Design And Implementation Of BGP Security Incident Fast Detection Framework

Border gateway protocol(BGP)plays an irreplaceable role in the field of routing exchange and network interconnection,and it is the basic core of world network interconnection.BGP security incidents have the characteristics of wide influence and great harm,so it is necessary to find BGP security incidents in time and carry out troubleshooting and repair.However,the current detection framework designed for BGP is slow in data processing,extended in detection time,and the security incidents cannot be repeated.Based on the above requirements,a BGP security event fast detection framework is designed and proposed.This framework is designed from four aspects: structure,function,operation and maintenance.Data flows through each module in the form of pipeline flow.Secondly,a scheme of BGP security event detection based on distributed shared memory is proposed,and an extensible distributed history database is designed for forensics and recurrence of security events.The main work of this paper is as follows:(1)Firstly,introduces the impact and classification of BGP security events,and according to the research status at home and abroad and the magnitude of BGP route update data,puts forward a distributed scheme to detect the BGP security events.(2)This paper designs the system structure of BGP security event detection framework from four aspects of structure,function,operation and maintenance,and proposes a distributed detection scheme of modular flow processing.This paper also designs a set of distributed column storage historical database scheme based on LSM tree,and puts forward a reasonable historical database design scheme from the aspects of read-write performance,storage space optimization,scalability enhancement,BGP security event recurrence and so on.(3)Aiming at the prefix hijacking of one of BGP security events,a fast detection scheme based on benchmark prefix tree is designed.For the construction of reference prefix tree,a distributed computing scheme based on memory directed graph is proposed;for the update of reference prefix tree,an update scheme based on BGP route update record is proposed.(4)Based on the above content,designs a set of comparative experiments to verify the advantages of BGP prefix hijacking detection and historical database design,and to verify the high-speed processing performance of BGP security event rapid detection framework in the face of a large number of BGP data.