Research And Implementation Of Topology Discovery And Anomaly Detection Based On IS-IS

With the rapid expansion of the Internet,the era of social information networks has come.As the infrastructure of Internet networking,the security and stability of routers and routing protocols are crucial,and network administrators and network service providers are paying more and more attention.Therefore,detecting abnormal events in the network in real time and providing abnormal alarms to network administrators can provide powerful guarantees for relevant personnel to obtain network operating status in a timely manner.The IS-IS-based route anomaly detection system accesses the target network by passively collecting network data.The device simulates a router running IS-IS and establishes neighbor relationships with neighboring routers to obtain routing protocol data in the network.The main work of this paper is as follows:1.Because of the current topology discovery algorithm's defects in data authenticity,this paper proposes a topology discovery algorithm based on IS-IS protocol to resist routing spoofing,the algorithm analysis TLV field in LSP packet to discover the topology without any interference to the network environment and verify the authenticity of the routing information with the authenticity verification algorithm to achieve the purpose of defending against route spoofing.2.Based on the anti-spoofing network topology discovery algorithm proposed in this paper,the security mechanism of IS-IS protocol and the vulnerability of the protocol are analyzed.Based on the characteristics of the routing protocol,this paper proposes a routing event driven State transition anomaly detection method:a group of routing protocol data that has a relation is identified as a routing event by time correlation analysis,and routing event is used to drive the state transition model for network anomaly detection.3.Based on the network topology discovery algorithm and routing event-driven state transition anomaly detection algorithm,a routing anomaly detection system based on IS-IS protocol is designed and implemented,and the design and implementation of the module of the system is carried out Detailed introduction4.Conduct targeted testing on the functional integrity and availability of the implemented routing anomaly detection system.The test verifies that the system can accurately construct the topology in the actual routing environment and alert the anomaly routing state occurring in the environment.