基于特征融合相似度的域間路由系統(tǒng)安全威脅感知方法
發(fā)布時(shí)間:2019-01-04 08:46
【摘要】:針對(duì)域間路由系統(tǒng)的網(wǎng)絡(luò)攻擊技術(shù)日益復(fù)雜,尤其是近年出現(xiàn)的基于大規(guī)模LDo S(low-rate denial of service)的跨平面攻擊,其造成的危害遠(yuǎn)大于傳統(tǒng)網(wǎng)絡(luò)攻擊.已有域間路由系統(tǒng)安全技術(shù)主要研究如何解決BGP(border gateway protocol)協(xié)議缺乏路由真實(shí)性驗(yàn)證機(jī)制的問(wèn)題,而針對(duì)域間路由系統(tǒng)的大規(guī)模LDo S攻擊利用的是BGP協(xié)議自適應(yīng)機(jī)制的特性,且用于LDo S攻擊的流量與許多真實(shí)數(shù)據(jù)流的特征類似,使得現(xiàn)有很多方法難以有效應(yīng)對(duì).本文提出一種基于加權(quán)相似度的域間路由系統(tǒng)安全威脅感知方法,利用多個(gè)特征融合描述域間路由系統(tǒng)的安全狀態(tài),并結(jié)合網(wǎng)絡(luò)流量的自相似特性,運(yùn)用加權(quán)相似度計(jì)算方法量化實(shí)時(shí)特征值與正常態(tài)特征值的偏差,由此評(píng)估域間路由系統(tǒng)的安全狀態(tài).進(jìn)一步,通過(guò)跟蹤安全特征的實(shí)時(shí)變化情況,即可推斷域間路由系統(tǒng)遭受攻擊的類型.實(shí)驗(yàn)結(jié)果表明,該方法能夠?qū)崿F(xiàn)對(duì)域間路由系統(tǒng)安全狀態(tài)的有效評(píng)估,在遭受控制平面攻擊或數(shù)據(jù)平面攻擊的初期階段即能感知威脅,為網(wǎng)絡(luò)管理員及時(shí)制定有效的應(yīng)對(duì)策略提供可靠參考.
[Abstract]:The network attack technology for inter-domain routing system is becoming more and more complex, especially the cross-plane attack based on large-scale LDo S (low-rate denial of service) in recent years, which is far more harmful than traditional network attack. The existing inter-domain routing system security technology mainly studies how to solve the problem that BGP (border gateway protocol) protocol lacks the authentication mechanism of routing authenticity, and the large-scale LDo S attack against inter-domain routing system utilizes the characteristics of BGP protocol adaptive mechanism. The traffic used in LDo S attacks is similar to that of many real data streams, which makes it difficult for many existing methods to deal with them effectively. This paper presents a security threat awareness method for inter-domain routing systems based on weighted similarity, which uses multiple features to describe the security state of inter-domain routing systems, and combines the self-similarity of network traffic. The weighted similarity method is used to quantify the deviation between the real-time eigenvalue and the normal eigenvalue to evaluate the security state of the inter-domain routing system. Furthermore, by tracking the real-time changes of security features, the type of attack on inter-domain routing system can be inferred. Experimental results show that the proposed method can effectively evaluate the security state of inter-domain routing systems, and can perceive threats in the initial stage of control plane attacks or data plane attacks. It provides a reliable reference for network administrators to formulate effective coping strategies in time.
【作者單位】: 清華大學(xué)網(wǎng)絡(luò)科學(xué)與網(wǎng)絡(luò)空間研究院;解放軍信息工程大學(xué);
【基金】:國(guó)家自然科學(xué)基金(批準(zhǔn)號(hào):61402525,61472215,61402526,61502528)資助項(xiàng)目
【分類號(hào)】:TP393.08
[Abstract]:The network attack technology for inter-domain routing system is becoming more and more complex, especially the cross-plane attack based on large-scale LDo S (low-rate denial of service) in recent years, which is far more harmful than traditional network attack. The existing inter-domain routing system security technology mainly studies how to solve the problem that BGP (border gateway protocol) protocol lacks the authentication mechanism of routing authenticity, and the large-scale LDo S attack against inter-domain routing system utilizes the characteristics of BGP protocol adaptive mechanism. The traffic used in LDo S attacks is similar to that of many real data streams, which makes it difficult for many existing methods to deal with them effectively. This paper presents a security threat awareness method for inter-domain routing systems based on weighted similarity, which uses multiple features to describe the security state of inter-domain routing systems, and combines the self-similarity of network traffic. The weighted similarity method is used to quantify the deviation between the real-time eigenvalue and the normal eigenvalue to evaluate the security state of the inter-domain routing system. Furthermore, by tracking the real-time changes of security features, the type of attack on inter-domain routing system can be inferred. Experimental results show that the proposed method can effectively evaluate the security state of inter-domain routing systems, and can perceive threats in the initial stage of control plane attacks or data plane attacks. It provides a reliable reference for network administrators to formulate effective coping strategies in time.
【作者單位】: 清華大學(xué)網(wǎng)絡(luò)科學(xué)與網(wǎng)絡(luò)空間研究院;解放軍信息工程大學(xué);
【基金】:國(guó)家自然科學(xué)基金(批準(zhǔn)號(hào):61402525,61472215,61402526,61502528)資助項(xiàng)目
【分類號(hào)】:TP393.08
【相似文獻(xiàn)】
相關(guān)期刊論文 前10條
1 盧錫城;趙金晶;朱培棟;董攀;;域間路由系統(tǒng)自組織特性[J];軟件學(xué)報(bào);2006年09期
2 李自強(qiáng),周明天;域間路由連通不完全性分析[J];計(jì)算機(jī)工程與應(yīng)用;2005年27期
3 劉迎國(guó),念其鋒,朱培棟;域間路由系統(tǒng)的安全威脅及其對(duì)策[J];微機(jī)發(fā)展;2005年11期
4 王e鴈,
本文編號(hào):2400060
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2400060.html
最近更新
教材專著
