摘要
针对域间路由系统的网络攻击技术日益复杂,尤其是近年出现的基于大规模LDo S(low-rate denial of service)的跨平面攻击,其造成的危害远大于传统网络攻击.已有域间路由系统安全技术主要研究如何解决BGP(border gateway protocol)协议缺乏路由真实性验证机制的问题,而针对域间路由系统的大规模LDo S攻击利用的是BGP协议自适应机制的特性,且用于LDo S攻击的流量与许多真实数据流的特征类似,使得现有很多方法难以有效应对.本文提出一种基于加权相似度的域间路由系统安全威胁感知方法,利用多个特征融合描述域间路由系统的安全状态,并结合网络流量的自相似特性,运用加权相似度计算方法量化实时特征值与正常态特征值的偏差,由此评估域间路由系统的安全状态.进一步,通过跟踪安全特征的实时变化情况,即可推断域间路由系统遭受攻击的类型.实验结果表明,该方法能够实现对域间路由系统安全状态的有效评估,在遭受控制平面攻击或数据平面攻击的初期阶段即能感知威胁,为网络管理员及时制定有效的应对策略提供可靠参考.
BGP(border gateway protocol) based inter-domain routing systems play an important role in the Internet. However, the BGP has certain design flaws, which result in many serious security problems for interdomain routing systems. Compared to traditional attacks, such as prefix hijacking, large-scale LDo S attacks against inter-domain routing systems are extremely hard to detect, which is reflected in its attack traffic and reactions appearing to be legal. The concealment of such attacks makes existing security solutions insufficient.In this paper, we first analyze the feasibility of utilizing similarity theory for assessing the security situations in inter-domain routing systems. We then propose a similarity-theory-based method for evaluating the security situations in inter-domain routing systems. It uses multiple characteristics to describe the system security situation collectively and evaluates the security situation by measuring the deviation degree of the security characteristics to their norms. Because the ability of each characteristic to represent different attacks is not the same, we make use of weighted similarity to assess the deviation of the fusion characteristics from their normal state at various times. Experimental results show that our method can perceive threats in their early stages, regardless of an inter-domain routing system suffering from control plan attacks or data plan attacks.
作者
郭毅
段海新
张连成
邱菡
Yi GUO Haixin DUAN Liancheng ZHANG Han QIU(Institute for Network Science and Cyberspace, Tsinghua University, Beijing 100084, China 2. PLA Information Engineering University, Zhengzhou 450001, China)
出处
《中国科学:信息科学》
CSCD
北大核心
2017年第7期878-890,共13页
Scientia Sinica(Informationis)
基金
国家自然科学基金(批准号:61402525
61472215
61402526
61502528)资助项目
关键词
域间路由
数据平面攻击
威胁感知
加权相似度
特征偏差
inter-domain routing
data plane attack
threat perception
weighted similarity
characteristics deviation
作者简介
Yi GUO was born in China in 1984. He received a Ph.D. degree from PLA In- formation and Engineering University, Zhengzhou in 2012. His current re- search interests include Internet rout- ing, routing security, and complex net- works.
Haixin DUAN is a professor at the Network Science and Cyberspace Insti- tute of Tsinghua University. His cur- rent research interests include network security, traffic analysis, and Next Gen- eration Internet.通信作者.E-mail:duanhx@tsinghua.edu.cn
Liancheng ZHANG received his Ph.D. degree in computer science and technology from PLA Information and Engineering University, Zhengzhou in 2011. His current research interests include Next Generation Internet and network traffic analysis.
Han QIU received her Ph.D. degree in computer science and technology from PLA Information and Engineering Uni- versity, Zhengzhou in 2010. Her current research interests include routing secu- rity and network simulation.
