking detection mechanism for the aggregation coefficient AS is deployed IP-based prefix and AS proved by the number assigned to prevent prefix hijacking. System security technology for the following two aspects:1. A prefix hijack detection mechanism based on the AS group’s joint type. In-depth study of BGP prefix hijacking attack detection mechanism based on prefix hijacking attacks lack of it can not effectively detect the path hijacking based on the AS group’s joint type prefix hijacking detection mechanism, this mechanism through the network between the AS group topology to connect the interactive exploration, and can effectively detect path prefix hijacking hijacking attacks. The simulation can be seen that an effective monitoring mechanism based on the joint type prefix hijacking AS group to detect the path of the hijacked prefix hijacking attacks and other prefix hijacking attacks.2. Based on IP prefix and AS number allocation proven to prevent prefix hijacking. Can not resist on the basis of in-depth study of BGP prefix hijacking defense mechanisms, in accordance with its upper ISP prefix hijacking attack security vulnerabilities prefix hijacking an IP prefix and AS number allocation certificate to prevent this method can effectively resist the upper ISP prefix hijack attacks as well as other BGP prefix hijacking attacks, then this method was evaluated from the correctness, performance and security, to prove that fully meet the demand for inter-domain security, and performance is acceptable. This paper first introduces the research background, the problem of the origin and significance, and this article related research and research are described.Then, the paper briefly introduces inter-domain routing and BGP protocol and its properties, which lead to BGP, prefix hijacking attacks. The existing guard against BGP prefix hijacking attack defense mechanism and attack detection mechanism in-depth study, a detailed analysis of security vulnerabilities in the existing mechanism, attack defense mechanisms can not resist called upper ISP prefix hijacking attacks, while attack detection mechanism for the path of the hijacked prefix hijacking attacks can not effectively detect, also found that the existing security mechanisms of the main contradiction is that the balance of deployment and security. For the above-mentioned security and balance issues, a comprehensive prefix hijacking attacks guard system.Contribution and innovation of this paper contains three main areas:1. the principal contradiction of the security mechanisms existing against BGP prefix hijacking attacks, the balance between security and can be deployed through the calculation of AS aggregation coefficient of inter-domain network division to deploy different security mechanisms, effective solution to the balance between security and deployment problems.2. BGP prefix hijacking attack, and in-depth study of the BGP prefix hijacking attack detection mechanism is proposed to solve the existing attack detection mechanism based on the AS group’s joint type prefix hijacking detection mechanism, can not effectively detect hijacking path prefix hijacking attacks. Improve network security.3. guard against BGP prefix hijacking defense mechanisms, based on IP prefix and AS number allocation proven to prevent prefix hijacking, to solve the existing defense mechanisms can not prevent upper ISP prefix hijacking attack, improve network security. |
PDF Full Text Request