| As a kind of inter-domain routing selecting protocol,Border Gateway Protocol(BGP)has mature and reliable functions.But BGP has some security drawback to face many secure threats.Current research to enhance BGP security is focused on inter-domain routing attack detection and routing authentication.While the routing authentication is limited in applications,the inter-domain routing attack detection is more practical and effective.In order to study and implement inter-domain routing attack detection based on extensible framework,the following works are mainly carried out in this paper:1.Based on deep understanding of the principle of inter-domain routing attacks,we analyzed and obtained the information features of the inter-domain network,and built the feature databases of routing information for the normal routing.2.A decision algorithm for inter-domain routing attacks was proposed and described.The algorithm could determine the prefix hijacking attack and the MED vulnerability attack behaviors accurately,with the help of the feature information from the feature databases of routing information.3.To build the extensible framework,a custom rule method was proposed for BGP,and its realization thought and description method and conflict resolution were introduced in details.Through the interface provided by this method,the user can make the detection rules to realize the expansion of the inter-domain routing attack detection capability in an easy way.4.We designed and implemented the inter-domain routing attack detection system by combining the decision algorithm for inter-domain routing attacks and custom rule method,and then tested it.The results show that this system is able to detect inter-domain routing attacks in real-time and accurately,and provide warning information. |
PDF Full Text Request