本文選題：BGP協(xié)議 + 路由監(jiān)測(cè)��； 參考：《首都師范大學(xué)》2014年碩士論文

【摘要】：當(dāng)前Internet由眾多自治系統(tǒng)組成,自治系統(tǒng)之間采用域間路由協(xié)議BGP交換路由信息以實(shí)現(xiàn)網(wǎng)絡(luò)的可達(dá)。在BGP設(shè)計(jì)階段,人們并沒有充分考慮網(wǎng)絡(luò)路由的安全性問題,路由異常和攻擊事件時(shí)有發(fā)生,導(dǎo)致網(wǎng)絡(luò)通信中斷甚至癱瘓等嚴(yán)重后果。為了保障網(wǎng)絡(luò)的安全可靠運(yùn)行,需要對(duì)其進(jìn)行有效的監(jiān)測(cè),但是目前的監(jiān)測(cè)系統(tǒng)存在部署困難,檢測(cè)異�；蚬纛愋蛦我坏葐栴},并不能很好的滿足實(shí)際需求,因此很有必要研制域間路由安全監(jiān)測(cè)系統(tǒng)。該系統(tǒng)提供對(duì)全網(wǎng)路由安全的關(guān)聯(lián)分析功能,檢測(cè)和分析網(wǎng)絡(luò)路由攻擊和異常事件,對(duì)實(shí)時(shí)掌握網(wǎng)絡(luò)安全態(tài)勢(shì),控制與防護(hù)路由攻擊和異常事件,保證重要業(yè)務(wù)的穩(wěn)定運(yùn)行,提高路由系統(tǒng)的安全級(jí)別等具有重要意義。 本文設(shè)計(jì)和實(shí)現(xiàn)了一個(gè)BGP域間路由安全監(jiān)測(cè)系統(tǒng),論文的主要貢獻(xiàn)和工作如下： (1)域間路由異常檢測(cè)子系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn) 域間路由異常檢測(cè)子系統(tǒng)的主要功能是檢測(cè)域間路由異常事件,比如AS增加異常、網(wǎng)絡(luò)風(fēng)暴異常等。該子系統(tǒng)主要分為路由信息接收層和分析層,其核心為分析層,分析層主要通過對(duì)網(wǎng)絡(luò)域間路由信息的分析確認(rèn)各類異常事件的發(fā)生。在域間路由異常檢測(cè)過程中,關(guān)鍵在于對(duì)BGP Update(路由更新)報(bào)文的分析。通過分析路由更新報(bào)文中各個(gè)屬性值的變化,判斷是否有AS增加、網(wǎng)絡(luò)震蕩等異常產(chǎn)生。實(shí)驗(yàn)結(jié)果表明,該子系統(tǒng)可及時(shí)檢測(cè)出網(wǎng)絡(luò)震蕩、自治系統(tǒng)增加和網(wǎng)絡(luò)可達(dá)性信息變化異常。 (2)域間路由攻擊檢測(cè)子系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn) 域間路由攻擊檢測(cè)子系統(tǒng)的主要功能是檢測(cè)域間路由攻擊事件,本文主要集中于路由攻擊類型—前綴劫持的檢測(cè)。該子系統(tǒng)分為路由信息接收層和分析層,信息接收層的主要作用是接收域間路由信息；信息分析層的主要作用是全面分析域間路由信息,檢測(cè)出可疑的路由攻擊事件。在域間路由攻擊檢測(cè)過程中,首先是對(duì)攻擊中產(chǎn)生的BGP更新數(shù)據(jù)包的變化進(jìn)行分析；然后借助于網(wǎng)絡(luò)數(shù)據(jù)層的信息,通過控制層路由信息和網(wǎng)絡(luò)數(shù)據(jù)層信息的關(guān)聯(lián)分析,確定域間路由攻擊事件的發(fā)生。實(shí)驗(yàn)結(jié)果表明,該子系統(tǒng)可以較準(zhǔn)確的檢測(cè)出前綴劫持事件。
[Abstract]:At present, Internet is composed of many autonomous systems. Inter-domain routing protocol (BGP) is used to exchange routing information between autonomous systems to achieve network accessibility. In the stage of BGP design, people do not consider the security of network routing sufficiently. Routing anomalies and attack events occur frequently, resulting in network communication interruption or even paralysis and other serious consequences. In order to ensure the safe and reliable operation of the network, it is necessary to monitor it effectively. However, the current monitoring system has some problems such as difficult deployment, detection of anomalies or single attack type, which can not meet the actual needs. Therefore, it is necessary to develop inter-domain routing security monitoring system. The system provides the correlation analysis function to the whole network route security, detects and analyzes the network route attack and the unusual event, grasps the network security situation in real time, controls and protects the route attack and the unusual event, guarantees the important service to run stably. It is very important to improve the security level of routing system. This paper designs and implements a BGP inter-domain routing security monitoring system. The main contributions and work of this paper are as follows: Design and implementation of inter-domain routing anomaly detection subsystem The main function of inter-domain routing anomaly detection subsystem is to detect inter-domain routing anomaly events, such as increase anomaly, network storm anomaly and so on. The subsystem is mainly divided into routing information receiving layer and analysis layer. The core of the subsystem is the analysis layer. The analysis layer confirms the occurrence of all kinds of abnormal events mainly through the analysis of the routing information between the network domains. In the process of inter-domain routing anomaly detection, the key lies in the analysis of BGP Update (routing Update) packets. By analyzing the changes of the values of each attribute in the routing update message, we can determine whether there are as increase, network oscillation and other anomalies. The experimental results show that the subsystem can detect the network oscillation, the increase of autonomous system and the abnormal change of network reachability information in time. Design and implementation of inter-domain routing attack detection subsystem The main function of inter-domain routing attack detection subsystem is to detect inter-domain routing attack events. The subsystem is divided into routing information receiving layer and analysis layer. The main function of the information receiving layer is to receive inter-domain routing information, and the main function of the information analysis layer is to analyze the inter-domain routing information comprehensively and detect suspicious routing attack events. In the process of inter-domain routing attack detection, the change of the BGP update data packet generated in the attack is analyzed, and then, with the help of the information of the network data layer, the correlation analysis between the control layer routing information and the network data layer information is carried out. Determines the occurrence of inter-domain routing attacks. The experimental results show that this subsystem can detect prefix hijacking events accurately.
【學(xué)位授予單位】：首都師范大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 陳華南;郭亮;;ISIS拓?fù)淇焖偈諗繙y(cè)試[J];電信網(wǎng)技術(shù);2009年09期

2 胡喬林;孫一品;蘇金樹;;BAR-BGP:基于備份通告和恢復(fù)轉(zhuǎn)發(fā)的可靠域間路由[J];計(jì)算機(jī)研究與發(fā)展;2011年12期

3 蘇金樹;戴斌;劉宇靖;彭偉;;域間多路徑路由協(xié)議[J];軟件學(xué)報(bào);2012年01期

4 黎松;諸葛建偉;李星;;BGP安全研究[J];軟件學(xué)報(bào);2013年01期

5 王立軍;;基于域間路由的分布式分組過濾有效性研究[J];軟件學(xué)報(bào);2012年08期

，

本文編號(hào)：1962697