| Internet is consists of by tens of thousands of Autonomous Systems(AS).ASes announce routing information through BGP to each other(Border Gateway Protocol).Since BGP designer did not take security issues into consideration.BGP and the AS themselves cannot validate the trustworthiness of prefixes in such complex Internet environment make BGP routing system often face threats,such as the prefix hijacking,i.e.,any malicious AS can declare a prefix of other AS's.Prefix hijacking brings inter-domain network serious harm,ranging from stolen traffic to large-scale network failure.For prefix hijacking,monitoring is considered to be the most effective method.The most important of Monitoring is to build a comprehensive and accurate knowledge base.The knowledge base of monitoring is constructed based on IRR.At present the registration information of IRRs(Internet Routing Registry)is "not fresh,inaccurate,incomplete",therefore,it is still a big challenge to construct a trustworthy routing knowledge base for abnormal routing detection system and monitoring system..In this paper,we aim at the existence a series of problems of construct knowledge base,and do the research in the following two aspects: on the one hand,we dig into the BGP routing information based on a large number of the history of BGP routing table snapshot,extract characteristics of the BGP routing announcement,providing a basis for a credible set of construction;on the other hand,construction a trustworthy set,provide information support for the monitoring of the prefix hijacking.The main results are as follows:1.Based on a large number of the history of BGP routing table snapshot,we dig into the BGP routing information extract and verify the two important characteristics of the BGP routing announcement: 1)routing stability: the vast majority of routing announcement is stable,while the historical routing hijacking is short lived(without stability);2)prefixes self-similarity: the announced prefixes of most large ASes are in line with the property of self-similarity,i.e.,the same AS declaring multiple routing prefixes with certain continuity.2.Through statistics and analysis of historical snapshots BGP routing table,on the basis of prefix declared features,construct trustworthy set.Trustworthy set consists of two parts,a prefix and a path set trustworthy set,respectively,for abnormality monitoring prefix and path.Through Route hijacking examples to validate trustworthy set shows that,the trustworthy set has high accuracy for monitoring prefix hijacking in limited data set tests,false positive rate and false negative rate was zero.Experimental results show that trustworthy set for monitoring prefix hijacking is valid. |
PDF Full Text Request