【摘要】：針對(duì)域間路由系統(tǒng)的大規(guī)模低速率拒絕服務(wù)攻擊(Low-rate DoS against BGP Session,BGP-LDoS)能夠造成域間路由系統(tǒng)的整體癱瘓,而現(xiàn)有的檢測(cè)方法和防護(hù)措施難以有效檢測(cè)和防御此類(lèi)攻擊。BGP-LDoS攻擊實(shí)施的前提是對(duì)域間路由系統(tǒng)的拓?fù)溥M(jìn)行探測(cè)分析,獲取關(guān)鍵鏈路的相關(guān)參數(shù)信息。網(wǎng)絡(luò)擬態(tài)變換能夠通過(guò)持續(xù)的動(dòng)態(tài)變換來(lái)迷惑攻擊者,增加攻擊者對(duì)網(wǎng)絡(luò)進(jìn)行探測(cè)與分析的代價(jià)和復(fù)雜度,降低攻擊成功的概率。借鑒擬態(tài)安全防御思想,提出了一種域間路由系統(tǒng)拓?fù)鋭?dòng)態(tài)變換的防護(hù)方法,由系統(tǒng)中多個(gè)相鄰自治系統(tǒng)(Autonomous System,AS)組成AS擬態(tài)聯(lián)盟,在聯(lián)盟內(nèi)部進(jìn)行拓?fù)涞刃ё儞Q。文中給出了實(shí)現(xiàn)的具體過(guò)程。對(duì)拓?fù)渥儞Q后的網(wǎng)絡(luò)抗BGP-LDoS攻擊的能力進(jìn)行驗(yàn)證分析,實(shí)驗(yàn)結(jié)果表明,利用該方法可有效降低攻擊者對(duì)網(wǎng)絡(luò)拓?fù)浞治龅木_度,干擾其關(guān)鍵鏈路的選擇過(guò)程,從而實(shí)現(xiàn)對(duì)BGP-LDoS攻擊的防護(hù)。
[Abstract]:Large-scale low-rate denial of service (Low-rate DoS against BGP Session,BGP-LDoS) attacks against inter-domain routing systems can result in the overall paralysis of inter-domain routing systems. However, the existing detection methods and protective measures are difficult to detect and defend such attacks effectively. The premise of implementing BGP-LDoS attacks is to detect and analyze the topology of inter-domain routing system and obtain the relevant parameter information of key links. The network pseudo transformation can confuse the attacker through continuous dynamic transformation, increase the cost and complexity of the attacker's detection and analysis of the network, and reduce the probability of successful attack. Based on the idea of pseudo security defense, a protection method of topology dynamic transformation of inter-domain routing system is proposed. The AS pseudo alliance is composed of several adjacent autonomous systems (Autonomous System,AS) in the system, and the topology equivalent transformation is carried out within the alliance. The realization process is given in this paper. The ability of network to resist BGP-LDoS attack after topology transformation is verified and analyzed. The experimental results show that this method can effectively reduce the accuracy of network topology analysis and interfere with the selection process of key links. In order to achieve the protection against BGP-LDoS attacks.
【作者單位】： 中國(guó)人民解放軍信息工程大學(xué);清華大學(xué)網(wǎng)絡(luò)科學(xué)與網(wǎng)絡(luò)空間研究院;
【基金】：國(guó)家自然科學(xué)基金(61402525,61402526,61472215,61502528) 國(guó)家“863”高技術(shù)研究發(fā)展計(jì)劃基金(2012AA012902)資助
【分類(lèi)號(hào)】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉欣;朱培棟;;互聯(lián)網(wǎng)域間路由安全研究[J];計(jì)算機(jī)工程;2005年24期

2 盧錫城;趙金晶;朱培棟;董攀;;域間路由系統(tǒng)自組織特性[J];軟件學(xué)報(bào);2006年09期

3 李自強(qiáng),周明天;域間路由連通不完全性分析[J];計(jì)算機(jī)工程與應(yīng)用;2005年27期

4 劉迎國(guó),念其鋒,朱培棟;域間路由系統(tǒng)的安全威脅及其對(duì)策[J];微機(jī)發(fā)展;2005年11期

5 王e鴈，

本文編號(hào)：2365311