Research On BGP Routing Security Detection Model Based On Immune Network Theory

With the rapid development of the Internet worldwide and the emergence of a large number of Internet service providers,more and more attacks against inter-domain routing systems have occurred,and network security incidents have become more frequent.The routing protocol used by the inter-domain routing system is one of the frequent targets of attacks.The Border Gateway Protocol is the de facto standard inter-domain routing protocol.Although BGP plays such an essential role on the Internet,it does not provide any security.To this end,in recent decades,a large number of studies have proposed a variety of BGP security extensions and detection technologies.However,BGP is still vulnerable to many types of attacks,such as prefix hijacking,path forgery,and route leaks.Prefix hijacking can cause network fluctuations and even embarrassment on a global scale.Route leakage can lead to network disruption and is hugely destructive.Therefore,prefix hijacking and route leakage are one of the security issues in BGP security research.This article builds a new immune model based on immune theory and applies the immune model to prefix hijacking attack detection and route leak detection.The existing security detection methods have the disadvantage of being difficult to deploy.The detection model class performs the prefix hijacking attack detection and the route leakage detection than the artificial immune system and can detect the received BGP message in real-time and respond quickly.The detection model minimizes the damage caused by prefix hijacking and route leakage.In summary,the main research results of this paper are as follows:(1)Based on the theory of immunity,a new immune model is proposed.(2)Identify the prefix hijacking attack in the BGP message according to the new immune model.(3)Identify the route leak in the BGP message according to the new immune model.The model has the advantages of not requiring modification of the original inter-domain routing protocol,no compatibility problem,easy deployment,and low cost,and can effectively identify prefix hijacking attacks and route leakage and low false-positive rate.