| With the network scale expanding greatly,the Internet is becoming increasingly complicated.In recent years,especially for internet business applications and services,the inter-domain routing security incidents have become more prominent and caused huge economic losses and social impact.Inter-domain routing security is facing great challenges.The existing inter-domain routing anomaly detection systems have the advantages of not changing current BGP and consumes fewer resources.Rousseau system developed by our group focuses on the national level routing anomaly detection and has been playing an important role in the national backbone network routing security.However,as for Internet companies which are increasingly suffered from inter-domain routing security threats,their specific prefixes are difficult to be protected.Therefore,based on the Rousseau system,towards the companies' network,we perform real-time detection and deep analysis on the routing updates of specific AS and prefixes so as to detect routing anomalies and give alerts timely.Our work mainly covers the following perspectives:Firstly,this paper aims to design a general enterprise-oriented monitoring system to enhance inter-domain routing security,which includes the design of monitoring system structure,system function module and data structures.The function module includes data collecting,data base construction,abnormal detection,verification,graphic presentation etc.Data structure design contains designs of database,abnormal base and enterprise user information.Secondly,we put forward a more accurate structure design of knowledge base and a more efficient method to build the knowledge base.Since Inter-domain routing security monitoring system is based on prior knowledge,the accuracy and building efficiency of the knowledge base directly affects the efficiency of anomaly detection.This paper improves the extraction algorithms of AS basic information,the AS adjacency relations,the hierarchy of AS and the AS-IP corresponding relation.This paper proposes an AS business relation inference algorithm based on space-time reliability to build and update the knowledge base.Thirdly,we propose an anomaly detection method based on the detour route and we implement a cluster analysis.Path anomaly is a type of malicious attacks against routing AS-PATH property and it is not easy to be found.Studies indicate that there are a lot of detour routes in the routing table.In this paper,we first define the detour path,then six forms of the detour path are concluded(i.e.,continuously repeated AS,loop,around the neighbor,around the country,around the border and around the multinational company).Moreover,we cluster and analyze the manifestation of detour path and put forward the routing anomaly detection method based on the detour path.Experiments show that our method can detect the continuous repeated AS,routing loop,domestic traffic leaked,forged path and garbled path with such anomalies,thus it can help improving the network security.Finally,we design and implement an inter-domain routing security monitoring prototype system for corporate users and test it through experiments.The results show that the monitoring system can not only generate more reliable knowledge base,but also provide autonomous system updates,monitoring information set,alarm and display abnormal information services according to user's requirements.Therefore,a reliable monitoring alarm platform is constructed. |
PDF Full Text Request